This technique is called "baiting." It involves leaving a device (in this case, a malware-infected USB drive) in a location where someone may find it and plug it into a computer out of curiosity. Once connected, the malware can infect the victim's computer.

When an IDS generates an alert for non-malicious activity, it's called a 'False Positive,' indicating a potential security concern that is, in fact, benign.

Defense-in-Depth is a security strategy that advocates implementing multiple layers of security measures. This approach helps to provide redundancy and ensure that even if one layer is breached, other layers can still protect the system. Single Sign-On, Two-Factor Authentication, and Encryption are important security concepts but not the same as Defense-in-Depth.

"Stateful inspection" in firewalls refers to the method of tracking the state of active connections and making decisions based on the context of the traffic, enhancing security by understanding the state of network connections.

Antivirus software is commonly used to scan a computer system for known malware signatures. It compares files and activities on the computer to a database of known malware signatures to detect and remove malicious software.

Data Loss Prevention (DLP) solutions often employ Machine Learning algorithms to identify and classify sensitive data. These algorithms learn from historical data and predefined criteria to recognize patterns associated with sensitive information, helping prevent data leaks and breaches.

IPsec (Internet Protocol Security) is designed to secure network communication, ensuring data integrity and confidentiality. It's often used to create VPNs for secure network connections.

APTs aim at "Data Exfiltration," which involves stealing data over an extended period, focusing on long-term gains, not causing immediate harm.

Penetration Testing is the process of intentionally finding and exploiting vulnerabilities in a system with the goal of improving its security. Unlike malicious hacking or cracking, penetration testing is done with the organization's consent to identify and rectify vulnerabilities before potential attackers can exploit them.

The tester exploited a weakness in Social Engineering, as they used tactics to manipulate people into allowing unauthorized physical access.

The technique where attackers trick users into revealing their passwords by pretending to be legitimate tech support is known as Social Engineering. It's a psychological manipulation technique to gain confidential information.

Emily is engaged in the process of "Server Hardening." This involves securing a server by minimizing vulnerabilities, such as disabling unnecessary services, strengthening password policies, and removing or disabling default accounts. The goal is to reduce the server's attack surface.