3.6. Reflection Checkpoint

Key Takeaways

Before proceeding to Phase 4, ensure you can:

• Categorize any threat actor by type, resources, and motivation
• Identify the threat vector in a given attack scenario (message-based, network, supply chain, human)
• Match vulnerability types to their correct category (application, OS, cloud, cryptographic, zero-day)
• Recognize indicators of specific malware types (ransomware vs. worm vs. rootkit)
• Distinguish between similar attacks (XSS vs. CSRF, password spraying vs. brute force, phishing vs. pretexting)
• Select appropriate mitigations for given threats (segmentation, patching, hardening, monitoring)
• Explain why allow listing is more restrictive than blocklisting

Connecting Forward

Phase 4 moves from understanding threats to designing defenses. You'll learn how to architect secure networks with proper segmentation, deploy firewalls and intrusion detection systems in the right locations, protect data through classification and encryption, and build resilience through redundancy and disaster recovery. The threats from Phase 3 become the design requirements for Phase 4's security architecture.

Self-Check Questions

1. A company discovers that a software update from their IT management vendor installed a backdoor on 5,000 of their systems. What type of attack vector is this? Which threat actor type is most likely responsible? What mitigations could have limited the impact?

2. A SOC analyst notices that a single user account has failed login attempts from 47 different countries over the past hour, but has also successfully logged in from the company's headquarters. What attack type is this? What behavioral indicator makes it suspicious? What should the analyst do first?

3. A web application's error page displays the full database connection string, including the server name and database credentials. What type of vulnerability is this? Which CIA property does it threaten? What specific coding practice would have prevented it?