2.0 Threats, Vulnerabilities, and Mitigations

Question 1

What distinguishes a nation-state threat actor from an organized crime group?

Answer 1

Nation-state actors are typically government-sponsored with political motives, while organized crime groups focus on financial gain.

Question 2

How can shadow IT pose a risk to an organization?

Answer 2

Shadow IT can introduce vulnerabilities by bypassing official security protocols.

Question 3

What is a common motivation for hacktivists?

Answer 3

Promoting political or ideological beliefs through cyber activities.

Question 4

Why is it important to consider both internal and external threat actors?

Answer 4

Internal actors have legitimate access that can be exploited, while external actors may use different attack vectors.

Question 5

What mitigation strategy can help prevent insider threats?

Answer 5

Implementing strict access controls and monitoring user activity.

Question 6

How does data exfiltration differ from espionage?

Answer 6

Data exfiltration focuses on stealing data for any purpose, while espionage specifically involves gathering intelligence.

Question 7

What role does encryption play in mitigating threats?

Answer 7

Encryption protects data integrity and confidentiality against unauthorized access.

Question 8

How can an organization detect potential insider threats?

Answer 8

By monitoring unusual behavior patterns and access logs.

Question 9

What is a key characteristic of an unskilled attacker?

Answer 9

Limited technical skills relying on pre-made hacking tools.

Question 10

Why might a nation-state engage in cyber warfare?

Answer 10

To disrupt another nation’s infrastructure or gather intelligence.

Question 11

How can service disruption be a motivation for attackers?

Answer 11

To damage a competitor’s reputation or operations.

Question 12

What is a common misconception about hacktivists?

Answer 12

That they lack technical skills; many are highly skilled in exploiting vulnerabilities.

Question 13

How does financial gain motivate organized crime in cyber activities?

Answer 13

By conducting fraud, theft, or extortion online for profit.

Question 14

What is an effective way to mitigate risks from shadow IT?

Answer 14

Enforcing strict IT governance policies and regular audits.

Question 15

How does ethical hacking differ from other forms of hacking?

Answer 15

It is authorized and aims to improve security by identifying vulnerabilities.

Question 16

How do philosophical beliefs motivate certain threat actors?

Answer 16

They may conduct attacks to support causes they believe in strongly.

Question 17

What can be a direct consequence of ignoring insider threats?

Answer 17

Loss of sensitive data due to unauthorized access by trusted individuals.

Question 18

Why is continuous monitoring important in cybersecurity?

Answer 18

To detect and respond promptly to emerging threats or attacks.

Question 19

What distinguishes revenge-motivated attacks from other types?

Answer 19

They are personal and aim at causing harm due to perceived grievances.

Question 20

How can organizations prepare for potential cyber warfare scenarios?

Answer 20

By strengthening defenses and collaborating with government agencies for intelligence sharing.

Question 21

What type of attack involves sending fraudulent emails designed to trick recipients into revealing personal information?

Answer 21

Phishing

Question 22

Which threat vector involves hiding malicious code within an image file?

Answer 22

Image-based attack

Question 23

What is the term for registering domain names similar to legitimate ones in hopes of catching users who mistype URLs?

Answer 23

Typosquatting

Question 24

How does vishing differ from phishing?

Answer 24

Vishing uses voice calls, while phishing typically uses email.

Question 25

What is the risk associated with using default credentials on devices?

Answer 25

Attackers can easily guess default credentials, gaining unauthorized access.

Question 26

What type of attack targets frequently visited websites by specific groups?

Answer 26

Watering hole attack

Question 27

What is smishing?

Answer 27

SMS-based phishing attack

Question 28

Why are unsupported systems considered high-risk?

Answer 28

They no longer receive security updates, leaving known vulnerabilities unpatched.

Question 29

What is the difference between client-based and agentless software?

Answer 29

Client-based requires installation on endpoints; agentless operates without local installation but still may expose vulnerabilities

Question 30

Which type of network is more vulnerable if left unencrypted?

Answer 30

Wireless networks

Question 31

What kind of social engineering technique involves creating a fake scenario to obtain sensitive information from someone?

Answer 31

Pretexting

Question 32

How do supply chain attacks typically work?

Answer 32

Attackers compromise third-party vendors or suppliers to gain access to their customers’ systems.

Question 33

What is business email compromise (BEC)?

Answer 33

An attack where cybercriminals spoof executive emails to trick employees into transferring money or sharing sensitive data

Question 34

Which Bluetooth exploit allows attackers unauthorized access?

Answer 34

Bluesnarfing

Question 35

What is one way attackers exploit open service ports?

Answer 35

By performing port scanning and exploiting services running on those ports

Question 36

What is an Indicator of Compromise (IOC)?

Answer 36

A: Forensic evidence suggesting a potential intrusion or malicious activity, such as unusual traffic patterns or suspicious account activities

Question 37

Describe a scenario where anomalous outbound traffic could indicate a security breach.

Answer 37

A: A sudden spike in outbound data could indicate data exfiltration by malware or a compromised system sending sensitive information to an external server.

Question 38

How does a DDoS attack differ from a credential replay attack?

Answer 38

A: A DDoS attack overwhelms a target with excessive traffic, while a credential replay attack uses stolen credentials to gain unauthorized access.

Question 39

What role do Intrusion Detection Systems play in identifying malicious activity?

Answer 39

A: IDS monitor network traffic for known threat signatures and unusual behavior patterns to detect potential security breaches.

Question 40

Explain the difference between static and dynamic malware analysis.

Answer 40

A: Static analysis examines malware without execution, focusing on file signatures, while dynamic analysis runs malware in a controlled environment to observe behavior.

Question 41

What are common indicators of a ransomware attack?

Answer 41

A: Encrypted files with ransom notes, unusual file extensions, and unexpected system performance degradation.

Question 42

How can establishing a baseline for network traffic help in detecting threats?

Answer 42

A baseline helps identify deviations from normal traffic patterns, making it easier to spot anomalies that may indicate malicious activity.

Question 43

What is the significance of account lockout as an indicator?

Answer 43

A: Account lockout can indicate attempted unauthorized access or brute force attacks due to repeated failed login attempts.

Question 44

Describe how RFID cloning can be used in physical attacks.

Answer 44

A: RFID cloning copies data from an RFID card/device to create duplicates for unauthorized access to secure areas or systems.

Question 45

What are the potential impacts of a buffer overflow attack?

Answer 45

A: Buffer overflow attacks can lead to arbitrary code execution, allowing attackers to take control of systems or cause them to crash.

Question 46

How can privilege escalation be detected within an application?

Answer 46

A: By monitoring for unauthorized changes in user permissions or access levels within applications.

Question 47

Why is it important to monitor for impossible travel scenarios?

Answer 47

A: Impossible travel involves login attempts from geographically distant locations in short time frames, indicating potential credential misuse.

Question 48

What are the differences between spraying and brute force password attacks?

Answer 48

A: Password spraying tries common passwords across many accounts, while brute force attacks try many passwords on one account until successful.

Question 49

How do cryptographic collision attacks work?

Answer 49

A: Collision attacks exploit weaknesses in hash functions by producing two different inputs that result in the same hash output, compromising data integrity

Question 50

Explain the importance of monitoring concurrent session usage as an indicator.

Answer 50

A: Monitoring concurrent sessions helps detect unauthorized access when multiple sessions are active simultaneously from different locations for the same user account.

Question 51

What steps should be taken when suspicious registry changes are detected?

Answer 51

A: Investigate changes for legitimacy, restore the registry from backups if necessary, and monitor for further unauthorized modifications.

Question 52

Describe how directory traversal can be exploited by attackers.

Answer 52

A: Directory traversal exploits vulnerabilities allowing attackers to access files outside the intended web root folder by manipulating file paths.

Question 53

How does analyzing DNS requests help in identifying potential threats?

Answer 53

Analyzing DNS requests can reveal attempts to connect to malicious domains or unusual patterns suggesting command-and-control communications.

Question 54

What are the challenges associated with detecting logic bombs?

Answer 54

A: Logic bombs are difficult to detect because they remain dormant until triggered by specific conditions, making them hard to identify until activation.

Question 55

In what ways can rootkits evade detection by traditional security measures?

Question 56

What is the primary purpose of network segmentation?

Answer 56

To isolate parts of a network and reduce the attack surface.

Question 57

What does an Access Control List (ACL) specify?

Answer 57

It specifies which users or systems are granted access to resources and what actions they are allowed to perform

Question 58

How does least privilege contribute to enterprise security

Answer 58

It limits user permissions to only what is necessary for their role, reducing potential misuse

Question 59

What is the difference between a DACL and an SACL?

Answer 59

A DACL specifies who is allowed or denied access, while an SACL logs access attempts for auditing purposes

Question 60

Why is patching important in securing an enterprise?

Answer 60

Patching fixes known vulnerabilities in software that could be exploited by attackers.

Question 61

What is an application allow list used for?

Answer 61

It restricts which applications are allowed to run on a system, preventing unauthorized software from executing

Question 62

How does encryption protect data?

Answer 62

Encryption converts data into an unreadable format unless decrypted with the correct key.

Question 63

What is configuration enforcement?

Answer 63

Ensuring that all systems adhere strictly to predefined security settings.

Question 64

Why should ports/protocols be disabled when not in use?

Answer 64

To reduce potential entry points for attackers by limiting unnecessary services

Question 65

What is involved in decommissioning hardware securely?

Answer 65

Securely wiping all data from devices before disposal or repurposing them

Question 66

How does monitoring help in enterprise security?

Answer 66

It allows real-time detection of suspicious activities and potential breaches

Question 67

What is host-based intrusion prevention (HIPS)?

Answer 67

A system that monitors and prevents malicious activities on individual hosts by analyzing behavior patterns

Question 68

Why should default passwords be changed immediately after installation?

Answer 68

Default passwords are well-known and could be easily exploited by attackers if not changed promptly

Question 69

How does isolation contribute to securing critical systems?

Answer 69

It prevents unauthorized communication with sensitive systems by separating them from less secure networks.

Question 70

What role does encryption play in endpoint protection?

Answer 70

It ensures that data stored on endpoints remains confidential even if the device is compromised