FREE SE Threat Identification Questions and Answers
What is the purpose of a threat model in the threat identification process?
A threat model helps Security Engineers understand the system's potential vulnerabilities and how attackers might exploit them. This process is essential for identifying and mitigating threats. It focuses on the paths attackers could take to compromise the system rather than simply prioritizing assets or geographic considerations.
Which of the following techniques are commonly used in threat identification?
Please select 2 correct answers
Vulnerability scanning involves identifying potential weaknesses in systems or networks by scanning for known vulnerabilities. Penetration testing (ethical hacking) is a proactive technique where simulated attacks are performed to discover vulnerabilities before malicious actors exploit them. Encryption and data compression are not directly related to threat identification; encryption is used to protect data, and data compression is used to reduce file size.
What is the first step a Security Engineer should take when identifying a potential threat?
The first step in threat identification is knowing what you're protecting. By identifying and categorizing assets (e.g., sensitive data, critical systems), a Security Engineer can prioritize and focus on threats that could affect those assets. Blocking traffic or implementing patches are response actions that come after threats are identified. Assessing impact comes after assets and threats are recognized.
Which of the following best defines a "zero-day vulnerability"?
A zero-day vulnerability refers to a software flaw that is discovered and exploited by attackers before the software developer can issue a fix or patch. It is termed "zero-day" because there are zero days between the discovery of the vulnerability and its exploitation. This makes it highly dangerous.
Which of the following actions helps a Security Engineer identify potential threats proactively?
Please select 2 correct answers
Network monitoring allows Security Engineers to detect suspicious or abnormal activity on the network, which may indicate a potential threat. SIEM tools collect, correlate, and analyze logs from multiple sources to identify threats in real-time. Post-incident forensics occurs after an attack has taken place, and data backup is a recovery measure rather than a proactive identification method.