Chapter 13 Quiz 2

A specific vulnerability in a system

The likelihood of an attack

A potential danger to an asset, such as data or the network itself

A method used to exploit a vulnerability

The area of the system physically accessible to an attacker

The total number of vulnerabilities in a system accessible to an attacker

The method used to exploit a vulnerability

The likelihood of a threat exploiting a system vulnerability

An exploit that works over the network without prior access to the system

An exploit where the attacker has some type of user or administrative access to the system

An exploit that requires physical access to the system

An exploit where no account on the network is needed

Accepting the risk because it costs less than mitigation

Transferring the risk to a third party, such as an insurance company

Reducing the impact of the risk by taking action to lower it

Eliminating the activity or device that presents the risk

To identify and report vulnerabilities ethically

To commit crimes without personal gain

To violate computer and network security for personal gain or malicious reasons

To work for the government and gather intelligence

Hacktivists

Vulnerability brokers

Script kiddies

Cybercriminals

They protest social and political ideas

They steal government secrets and sabotage networks of foreign entities

They discover vulnerabilities and report them for rewards

They operate small-scale cybercrime networks

It focuses on the strategy behind an attack

It refers to the motivation of a threat actor

It provides evidence that an attack has occurred

It predicts future attacks

National Security Agency (NSA)

Federal Bureau of Investigation (FBI)

Cybersecurity and Infrastructure Security Agency (CISA)

European Union Agency for Cybersecurity (ENISA)

To promote network attacks

To train hackers to find vulnerabilities

To raise awareness and promote best security practices online

To increase profits for cybersecurity firms