SCOR - Security Concepts

Which of the following is a collection of industry standards and best practices to help organizations manage cybersecurity risks?

a. MITRE

b. NIST Cybersecurity Framework

c. ISO Cybersecurity Framework

d. CERT/cc

B

_________ is any potential danger to an asset.

a. Vulnerability

b. Threat

c. Exploit

d. None of these answers is correct.

B

A ___________ is a weakness in the system design, implementation, software, or code, or the lack of a mechanism.

a. vulnerability

b. threat

c. exploit

d. none of these answers are correct

A

Which of the following is a piece of software, a tool, a technique, or a process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system?

a. Exploit

b. Reverse shell

c. Searchsploit

d. None of these answers is correct.

A

Which of the following is referred to as the knowledge about an existing or emerging threat to assets, including networks and systems?

a. Exploits

b. Vulnerabilities

c. Threat assessment

d. Threat intelligence

D

Which of the following are examples of malware attack and propagation mechanisms?

a. Master boot record infection

b. File infector

c. Macro infector.

d. All of these answers are correct.

D

Vulnerabilities are typically identified by a ___________.?

a. CVE

b. CVSS

c. PSIRT

d. None of these answers is correct.

A

SQL injection attacks can be divided into which of the following categories?

a. Blind SQL injection

b. Out-of-band SQL injection

c. In-band SQL injection

d. None of these answers is correct.

e. All of these answers are correct.

E

Which of the following is a type of vulnerability where the flaw is in a web application but the attack is against an end user (client)?

a. XXE

b. HTML injection

c. SQL injection

d. XSS

D

Which of the following is a way for an attacker to perform a session hijack attack?

a. Predicting session tokens

b. Session sniffing

c. Man-in-the-middle attack

d. Man-in-the-browser attack

e. All of these answers are correct.

E

A denial-of-service attack impacts which of the following?

a. Integrity

b. Availability

c. Confidentiality

d. None of these answers is correct.

B

Which of the following are examples of security mechanisms designed to preserve confidentiality?

a. Logical and physical access controls

b. Encryption

c. Controlled traffic routing

d. All of these answers are correct

D

An attacker is able to manipulate the configuration of a router by stealing the administrator credential. This attack impacts which of the following?

a. Integrity

b. Session keys

c. Encryption

d. None of these answers is correct.

A

Which of the following is a cloud deployment model?

a. Public cloud

b. Community cloud

c. Private cloud

d. All of these answers are correct.

D

Which of the following cloud models include all phases of the system development life cycle (SDLC) and can use application programming interfaces (APIs), website portals, or gateway software?

a. SaaS

b. PaaS

c. SDLC containers

d. None of these answers is correct.

B

Which of the following is not a communications protocol used in IoT environments?

a. Zigbee

b. INSTEON

c. LoRaWAN

d. 802.1x

D

Which of the following is an example of tools and methods to hack IoT devices?

a. UART debuggers

b. JTAG analyzers

c. IDA

d. Ghidra

e. All of these answers are correct.

E

Which of the following is an adverse event that threatens business security and/or disrupts service?

a. An incident

b. An IPS alert

c. A DLP alert

d. A SIEM alert

A

What kind of attacks can botnets do?

DDOS, mass-send spam emails