Identity and Access Management
Breaches
IT Risk
Security Operations
Incident Response
100

This is the process of verifying the identity of a user or device before granting access.

What is authentication?

100

In 2013, this major US retailer suffered a data breach that compromised over 40 million customer payment cards, the attackers used 'Rescator" malware and attacked this companies supply chain? 

What is Target

100

This is the process of identifying, assessing, and controlling threats to an organization's data. systems, and reputation.

What is risk management?

100

This is the primary function of a Security Operations Center, involving the continuous monitoring and analysis of an organization's cybersecurity posture.

What is threat detection?

100

This is the first phase in the incident response lifecycle, involving preparation and planning for potential security incidents.

What is the Preparation phase?

200

This principle ensures that users are granted the minimum level of access—or permissions—necessary to perform their job functions.

What is the principle of least privilege?

200

In 2021, this pipeline company, which transports gasoline and jet fuel across the Southeastern US, was hit by a ransomware attack that led to widespread fuel shortages. Which company was it?

What is Colonial Pipeline

200

This International framework provides a comprehensive approach to managing information security risks and improve their organizations inform security program

What is ISO 27000 series / family of standards

200

This role within the SOC is responsible for investigating alerts and determining the severity of potential security incidents.

What is a Analyst ( Security Analyst)? 

200

This step in the incident response process involves determining the scope, impact, and nature of a security incident.

What is Identification?

300

This type of authentication method requires users to provide two or more verification factors to gain access to a resource.

What is multi-factor authentication (MFA)?

300

This 2015 cyberattack on a US government agency exposed the personal information of over 21 million current and former federal employees. Which agency was targeted

What is Office of Personnel Management (OPM) 

300

This type of risk assessment evaluates the probability and impact of a threat exploiting a vulnerability, without expressing the financial impacts in exact terms.

What is a quantitative risk assessment?

300

This type of exercise, often conducted by a SOC, involves simulating a cyberattack to evaluate the effectiveness of an organization's security defenses.

What is a penetration test or "pen test"?

300

This phase focuses on containing the incident to prevent further damage and includes actions like isolating affected systems.

What is Containment?

400

This type of attack involves intercepting communication between parties to steal or alter information without detection.

What is a man-in-the-middle attack?

400

In 2021, this executive office issued an order to improve the nation's cybersecurity following significant breaches, including the SolarWinds incident. Which office was it

Office of Management and Budget (OMB)

400

This principle involves regularly updating security measures and policies to adapt to new threats.

What is continuous monitoring?

400

This framework, often used by Government SOCs, provides guidelines for managing and responding to cybersecurity incidents.

What is the NIST Cybersecurity Framework?

400

After containing an incident, this phase involves identifying and eliminating the root cause and restoring affected systems to normal operation.

What is Eradication and Recovery?

500

This standard for authentication provides federated access and single sign-on (SSO) capabilities across different systems and organizations.

What is Security Assertion Markup Language (SAML)?

500

This 2024 cyberattack targeted UnitedHealth-owned Change Healthcare, leading to a $22 million ransom payment.

What was the UnitedHealth /Change Healthcare Ransomware Attack?

500

This process involves transferring the risk of a potential financial loss to a third party, such as through insurance.

What is risk transfer?

500

This term refers to a coordinated set of procedures, workflow, and technologies that automatically respond to security incidents and alerts.

What is Security Orchestration, Automation, and Response (SOAR)?

500

This final phase in the incident response process involves reviewing and documenting the incident and the response to improve future incident handling.

What is the Lessons Learned phase?

M
e
n
u