Foundations
Threats and risks
Attack techniques
Best practices
100

This represents the three core principles of informations security

What is the CIA Triad

100

The only bad approach to risk management

What is ignoring the risk

100

This attack floods a system with traffic, rendering it unusable.

What is a Distributed Denial of Service (DDoS) attack?

100

Requiring two forms of identification, such as a password and a mobile code, is known as this.

What is two-factor authentication (2FA)?

200

This type of modeling is used to identify, prioritize, and address potential threats to a system.

What is threat modeling

200

When a company takes proactive steps to reduce the likelihood or impact of a risk, it is practicing this.

What is mitigating the risk

200

This attack intercepts communications between two parties.

What is a man-in-the-middle attack?

200

Regularly updating and patching systems helps to protect against this type of attack.

What is a zero-day exploit?

300

This term refers to a critical part of a system that, if it fails, will cause the entire system to stop functioning.

What is a single point of failure

300

These are tools or methods used to take advantage of vulnerabilities in systems or software.

What are exploits?

300

This type of attack exploits previously unknown vulnerabilities.

What is a zero-day exploit?

300

Limiting access rights to only what a user needs to do their job is called this.

What is the principle of least privilege?

400

This term refers to an unexpected event that impacts the availability of our information systems

What is a cyberincident

400

These outdated systems or software, still in use by organizations, often pose security risks due to a lack of updates or support.

What are legacy systems

400

Compromising a supplier or partner to attack a target is known as this type of attack.

What is a supply chain attack?

400

This practice involves testing a system or network for vulnerabilities by simulating an attack.

What is penetration testing?

500

The remaining level of risk after mitigation measures have been applied.

What is residual risk?

500

This term describes the act of leveraging weaknesses in systems to gain unauthorized access or cause harm.

What is vulnerability exploitation?

500

Using stolen or weak passwords to access many different accounts 

What is credential stuffing?

500

Identifying and addressing weaknesses before they can be exploited is the focus of this proactive approach.

What is vulnerability management?