This log analysis tool is often used to monitor security incidents.
What is SIEM
The chance that a threat will exploit a vulnerability.
What is risk
The first step in an incident response process.
What is preparation
A system that detects malicious network activity.
What is an IDS.
An attack that floods a system with traffic to make it unavailable.
What is DDoS attack
This command-line tool is used to scan open ports on a target system.
What is NMAP
Risk can be mitigated, transferred, accepted, or __?
What is avoided
This phase involves identifying whether an incident has occurred.
What is detection and analysis
This system blocks and permits traffic based on security rules.
What is firewall
These tools are commonly used for automated vulnerability scanning.
What are Nessus or OpenVAS
This tool captures and analyzes network packets in real time
What is Wireshark
A document that formally evaluates an organization's security risk.
What is a risk assessment
This document outlines the roles and procedures for handling incidents.
What is an incident response plan.
A network that mimics real systems to trap attackers.
What is a honeypot
Which CVSS metric evaluates whether user interaction is required to exploit a vulnerability?
This testing method assesses systems for known vulnerabilities.
What is vulnerability scanning.
The term for the potential effect of a security incident.
What is impact
This act of collecting data to understand how an attack occurred.
What is forensic analysis
This separates parts of a network to limit threat movement.
What is segmentation or VLAN
What does the Nmap switch -sS perform?
What is a SYN scan (also called a stealth scan), which sends SYN packets to determine port states without completing the TCP handshake.
This software isolates suspicious programs for deeper analysis.
What is Sandbox
This analysis compares potential costs of risk vs mitigation
What is cost-benefit analysis
The final phase where the organization returns to normal and documents lessons
What is recovery and lessons learned
The term for encrypting traffic over a public network.
What is VPN or tunneling
This defines how the vulnerability is exploited using the CVSS scoring system.
What is the Attack Vector (AV)