Domain 2 - Threats, Vulnerabilities and Mitigations
Studied by 0 people
Knowt Play
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/99
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
100 Terms
A company is downsizing and needs to lay off numerous employees. They do not want any of the employees who are being fired to be able to cause harm to the organization, so they disable their user credentials before informing them they will be let go.
What attack motivation is the company concerned about?
Revenge
3 multiple choice options
An administrator is concerned that a computer with sensitive information can be tampered with or rendered inoperable. Despite the system's hard drive being secured with encryption along with a username and password combination, they want to ensure that the computer cannot be sabotaged through changes in the system's firmware.
What technique can they use to ensure that firmware has not been compromised?
Secure boot
3 multiple choice options
An administrator is investigating unusual network traffic originating from several workstations in the HR department. Upon further inspection, the administrator notices that the workstations are making many thousands of requests to a specific web forum. As the administrator is searching for more information, they discover that the web forum in question is currently unavailable, for unknown reasons.
Which of the following is likely the reason for what is occurring?
The workstations are part of a botnet that is carrying out a DDoS against the web forum
3 multiple choice options
A junior network administrator is being trained on the configuration of the network components, such as routers and firewalls. He asks how the firewall knows to block or permit traffic and where that information is stored.
What does a firewall use to store these rules?
ACL
3 multiple choice options
A malicious individual has managed to gain access to a user's system through a spear phishing email. The attacker extracted usernames and passwords from the local registry files and proceeded to obtain administrator privileges to continue the attack.
What term is given to an attack like this, in which a hacker manages to use a lower-access account to amass more permissions and gain access to resources that they shouldn't have?
Privilege escalation
3 multiple choice options
An organization is having trouble with their wireless access point. When talking to customer service, they discover that their wireless access point is a counterfeit. What type of supply chain vulnerability have they encountered?
Hardware provider
3 multiple choice options
Which vulnerability emerges when a cloud service provider does not properly sanitize disks before provisioning them to new clients?
Resource reuse
3 multiple choice options
A network administrator has just installed a router at a client site. The administrator now wants to ensure that the device is hardened and prepared to deal with malicious activity. What do most network devices include that should be changed immediately for security?
Default account
3 multiple choice options
An attacker has managed to extract a cookie from an organization's user and proceeds to use that cookie to impersonate the user and log in to a CRM that the organization uses. What type of attack is being performed after stealing the cookie data?
Session replay
3 multiple choice options
An administrator is concerned about physical theft of devices in the workplace. What would be a good security solution to address this?
Lockdown cable
3 multiple choice options
A hotel chain decided that they wanted to force users to use their on-premises Wi-Fi and pay for it. To do so, they employed devices that were capable of committing denial-of-service attacks against customers' personal Wi-Fi access points.
Which of the following devices did they MOST likely use?
Jammer
3 multiple choice options
Which of the following vectors exploits trust relationships with third parties?
Supply chain
3 multiple choice options
An attacker infiltrates a company's network in order to access sensitive information. Upon finding this sensitive information, they demand a payment from the company, or they will release the data publicly.
What motivation does the threat actor have?
Blackmail
3 multiple choice options
A telephone services company has discovered that an attacker has been accessing their systems and viewing sensitive plans related to the release of a new product. What type of attacker motivation is driving the attacker?
Data exfiltration
3 multiple choice options
An online retailer allows users to post product reviews. The web developer forgets to sanitize the input from customers in those reviews, and users soon report that visiting review pages causes alerts from their antivirus programs.
Which type of attack is likely occurring?
XSS
3 multiple choice options
Which type of network attack can be identified by an IDS based on signatures?
Malicious code
3 multiple choice options
An attacker is looking to capture and steal credit card information and banking details .They install malicious software that silently collects data and sends it to an attacker without the user's knowledge.
This is an example of which of the following?
Spyware
3 multiple choice options
A new HR employee receives a call from an individual who introduces himself as the president of HR. He requests personal information on several employees who are reportedly getting fired. The HR employee provides the information before it is discovered that this was a targeted attempt.
What type of attack was this?
Social engineering
3 multiple choice options
An attacker has in mind a valuable account that they want to crack the password for. They employ a list of words that are commonly used in passwords, along with common names and other words. These words and phrases allow the software to operate much faster than when it generates random strings dynamically.
What type of attack are they using to crack the password?
Dictionary
3 multiple choice options
Which indicator of attack often occurs when an attacker brute-forces login attempts?
Account lockout
3 multiple choice options
An attacker is investigating a website and suspects that it does not sanitize its inputs. They enter the following into the username field:
John Smith') or true--
After they hit enter, the application lets them log in.
Which of the following BEST describes the attack in this scenario?
SQL injection
3 multiple choice options
An attacker is carrying out a birthday attack on a weak hash algorithm they discovered on a victim's network in order to decrypt the password. Which of the following does the birthday attack exploit?
Hash collision
3 multiple choice options
Which type of attack does not get installed directly onto a system, but runs only in memory?
Fileless
3 multiple choice options
Which of the following is a common attack used to fraudulently obtain private information through methods such as email?
Phishing
3 multiple choice options
An attacker gains access to an older company's network and begins foot printing the environment. The attacker discovers that the network is still using NTLM for authentication due to the presence of Windows XP and Server 2003 machines. The attacker is able to intercept the authentication stream and resend the encoded password to gain access to various systems.
Which of the following MOST likely occurred in this scenario?
Pass the hash attack
3 multiple choice options
A user receives a call from an individual claiming to be a manager. They state that they urgently need information in order to close a business deal. The user trusts the caller and provides them with the information, only to learn it was used in an attack just a few days later.
What do we call the act of manipulating users into revealing confidential information?
Social engineering
3 multiple choice options
An attacker is modifying the hosts file on a computer. Which of the following attacks are they MOST likely to be performing?
DNS poisoning
3 multiple choice options
Which of the following vectors can be used to attack systems protected by an air gap?
Removable media
1 multiple choice option
An administrator notices that users of Android devices have manually installed APK files without using the official app store. Which term describes this practice?
Sideloading
3 multiple choice options
A DLP system notices that a regular user account has started trying to access numerous sensitive files. What category of IoC is being triggered?
Blocked content
3 multiple choice options
Which type of attack opens a backdoor into a system, which an attacker can use to connect to the system at a later time?
RAT
3 multiple choice options
A contractor inadvertently causing a power outage that takes down a company's servers is an example of what?
Internal threat
3 multiple choice options
A user wants to download a popular piece of music software to play music at work.They unknowingly misspell the domain name of the site and are sent to a malicioussite that provides infected software for download.
What type of attack is used to trick users into thinking that they are downloading from an official site when they misspell a domain name?
Typosquatting
3 multiple choice options
During a layover at an airport, a financial company CEO leaves his smartphone unattended, which has Bluetooth enabled. An attacker is able to gain access to the CEO's email, calendars, and contacts.
Which type of attack is being performed?
Bluesnarfing
3 multiple choice options
An email appears in a user's inbox indicating that they have won a free tablet; however, it has limited availability, so the user must act soon, or it may be too late. Which of the following phishing principles is this an example of?
Scarcity
3 multiple choice options
A company uses a third-party company to provide ongoing management of its IT infrastructure. What type of threat vector does this introduce?
MSP
3 multiple choice options
What is the primary motivation for organized crime?
Financial gain
3 multiple choice options
Which type of password attack is characterized by using a small set of passwords against many different accounts?
Spraying
3 multiple choice options
An attacker is attempting to steal credentials from users at Acme Manufacturing. They configure a wireless access point close to Acme's location and have it mimic the naming standard that the company uses. They set up a fake portal that fools users into providing login credentials.
Which type of attack are they performing?
Evil twin
1 multiple choice option
A group of threat actors disagrees with some of the actions that a company takes. Subsequently, they use hacking tools to deface the company's website to promote their cause. What type of threat is this group?
Hacktivists
3 multiple choice options
There are reports of unusual behavior in some workstations at Acme Inc., and the administrator has begun to investigate. They discover that a type of self-replicating malware has made its way through network shares and the SMB protocol.
Which of the following should the administrator report has been discovered?
Worm
3 multiple choice options
An attacker is eavesdropping on communications between a server and a host. The attacker is able to obtain the authentication credentials from within the communications string and store them. Later on, the attacker will use those stored credentials to impersonate the host machine and gain access.
This is an example of which of the following?
Replay attack
3 multiple choice options
Which of the following malicious activities is a type of physical attack?
RFID cloning
3 multiple choice options
Of the following, which is the term applied to a weakness or bug that is unknown to relevant authorities and represents an undocumented vulnerability?
Zero-day vulnerability
3 multiple choice options
An administrator wants to configure a network share so that users can only see and run the files that exist on it. They don't want anyone to be able to put files into this folder. Which of the following permissions would they select in a Windows system?
Read and execute
3 multiple choice options
A web server using HTTP rather than HTTPS is an example of which of the following weak configuration errors?
Unsecure protocols
3 multiple choice options
Which wireless communication type allows for mobile devices to transmit information only when they are within inches of each other?
NFC
3 multiple choice options
A state-sponsored attacker group is seeking to infiltrate a large international corporation. They position themselves between the corporation and some public DNS servers that employees' requests are frequently sent to. The attackers craft custom DNS responses that arrive before the legitimate responses do, which fills the company's DNS server's cache with compromised DNS information.
What type of attack is occurring?
DNS poisoning
3 multiple choice options
An administrator is examining a server after a suspected attack. They are examiningthe logs and notice that there are a lot of requests that apparently stayed openthrough an incomplete three-way handshake, leading to the server being unable toaccept new requests.
Which attack takes advantage of the three-way handshake in this way to crash a server?
SYN flood
3 multiple choice options
An attacker is on the prowl in a commercial area looking for open and insecure wireless networks. They're driving around with a laptop and a high-powered antenna in an attempt to access their victims' networks and gather sensitive information.
What attack is being attempted?
War driving
3 multiple choice options
Which of the following types of attacks can be used for a variety of purposes because it targets a commonly-used markup language?
XML injection
3 multiple choice options
A new junior developer is being briefed on development efforts at Acme Inc. The lead administrator is explaining a recent issue where an application was writing to a set of memory that another command was using. This caused unexpected issues and several crashes before it was remedied.
Which of the following were they MOST LIKELY encountering?
Race condition
3 multiple choice options
An administrator is examining a user's workstation that has been reported as infected. The administrator locates a type of malicious software that loads on the first sector of a hard drive and then loads into memory when the computer starts.
Which of the following is this an example of?
Boot sector virus
3 multiple choice options
A security engineer has discovered a vulnerability in a web application they aretesting. One of the fields for user input provides an ability for a user to run codeagainst the database.
Which type of attack takes advantage of a website that runs malformed database code?
SQL injection
3 multiple choice options
An attacker determines which sites their victim likes to visit, and then plants malicious code in the site to infect the victim's computer. What type of attack is being executed?
Watering hole
3 multiple choice options
A penetration testing is starting with a reconnaissance phase. They are currently running a vulnerability scan to identify exploitable vulnerabilities. What type of technique are they doing?
Active
3 multiple choice options
What type of attack waits until a specific date or system event and then executes?
Logic bomb
3 multiple choice options
A company discovers a threat actor has had access to their research and development network. They trace the attacker's IP address to a building where a competing company works.
What is the likely motivation for the attacker?
Espionage
3 multiple choice options
Which of the following application security best practices can help to protect against CSRF attacks?
Referring URL validation
3 multiple choice options
Which type of attack involves directing a number of zombie systems to send requests to a server in order to take it offline?
DDoS
3 multiple choice options
A food processing company allows a third party to log in to some of their systems to update data. After an audit, it was discovered that one of those accounts was logging in from locations that involved impossible travel and was attempting to access other areas of the network.
What threat vector needs to be addressed in this situation?
Vendor
3 multiple choice options
Which of the following types of attacks is BEST designed to take advantage of the fact that many people use the password 123456?
Password spraying
3 multiple choice options
You are explaining the elements of security to a junior administrator in the organization. You are discussing methods that a hacker has used to gain access to a system. These are examples of which of the following?
Threat vectors
3 multiple choice options
A sales employee at a company has a potential client at the office. The company does not have a guest Wi-Fi network, so the employee uses their device to share their network connection with the potential client.
What type of threat is occurring at the company?
Shadow IT
3 multiple choice options
A sales manager at Acme Inc. receives a call from an individual who identifies themselves as a manager at another branch. They state that a customer does not have their membership card and they need to verify the customer's membership.
What term describes the type of social engineering attack that they are using?
Pretexting
3 multiple choice options
What type of attack aims to trick individuals into sharing their sensitive data by posing as a trusted source?
Phishing
3 multiple choice options
A vulnerability in a web page has enabled an attacker to exploit the website to construct a statement that is run against the directory services database. Which type of attack gives a hacker access to directory services information from a web page?
LDAP injection
3 multiple choice options
A company makes important announcements via its websites. Occasionally, news reports are uploaded to the website for storage before they are ready to be announced. In one instance, an important news report that affected the company's stock price was leaked before the news had been officially announced.
What type of application attack is MOST likely occurring?
Directory traversal
3 multiple choice options
Which of the following memory issues can cause a computer to run out of available memory?
Memory leak
3 multiple choice options
A user has reported that their system suddenly flashed a warning that their files have been locked, and they must send a Bitcoin payment to an address displayed on the screen. What type of malware attack have they suffered?
Ransomware
3 multiple choice options
After gaining access to a victim's network, an attacker crafts an ICMP packet that is destined for all other hosts on the network. They spoof the IP address of a resident web server and attach it to the packet, then send it off. Shortly thereafter, the webserver is rendered unavailable because of the flood of responses.
Which of the following is this an example of?
Amplification attack
3 multiple choice options
A company needs to maintain strict control over its users' policies to comply with regulations. What process can help them keep users' workstations standardized for this purpose?
Configuration enforcement
3 multiple choice options
There is a spreadsheet on a network share at Smith Industries. This spreadsheet is used to track customer leads and is shared amongst the sales team for collaboration. The users need to be able to edit it, but it should not be moved or deleted.
When you want a user to be able to change a file's contents but nothing more, what permission do you give?
Write
3 multiple choice options
Which of the following types of malware uses cryptography?
Ransomware
3 multiple choice options
Of the following, which is a web application vulnerability that can be perpetrated when an attacker embeds malicious HTML or JavaScript into a website for it to execute when the victim visits the web page?
XSS
3 multiple choice options
Which type of cryptographic attack attempts to negotiate a less secure cryptography mode when making a connection to a remote system?
Downgrade
3 multiple choice options
A user has attempted to install an application that they can use to create custom greeting cards. The application is not blocked by their antivirus software, so they quickly click through the installation dialogue box to start using the program. After installation, they notice extra icons on their desktop for applications they did not intend to install.
Which of the following terms BEST describes the applications that have newly appeared on their computer?
Bloatware
3 multiple choice options
Which solution is responsible for authenticating email by allowing organizations topublish a list of authorized email servers in their DNS records?
SPF
3 multiple choice options
An attacker gains access to a user's workstation. The legitimate logged-in user does not have an administrative account and is unable to modify the system. The attacker begins to examine the system and discovers that a local program is hard-coded with local workstation admin credentials.
Which type of attack would the attacker perform?
Privilege escalation
3 multiple choice options
Which of the following attacks is designed to find passwords like Tr3buchet?
Dictionary
3 multiple choice options
An attacker sets up a DNS poisoning attack based on the main portal that the employees of a company use. The attacker configures the DNS redirection to point to a website that asks the users for credentials, stating that their passwords are incorrect. After a user enters their password, the attacker uses that information to create a VPN connection that has access to the company network.
Which of the following solutions can be used to prevent this type of attack?
DNSSEC
3 multiple choice options
An attacker positions themselves between a user and the banking website they use for financial transactions. Then, they steal the cookie that the web server sends the user after authenticating. The attacker then uses that cookie to contact the webserver as if they were the user.
What type of attack is being executed?
On-path attack
3 multiple choice options
Anders Insurance Agency has discovered that malware on one of their internal computers has been exfiltrating user information. But the malware is unfamiliar and not registering with their antivirus/anti-malware programs. They alert a cybersecurity agency, which investigates and discovers that the malware is originating from an infected government site for an insurance regulatory authority that Anders Insurance visits regularly.
Which of the following is the BEST description of what has occurred?
Watering hole attack
3 multiple choice options
An administrator has received reports from a user that their system is acting oddlyand slowly in general. Running the antivirus several times did not yield any results,but the administrator was able to find an application running and was able todetermine that it was changing its coding and name, thus potentially avoidingdetection.
Which type of virus changes every time it runs to avoid antivirus detection?
Polymorphic
3 multiple choice options
A whaling or invoice scam attack is MOST likely to use which of the following attack vectors?
3 multiple choice options
Which of the following attacks could be used for an on-path attack?
ARP poisoning
3 multiple choice options
Which weakness occurs when administrators install new network devices without making any changes?
Default credentials
3 multiple choice options
A company that fails to implement separation of duties is opening itself to what type of attack?
Insider threat
3 multiple choice options
Which of the following vulnerabilities occurs when an attacker tries to place more data into a memory location than an application has allocated for it?
Buffer overflow
3 multiple choice options
An organization needs to deploy Wi-Fi in their manufacturing plant for their monitoring machines, but their attached retail location has customer access. They want to ensure that only the specific subset of computers in the manufacturing plant is able to access the wireless.
What security technique can they use on the Wi-Fi hotspot to stop rogue computers from connecting to the network?
MAC filtering
3 multiple choice options
What technique adds a hash value to each DNS record so that the data can be verified?
DNSSEC
3 multiple choice options
A workstation that was recently cleaned of infection is showing signs of malware again. The administrator is concerned and runs an antivirus scan, but it reports that the system is clear. As the administrator attempts to open Task Manager, they get a "permission denied" error.
Which of the following is the MOST likely culprit?
Rootkit
3 multiple choice options
Which of the following attacks is MOST related to a phishing attack?
URL redirection
3 multiple choice options
A company has set up a Wi-Fi router for guest access in the company's lobby without making any configuration adjustments to it. Later, the company discovers that the device has had its DNS settings changed to route users to malicious websites.
What hardening technique could have prevented this situation?
Default password changes
3 multiple choice options
An email comes through to the HR managers of a company that addresses them individually by name. The request is for personnel files and appears to relate to the questions that might be used for password reset authentication.
What type of attack is being performed?
Spear phishing
3 multiple choice options
A company wants to protect against the threat vector of vulnerable applications on users' workstations. They want to use a central tool that checks the workstations remotely without requiring a tool to be installed on each system.
What type of solution should they implement?
Agentless scanning
3 multiple choice options
Which hardening technique installs agents on target systems to identify and address threats in real time?
EDR
3 multiple choice options
What is the table called that is used in cryptanalysis attacks and contains pre-calculated values of passwords that have already been hashed?
Rainbow
3 multiple choice options
An administrator notices that after a user logs out of a system, they log in shortly afterfrom a different IP address. The second IP address is allocated to an internet serviceprovider on the other side of the world.
What type of indicator of attack should the administrator make note of in this situation?
Impossible travel
3 multiple choice options
Which of the following attacks does NOT require physical access?
Impersonation
1 multiple choice option