Threat & Vulnerability Management
What is the primary purpose of a vulnerability scan?
To identify known weaknesses in systems or applications.
What does SIEM stand for?
Security Information and Event Management.
What is the first step in the incident response process?
Preparation.
What is the role of a firewall?
To control incoming and outgoing network traffic based on rules.
What does GDPR stand for?
General Data Protection Regulation.
Which type of scan identifies vulnerabilities without exploiting them?
Non-intrusive scan.
What is the function of a SOAR platform?
To automate and orchestrate security operations and incident response.
What is an indicator of compromise (IOC)?
Evidence that a system may have been breached.
What is a honeypot?
A decoy system used to lure and analyze attackers.
What is the purpose of a risk assessment?
To identify and evaluate potential threats to assets.
What is CVSS used for?
To score the severity of vulnerabilities.
What is the difference between logs and alerts?
Logs are records of events; alerts are notifications of suspicious activity.
What is the purpose of containment in incident response?
To limit the spread of an incident.
What is the difference between IDS and IPS?
IDS detects threats; IPS detects and blocks them.
What is the difference between a policy and a procedure?
A policy is a high-level rule; a procedure is a step-by-step guide.
What is the difference between a false positive and a false negative in vulnerability scanning?
A false positive flags a non-issue as a threat; a false negative misses a real threat.
What is lateral movement in a cyberattack?
When an attacker moves within a network to access additional systems.
What is the difference between eradication and recovery?
Eradication removes the threat; recovery restores systems to normal.
What is network segmentation?
Dividing a network into smaller parts to improve security.
What is due diligence in cybersecurity?
Taking reasonable steps to protect systems and data.
What is the purpose of a baseline configuration in vulnerability management?
To establish a secure, known-good state for comparison and monitoring.
What is the MITRE ATT&CK framework used for?
To categorize and understand adversary tactics and techniques.
What is a post-incident review?
A meeting to analyze the incident and improve future response.
What is the purpose of a jump box?
To provide secure access to systems in a segmented network.
What is the purpose of a business impact analysis (BIA)?
To determine the effects of disruptions on business operations.