network security final :((

A user is browsing a website when they get a popup from what appears to be a government agency. The message says the computer is involved in an illegal activity and they need to pay a fine online by entering their credit card number. The user tries to close the message, but they cannot. What category of action did the user most likely experience?

Kidnap

Jennifer's computer is infected due to a phishing scam. Based on the message presented, she is willing to pay in Bitcoin to regain access to her computer because she does not want to lose her video productions. However, she is having a difficult time launching a browser to pay the ransom. What type of malware was most likely installed?

Blocking ransomware

A company's network is infected with ransomware. They are told data has been stolen. In addition, they are told to pay a ransom to decrypt the data on their servers, or the stolen data will be released to the public. Which of the following would be the best option for the company?

There is no best option.

Which of the following are reasons for which ransomware is considered the most serious malware threat? Select two.

The consequences are considerable.

They occur with very high frequency.

Which of the following represents a disadvantage of a hardware keylogger?

It needs to be installed and retrieved without the threat actor being detected.

Florentina is analyzing a network and notices an unusual amount of traffic is being generated by some computers. Additional investigation reveals that most of the traffic is in the form of images being transmitted to an unfamiliar site. What specific type of malware was most likely installed on the compromised systems?

Software keylogger

Which of the following represents a true statement regarding the similarities or differences between keyloggers and spyware?

Spyware does not capture keyboard input.

Pamela installed a program that scanned the internet for coupons. A week later her bank account was hacked. How was Pamela's bank account most likely compromised?

She installed a computer Trojan

A user sees a message in their browser that appears to be from the company whose OS is installed on their computer. It displays a number to call support to fix the problem. When the user calls, the threat actor requests permission to install software to scan the system but instead installs a threat agent for later access. What type of malware did the attacker most likely install?

RAT

Jefferson downloads a version of PowerShell that is purported to have capabilities that exceed those of the native version. Shortly thereafter his computer starts to exhibit unusual behavior. The installed anti-malware tool does not reveal anything he does not already know. What type of malware is most likely to be installed on the system?

Fileless virus

How does a worm deliver its malicious payload?

It replicates itself over the network.

Which of the following best describes the risks of installing bloatware that is not harmful and does not contain malware? Select two.

It may inject advertising that interferes with web browsing.

The bundle may contain an unpatched application.

A company determines that some of their computers are using specially coded attack commands that have been posted on certain social media sites. Every single one of the infected computers is considered a ________.

zombie

On December 15, a small company starts transitioning to a new accounting package during their holiday break. Suddenly, on January 2, when employees return to work at 9:00 a.m., all computers in the accounting department repeatedly shut down within 15 minutes of being powered up. What type of malware is likely to have infected the computers?

Logic bomb

A security company is testing an unpatched server running an older OS connected to the internet in an isolated network. However, the anti-malware software installed on the server was consistently not able to detect a particular type of infection. What type of infection was least likely to be detected by the anti-malware app?

Rootkit

A malicious actor manages to install a backdoor on a system. What are some of the most likely reasons why they would do this? Select two.

For privilege escalation purposes

To circumvent security protections

Which of the following statements are true regarding an IoA or can be an example of an IoA? Select three.

An IoA is a sign an attack is currently in progress.

A user is not able to log into their account a day before their password expires.

A user checks email while in Europe and downloads a file as if in Australia within 6 minutes.

Company Beta does some testing on a highly anticipated software application and soon installs it in a production environment. Problems ensue so they contact Company Alpha, the company who released the software. While investigating the problem, Company Alpha discovers a buffer overflow vulnerability. What could have caused the vulnerability?

Poor coding practices

A malicious actor modifies the return address in an application to execute the code in the malware they injected into memory. What type of attack is this?

Buffer overflow

Which of the following statements best describes a TOCTTOU race condition?

When one thread overwrites the data created by another thread.

A software quality assurance associate is testing two modules in an application on a web server. One module generates data and the other reads data. However, whenever data is being generated, as soon as the module that reads data is initiated, the application crashes. Which of the following is most likely to be causing the problem?

Dereferencing a pointer with a NULL value.

A vulnerability in a web application infrastructure is most likely to affect which of the following? Select three.

Network

Databases

App servers

Hissana enters information on a compromised website, which does a poor job sanitizing the input. As a result, the web server sends back a response that infects her system. What type of attack is this?

XSS

A company is developing an online app that will require users to sign in using their email and a password. What should the company do to prevent SQLi attacks?

Filter inputs

Which of the following statements accurately describe similarities or differences between a CSRF and a SSRF attack? Select three.

A CSRF attack takes advantage of an authentication token.

A CSRF attack pretends to be an authorized user.

A SSRF attack can inject harmful data.

An attacker captures traffic with the intention of impersonating a legitimate user. In what type of attack is the malicious actor engaging?

Replay attack

Identify the differences and/or similarities between static analysis and dynamic analysis regarding AV software. Select two.

Static analysis uses signature-based monitoring.

Dynamic analysis looks for characteristics of a virus.

What means of protection can be used to help ensure a browsing experience is not susceptible to unauthorized interception of certain elements of the transmission? Select two.

Use HTTPS

Use secure cookies

Spiro is doing research on HIDS, HIPS, and EDRs in his quest to implement a stronger security posture in a small company that was recently awarded a government contract. Which of the following statements are true regarding the technologies he is researching? Select two.

EDR tools perform analytics that identify patterns and detect anomalies.

A HIPS attempts to block a malicious attack.

You are serving as a contractor at a company to help harden endpoints. Which of the following could you implement to help achieve the goal? Select two.

Use a patch management system.

Use an application allow list.

Why has there been a heightened interest by threat actors toward attacking mobile devices?

They have access to sensitive data.

A parent, who is a small business owner, takes their child on a business trip. The child uses the parent's phone during the flight. Unfortunately, the child leaves the phone on the plane, but the parent realizes it after it is too late to retrieve it. What kind of security could have prevented this type of vulnerability?

Physical security

A small company decides to adopt the COPE enterprise deployment model and supplies Android devices to its employees. Due to a significant downturn in the economy, they have not upgraded the devices in five years. What should the company do to limit the risk relative to the mobile devices?

Replace the devices with newer models.

An elderly person withdraws money from an ATM at a bus terminal. They are speaking on their cell phone and overlook retrieving the bank card from the card reader. A malicious actor is watching and steals the card. Unfortunately, the card has a small piece of tape with the PIN. The attacker waits a couple of hours after the elderly person has boarded a bus and goes to the ATM to withdraw money. Even though the elderly person has not yet realized their card is missing, the attacker is unsuccessful. Which of the following most likely thwarted the attacker's intent?

Geolocation

Excel is watching a game with friends in a public forum. He is an avid fan and enjoys debating how his favorite player happens to be the best player in the league. Shortly after the game he receives a message on his mobile device with a link purporting to be advertising T-shirts and other merchandise with his favorite player. What may have caused this to happen?

Malware on his phone was engaged in unauthorized recording.

An individual places a new USB cable near one of the charging stations at a busy airport. They wait from a nearby distance hoping someone will use the cable. What is the intent of the individual?

To send malicious commands to the device.

Jailbreaking an Apple iOS device or rooting on Android devices opens opportunities that allow the user to download and install apps from a larger pool of available sources. What are the risks, if any, associated with this type of activity?

Downloaded apps may contain malware that bypass the phone's security.

A commuter sees a flyer on a train with a QR code advertising high interest rates at an online bank. The commuter scans the code, but the website indicates the promotion has ended. Within a few days the commuter's phone starts sending messages to everyone in the contacts with a malicious link. How could this have been prevented?

Do not scan QR codes from unfamiliar sources.

Guang buys a mobile device at an Apple store. He wants to harden the device using two strong methods of authentication. Which of the following would you advise Guang to use? Select two.

Facial recognition

Password

A company uses the COPE enterprise deployment model. Every six months they delete outdated sales data from the mobile devices. However, sometimes users submit a help desk ticket to restore personal data that was accidentally deleted. How could this problem be prevented?

Use containerization.

Which of the following are features typically available when enabling loss or theft services on a mobile device? Select two.

Ability to remotely erase sensitive data stored on the device.

Ability to remotely lock the device.

Abeni is responsible for managing mobile devices where she works. She needs the ability to restrict jailbroken and rooted devices. In addition, she wants the ability to approve or quarantine new mobile devices. What tool should she deploy?

MDM

Anita is visiting a client when she discovers an app that was internally developed is missing from her mobile device. She contacts the home office, and they install the app remotely. What tool most likely provided this capability?

MAM

A firm is developing a new generation of a complex app for mobile devices. They expect the digital user's guide to contain at least 300 pages. It will be created in a collaborative effort authored by six individuals who work remotely. What tool can they use to help them keep track of editing history and version control regarding the user's guide?

MCM

Which of the following represents capabilities that UEM provides? Select all that apply.

Install applications remotely.

Enforce encryption settings.

Push notification services.

Record changes to digital documents.

Apply default device settings.

For security reasons, an app has the restriction that it can only be used within a one-kilometer radius of a secure facility. What is being used to enforce this restriction?

Geofencing

Which of the following best describes characteristics of embedded systems? Select two.

They are designed for a specific function.

They are contained within a larger system.

Identify the differences or similarities between the Raspberry Pi and the Arduino. Select three.

ICs on the Raspberry Pi and Arduino are not user programmable.

The Raspberry Pi has more processing power than the Arduino.

The Arduino is designed as a controller for other devices.

Which of the following statements best describe why it is beneficial to use a RTOS in a SoC?

A RTOS can handle very large amounts of data very quickly.

Horacio is on a space team developing a RTOS for a mission-critical device that may be exposed to radiation. Which of the following best describes ways in which the team can improve the functionality and security of the RTOS? Select two.

Implement OS self-inspection.

Implement hardware monitoring.

You work at a very large water treatment facility. Which of the following best describes systems you should secure and harden to help minimize any potential downtime? Select two.

SCADA systems

ICS systems

Which of the following statements are true relative to security constraints and cryptography regarding embedded systems and specialized devices? Select two.

A cryptographic algorithm should have low latency.

Decreasing latency in a cryptographic algorithm makes it run faster.

Which statement best describes why devices and systems that are optimized to draw very low levels of power lack the ability to perform strong security measures?

To preserve battery life.

Which of the following statements represents steps that can be taken to harden SCADA systems? Select two.

Disconnect unnecessary connections to the SCADA network.

Identify all connections to SCADA networks.

A threat actor uses an unpatched application to launch a specific executable file that has a vulnerability. The attacker uses the vulnerability in the executable as a means to make changes to the Microsoft Windows registry keys. What type of attack is the threat actor engaging in? Select two.

System tampering

Process spawning control

A senior software engineer starts working at a small company that wants to incorporate secure coding practices. Quality assurance currently begins after the application has been tested but before production. The engineer sees an opportunity and recommends adopting a method that breaks down the project into smaller biweekly development "bursts" that include testing. Which of the following statements are true? Select two.

The engineer prefers using the agile model.

The company is currently using the waterfall model

You are hired as a consultant to create a SecDevOps program at a software development firm. Which of the following are you most likely to implement? Select two

Employ automation wherever possible.

Embrace continuous modifications through the process with provision to roll back as needed.

Kaven, an app developer, works for an organization that requires the implementation of dead code. Why would the organization have such a policy? Select two.

To provide an unnecessary attack vector for attackers.

Because it is one of the secure coding techniques the organization uses.

At a software development company, team Alpha is responsible for static code analysis while team Beta is responsible for dynamic code analysis. Which of the following statements accurately describes the differences or similarities relative to how the teams conduct their analysis? Select two.

Static code analysis may include actively examining each line of code visually.

Dynamic code analysis is performed while the code is running.

As part of your software test engineering role at a corporation, you need to set up a system that generates random input to trigger events such as exceptions, memory corruption, and other security breaches. Which of the following will you deploy? Select two.

Fuzzing process

Dynamic code analysis

Alexandria works at a secure installation that requires a special ID card with her picture to gain access. An officer at the gate needs to scan the ID card before allowing employees to enter the installation. One day she forgets her card. However, since the officer recognizes her, the officer lets her pass through the gate. Which of the following elements, if any, did the officer violate (not enforce)?

Something you have

Viraa works at a virology lab that requires her to place her hand on a specialized "medical" device to scan certain genetic characteristics before being granted access. Which of the following is being used to prove her authenticity?

Something you exhibit

The letter I in IAM deals with which of the following items? Select two.

Identity proofing

Authentication

Divya logs in to her online bank account using a username and password, then proceeds to transfer money from one bank account to another. What likely safeguards has the bank implemented to secure her login credentials?

A digest of the current password Divya set is stored for comparison.

A security professional is analyzing passwords. What two observations (select two) can the analyst make regarding the following password: L0nd0nbr1dge!3

It exhibits characteristics of predictable patterns found among passwords.

It is a relatively weak password.

Which of the following are likely reasons why Attaqui, a threat actor, prefers to use password spraying attacks when targeting accounts? Select two.

It is less likely to raise any alarms.

It will not lock out the user account

Which of the following describes true statements regarding the process of uncovering passwords using a high-outcome password cracker?

It compares an existing database of hashes with hashes in the stolen password file.

A threat actor is building a computer for use in brute-force attacks. Which of the following is the attacker most likely to consider highly desirable?

A system with multiple powerful GPUs.

Which of the following statements accurately describes the differences or similarities between a brute-force attack and a dictionary attack? Select two.

Dictionary attacks are successful due to poor password policies.

A dictionary attack is a variation of an offline brute-force attack.

A calculating attacker manages to obtain the password digest from a department store. The attacker then proceeds to engage in a type of attack known as credential stuffing. How can you protect yourself against this type of attack?

Do not use the same password on multiple accounts.

A security team at a research company determines they are going to use the following mask because it provides the highest probability of success: u?l?l?l?l?d?d?d? Which of the following is the research team most likely trying to achieve?

To determine the most common password(s) based on the mask.

Shivo's login credentials to log into work have been stolen. As a result, he is continuously receiving SMS text messages from the MFA app on his phone. Shivo thinks it might be an MFA fatigue attack but is not sure. What should he do?

Contact the help desk.

A mid-sized company requires users to log in using an OTP sent to their smartphone in an SMS text. However, their plan is to replace the current system of authentication and provide everyone with a security key. What would motivate the company to take this action?

Because security keys do not generate OTPs.

Which of the following statements are true regarding physiological biometrics? Select two.

In some cases, retinal patterns may change during a person's lifetime.

It is more difficult to imitate cognitive biometrics than physiological biometrics.

Navana is responsible for implementing a cognitive biometric system to authenticate users at her company. Which one of the following elements will employees need to possess to log in successfully?

Something you are

An experienced threat actor manages to steal a password digest with 4 million entries. Their plan is to use a methodical series of password attack tools to try to crack as many passwords as possible but none of the passwords are available in plaintext. Which of the following will most likely be the next attack tool they will use?

Dictionary attack

How is a TOTP different from an HOTP? Select two.

An HOTP changes when a specific event occurs.

They both require the most steps to complete the authentication process.

Pooma is researching the viability of implementing keystroke dynamics to authenticate users. She writes a report highlighting some of the benefits. Which of the following statements is she most likely to include in the report as well as consider in the implementation plan? Select two.

No additional steps are required beyond entering the username and password.

It requires no specialized hardware.

A security engineer needs to implement password authentication on a highly specialized system. A requirement is that if two different users specify the same password, the stored digests will not be the same. How can this be accomplished?

Implement salting to make dictionary and brute-force attacks more difficult.

A security audit firm recommends using a technology that will help protect password digests at a corporation. Their recommendation will dramatically reduce the efficiency of password cracking endeavors should the password digest ever be stolen. Which of the following reflects what the security audit firm may have recommended? Select two.

Argon2

Key stretching

A large company wants to manage passwords in such a way to, among other things, require users to log a valid reason for accessing specific resources. In addition, they want to revoke access to those resources after a user session to safeguard privileged accounts. Which of the following should the company implement?

Password vaulting

Conrad stores multiple passwords in a user vault file that is protected by one strong password. Features include enhanced encryption and requiring a secret key file to be present when entering the master password to open the vault. Which of the following is Conrad using?

Password manager

An organization has been using a password management system/vault for their employees. However, they are concerned because they believe it is susceptible to malware. Which of the following is a possible solution to help minimize the concern?

Use a hardware password key.

Which of the following areas should Jochebed's company address to ensure they are following sound practices relative to passwords? Select all that apply.

Age

Reuse

Length

Yvon logs into a B2B system that uses SAML as one of its components to authenticate users. Which of the following is used to digitally sign Yvon's username?

Asymmetric cryptography

Zarak is researching methods of authentication that do not rely on passwords. He comes across a novel alternative called passkeys. Which of the following accurately describes its characteristics? Select two.

It uses multifactor authentication.

It stores authentication information in hardware.

A threat actor gains access to a system by compromising a user's account. The threat actor is then able to execute programs with the permissions of the subject whose account was compromised. This represents a weakness of which access control scheme?

DAC

If MAC is more restrictive than DAC, why does Windows include the use of DAC when granting access?

Because it first checks any requests against MIC and, if they pass, it then checks DAC.

Which of the following statements accurately describes the differences or similarities between RB-RBAC and ABAC? Select two.

The RB-RBAC scheme can dynamically assign roles to subjects based on a set of rules.

ABAC uses flexible policies that can combine attributes.

Dex logs into a system that uses a rather inefficient mechanism to check permissions. He issues a command to determine what files he can access and what operations he can perform on those files. What type of permission or authorization mechanism is most likely being used on the system?

ACL

A threat actor decides to engage in a type of attack that involves placing themself between two devices that have frequent communication. From the threat actor's perspective, what is an advantage of this type to attack?

The two devices are not aware an attacker is present.

An attacker successfully intercepts traffic from a client and then sends a fake digital certificate to the intended target. What is the attacker possibly trying to achieve? Select two.

Decrypt the traffic.

Perform a MITM attack.

Which of the following are true statements regarding session IDs? Select three.

They can be used for a specific type of replay attack.

They can be intercepted and used to impersonate a user.

They are typically hashed using a secure hashing algorithm.

Darius withdraws money from his online retirement account every month. A few months ago, he started using a different app on his desktop computer to access the internet. He recently noticed his account balance is being reduced by $50 every week. He runs a scan on his computer to check for viruses but finds nothing malicious. What type of attack may have compromised his system?

MITB

Two online companies sell similar products and are competing for increased market share. One of the companies is less honorable so they hire an attacker who launches an attack to make the other company appear less trustworthy and thus a less favorable option from which to buy. What type of attack did the malicious actor most likely launch?

Domain reputation attack

You are unable to access google.com from your computer, so you check the local host file. You notice it has an entry that reads (without quotes) "127.0.0.1 www.google.com". How can you best remedy the situation?

Remove the entry from the file

An attacker tries to break into a DNS server to redirect traffic to his website. After multiple unsuccessful attempts, the attacker decides to take a more basic approach and starts by sending a request to a valid DNS server to resolve the name of his website. How can the attacker's goal of redirecting traffic be thwarted?

Validate DNS responses to ensure they are from an authoritative source.

A threat actor launches an attack to restrict access to a particular website. The attack targets NTP to realize a significant increase in traffic compared to the amount of traffic originally sent. Which of the following best describes the type of attack the threat actor is engaging in? Select three.

DDoS attack

NTP multiplier attack

Reflection attack

Which of the following actions will help mitigate the effects of malicious code attacks?

Disable support for macros across the Microsoft Office suite because they are a key attack vector.

A threat actor manages to spoof the MAC address in the cache of a computer with the goal of redirecting traffic. What type of attack is the threat actor launching?

ARP poisoning