Question 1: An attacker sends a text message claiming to be the US Postal Service with a link to track a package. What threat vector is this?
Question 2: A security team discovers that 500 employees' browsers are running a malicious extension that was submitted to the browser's extension store. What threat vector does this represent?
Question 3: An organization's network was breached through a third-party HVAC vendor's system. What attack concept does this illustrate?
Question 4: Which defense specifically prevents unauthorized devices from accessing a wired or wireless network by requiring authentication before granting network access?
Question 5: A hospital is still running Windows XP on several legacy medical devices because the vendor no longer supports them and replacement is not currently budgeted. What threat vector does this create?
Matching: Threat Vector Terms
Match each term to its correct definition.
TERM
DEFINITION
Performance Task
A company's security consultant performs a comprehensive threat vector review and finds: (1) all routers still use default admin/admin credentials, (2) a department has been running Windows 7 for 3 years with no patches, (3) the MSP has access to all internal systems with no MFA. Write the prioritized remediation plan.
Priority 1 β Default Credentials (Immediate: within 24 hours):
Default credentials on all routers must be changed immediately. This is the highest-urgency finding because it requires zero technical skill to exploit β any attacker who discovers the device model can look up the default credentials on routerpasswords.com and gain full administrator access to every router in the organization. A compromise of the routers enables traffic interception, routing manipulation, and access to all network segments. Assign a technician to physically or remotely access each router and set a unique, strong password meeting the organization's password policy. Document all new credentials in the organization's password manager. Verify the change on each device.
Priority 2 β MSP Access Without MFA (Immediate: within 48 hours):
The MSP has privileged access to all internal systems β this is one of the highest-risk access configurations possible. Without MFA, a single stolen or phished MSP employee credential provides authenticated, privileged access to the entire organization. Require MFA immediately for all MSP remote access sessions β no exceptions. Additionally, audit the scope of MSP access: does the MSP need access to every internal system, or can access be scoped to only the systems they actively manage? Implement least-privilege access restrictions so the MSP can only reach systems within their defined management scope, with access to sensitive systems requiring additional authorization. Review MSP access logs for any unusual activity going back 90 days to determine if unauthorized access has already occurred.
Priority 3 β Unsupported Windows 7 Systems (Within 1β2 weeks, with interim mitigations immediate):
Windows 7 reached end-of-life in January 2020. These systems have been accumulating unpatched vulnerabilities for three years. Establish an immediate network isolation plan: move Windows 7 systems to an isolated VLAN with tightly restricted firewall rules β allow only the minimum network traffic required for their business function. This reduces the blast radius if any of these systems are compromised. Simultaneously, begin the upgrade project: identify which applications are preventing upgrade, engage vendors for updated versions supporting current OS, and establish a timeline for replacement or application migration. If specific systems cannot be upgraded within an acceptable timeframe, formally document the risk, implement all available compensating controls (host-based firewall, endpoint protection if available for EOL OS, physical access restrictions), and get sign-off from leadership on the accepted risk.