Definations

Question 1

Enumeration

Answer 1

enumeration means collecting detailed information about a system, network, or service after finding it is alive.

👉 In simple words:
It’s like knocking on a door (scanning), and when someone answers, you start asking questions to learn who lives there, what they do, and how the house is set up (enumeration).

Attackers (and also security testers) use enumeration to gather details such as:
• Usernames
• Shares (shared folders/files)
• Services running
• Network resources
• System info

Question 2

E discovery in the incident response

Answer 2

In incident response, E-discovery (electronic discovery) is about collecting and preserving digital evidence (like logs, emails, files, or system data) that might later be needed for investigation or legal purposes.

Question 3

NETFlow

Answer 3

NetFlow
• A network protocol developed by Cisco that collects metadata about IP traffic flows.
• Used for network monitoring, traffic analysis, and security (e.g., detecting anomalies, DDoS patterns, or data exfiltration).
• Focus in Security+: helps with network visibility and intrusion detection.

Question 4

Hacktivist

Answer 4

Hacktivist
• A type of threat actor who hacks for political, social, or ideological reasons (not for money).
• Example: defacing websites to protest government actions.
• Security+: important when identifying threat motivations.

Question 5

Playbook

Answer 5

Playbook
• A collection of predefined procedures or scripts for responding to incidents.
• Example: a playbook for ransomware → isolate system, cut off network access, notify incident response team, start recovery.
• Security+: ties into incident response and automation.

Question 6

Technical Debt

Answer 6

Technical Debt
• The extra work and risk created when organizations take shortcuts in IT systems or software (e.g., delaying patches, using outdated libraries, skipping best practices).
• Increases vulnerability exposure.
• Security+: highlights why patch management and secure coding are critical.

Question 7

Continuous Integration (CI)

Answer 7

Continuous Integration (CI)
• A DevOps practice where developers frequently merge code changes into a shared repository, automatically tested and built.
• Improves software quality, but if insecure, attackers can inject malicious code into pipelines.
• Security+: focus is on DevSecOps → integrating security checks into CI/CD.

Question 8

Easy to learn

Answer 8

NetFlow → monitors traffic patterns.
• Hacktivist → politically motivated attacker.
• Playbook → incident response guide.
• Technical Debt → risk from shortcuts.
• Continuous Integration → DevOps practice with security implications.

Question 9

User Behavior Analysis (UBA)

Answer 9

User Behavior Analysis (UBA)
• A security process that monitors and analyzes user actions and patterns to detect abnormal or risky behavior.
• It builds a baseline of what “normal” looks like for each user (logins, file access, data transfers, etc.).
• If a user suddenly does something unusual — like logging in from a strange location at 3 AM or downloading massive amounts of data — UBA flags it as suspicious.

Question 10

Attestation

Answer 10

In cybersecurity, attestation is the process of proving the integrity of a device, software, or environment — basically showing that it hasn’t been tampered with.