SECURITY THREATS
An attack where an attacker attempts to flood a system or network with requests to deny service to legitimate users.
What is a Denial of Service (DoS) attack?
The first step in the Incident Response process after detecting a security breach.
What is Preparation or Identification?
The model where the cloud customer manages the operating system, applications, and data.
What is IaaS (Infrastructure as a Service)?
A code review performed by a team member other than the author to check for logic flaws and vulnerabilities.
What is a Peer Review?
These devices read a user's biometric traits for access control.
What are Biometric Scanners?
This non-repudiation attack method prevents a user from logging into a system with valid credentials.
What is Account Lockout or Password Spraying?
The process of removing or isolating the cause of the incident from the network.
What is Containment?
The cloud deployment model where computing infrastructure is shared by several organizations with common security needs, like government agencies.
What is Community Cloud?
This concept involves ensuring all possible user inputs are treated as untrusted and properly validated before being processed.
What is Input Validation?
A physical control that prevents unauthorized entry by only allowing one person in at a time.
What is a Mantrap?
An attack that exploits a previously unknown and unpatched vulnerability in software.
What is a Zero-Day attack?
This process ensures that digital evidence maintains its integrity and is legally admissible in court.
What is Chain of Custody?
In a shared responsibility model, the provider is always responsible for securing this physical aspect.
What is the facility, hardware, or physical security of the data center?
A software security testing method that executes code with unexpected or random inputs to find crashes or vulnerabilities.
What is Fuzzing?
The concept of protecting an asset by making it appear less valuable or attractive to a potential thief.
What is Deterrence?
The attack technique where a rogue access point mimics a legitimate one to capture user traffic and credentials.
What is an Evil Twin attack?
The phase that involves hardening systems, patching vulnerabilities, and improving procedures after an incident.
What is Lessons Learned or Recovery?
The cloud model where the vendor manages the entire stack, and the user only interacts with the application (e.g., Salesforce).
What is SaaS (Software as a Service)?
An application attack that injects a malicious script into a trusted website, targeting other users viewing that site.
What is Cross-Site Scripting (XSS)?
A fence, sign, or guard dog are examples of this type of security control.
What is a Detective or Deterrent control?
A type of malicious advertising that automatically redirects users to exploit kits, often without the user clicking anything.
What is Malvertising?
The primary goal of a Business Continuity Plan (BCP).
What is maintaining critical business functions during a disaster?
The security risk associated with having multiple tenants sharing the same underlying hardware infrastructure in a public cloud.
What is a Shared Tenancy vulnerability?
The development process where security considerations are integrated into every phase of the software lifecycle, from design to deployment.
What is Secure Software Development Lifecycle (SSDLC) or DevSecOps?
The process of physically destroying hard drives or media to ensure data cannot be recovered, often using magnetic fields.
What is Degaussing?