Chapter 1 Flashcards
- Lawan is in charge of sales in a major fabric company. He was
sent a email asking him to click a link and fill out a survey. He
suspects the email is a fraud, but there is a mention of other
companies that deal in fabric in the email, so he thinks it might not
be a fraud after all. Which of these options describes the attack
best?
A. Phishing
B. Smishing
C. Spear phishing
D. Vishing
C. The correct answer is Spear phishing. Spear phishing is an
email or electronic communications scam targeted towards a
specific individual, organization or business. Although often
intended to steal data for malicious purposes, cybercriminals may
also intend to install malware on a targeted user’s computer.
- The network administrator in your company tells you some of the
staff have been unable to connect to the office wireless network.
When you check, you see that the WI-FI signal has been blocked
due to an attack on the WAPs. What would be the best way to label
such an attack?
A. Near-field communication
B. Domain hijacking
C. Rogue access point
D. Jamming
D. The correct answer is Jamming. Jamming Attack is a kind of
Denial of Service attack, which prevents other nodes from using the
channel to communicate by occupying the channel that they are
communicating on.
- An uncommon way to prevent brute-force attack on your office
password file is?
A. Encrypting plain text using symmetric encryption
B. Encrypting plain text using hashing
C. Encrypting plain text using salting
D. Encrypting plain text using tokenization
A. The correct answer is Encrypting plain text using symmetric
encryption. A symmetric encryption is a type of encryption where
only one key (a secret key) is used to both encrypt and decrypt
electronic information. The entities communicating via symmetric
encryption must exchange the key so that it can be used in the
decryption process. This encryption method differs from asymmetric
encryption where a pair of keys, one public and one private, is used
to encrypt and decrypt messages.
- You have been invited to work on an application developed by another programmer. While checking the source code, you see a pointer de-reference so you return NULL. The software developed a segmentation fault because it tried to read from the NULL pointer.
How can this affect the application?
A. Memory leak
B. Denial-of-service environment
C. Resources exhaustion
D. Application programming interface (API) attacks
B. The correct answer is Denial-of-service environment. This type of error impacts the availability of the service so the denial of
service condition is the correct answer which can stop the program
of running
- How can you describe spamming in social media messengers?
A. Eliciting information
B. SPIM
C. Influence campaigns
D. Tailgating
B. The correct answer is SPIM. Just about all internet users have a
firsthand account of how annoying Spam is. If you use IM (Instant
Messaging) you just might have been SPIM’ed (Spam over Instant
Messaging). It may be more harmful than email Spam. The user is
more likely to click on the link because it is real-time. This sneaky
intrusion can be very annoying, and to make things worse, it by
basses the Anti-Virus and firewalls.
- You suspect there is an insider threat in your office making use
of the office security information and event management (SIEM)
system. Which of these best identify the threat?
A. Log collectors
B. User behavior analysis
C. Packet capture
D. Data inputs
B. The correct answer is User behavior analysis. User behavior
analytics, sometimes called user entity behavior analytics (UEBA),
is a category of software that helps security teams identify and
respond to insider threats that might otherwise be overlooked.
Using machine learning and analytics, UBA identifies and follows
the behaviors of threat actors as they traverse enterprise
environments, running data through a series of algorithms to detect
actions that deviate from user norms.
- A telecommunications company with over five hundred
computers placed in different areas wants a better way to handle
how much data is being created by the computers. What two
technologies will you suggest to them?
A. Common Vulnerabilities and Exposures
B. Advisories and bulletins
C. Provisioning and deprovisioning
D. Log collectors and Log aggregation
D. The correct answer is Log collectors and Log aggregation. Log
aggregation is part of the overall log management process that
helps IT organizations convert their log files into actionable insights
in real-time or near real-time. The process can be described in five
basic steps:
Instrument & Collect - The first step of log management is to start
collecting logs. IT organizations must implement log collector
software tools that collect data from various parts of the software
stack. Many devices across platforms generate logs using the
Syslog message logging standard or with other applications that
can write logs directly into the log aggregation tool platform.
Centralize & Index - Log data needs to be normalized and
indexed, making it easier to analyze and fully searchable for
developers and security analysts.
Search & Analyze - Now that the log data is organized properly in
the log aggregation tool, it can be searched and analyzed to
discover patterns and identify any issues that require attention from
IT operators. Human or machine learning analysis can be used to
identify patterns and anomalies.
Monitor & Alert - Effective log monitoring is a critical aspect of the
log management process. An effective log management tool should
integrate with message applications to deliver timely alerts when
events occur that require a prompt response.
Report & Dashboard - The final component of log management,
reporting and dashboarding ensure that team members across
departments have the necessary levels of access and visibility into
application performance data.
- You work in a company that provides an Application
Programming Interface (API) for customers. The director asks you
to recommend a practice that will protect the API from attacks and
ensure it is only available to customers who subscribe. What will
you recommend?
A. Install NGFW
B. Configure ACLs
C. Require authentication
D. Install HIDS
C. The correct answer is Require authentication. One of the
methods that protect the API from attacks and ensures that API
calls are only used by legitimate users is to require the use of
authentication. API keys are one of the most frequently used
methods for this.
- While browsing on your local computer, you receive a message
prompting you to move fast and download a particular software
because after 3 hours, the software will no longer be available for
free. What social engineering principle is used here?
A. Familiarity
B. Trust
C. Authority
D. Scarcity
D. The correct answer is Scarcity. Social Engineers may use
scarcity to create a feeling of urgency in a decision making context.
This urgency can often lead to the manipulation of the decision
making process, allowing the social engineer to control the
information provided to the victim.
- Your colleague, Marie, asks you to suggest uncommon
prevention methods she can use to prevent credential harvesting
attacks on a company’s commercial website. What would you
suggest to her?
A. Utilize complex usernames/passwords
B. Utilize MFA
C. Utilize ACLs
D. Utilize NGFW
A. The correct answer is Utilize complex usernames/passwords. It’s
very important to use mix of special characters, numbers, upper &
lower case letters, non-words and require longer length. Don’t use
standard usernames such as administrator, user, user1, test,
admin, etc. Don’t use usernames that are first names only such as
dan, john, tom, etc.
Avoid creating passwords that include your name, dictionary words
or reusing passwords from other accounts. You may want to
increase the default minimum length beyond 6 characters. Using
simple passwords is the easiest way for someone to compromise
your server – do NOT use simple passwords that are vulnerable to
brute-force and dictionary attacks.
- You advise your wife to buy a new gadget from an online store,
but she tells you that whenever she visits the site, it appears to be
fake. You call the company hotline to complain, but they tell you
they can access the site without any problem. A few minutes later,
they call you back to inform you there is no record of your wife ever
connecting to their network. Which of these can explain the
situation?
A. Watering hole attack
B. Impersonation
C. Pretexting
D. Typosquatting
D. The correct answer is Typosquatting. Typosquatting is a type
of social engineering attack which targets internet users who
incorrectly type a URL into their web browser rather than using a
search engine. Typically, it involves tricking users into visiting
malicious websites with URLs that are common misspellings of
legitimate websites.
- You work as the security manager in a bank. You receive a call from someone telling you that each time he tries to access the bank’s site, he is being directed to another bank’s website. When you check, you see that a change has occurred in domain information and domain’s contact details. Since the domain is still active, what could have happened?
A. Uniform Resource Locator (URL) redirection
B. Domain reputation
C. DNS poisoning
D. Domain hijacking
D. The correct answer is Domain hijacking. Domain hijacking is the
act of changing the registration of a domain name without the
permission of the original owner, or by abuse of privileges on
domain hosting and domain registrar systems.
Domain name hijacking is devastating to the original domain name
owner’s business with wide ranging effects including:
Financial damages: Companies who rely on their website for
business, such as ecommerce companies and SaaS companies,
can lose millions of dollars when they lose control of the domain,
their domain is one of their most valuable assets. Domain hijacking
is one of the largest cybersecurity risks online businesses have.
Reputational damages: Domain hijackers can take control of a
hijacked domain’s email accounts and use the domain name to
facilitate additional cyber attacks such as
installing malware or social engineering attacks.
Regulatory damages: By gaining access to a domain name,
hijackers can replace the real web page with an identical web page
designed to capture sensitive data or personally identifiable
information (PII), this is known as phishing.
- As an enterprise software vendor, during your procurement request-for-proposal process you see a question included, asking how long you have been in the business and how many clients you have. What security issue are they planning to prevent with this question?
A. Lack of company vision
B. Quality of code development
C. Best practice code development
D. Lack of vendor support
D. The correct answer is Lack of vendor support. The question is
intended to assess the viability of the company in the long term,
and consequently if they will provide support, updates and fix
patches.
- Which of these is not an effective way to prevent Server-Side
Request Forgery attacks?
A. Using an alternative IP representation of 127.0.0.1
B. Registering your own domain name that resolves
to 127.0.0.1
C. Removing all SQL code from Ajax Requests
D. Embedding credentials in a URL before the hostname, using
the @ character
C. The correct answer is Removing all SQL code from Ajax
Requests. Server-side request forgery (also known as SSRF) is a
web security vulnerability that allows an attacker to induce the
server-side application to make HTTP requests to an arbitrary
domain of the attacker’s choosing.
In a typical SSRF attack, the attacker might cause the server to
make a connection to internal-only services within the
organization’s infrastructure. In other cases, they may be able to
force the server to connect to arbitrary external systems, potentially
leaking sensitive data such as authorization credentials.
Ways to prevent this are:
1. Use an alternative IP representation of 127.0.0.1
2. Register your own domain name that resolves to 127.0.0.1
3. Embed credentials in a URL before the hostname, using
the @ character
- One of the following is not a capability of Security, orchestration, automation, and response (SOAR) tool. Which is it?
A. Threat and vulnerability management
B. Reaction to security incidents
C. Automation of security operations
D. Automation of malware removal
D. The correct answer is Automation of malware removal. SOAR
(Security Orchestration, Automation and Response) is a combination of compatible programs that enables a company to collect data on security threats from a wide variety of sources. In addition, SOAR enables an automatic reaction to certain security events without human intervention.
These are the three most important capabilities of SOAR solutions:
Threat and vulnerability management: The solutions support IT teams in eliminating vulnerabilities. In addition, they offer
standardized workflow, reporting and collaboration functions.
Reaction to security incidents: These technologies support IT
departments in planning, process organization, tracking and
coordinating the respective reaction to a security incident.
Automation of security operations: These technologies support the automation and orchestration of procedures, processes, policy
implementation and reporting.
