Vulnerability Management
Common scoring system used to rate vulnerabilities.
CVSS
Tool used for OSINT gathering
Recon-NG
Organizations handling credit card transactions must comply with this comprehensive, worldwide security standard established by a council of major payment networks.
PCI DSS (Payment Card Industry Data Security Standard)
The FIRST action in IR after identifying malware on a critical server.
Containment
Which tool is BEST suited for log aggregation and correlation?
SIEM
This vulnerability scanner developed by Tenable uses plugins to identify known vulnerabilities
Nessus
Packet capture tool frequently used for network analysis on command line
TCP dump
This Framework focuses on Web Application Security
OWASP
Analysts remove malware, reset passwords, and delete persistence mechanisms. What phase of IR is this?
Eradication
An internal team hires an external firm to run an assessment where the penetration testers are provided zero pre-existing documentation, structural maps, or source code blueprints, mirroring an outside adversarial scenario.
Black Box testing
A numerical representation of how difficult a vulnerability is to exploit (CVSS)
Attack Complexity
Tool commonly used for port scanning and enumeration.
Nmap
This framework associates with Information Security Management
ISO 27000
A threat actor known as APT32 launches a campaign. What diamond model component does APT 32 represent?
Adversary
An attacker creates malware before sending it to the victim. What phase is this in the Cyber Kill Chain?
Weaponization
The process of eliminating a risk entirely by removing the vulnerable asset or activity.
Risk avoidance
Framework often used for exploitation during penetration testing for cloud environment
Pacu
the principle that children under 13 cannot legally consent to having their digital footprints tracked, profile-built, or commercialized.
COPPA
Which Kill Chain phase should defenders stop to prevent malware from reaching users?
Delivery
A web application receives the following request: https://company.com/page.ph?pfile=../../../../etc/passwd
What attack is being attempted?
Directory Traversal
A vulnerability scanner reports CVE-XXXX on a server. An analyst manually verifies the service version and discovers the server is not vulnerable.
False Positive
Threat intelligence platform used to map relationships between entities.
Maltego
This document is formal proof that an organization meets PCI DSS requirements
Attestation of Compliance (AOC)
The malware has been installed but has not yet communicated externally.
Which phase has NOT occurred yet in the Cyber Kill Chain?
Command and Control (C2)
What is the name of the threat intelligence data format.
STIX