Attacks, Threats, and Vulnerabilities Flashcards
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
prioritize remediation of vulnerabilities based on the possible impact
A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:
ARP poisoning
A security administrator checks the table of a network switch, which shows the following output:
MAC flooding
A company’s public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site’s homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?
DNS spoofing
A security monitoring company offers a service that alerts its customers if their credit cards have been stolen. Which of the following is the MOST likely source of this information?
The dark web
A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?
Evil twin
A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?
NFC attack
An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee’s identity before sending the prize. Which of the following best describes this type of email?
Phishing
Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?
Shadow IT
The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?
Document this as a false positive
Which of the following describes the exploitation of an interactive process to gain access to restricted areas?
Privilege escalation
Travis, a penetration tester, heard about a new vulnerability that affects many modern platforms. Which of the following would be BEST to consult in order to determine exactly which platforms have been affected?
CVE
Notably, we are asking about PLATFORMS here and not individual systems on a network. A platform is generally just the types of OSs that would be potentially compromised by this new vulnerability.
CVEs (Common Vulnerabilities and Exposures) is a database of known vulnerabilities as well as their attributes, including affected platform.
A security administrator received an alert for a user account with the following log activity:
Impossible travel time
Which of the following are common VoIP-associated vulnerabilities? (Choose two).
SPIM
Vishing
SPIM messages use on a DoS or DDoS attack can degrade the quality of VoIP calls, overload servers, and serve as a platform for social engineering attacks, jeopardizing the security of VoIP users
A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?
SOC 2 Type 2 report
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following best represents the type of testing that will occur?
White-box
A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach and does not have an on-premises IT infrastructure. Which of the following would best secure the organization?
Deploying an appropriate in-line CASB solution
A company wants to pragmatically grant access to users who have the same job. Which of the following access controls should the company most likely use?
Role-based
A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements?
Heat map
A security team created a document that details the order in which critical systems should be brought back online after a major outage. Which of the following documents did the team create?
Disaster recovery plan
In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer’s response?
Risk acceptance
Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?
Continuity of operations plan
Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?
Account audits
An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?
Job rotation