Identity & Access Management
This authentication factor uses something you are, such as fingerprint or retinal scan.
What is biometric authentication
The process of monitoring systems for security-related events and generating alerts.
What is security logging and monitoring?
This technology uses algorithms to analyze past attack patterns and predict new security threats.
What is threat intelligence
Organizations comply with PCI DSS to ensure they securely handle?
What is payment card data
The standard framework for scoring vulnerabilities based on severity.
What is CVSS (Common Vulnerability Scoring System)
The principle that users should only have access to the minimum information and resources necessary for their roles.
What is the PoLP
A security leader must ensure their team follows an incident response plan. The first step of incident response is?
What is identification
A network-based security solution that analyzes traffic for malicious behavior and can block threats.
What is an intrusion prevention system (IPS)
HIPAA compliance is required for organizations that handle?
What is protected health information (PHI)
A vulnerability’s exploitability is influenced by ease of access and?
What is attack complexity
A federation identity system allows users to authenticate once and access multiple systems. A widely used protocol for this is?
What is SAML
Security teams use SIEM tools to collect and analyze log data from various sources. SIEM stands for?
What is Security Information and Event Management
The practice of isolating critical systems from the rest of the network to reduce attack vectors.
What is network segmentation
Automated tools scan systems for security weaknesses. The two main types of scans are credentialed and?
What is non-credentialed scanning
This metric evaluates the likelihood that a vulnerability will be exploited.
What is threat likelihood or risk probability
This framework ensures that identities and access permissions are continuously monitored and updated in response to risk.
What is Identity Governance & Administration (IGA)
A leadership principle emphasizing proactive security measures and integrating security into development workflows.
What is DevSecOps
A security operations center (SOC) primarily focuses on?
What is threat monitoring and response
The regulation that requires organizations to protect EU citizens’ personal data and privacy.
What is GDPR (General Data Protection Regulation)
The term for the amount of time an organization has before an attacker exploits a newly discovered vulnerability.
What is time-to-exploit
The protocol used to grant third-party apps limited access to a user's account without exposing their credentials.
What is OAuth?
The cybersecurity framework developed by NIST includes five functions: Identify, Protect, Detect, Respond, and?
What is Recover
This type of malware encrypts a victim’s files and demands payment for decryption.
What is ransomware
The cybersecurity audit process that verifies compliance with a given security framework.
What is an assessment
A vulnerability with no available fix or mitigation is known as?
What is a zero-day vulnerability