Athreat vectoris the path or method used by a threat actor to exploit vulnerabilities, such as phishing, malware, or network attacks.

Zenmap is the graphical front end for Nmap. It performs host discovery, port scanning, service enumeration, and OS fingerprinting.

Policies are high-level statements of management intent and direction. Standards and procedures derive from policies.

Asecurity incidentis an event or series of events that indicates a possible compromise of confidentiality, integrity, or availability of information systems or data. According to NIST SP 800-61, incidents include attempted or successful unauthorized access, misuse, modification, or denial of service.

Not all incidents result in breaches, but all breaches are incidents. Incidents trigger incident response processes, investigations, and potential escalation depending on severity.

Password Authentication Protocol (PAP) is the least secure option because it transmits credentials in clear text over the network. This makes PAP highly vulnerable to eavesdropping and credential theft.

CHAP improves security by using challenge-response mechanisms. EAP supports strong authentication methods, including certificates and MFA. IPsec provides encrypted and authenticated network communication.

Because PAP lacks encryption and protection mechanisms, it is generally discouraged and considered obsolete. Modern security standards strongly advise against its use in favor of encrypted authentication protocols.

Metal detectors are effectivepreventive physical controlsthat detect electronic devices and storage media. They are commonly used in high-security environments to enforce device restrictions.

Ethernet (IEEE 802.3) defines wired LAN communication standards.

Type 1 authenticationrefers to “something you know,” such as a password, PIN, or passphrase. This is the most common and oldest form of authentication used in information systems.

Other authentication types include Type 2 (something you have, such as a smart card or token) and Type 3 (something you are, such as biometrics). Some models also define additional types, such as location-based or behavior-based authentication.

While easy to implement, Type 1 authentication is considered the weakest because secrets can be guessed, reused, stolen, or phished. For this reason, security best practices strongly recommend combining it with other authentication types using multi-factor authentication (MFA).

NIST and CIS guidelines consistently discourage reliance on single-factor, knowledge-based authentication for sensitive systems due to its susceptibility to compromise.

Privacy focuses on individual rights over personal information, distinct from confidentiality which focuses on access control.

Zero Trust assumes no implicit trust and requires continuous verification of users, devices, and access requests, regardless of location.