SY0-601 SEC+ Threat Actors, Intelligence Sources, & Vulnerabilities

Which of these statements is true regarding zero-day attacks?

All malware and exploits were a zero-day at one time or another

What component will typically store the instances of all organizational configuration items?

CMDB

Which type of threat actor has some level of information about the target but often needs more?

Gray hat

Which of these represents a likely primary or secondary loss due to using unsecure and upatched legacy platforms?

Identity theft Loss of avaliability Loss of reputation Data exfilitration

Match the threat intelligence source with the proper definition.

IoC - Network or host-based cyber observables or artifacts of an incursion STIX - A structured language for cyber threat intelligence Vulnerability databases - A collection and distribution of information about exposed computer security exposures OSINT - Data or information that can be collected legally from free, public sources concerning an individual or organization Dark web - An overlay network that is not indexed by search engines

Which of these are attributes of a structured attack?

Multi-phased Persistent Organized Planned

Which of these are valid examples of weak configuration vulnerabilities?

Open ports and services Weak cryptosystems Unhardened systems and protocols Defaults passwords

Which of these third-party risks would most likely occur due to the use of unsecure coding practices and lack of testing?

Outsourced container development

Which source of research would be published by the IEEE?

RFC

Which is an advantage of on-premise database solution as opposed to a cloud service provider?

The threat actors are typically internal privileged users

What term describes the technique or method used to exploit a vulnerability or deliver a malware payload?

Threat vector