Attacks, Threats, and Vulnerabilities Flashcards
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
prioritize remediation of vulnerabilities based on the possible impact
A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:
ARP poisoning
A security administrator checks the table of a network switch, which shows the following output:
MAC flooding
A company’s public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site’s homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?
DNS spoofing
A security monitoring company offers a service that alerts its customers if their credit cards have been stolen. Which of the following is the MOST likely source of this information?
The dark web
A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?
Evil twin
A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?
NFC attack
An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee’s identity before sending the prize. Which of the following best describes this type of email?
Phishing
Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?
Shadow IT
The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?
Document this as a false positive
Which of the following describes the exploitation of an interactive process to gain access to restricted areas?
Privilege escalation
Travis, a penetration tester, heard about a new vulnerability that affects many modern platforms. Which of the following would be BEST to consult in order to determine exactly which platforms have been affected?
CVE
Notably, we are asking about PLATFORMS here and not individual systems on a network. A platform is generally just the types of OSs that would be potentially compromised by this new vulnerability.
CVEs (Common Vulnerabilities and Exposures) is a database of known vulnerabilities as well as their attributes, including affected platform.
A security administrator received an alert for a user account with the following log activity:
Impossible travel time
Which of the following are common VoIP-associated vulnerabilities? (Choose two).
SPIM
Vishing
SPIM messages use on a DoS or DDoS attack can degrade the quality of VoIP calls, overload servers, and serve as a platform for social engineering attacks, jeopardizing the security of VoIP users
A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?
SOC 2 Type 2 report
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following best represents the type of testing that will occur?
White-box
A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach and does not have an on-premises IT infrastructure. Which of the following would best secure the organization?
Deploying an appropriate in-line CASB solution
A company wants to pragmatically grant access to users who have the same job. Which of the following access controls should the company most likely use?
Role-based
A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements?
Heat map
A security team created a document that details the order in which critical systems should be brought back online after a major outage. Which of the following documents did the team create?
Disaster recovery plan
In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer’s response?
Risk acceptance
Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?
Continuity of operations plan
Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?
Account audits
An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?
Job rotation
A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?
hping
The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?
Implementing multifactor authentication
A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly?
Segmentation
Which of the following would be best suited for constantly changing environments?
Containers
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
SSO
A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?
Block the URL shortener domain in the web proxy
An administrator receives the following network requirements for a data integration with a third-party vendor:
Which of the following is the most appropriate response for the administrator to send?
FTP is an insecure protocol and should not be used
A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?
Contain the impacted hosts
The Chief Technology Officer of a local college would like visitors to utilize the school’s Wi-Fi but must be able to associate potential malicious activity to a specific person. Which of the following would best allow this objective to be met?
Deploying a captive portal to capture visitors’ MAC addresses and names
A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?
Smart card
Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?
Benchmarks
A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators?
The syslog server
A company is designing the layout of a new data center so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.)
A cold aisle
A hot aisle
Which of the following is a common source of unintentional corporate credential leakage in cloud environments?
Code repositories
Developers sometimes inadvertently include sensitive information, such as API keys, passwords, and other credentials, in their code. When this code is pushed to public repositories (e.g., GitHub, GitLab), those credentials can be exposed to the world, leading to potential credential leakage.
An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?
Pass-the-hash
A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?
Disable unnecessary services
A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company’s machines need to be updated?
CRL
If OCSP was in place and functioning correctly, the revocation status would be determined in real-time, reducing the need for manual intervention from the admin upon vendor notification.
The scenario described—where the certificate vendor notifies the company about invalidated certificates—does suggest a more manual or batch process of checking revocation, which aligns with the use of CRLs
A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:
Which of the following best describes the type of attack?
Directory traversal
A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank’s information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank’s desired scenario and budget?
Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.
A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?
EAP-TLS
EAP-TLS is a robust authentication protocol that utilizes digital certificates, typically stored on smart cards, to authenticate users within a network.
A software company adopted the following processes before releasing software to production:
* Peer review
* Static code scanning
* Signing
A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?
Dynamic code analysis tool
The following IP information was provided to internal auditors to help assess organizational security:
Which of the following tools would most likely be used to perform network reconnaissance and help understand what is accessible to all users? (Choose two.)
ping
traceroute
A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done first?
Conduct a site survey
While a Wi-Fi analyzer is a valuable tool and will likely be used during the site survey and subsequent optimization steps, starting with a site survey provides a holistic view of the environment before focusing on specific aspects like channel selection and interference analysis
An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization’s requirement?
UPS
A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?
EDR
Following a prolonged data center outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:
-There must be visibility into how teams are using cloud-based services.
-The company must be able to identify when data related to payment cards is being sent to the cloud.
-must be available regardless of the end user’s geographic location.
-Administrators need a single pane-of-glass view into traffic and trends.
Which of the following should the security analyst recommend?
Implement a CASB solution
An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular websites. Which of the following should the company implement?
OpenID
A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will best meet these requirements?
A CASB