Misc 2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
How did this CVE get delivered?
JW
Network
Type of control a NIDS is
UU
Detective
Dynamic analysis is known as what?
ZS
Fuzzing
Application or service that helps you securely control access to resources. You can centrally manage permissions that control which resources users can access. You use it to control who is authenticated (signed in) and authorized (has permissions) to use resources.
NM
IAM Identity and Access Management
Switch in NMAP to detect what specific service an open port is running
TX
-sV
Type of report that would include the following and you would present to CEO?
•Key findings
•Security Risk Monitoring Summary
•Cyber Incident Summary
RW
•Cyber Threat Summary
•Remediation Recommendations
Executive Summary
Term for data breach that is happening right now
IA
IoA Indicators of Attack
Users beta test software and report findings
TO
User Acceptance testing (UAT)
Dispenses with the idea of a hypervisor and instead enforces resource separation at the operating system level
CN
Containerization
Scanning type that probes the device's configuration using some sort of network connection with the target. It consumes more network bandwidth and runs the risk of crashing the target
PA
Active
Security standard for ecommerce websites that accept Visa and Mastercard
GS
PCI-DSS
Which of the following will you construct to establish a framework for threat assessment during threat hunting
KS
Hypothesis
Manually looking over app code
BZ
Static testing
Tool you would use to prevent the exposure of PII in emails and file transfer
PL
DLP (Data Loss Prevention)
A validated vulnerability tool that adheres to standard checklist for scanning processes, results reporting, scoring, and vulnerability prioritization. This protocol standard is commonly used to uphold internal and external compliance requirements.
RT
SCAP Security Content Automation Protocol
List of publicly disclosed computer security flaws.
RT
CVE (Common Vulnerability and Exposure?
The time it takes an organization to neutralize an resolve identified threat
BF
MTTR (Mean Time to Remediate)
Evaluates whether changes in software have caused previously existing functionality to fail
TR
Security regression testing
A specialized internal communications network that interconnects components in a vehicle
BW
CAN Controller Area Network
Generates a score from 0 to 10 based on the severity of the vulnerability. A score of 0 means the vulnerability is less significant than the highest vulnerability with a score of 10
NS
CVSS Common Vulnerability Scoring System
What would help to minimize human interaction and help improve the process in security operations
AW
SOAR Security Orchestration Automation Response
What risk management principle would George be following by purchasing an insurance policy in case of an incident?
SF
Transfer risk
Making sure the desired input values happens on a web app
IV
Input validation
Encrypted container for sensitive data inside of CPU or memory
SE
Secure Enclave
Term for when a real vulnerability is overlooked by scanner
SC
False negative