Identifying Attack Surfaces and Threat Vectors

These flashcards are designed to help review key concepts related to attack surfaces and threat vectors in cybersecurity.

The __ represents all reachable points where a threat actor could attempt to exploit a system.

Attack surface

Minimizing the attack surface involves restricting access to known ____, protocols, and services.

Endpoints

A __ is the specific path or means used by an attacker to deliver a malicious payload.

Threat vector.

Mitigating vectors requires constant monitoring for __ and assessing for new vulnerabilities.

Intrusions

__ systems are particularly vulnerable because the vendor no longer provides security patches.

Unsupported

Vulnerable software contains flaws that allow actors to crash processes or circumvent __.

Access controls

Threat actors often perform reconnaissance using __ scanning to avoid detection.

Agentless

A secure network relies on an access control framework and __ solutions for protection.

Cryptographic

Email and SMS attacks frequently use __ to trick users into compromising security.

Social engineering

In __, attackers commit resources to perfectly mimic a company's logo and formatting.

Brand impersonation

A __ attack targets a specific group by infecting a legitimate website they often visit.

Watering hole

The goal of a __ campaign is to intentionally deceive targets with false information.

Disinformation

Removable devices and malicious document files are common types of __ vectors.

Lure-based

Attackers can expand their reach in cloud environments by finding and exploiting weak __.

Credentials

A __ attack uses an unsecured network to flood a service and make it unavailable.

Denial of Service (DoS)