1.6 Explain the impact associated with types of vulnerabilities Flashcards
Which of the following are reasons why many medical devices with embedded systems are vulnerable to malicious exploits? (Select two)
Their control systems use outdated operating systems.
They use unsecure communication protocols.
Many of the control systems for medical device embedded systems run on unsecure protocols, since the costs of updating the software are high and disruptive to patient services.
Many of the control systems for medical device embedded systems run on unsupported versions of operating systems, since the costs of updating the software is high and disruptive to patient services.
Some vehicles are fitted with a “black box,” or event data recorder, that can log the car’s telemetry (acceleration, braking, and position).
SCADA systems run as software on ordinary computers, gathering data from and managing plant devices and equipment with embedded PLCs, referred to as field devices. They are used in fabrication and manufacturing, controlling automated assembly lines.
Which of the following is true about default configurations of devices from vendors?
Security on them is minimal.
In the last few years, vendors have started shipping devices and software in secure default configurations. This means that the default installation is (theoretically) secure, but minimal.
Default configurations may leave administrative access protected with a default password that is publicly available, and therefore not secure.
Devices with default configurations are shipped with all the “bells and whistles” activated to make set up easier. When installing any new device or software, owners must use a security policy to determine the strongest possible configuration, and not just leave it to the default.
Any service or interface that is enabled through the default installation or default configuration and left unconfigured should be considered a vulnerability.
Which of the following results from improperly configured accounts? (Select two)
Data breach events
Increased risk of infection
An impact from vulnerabilities arising from improperly configured accounts is an increased risk of malware infection.
An impact from vulnerabilities arising from improperly configured accounts is data breach type of events from over-privileged accounts.
Usage auditing means configuring the security log to record key indicators and then reviewing the logs for suspicious activity.
Single points of failure are “pinch points” that rely on a single hardware server or appliance or network channel. A single point of failure is a component or system that would cause a complete interruption of a service if it failed.
Which of the following is most likely NOT a potential major threat for motor vehicle embedded systems?
The ability to remotely control the air conditioning inside the vehicle.
Modern motor vehicles use a substantial amount of electronics that have potential vulnerabilities that could be exploitable. However, remotely controlling the air conditioning is not a major threat.
Modern motor vehicles use a substantial amount of electronics that have potential vulnerabilities that could be exploitable, such as compromising the computer system that controls the vehicle’s steering.
In 2010, researchers demonstrated a way to remotely activate the brakes of a car using Wi-Fi and a laptop hooked up to the car’s diagnostic port.
Modern motor vehicles use a substantial amount of electronics that have potential vulnerabilities that could be exploitable, such as compromising the “black box” or event data rec
An attacker wants to crash a process by setting the pointer to a null value through a malicious process. Which of the following did the attacker performed?
A pointer dereference
Pointer dereference is a software vulnerability that can occur when the code attempts to remove the relationship between a pointer and the thing it points to (pointee). Dereferencing may crash the application and corrupt memory.
To exploit a buffer overflow vulnerability, the attacker passes data that deliberately overfills the buffer (an area of memory) that the application reserves to store the expected data.
A race condition vulnerability is found where multiple threads are attempting to write at the same memory location. Race conditions have been used as an anti-virus evasion technique.
An integer overflow attack causes the target software to calculate a value that exceeds the upper and lower bounds. This may cause a positive number to become negative.
Which of the following is a sign of a malicious or corrupted process, and is particularly serious within service applications and in the operating system kernel?
A memory leak
Memory leaks in the OS kernel are extremely serious. A memory leak may itself be a sign of a malicious or corrupted process.
DLL injection is not a vulnerability, but of the way the operating system allows one process to attach to another, and then force it to load a malicious link library.
If the pointer that references an object at a memory location was set to a null value by a malicious process, then this can create a null pointer exception, causing instability and crashes.
Race conditions occur when the outcome from execution processes is dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended.
After obtaining local administrator privileges on a machine, a hacker evaded antivirus detection using code refactoring, and was then able to get the Windows machine to load a malicious binary package in memory. What type of attack is this?
Dynamic Link Library (DLL) injection
DLL injection is a software vulnerability that can occur when a Windows-based application attempts to force another running application to load a dynamic-link library (DLL) in memory, that could cause the victim application to experience instability or leak sensitive information.
SQL injection is an attack that injects a database query into the input data directed at a server by accessing the client side of the application.
Directory traversal is an application attack that allows access to content that is outside the web document root directory.
XML injection is fundamentally the same thing, but targeted against web servers using XML applications rather than SQL.
An attacker caused a software program to calculate a value that exceeded the fixed lower and upper bounds, and caused a positive number to become a negative number. What vulnerability did the attacker exploit?
An integer overflow
An integer overflow attack causes the target software to calculate a value that exceeds the upper and lower bounds. This may cause a positive number to become negative.
To exploit a buffer overflow vulnerability, the attacker passes data that deliberately overfills the buffer (an area of memory) that the application reserves to store the expected data.
A race condition is a software vulnerability that occurs when the outcome from execution processes is directly dependent on the order and timing of certain events, and events fail to execute in the order and timing intended.
Pointer dereference is a software vulnerability that can occur when the code attempts to remove the relationship between a pointer and the thing it points to (pointee).
When upgrading an application at regular intervals and before submitting newly-developed applications, why is it important for application vulnerability scanners to test for vulnerabilities and unsecure coding practices, as well as analyzing for application uses the developer may not expect could occur?
To ensure the application is not vulnerable to new threats
Application vulnerability scans should take place when the application is first commissioned and when it is upgraded or at regular intervals thereafter, to ensure that the application is not vulnerable to new threats.
Code can be made difficult to analyze by using an obfuscator. This type of technique might be used to make reverse engineering an application more difficult and as a way of disguising malware code.
Data exposure is a fault that allows privileged information (such as a token, password, or PII) to be read without being subject to the appropriate access controls.
Unreachable and dead code should be removed from the application to forestall the possibility that it could be misused in some way.
Which of the following does NOT correlate with vulnerable business processes?
Bypassing a Mission Essential Function (MEF)
An attacker evaded antivirus detection in a Linux kernel, as multiple threads attempted to write an object at the same memory location. What type of vulnerability did the attacker use?
A race condition vulnerability is found where multiple threads are attempting to write at the same memory location. Race conditions have been used as an anti-virus evasion technique.
An integer is a positive or negative whole number. An integer overflow attack causes the target software to calculate a value that exceeds the upper and lower bounds.
A buffer overflow is an application attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.
Pointer dereference is a software vulnerability that can occur when the code attempts to remove the relationship between a pointer and the thing it points to (pointee). Dereferencing may crash the application and corrupt memory.
Which of the following is an example of improper input handling? (Select two)
Overflow
Injection
Many improper input handling attacks can be described as an overflow type, where the attacker submits input that is larger than the variables assigned by the application to store.
Many improper input handling attacks can be described as an injection type, where the attacker embeds code within the input or appends code to it that executes when the server processes the submission.
Social engineering is an activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
An Advanced Persistent Threat (APT) refers to the ongoing ability of an adversary to compromise network security (to obtain and maintain access) using a variety of tools and techniques.
A software developer created a new application and the software company pressured the developer to release it to the public. Which of the following helps ensure the application is secure before the release? (Select more than one)
Error handling
Input validation
Proper authentication and authorization
The challenges of application development include the pressure to release a solution ahead of schedule, neglecting secure development practices like error handling.
Another secure development practice that should not be neglected is input validation.
Proper authentication and authorization is an important part of secure coding practices.
Application audits should occur after the application is first commissioned and when it is upgraded, or at regular intervals thereafter, to ensure the application is not vulnerable to new threats.
Which of the following does NOT correlate with vulnerable business processes?
Bypassing a Mission Essential Function (MEF)
A mission essential function (MEF) is one that cannot be deferred. This means that the organization must be able to perform the function as close to continually as possible, and if there is any service disruption, the mission essential functions must be restored first.
An MTD is the longest period of time that a business function outage may occur for without causing irrecoverable business failure.
An RTO is the period following a disaster that an individual IT system may remain offline. This represents the amount of time it takes to identify that there is a problem and then perform recovery.
An RPO is the longest period of time that an organization can tolerate lost data being unrecoverable.
An administrator wants to use virtualization when deploying new systems. Which of the following can be the root of the administrator’s security issues when using virtualization? (Select two)
Undocumented assets
System sprawl
Although one of the primary benefits of virtualization is the ease of deploying new systems, system sprawl can also be the root of security issues. Meaning a system is deployed for temporary use and is left running without any changes.
Although one of the primary benefits of virtualization is the ease of deploying new systems, deployment of undocumented assets can also be the root of security issues.
Virtual machines (VMs) can be deployed and removed on demand at ease. VMs can be deployed across one or more virtualization farms, developer laptops, and online cloud services.
Virtual Machine Lifecycle Management (VMLM) solutions provide you with a centralized dashboard for maintaining and monitoring all the virtual environments in your organization.