CPA Exam Lab
All patterns
Security and system resilience

The Threat Taxonomy

Name the threat precisely: a worm self-propagates, a vulnerability is a weakness not an attack, and a zero-day has no patch yet.

How the exam words it

The playbook

  1. 1Classify malware by behavior: a worm self-replicates across a network without a host, a virus needs a host file and user action, and ransomware encrypts data for extortion.
  2. 2Separate the concepts: a vulnerability is a weakness, a threat is a potential cause of harm, and risk is the likelihood and impact of a threat exploiting a vulnerability.
  3. 3Identify the vector: SQL injection targets a database through unvalidated input, phishing casts wide while spear phishing targets a specific person, and DoS exhausts availability.
  4. 4Flag a zero-day as an exploit of an unknown flaw with no available patch, and distinguish vulnerability scanning (finds weaknesses) from penetration testing (actively exploits them).

The trap

Calling a worm a virus, or labeling a vulnerability an attack. A worm self-propagates without a host and without user action; a vulnerability is only a weakness, not the exploit itself.

How the exam varies it

The same pattern, re-skinned along these axes:

Malware type: worm versus virus versus ransomware or trojanThreat versus vulnerability versus riskAttack vector identification, and scanning versus penetration testing

Drill this pattern

8 questions of The Threat Taxonomy from across the AUD topics. Clear it by getting 5 right with a streak of 3.

Shows up in 1 ISC topic