Threat Management Terms and Concepts Flashcards

FrontBack
What is vulnerability management?Vulnerability management is the process of identifying, classifying, remediating, and mitigating vulnerabilities.
Define 'rootkit'.A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software.
What is a zero-day vulnerability?A zero-day vulnerability is a software security flaw that is known to the software vendor but does not have a patch in place to fix the flaw.
Name a common source of threat intelligence.Common sources include open-source intelligence (OSINT), commercial threat intelligence providers, and internal threat data.
What is ransomware?Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
What is malware?Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.
List the steps in the vulnerability management process.The steps are identification, evaluation, treatment, and reporting.
What is a false positive in threat detection?A false positive occurs when benign activity is incorrectly identified as malicious.
What is a botnet?A botnet is a number of internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attacks (DDoS).
What is a false negative in threat detection?A false negative occurs when malicious activity is not detected by the security systems.
Explain threat hunting.Threat hunting is a proactive cybersecurity search through networks and endpoints to find malicious actors that have evaded existing security solutions.
Define the term 'attack vector'.An attack vector is a path or means by which a hacker can gain access to a computer or network server to deliver a payload or malicious outcome.
Explain the term 'exploit'.An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur.
Define phishing.Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.
What are indicators of compromise (IoCs)?IoCs are pieces of data that indicate a potential breach or malicious activity within a network or system.