SY0-601 SEC+ Threat Actors, Intelligence Sources, & Vulnerabilities
Which of these statements is true regarding zero-day attacks?
All malware and exploits were a zero-day at one time or another
What component will typically store the instances of all organizational configuration items?
CMDB
Which type of threat actor has some level of information about the target but often needs more?
Gray hat
Which of these represents a likely primary or secondary loss due to using unsecure and upatched legacy platforms?
Identity theft Loss of avaliability Loss of reputation Data exfilitration
Match the threat intelligence source with the proper definition.
IoC - Network or host-based cyber observables or artifacts of an incursion STIX - A structured language for cyber threat intelligence Vulnerability databases - A collection and distribution of information about exposed computer security exposures OSINT - Data or information that can be collected legally from free, public sources concerning an individual or organization Dark web - An overlay network that is not indexed by search engines
Which of these are attributes of a structured attack?
Multi-phased Persistent Organized Planned
Which of these are valid examples of weak configuration vulnerabilities?
Open ports and services Weak cryptosystems Unhardened systems and protocols Defaults passwords
Which of these third-party risks would most likely occur due to the use of unsecure coding practices and lack of testing?
Outsourced container development
Which source of research would be published by the IEEE?
RFC
Which is an advantage of on-premise database solution as opposed to a cloud service provider?
The threat actors are typically internal privileged users
What term describes the technique or method used to exploit a vulnerability or deliver a malware payload?
Threat vector