Deeper that Dark
Risky Business
Back it up
Cyber Shenanigans
Lock & Key
100

This decentralized communication method is commonly used on the dark web to anonymize user activity and prevent tracking.

What is Onion Routing

100

This attack manipulates a system by modifying a file or resource between the time it is checked and the time it is used.

What is Time of Check to Time of Use (TOCTOU)

100

This plays a vital role in data protection and recovery, capturing the state of a system at a specific point in time.

Snapshot

100

Tools such as Nmap, Nessus, or OpenVAS perform this task.

What is Network Scanning

100

 This process tracks all the organization’s critical systems, components, devices, and other objects of value in an inventory.

What is Asset Management

200

This type of cybersecurity error occurs when a legitimate threat is mistakenly classified as harmless, allowing an attack to proceed undetected.

What is a False Negative

200

This type of vulnerability occurs when an application writes more data than expected into a memory buffer, potentially allowing attackers to execute arbitrary code.

What is Buffer Overflow

200

These file systems maintain a record of all changes made to files, allowing for data recovery and consistency checks after unexpected system shutdowns or crashes.

What is Journaled File System (JFS) or New Technology File System (NTFS)

200

This is a centralized repository of information related to an organization's IT infrastructure, including assets, configurations, and relationships.

What is Configuration Management Database (CMDB)

200

Tangible assets can be identified using this.

Barcode label or radio frequency ID (RFID)

300

This testing approach grants full visibility into an application's source code, configuration, and architecture to analyze potential vulnerabilities.

What is Partially known environment testing (White box)

300

This vulnerability occurs when multiple processes access shared resources in an unpredictable sequence, leading to unintended behavior.

What is Race Condition

300

This is an official document that verifies the secure and complete destruction of specific materials or items.

Certificate of Destruction

300

This type of application attack injects malicious SQL commands to manipulate a database.

What is SQL injection

300

This is a cheaper means of providing surveillance than maintaining separate guards at each gateway or zone. 

Video Surveillance

400

This scoring system, ranging from 0 to 10, rates the severity of security vulnerabilities.

What is the Common Vulnerability Scoring System (CVSS)

400

This malicious technique injects harmful code into a running application's memory, allowing an attacker to manipulate its execution.

What is Memory Injection

400

This refers to the process of ensuring that an organization can maintain or quickly resume its critical functions in the event of a disruption, disaster, or crisis.

Continuity of operations (COOP)

400

This risk occurs when applications fail to properly validate input, allowing attackers to execute harmful scripts in a user's browser.

What is cross-site scripting (XSS)

400

These are critical in implementing physical security measures, providing proactive detection and alerting capabilities against potential security breaches.

Sensors

500

This represents the extent to which an asset is susceptible to being compromised or impacted by a specific vulnerability, and it helps assess the potential impact or loss that could occur if the vulnerability is exploited.

What is Exposure Factor (EF)
500

This web security vulnerability tricks a logged-in user into unknowingly performing unintended actions on a trusted website, often leveraging their authentication credentials.

What is Cross-Site Request Forgery (CSRF)

500

This type of backup involves transferring data to a remote location to ensure protection against natural disasters, theft, and other physical threats to local infrastructure, as well as catastrophic system loss that can result from ransomware infection, for example.

What is Off-site backups
500

This testing method simulates real-world cyberattacks to identify exploitable weaknesses in a system.

What is penetration testing or ethical hacking

500

Also known as a mantrap, this is a security measure that regulates entry to a secure area.

What is Access Control Vestibule