B.3.1 Security+ SY0-601 Domain 1: Attacks, Threats, and Vulnerabilities Flashcards
150 questions (plus some of my own)
Which of the following attacks tricks victims into providing confidential information (such as identity information or logon credentials) through emails or websites that impersonate an online entity that the victim trusts?
Phishing
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking username and password. The URL in the link is in the .ru top-level DNS domain.
What kind of attack occurred?
Phishing
Which of the following is one of the MOST common attacks on employees?
Phishing
As the security analyst for your organization, you have noticed an increase in emails that attempt to trick users into revealing confidential information. Which web threat solution should you implement to protect against these threats?
Anti-phishing software
Which of the following BEST describes phishing?
A fraudulent email that claims to be from a trusted organization
Which of the following social engineering attacks uses voice over IP (VoIP) to gain sensitive information?
Vishing
Which of the following are functions of gateway email spam filters? (Select two.)
Blocks email from specific senders
Filters messages containing specific content
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as an SMTP relay agent. Which activity could result if this happens?
Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?
Spamming
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware.
Which kind of attack has occurred in this scenario?
Spam
As the security analyst for your organization, you have noticed an increase in user computers being infected with malware. Which two solutions should you implement and configure to remedy this problem? (Select two.)
Virus scanner
Spam filters
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
Spim
Which of the following is susceptible to social engineering exploits?
Instant messaging
Which of the following is considered a major problem with instant messaging applications?
Loss of productivity
You are the security analyst for your organization and have recently noticed a large amount of spim on the company mobile devices. Employees rely on the IM app to communicate with each other.
Which of the following countermeasures should you implement?
Use an IM blocker
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Dumpster diving
Which of the following are examples of social engineering attacks? (Select three.)
Shoulder surfing
Impersonation
Keylogging
Which of the following best describes shoulder surfing?
Someone nearby watching you enter your password on your computer and recording it
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords.
Which type of social engineering attack is Fred referring to?
Shoulder surfing
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elicitation
An attack that targets senior executives and high-profile victims is referred to as what?
Whaling
In which phase of an attack does the attacker gather information about the target?
Reconnaissance
Which of the following is a common social engineering attack?
Distributing hoax virus-information emails
Pretending to be somebody else and approaching a target to extract information is called what?
Impersonation
Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password.
Which of the following types of non-technical password attack has occurred?
Social engineering
What is social engineering?
It relies on human error. It works by feigning trustworthiness to convince someone to share information
An organization’s receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering?
Authority
Social engineers are master manipulators. Which of the following are tactics they might use?
Moral obligation, ignorance, and threatening
Any attack involving human interaction of some kind is referred to as what?
Social engineering
A type of malware that prevents the system from being used until the victim pays the attacker money is known as what?
Ransomware
Which of the following is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously?
Trojan horse
In 2001, a worm exploited vulnerabilities in Microsoft Internet Information Services (IIS) to infect over 250,000 systems in under nine hours. What was this worm called?
Code Red
Which kind of virus operates only in memory and usually exploits a trusted application like PowerShell to circumvent traditional endpoint security solutions?
Fileless virus
A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent?
Botnet
Which of the following describes a logic bomb?
A program that performs a malicious activity at a specific time or after a triggering event.
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source.
Which kind of malware provides an attacker with administrative control over a target computer through a backdoor?
Remote Access Trojan (RAT)
Which of the following are characteristics of a rootkit? (Select two.)
Resides below regular antivirus software detection
Requires administrator-level privileges for installation
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application.
Which type of security weakness does this describe?
Backdoor
An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later.
Which type of attack is this an example of?
Backdoor
In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development.
Which vulnerability are you attempting to prevent?
Backdoor
You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day.
What else should you do to protect your systems from malware? (Select two.)
Educate users about malware
Schedule regular full-system scans
In a variation of the brute force attack, an attacker may use a predefined list of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt?
Dictionary attack
Which of the following is most vulnerable to a brute-force attack?
Password authentication
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found.
Which of the following technical password attacks are you using?
Brute force attack
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table attack
Which of the following strategies can protect against a rainbow table password attack?
Add random bits to the password before hashing takes place
Jack is tasked with testing the password strength for the users of an organization. He has limited time and unlimited storage space.
Which of the following would be the BEST password attack for him to choose?
Rainbow attack
A birthday attack focuses on which of the following?
Hashing algorithms
An attacker is attempting to crack a system’s password by matching the password hash to a hash in a large table of hashes he or she has.
Which type of attack is the attacker using?
Rainbow
When two different messages produce the same hash value, what has occurred?
Collision
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees’ accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas.
This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network.
Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation
Which of the following is an example of privilege escalation?
Privilege creep
A user is able to access privileged administrative features with an account that is not granted administrator rights.
Which type of vulnerability is this?
Privilege escalation
Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig’s folder.
This situation indicates which of the following has occurred?
Privilege escalation
Which of the following is an attack that injects malicious scripts into web pages to redirect users to fake websites to gather personal information?
XSS (Cross-site scripting)
Which of the following are subject to SQL injection attacks?
Database servers
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored.
An attacker is able to insert database commands in the input fields and have those commands execute on the server.
Which type of attack has occurred?
SQL injection
An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user’s web browser.
Which practice would have prevented this exploit?
Implementing client-side validation
In 2011, Sony was targeted by an SQL injection attack that compromised over one million emails, usernames, and passwords.
Which of the following could have prevented the attack?
Careful configuration and penetration testing on the front end
SQL injections are a result of which of the following flaws?
Web applications
Which of the following functions does a single quote (‘) perform in an SQL injection?
Indicates that data has ended and a command is beginning
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?
Buffer overflow attack
A programmer that fails to check the length of input before processing leaves his code vulnerable to which form of common attack?
Buffer overflow attack