Security and system resilience
The Threat Taxonomy
Name the threat precisely: a worm self-propagates, a vulnerability is a weakness not an attack, and a zero-day has no patch yet.
How the exam words it
- -The stem describes malware and asks for its type, contrasting a worm, a virus, ransomware, a trojan, or spyware.
- -It contrasts a threat, a vulnerability, and a risk and asks which term fits.
- -It describes an attack technique (SQL injection, phishing or spear phishing, a denial-of-service flood) and asks to name it.
- -It asks why a zero-day is dangerous, or contrasts vulnerability scanning with penetration testing.
The playbook
- 1Classify malware by behavior: a worm self-replicates across a network without a host, a virus needs a host file and user action, and ransomware encrypts data for extortion.
- 2Separate the concepts: a vulnerability is a weakness, a threat is a potential cause of harm, and risk is the likelihood and impact of a threat exploiting a vulnerability.
- 3Identify the vector: SQL injection targets a database through unvalidated input, phishing casts wide while spear phishing targets a specific person, and DoS exhausts availability.
- 4Flag a zero-day as an exploit of an unknown flaw with no available patch, and distinguish vulnerability scanning (finds weaknesses) from penetration testing (actively exploits them).
The trap
Calling a worm a virus, or labeling a vulnerability an attack. A worm self-propagates without a host and without user action; a vulnerability is only a weakness, not the exploit itself.
How the exam varies it
The same pattern, re-skinned along these axes:
Malware type: worm versus virus versus ransomware or trojanThreat versus vulnerability versus riskAttack vector identification, and scanning versus penetration testing
Drill this pattern
8 questions of The Threat Taxonomy from across the AUD topics. Clear it by getting 5 right with a streak of 3.