| Acronym | Definition |
|---|
| What is malware? | Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. |
| Define phishing. | Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. |
| What is ransomware? | Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. |
| What are indicators of compromise (IoCs)? | IoCs are pieces of data that indicate a potential breach or malicious activity within a network or system. |
| Name a common source of threat intelligence. | Common sources include open-source intelligence (OSINT), commercial threat intelligence providers, and internal threat data. |
| Explain threat hunting. | Threat hunting is a proactive cybersecurity search through networks and endpoints to find malicious actors that have evaded existing security solutions. |
| What is vulnerability management? | Vulnerability management is the process of identifying, classifying, remediating, and mitigating vulnerabilities. |
| List the steps in the vulnerability management process. | The steps are identification, evaluation, treatment, and reporting. |
| What is a false positive in threat detection? | A false positive occurs when benign activity is incorrectly identified as malicious. |
| What is a false negative in threat detection? | A false negative occurs when malicious activity is not detected by the security systems. |
| Define the term 'attack vector'. | An attack vector is a path or means by which a hacker can gain access to a computer or network server to deliver a payload or malicious outcome. |
| What is a zero-day vulnerability? | A zero-day vulnerability is a software security flaw that is known to the software vendor but does not have a patch in place to fix the flaw. |
| Explain the term 'exploit'. | An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur. |
| What is a botnet? | A botnet is a number of internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attacks (DDoS). |
| Define 'rootkit'. | A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. |