1_5_4 Section 1 – Attacks, Threats, and Vulnerabilities - 1.5 – Threat Actors and Vectors - Threat Research

Questions and Answers

What is the first step to stopping a threat?

Researching potential threats

Implementing security measures

Collecting research information

Understanding the threat exists (correct)

Why do you need to collect research information from many different resources?

To identify the methods of attackers

To know the vendors of the operating systems

To understand the scope of the threats (correct)

Because each resource provides a complete understanding of the threats

Where should you start when researching threats associated with an operating system or application?

Online forums and discussion boards

The companies that wrote the operating system or application (correct)

The National Institute of Standards and Technology

Independent security research organizations

What is the National Vulnerability Database?

A database of known vulnerabilities

What is the purpose of a vendor's notification process?

To inform customers of known vulnerabilities

What does CVE stand for?

Common Vulnerabilities and Exposures

What can be a valuable tool for gathering information on Twitter?

Using the search feature for specific CVEs or keywords

Why is it important to have an automated threat feed?

To receive immediate notifications of emerging threats

What is a TTP in the context of security threats?

Tactic, Technique, and Procedure

Why is it important to know where an attacker likes to focus their efforts?

To focus on a specific area of defense

What can be used to monitor how malware is operating on a network?

Twitter posts

What is the benefit of understanding an attacker's TTP?

Recognizing tactics and detecting threats

What is a common practice to supplement a vulnerability database?

Roll up third-party feeds into one central system

What can be learned from conferences?

The latest vulnerabilities and threats

What type of information can be found in academic journals?

Detailed information about attack types and malware

What are RFCs used for?

Tracking and formalizing security standards

What can be learned from reading RFCs?

How standards are supposed to operate and potential vulnerabilities

What is the purpose of a user group meeting?

To gather information from people presenting and other members

What type of information can be found on social media?

Description of recent vulnerabilities and attacks

What is the benefit of attending conferences?

Learning from people who have gone through attacks

What is the purpose of a central vulnerability management system?

To track the latest vulnerabilities and identify environment-specific ones

Why are academic journals useful?

They provide detailed information about attack types and malware

What is the primary reason why an IT professional needs to continuously research threats?

To understand the changing scope of threats

Where can you find comprehensive information about vulnerabilities in an operating system or application?

Vendor's website

What is the primary purpose of a vendor's notification process?

To notify users about discovered vulnerabilities

Why is it important to collect research information from multiple sources?

To bring together diverse perspectives and information

What is the National Vulnerability Database used for?

To maintain a list of known vulnerabilities and exposures

What is the benefit of understanding how an attacker gets into one network?

It helps to develop a comprehensive understanding of attack methods

What is the primary benefit of using Twitter for threat intelligence?

To search for CVEs and bug bounty announcements

What type of information is often provided by automated threat feeds?

Tactics, techniques, and procedures used by attackers

Why is it important to understand an attacker's TTP?

To recognize and respond to threats more effectively

What is a common challenge with understanding attacker TTPs?

They change depending on the situation

Why is it useful to know where an attacker likes to focus their efforts?

To prioritize defense in those areas

What type of resources can provide automated threat feeds?

Government agencies and security organizations

What is the primary purpose of a central vulnerability management system?

To keep track of all the latest vulnerabilities and identify those specific to your environment

What can be learned from researchers presenting at conferences?

New trends in the industry and information about the latest hacks

Why are academic journals useful for security professionals?

They provide detailed information about attack types and how to deal with them

What is a common source of information for security professionals?

All of the above

What can be found in RFCs?

Detailed analysis of certain types of threats

What is the benefit of attending user group meetings?

To meet local people in your area who can provide valuable resources

What type of information can be found in user groups that are not specific to IT security?

Valuable technical information

What can be learned from reading about a deep dive into a type of malware?

Exactly how the malware operates

Why is it important to supplement a vulnerability database?

To identify vulnerabilities that may be specific to your environment

What is the purpose of conferences for security professionals?

To learn about new trends in the industry and information about the latest hacks