Domain 2.0 Threats, Vulnerabilities, and Mitigations Assessment

Which of the following is associated with vulnerabilities within hypervisor software?

A. Legacy

B. End-of-life

C. Virtualization

D. Firmware

C. Virtualization

An e-commerce company has detected unusual activity on its website, and the security team believes that malicious actors might have exploited a previously unknown vulnerability. Which of the following actions would be the most effective response to help more quickly identify issues such as this in the future?

A. Perform a comprehensive system backup.

B. Implement intrusion detection systems and application firewalls.

C. Update the antivirus software on all company devices.

D. Enforce password changes for all users.

B. Implement intrusion detection systems and application firewalls.

A web designer at a cybersecurity corporation receives an email from what appears to be a trusted colleague within the company. The email requests sensitive financial information to complete an urgent transaction and looks legitimate, displaying the colleague's name, company logo, and formatting. What type of sophisticated phishing attack occurs in this scenario?

A. Whaling

B. Mass mailer phishing

C. Angler phishing

D. Business email compromise

D. Business email compromise

The security team at a manufacturing company notices an atypical rise in system log generation during off-peak hours and later determines the system was experiencing system errors and configuration issues. How might the security team describe this anomalous activity in their report?

A. Incorrect documentation

B. Out-of-cycle logging

C. Malware attacks

D. Missing logs

B. Out-of-cycle logging

An organization's system alerting tool detects a series of unsuccessful attempts by someone trying to gain unauthorized access to its servers. These attempts lack sophistication and appear to be using publicly available hacking tools. Which type of threat actor is MOST likely responsible for these attempts?

A. Unskilled attacker

B. Nation-state

C. Insider threat

D. Hacktivist

A. Unskilled attacker

The system administrator at a software company is reviewing its security procedures. The company uses various cryptographic techniques for data security and is currently concerned about potential misconfigurations that could compromise data integrity and confidentiality. Which actions should the system administrator prioritize to address these potential security issues? (Select the two best options.)

A .Implement network segmentation.

B. Adopt biometric authentication.

C. Regularly update and patch cryptographic software.

D. Conduct periodic penetration testing.

C. Regularly update and patch cryptographic software.

D. Conduct periodic penetration testing.

You are assessing a data center's physical security measures. During your assessment, you identify potential vulnerabilities in the physical security controls that could allow unauthorized access to the data center. Which of the following is the most effective physical security measure to prevent unauthorized access to the data center?
A. Increasing the brightness of exterior lighting
B. Deploying more security guards around the perimeter
C. Implementing biometric access controls
D. Placing warning signs around the facility

B. Deploying more security guards around the perimeter

A global technology firm detects unauthorized access to its proprietary designs for an upcoming product. From a cyber security aspect, what is a type of data exfiltration aimed to learn secrets rather than sell them or use the theft for blackmail?

A. Revenge

B. Espionage

C. Financial

D. Chaotic

B. Espionage

You are a security analyst at a social-media marketing company where employees frequently share multimedia files, including videos and audio recordings. What is the primary security risk associated with downloading multimedia files from unverified sources?

A. Execution of hidden malicious scripts

B. Compression artifacts

C. Incompatibility with media players

D. Loss of data due to file size

A. Execution of hidden malicious scripts

When an enterprise's IT security posture depends on external entities such as software developers, hardware manufacturers, and web-hosting companies, what should the enterprise prioritize to ensure continued security?

A. Relocate the hosting of web-based applications to in-house servers.

B. Update all software systems without regard to the service provider's updates.

C. Conduct thorough audits of service, hardware, and software providers regularly.

D. Replace all hardware equipment annually, regardless of its current state.

C. Conduct thorough audits of service, hardware, and software providers regularly.

A systems administrator notices several user accounts frequently get locked out but cannot successfully troubleshoot the issue because the system has no log data. Which of the following is the MOST likely explanation for the lack of logs during these events?

A. Unsecure network connection

B. Malware attack

C. Log tampering or deletion

D. Account lockout

C. Log tampering or deletion

A recent cyberattack led to massive disruptions in a country's power grid, causing widespread blackouts and significant economic and social damage. The country's cyber team traced the attack to a hostile nation-state's cyber warfare division. In this case, what is the primary motivation of the perpetrators?

A. War

B. Financial gain

C. Ethical concerns

D. Levels of sophistication/capability

A. War

What term refers to the path an individual or group can use to execute a data exfiltration, service disruption, or disinformation attack?

A. Sytem administrator access

B. Threat vector

C. Threat actor access

D. Attack Vector

B. Threat vector

The server manager of a tech company observes an increase in server resource consumption, unusual system behavior, and increased network traffic, which is not proportional to the workload on the server. Which of the following is the MOST plausible cause for these observations?

A. Radio-frequency ID cloning

B. Malware infection

C. Concurrent session usage

D. Resource consumption

B. Malware infection

What social engineering attack relies on targeting individuals, who frequently access an unsecured third-party website, to compromise their computers and gain access to a specific organization's systems?

A. Impersonation

B. Pharming

C. Spear phishing

D. Watering Hole

C. Spear phishing

A company's cybersecurity team evaluates threats that could exploit vulnerabilities in its computing infrastructure. The team is specifically considering threats, such as a DDoS or on-path attack, that can directly harm the company's systems and potentially damage data or services. What type of threat does this scenario BEST describe?

A. Social engineering attacks

B. Environmental threats

C. Downgrade attacks

D. Network attacks

D. Network attacks

Which of the following is associated with vulnerabilities tied to security defects found in low-level foundational software?

A. Firmware

B. End-of-File

C. Virtualization

D. Legacy

A. Firmware

Software vendors no longer support an accounting firm's critical applications. The security team is exploring strategies to mitigate the risk posed by these unsupported apps. What is the most effective approach to mitigating risks associated with unsupported software?

A. Implementing regular patch management.

B. Isolating unsupported software from other systems.

C. Consolidating all applications into one product.

D. Increase security awareness training.

B. Isolating unsupported software from other systems.

An IT security specialist at a government agency identifies sideloaded apps installed on some government-owned mobile devices. What steps should the security specialist take to improve device security and limit sideloaded apps? (Select the two best options.)

A. Purchase new mobile devices to replace all current ones.

B. Implement mobile device management (MDM) policies to restrict unauthorized application installation.

C. Conduct device audits.

D. Hire external IT consultants to manage mobile device security.

B. Implement mobile device management (MDM) policies to restrict unauthorized application installation.

C. Conduct device audits

A security analyst identifies an atypical spike in total outbound DNS traffic volume from a network-attached security camera. Which of the following is most likely being observed?

A. Data exfiltration

B. Distributed denial-of-service

C. Denial-of-service attack

D. Input validation

A. Data exfiltration

What technique does the threat actor use in a Bluetooth network attack to transmit malicious files to a user's device?

A. Physically stealing a PC or laptop to execute the attack

B. Spoofing a trusted access point to gain unauthorized access

C. Obtaining credentials for remote access to the network

D. Exploiting vulnerabilities or misconfigurations in the Bluetooth protocol

D. Exploiting vulnerabilities or misconfigurations in the Bluetooth protocol

A cloud service provider regularly updates its systems and software. Despite these efforts, a security researcher discovers a previously unknown vulnerability in an application that could expose customer data. Which type of vulnerability did the researcher find?

A. SQL injection vulnerability

B. Network misconfiguration

C. Zero-day vulnerability

D. Cross-site scripting vulnerability

C .Zero-day vulnerability

A cybersecurity analyst at a large corporation observes unusual activity in the log entries for an employee account. The logs show access to sensitive company systems from one location, and then just an hour later from another location thousands of miles away, without any VPN usage or other secure remote access tools being logged. The employee in question is known to be traveling without any company-issued secure remote access devices. Which security anomaly is most likely occurring in this situation?

A. Impossible travel

B. Wireless misconfiguration

C. Distributed denial-of-service

D. Brute force attack

A. Impossible travel

An environmental advocacy group uses cyber weapons to put companies at risk and promote its agenda. This scenario illustrates what type of threat actor?

A. Insider threats

B. Advanced persistent threats

C. Hacktivists

D. Hackers

C. Hacktivists

A prominent multinational corporation has experienced an unexpected spike in unauthorized network traffic aimed at its web servers. Upon investigation, the corporation discovered that the goal of this traffic was to disrupt its online services rather than gain unauthorized access or steal data. The attack started shortly after the corporation made a controversial policy decision that sparked a public backlash. Which type of attacker is MOST likely responsible?

A. Nation-state

B. Insider threat

C. Individual hacker

D. Hacktivist

D. Hacktivist

A threat actor exploits vulnerabilities in a device's wireless communication protocol to send a malicious file directly to another device without any physical access or connection to a wired or cloud network. Which networking vector does this scenario most accurately describe?

A. Bluetooth Network

B. Direct Access

C. Wired Network

D. Cloud Access

A. Bluetooth Network

Which of the following is an example of a watering hole attack?

A. Exploiting weak login credentials to gain unauthorized network access.

B. Sending deceptive emails to trick users into clicking on malicious links.

C. Compromising a site often visited by a target group to breach their devices.

D. Installing malicious software through a fake antivirus program.

C. Compromising a site often visited by a target group to breach their devices.

What term refers to the path an individual or group can use to execute a data exfiltration, service disruption, or disinformation attack?

A. System administrator access

B. Threat vector

C. Threat actor access

D. Misconfiguration

B. Threat vector

A healthcare provider suddenly receives a threat from an unknown source claiming to have obtained sensitive patient data. The anonymous actor demands a significant sum of Bitcoin, threatening to release the information publicly if the provider does not make payment. This kind of scenario BEST exemplifies which threat motivation?

A. Service disruption

B. Espionage

C. Blackmail

D. Disinformation

C. Blackmail

The cybersecurity team at a large company has recently uncovered evidence of a successful malicious cryptographic attack on their data servers facilitated by a misconfiguration in the cryptographic systems. What is the MOST appropriate initial response that the team should employ to address this critical security issue?

A. Install an advanced firewall across the entire network.

B. Correct the misconfiguration, implementing secure cryptographic controls.

C. Switch to a new data server provider.

D. Initiate a complete redesign of the organization's website.

B. Correct the misconfiguration, implementing secure cryptographic controls.

An employee reports that their laptop is no longer receiving updates and patches. Which of the following is most likely the cause of the problem?

A. Firmware

B. Legacy

C. End-of-life

D. Virtualization

C. End-of-life

You are the cybersecurity lead at a software development company that allows employees to use personal mobile devices for testing and work-related tasks. You recently learned that some employees have sideloaded apps onto their devices. What are two security risks associated with sideloading apps onto mobile devices in a corporate environment? (Select the two best options.)

A. Reduced battery life

B. Improved app performance

C. Increased exposure to malicious software

D. Circumvention of data encryption mechanisms

C. Increased exposure to malicious software

D. Circumvention of data encryption mechanisms

An organization has identified that its website is being flooded with login credentials. Which of the following BEST describes the observed cyber attack?

A. Tailgating

B. Brute force

C. Dumpster diving

D. RFID cloning

B. Brute force

The security team in a financial organization identified a cross-site scripting (XSS) vulnerability on its web portal. The chief information security officer (CISO) instructs the team to act immediately. Which action most effectively minimizes the threat from XSS attacks?

A. Implement a web application firewall (WAF).

B. Upgrade the hardware of the server.

C. Encourage staff to change their passwords.

D. Restrict the number of login attempts.

A. Implement a web application firewall (WAF).

You are the IT manager for a manufacturing company with a large network of interconnected systems controlling production machinery. Due to the critical nature of the production line, any downtime can lead to significant financial losses. You recognize the importance of maintaining operational uptime and ensuring network security and decide to implement a scheduled maintenance plan. What is the primary goal of implementing a scheduled maintenance plan for the company's networked systems?

A. To increase the speed of the production machinery

B. To reduce the electricity consumption of networked systems

C. To ensure operational continuity and minimize unexpected downtime

D. To facilitate the remote monitoring of production machinery

C. To ensure operational continuity and minimize unexpected downtime

A hacker group infiltrates a global financial institution's systems and steals the credit card information for millions of customers. Soon after the breach, the information is found on the dark web for sale. Based on this scenario, what is the MOST likely motivation for the hacker group?

A. Philosophical beliefs

B. Financial gain

C. Service disruption

D. Ethical concerns

B. Financial gain

A major online retailer experiences a sudden halt in its services during the peak holiday shopping season. It traces the cause back to an orchestrated distributed denial of service (DDoS) attack, which overwhelmed the retailer's servers with traffic, making it impossible for legitimate users to access the site. What attack strategy best aligns with this scenario?

A. Financial

B. Service disruption

C. Disinformation

D. Espionage

B. Service disruption

An employee of a tech firm decides to leak confidential information to the public, revealing that the firm has been engaging in questionable privacy practices. The employee does not seek to profit from this action but believes the public has a right to know. What primarily motivates this type of threat actor?

A. Ethical concerns

B. Financial gain

C. Data exfiltration

D. Service disruption

A. Ethical concerns

A threat actor infiltrates an organization's network and silently extracts sensitive proprietary data without detection. The data is considered high value on the black market and the nefarious actor communicates to the company that it will expose its' secrets if they do not comply with demands. Which motivations BEST align with this threat actor's likely objective?

A. Disinformation

B. Extortion

C. Service Disruption

D. Revenge

B. Extortion

As a security consultant for a regional bank, you have been asked to evaluate the risks associated with employees using jailbroken or rooted smartphones under the company's BYOD (Bring Your Own Device) policy. What are the security risks associated with allowing these devices to access corporate data? (Select the two best options.)

A. Increased susceptibility to malware infections

B. Bypassing corporate security policies and controls

C. Improved device performance

D. Easier access to advanced device features

A. Increased susceptibility to malware infections

B. Bypassing corporate security policies and controls

You are a cybersecurity analyst at a large organization that extensively uses Instant Messaging (IM) services. The leadership team is concerned about potential attacks targeting the IM app. Which of the following actions can address this concern?

A. Regularly update and patch the Instant Messaging app.

B. Disable all Instant Messaging services.

C. Implement encryption in the Instant Messaging (IM) app.

D. Make no changes since IM apps provide sufficient security.

A. Regularly update and patch the Instant Messaging app.

A software engineer assesses the company's procedures and policies on vulnerability system mitigation after a recently flagged system reported a possible breach. What vulnerability refers to a previously unknown software exploit that can be utilized by an attacker before developers become aware of the risk and have a chance to fix it?

A. Misconfiguration

B. Zero-day

C. Cryptographic

D. Hardware

B. Zero-day

A company's IT team has detected an anomaly in a cloud-based environment after a recent software update. There are suspicions that the update could contain malicious code, potentially leading to unauthorized access to sensitive data. Which of the following actions should the IT team take as a first step to address the threat posed by the potential malicious update?

A. Isolate the affected systems and perform a rollback to the previous update.

B. Update firewall rules to block all incoming traffic.

C. Implement two-factor authentication for all user accounts.

D. Migrate all data to a different cloud service provider immediately.

A. Isolate the affected systems and perform a rollback to the previous update.

A large corporation is assessing its cybersecurity practices by focusing on potential security risks linked to hardware and firmware within the company's extensive network of computer systems. For the IT department, which of the following strategies MOST effectively mitigates the risks related to hardware and firmware security vulnerabilities?

A. Allow unrestricted hardware modifications for all employees.

B. Regularly update firmware to the latest, most secure versions.

C. Restrict all software updates to once a year to minimize disruptions.

D. Rely solely on perimeter defenses, like firewalls and intrusion detection systems.

B. Regularly update firmware to the latest, most secure versions.

A group of threat actors disrupts the online services of an oil company due to their disagreement with the company's environmental policies. They believe their actions can force the company to change its practices. This type of threat actor is primarily driven by what kind of motivation?

A. Political/philosophical beliefs

B. Service disruption

C. Espionage

D. Financial gain

A. Political/philosophical beliefs

A threat actor gains physical access to an organization's premises and attempts to perpetrate an attack on the wired network. What specific threat associated with unsecured networks is described in this scenario?

A. Remote and wireless network

B. Direct access

C. Bluetooth network

D. Default credentials

B. Direct access

An attacker targets a restaurant's network devices, including routers and switches. The attacker gains access to a router after reviewing the device's documentation online. Which of the following describes the most likely attack in this scenario?

A.Vishing

B.Phishing

C.Default credentials

D.On-path

C.Default credentials

A vulnerability analyst notices several critical devices running end-of-life (EOL) operating systems. What is the analyst's best first course of action regarding these devices?

A.Replace the legacy devices with modern ones.

B.Increase the amount of RAM in the devices.

C.Isolate the EOL devices on a separate network segment.

D.Turn off the network connections on the legacy devices.

C.Isolate the EOL devices on a separate network segment.

What type of vulnerability describes the continued use of outdated, but still supported by the manufacturer, software methods, technology, computer systems, or application programs despite known shortcomings?

A.Legacy

B.Firmware

C.Virtualization

D.End-of-life

A.Legacy