2

Question 1

Supply chain attacks

Answer 1

Involves a threat actor seeking methods to infiltrate a company in its supply chain

Question 2

Cloud-based attacks

Answer 2

Involves a threat actor compromising one account with access to cloud resources to compromise other cloud assets further

Question 3

Birthday attack

Answer 3

Brute force attack aimed at exploiting collisions in hash function

Question 4

Universal Serial Bus (USB) cable attack

Answer 4

Involves accessing unsuspecting user after they try to plug their devices into malicious usb cables or plus, similar to card skimmers

Question 5

Watering hole attack

Answer 5

A social engineering technique where the attacker identifies a popular and frequently visited website used by the target group and compromises the website with exploit code.

Question 6

Pharming

Answer 6

Involves redirecting users from legitimate websites to malicious ones by corrupting the victim’s computer’s name resolution process. Not specific to targeting group of individuals

Question 7

Spear phishing

Answer 7

Highly targeted social engineering attack focusing on a specific individual within a company

Question 8

Impersonation

Answer 8

Pretending to be someone else to deceive the target

Question 9

A threat actor gains physical access to an organization’s premises and attempts to perpetrate an attack on the wired network. What specific threat vectors associated with unsecured networks are likely used by the threat actor in this scenario?

Answer 9

Direct Access Threat Vector as it involves using physical access to perpetrate an attack, such as accessing an unlocked workstation or stealing a PC

Question 10

Remote and Wireless Network threat vector

Answer 10

Involves obtaining credentials for remote access or wireless connection to the network or spoofing a trusted resource like an access point

Question 11

Bluetooth network threat vector

Answer 11

Involves exploiting vulnerabilities or misconfigurations in bluetooth devices

Question 12

Default credentials threat vector

Answer 12

Refer to gaining control of a network device or app due to default passwords.

Question 13

SMIShing

Answer 13

Social engineering attack that uses text messages to trick ppl into sharing sensitive information

Question 14

Vishing

Answer 14

Type of phishing attack conducted through a voice channel

Question 15

Phishing

Answer 15

Social engineering technique that tricks the target into interacting with malicious resource disguised as a trusted one, often using email as the vector

Question 16

Flexible Authentication via Secure Tunneling (EAP-FAST)

Answer 16

Cisco’s replacement for LEAP. It addresses LEAP vulnerabilities using transport Layer Security (TLS) with protected access credentials (PAC) instead of certificates.

Question 17

Protected Extensible Authentication Protocol (PEAP)

Answer 17

Uses a server side public key certificate to create an encrypted tunnel between the supplicant and authentication server

Question 18

EAP-MD5

Answer 18

Secure hash of a password sent to the authenticating server. Does not provide mutual authentication from the client to the supplicant

Question 19

RADIUS federation

Answer 19

Multiple organizations allow access to each other’s users by joining their RADIUS servers into a RADIUS hierarchy.

Question 20

Mitigating VME

Answer 20

Virtual machine escape is a critical security issue in a virtualized environment, where an application, process or user within a virtual machine can bypass the virtual machine’s barriers and interact directly with the host system.

Question 21

Input validation and sanitization techniques helps protect against SQLi and XSS attack by

Answer 21

Filtering out malicious scripts or queries before they reach the database or the user’s browser.

Question 22

End of life system vulnerability includese

Answer 22

Instances where a specific product or version of product that the manufacturer or vendor publicly declares as no longer supported.

Question 23

The effect of isolating the legacy machines on a separate network segment

Answer 23

Minimizes the risk of potential vulnerabilities spreading from these machines to the rest of the network

Question 24

Firmware vulnerabilities

Answer 24

Include instances where processors inside the the computer allow malicious program to steal data during processing

Question 25

Virtualization vulnerabilities

Answer 25

Includes Virtual Machine (VM) escape when an attacker with access to a VM breaks out of this isolated environment and gins access t the host system or other Vm running on the same host

Question 26

Importance of secure deallocation

Answer 26

Takes any residual data in a resource (Memory, disk space, etc) and clean or overwrites it before reuse, preventing potntial data leakage.

Question 27

Memory Injection Vulnerability

Answer 27

Refers to a security flaw where an attacker can introduce or inject malicious code into a running application’s process memory