CompTIA Security+ (SY0-701) Exam 5 Revision Flashcards
During an online purchase, a user is redirected to a payment gateway that closely resembles the original website but has slight differences in design and URL. The user is prompted to enter their credit card details. This situation is an example of:
Watering hole
Typosquatting
Phishing
Impersonation
This is a form of phishing, where the user is directed to a fraudulent website that mimics a legitimate one to steal financial or personal information. Unlike a watering hole attack, which targets specific user groups by compromising commonly visited sites, typosquatting, which involves domain name misspelling without direct redirection, or impersonation, which involves an attacker pretending to be another individual, this scenario specifically involves tricking the user into entering sensitive information on a fake platform that they were redirected to.
To manage changes in security procedures and ensure that only the most current policies are applied, an organization employs a version control system. What aspect of change management does this practice address?
Version control
Dependencies
Downtime
Documentation
Employing a version control system to manage changes in security procedures addresses the aspect of version control within change management. Version control is crucial for tracking modifications to documents and ensuring that personnel are referencing the most current policies, procedures, and guidelines. This practice helps prevent confusion and ensures that security measures are up-to-date and effective, highlighting the importance of version control in maintaining the integrity and relevance of security documentation over concerns related to dependencies, operational downtime, or the broader category of documentation management.
An organization notices an increase in emails sent from external addresses that closely resemble the company’s domain, attempting to trick employees into transferring funds or revealing sensitive information. This technique is known as:
Brand impersonation
Pretexting
Business email compromise
Typosquatting
This refers to the practice of typosquatting, where attackers register domain names that are slight misspellings of legitimate ones to deceive individuals. In this context, it is being used to mimic the company’s domain in an attempt to trick employees. This differs from business email compromise, which specifically targets high-level transactions and decisions, brand impersonation, which involves pretending to be the company rather than just using a similar domain, and pretexting, which involves constructing a fabricated scenario or story.
When aiming for resilience in security architecture, which factor involves the ability to quickly recover from disruptions and maintain essential functions?
Continuity of operations
Multi-cloud systems
High availability
Platform diversity
Continuity of operations focuses on the ability to maintain essential functions during and after a disruption. While high availability ensures systems are accessible with minimal downtime, continuity of operations ensures critical functions can continue even when systems are disrupted. Platform diversity and multi-cloud systems provide redundancy but may not directly address the continuity of operations aspect.
An organization’s CFO receives an email from the CEO, who is currently traveling, asking for an urgent wire transfer to a new vendor. The email address looks correct at first glance, but closer inspection reveals a minor alteration. This is an example of what type of attack?
Pretexting
Impersonation
Business email compromise
Typosquatting
This scenario describes a business email compromise (BEC) attack, where an attacker impersonates a high-level executive to deceive the organization into making a financial transaction. The minor alteration in the email address is a common tactic used in BEC to trick the recipient into believing the request is legitimate. Unlike pretexting, which involves creating a fake scenario, typosquatting, which involves registering misspelled domain names, or impersonation, which doesn’t necessarily involve financial requests, BEC specifically targets financial transactions based on authority misuse.
In terms of risk transference, which of the following strategies would a company employ when adopting an IaaS model?
Implementing redundant system design
Using proprietary software
Outsourcing security
management to a third party
Purchasing cyber insurance
Purchasing cyber insurance is a form of risk transference where a company shifts potential financial losses due to cyber incidents to an insurance company. While outsourcing security management and implementing redundant designs are ways to mitigate risks, they do not transfer the risk. Using proprietary software is more related to security control rather than risk transference.
In the context of industrial control systems, which of the following is the most critical aspect to ensure the security and reliability of a SCADA system?
Using a real-time operating system
High availability configuration
Containerization of applications
Implementing IoT devices
High availability configuration is the most critical aspect to ensure the security and reliability of a SCADA system, as it ensures that the system remains operational even in the event of component failures, unlike IoT devices or containerization, which do not inherently provide the same level of reliability for industrial control systems.
After repeatedly failing to access an account with a single password, an attacker switches tactics and begins trying numerous passwords against multiple usernames. What type of password attack does this scenario describe?
Brute force
Spraying
Replay
Buffer overflow
A brute force attack involves trying many passwords or phrases to guess the correct one, distinguishing it from spraying, which uses common passwords against many accounts. Buffer overflow and replay attacks do not directly relate to password guessing but involve memory manipulation and data retransmission, respectively.
In terms of infrastructure security, what is a major advantage of microservices over monolithic architectures?
Easier to update and patch
Less complex networking
Centralized security management
Higher computational overhead
Microservices architectures offer an advantage in terms of infrastructure security because they are easier to update and patch compared to monolithic architectures. This modularity allows for targeted updates and quicker responses to vulnerabilities within specific services, without needing to redeploy the entire application, enhancing the overall security posture.
In the context of web security, which method is MOST effective in preventing SQL injection attacks?
Encrypting all data stored in the database.
Using CAPTCHA on all input forms.
Employing prepared
statements and parameterized queries.
Conducting regular security audits of the website.
SQL injection attacks manipulate backend databases by injecting malicious SQL code through application inputs. Using prepared statements and parameterized queries is the most effective defense, as they separate SQL logic from data, making it impossible for an attacker to alter the structure of an SQL query by injecting malicious code. Encrypting data, using CAPTCHA, and conducting audits are beneficial security measures but do not specifically address the vulnerability exploited by SQL injection attacks.
What distinguishes a nation-state actor from other types of cyber threat actors in terms of their cyber attack capabilities?
Internal
Resources/funding
Level of sophistication/capability
External
Nation-state actors are distinguished by their high level of sophistication and capability in cyber attacks, often employing advanced techniques and tools that are not available to other actors. This high level of sophistication allows them to conduct complex cyber espionage, sabotage, or influence operations. In contrast, other actors may lack the resources, funding, or technical expertise to execute attacks of similar complexity and scale, making sophistication and capability key distinguishing factors.
What is the role of vulnerability exceptions in a vulnerability management program?
To replace the need for implementing compensating controls
To document and acknowledge the acceptance of risk for unremediated vulnerabilities
To provide a temporary measure until a patch is applied
To ignore vulnerabilities that cannot be patched
The role of vulnerability exceptions in a vulnerability management program is to document and acknowledge the acceptance of risk for vulnerabilities that cannot be remediated within the standard timeframe or for which no immediate remediation is available. This process involves a formal risk assessment and approval by appropriate stakeholders, ensuring that the decision to accept the risk is made consciously. This is not a means to ignore vulnerabilities, nor does it replace the need for compensating controls, which should still be considered to reduce risk exposure. Granting an exception is a temporary measure, emphasizing the need for a plan to address the vulnerability in the future.
An executive receives a text message urging immediate action: a link is provided to update their password due to a purported security breach. The message instills urgency but lacks specific details about the executive or their role. What type of social engineering attack is this?
Business email compromise
Smishing
Vishing
Watering hole
This scenario typifies smishing, where attackers use SMS (text messages) to deceive individuals into clicking malicious links or providing personal information, often by creating a sense of urgency. Unlike vishing, which uses voice calls, business email compromise, which involves hacking or impersonating corporate emails, or watering hole attacks, which target specific user groups by compromising websites they are likely to visit, smishing specifically utilizes SMS as the medium of deception.
During a digital forensic investigation, a security analyst discovers that an attacker has created a fraudulent website that closely resembles a legitimate one, tricking users into entering sensitive information. Which type of attack does this scenario describe?
Replay
Directory traversal
Forgery
Buffer overflow
Forgery involves creating a fake document, website, or other data to deceive individuals or systems. This is unlike buffer overflow, replay, and directory traversal attacks, which are technical attacks aimed at exploiting system vulnerabilities rather than deceiving users directly.
A financial institution needs to securely transmit customer account information between its branches. Which method would be most effective in protecting this data during transmission?
Segmentation
Masking
Encryption
Hashing
Encryption is the most effective method for protecting data during transmission between branches of a financial institution. It ensures that the data remains confidential and secure, even if intercepted by unauthorized parties. Hashing, segmentation, and masking are not suitable for protecting data during transmission and may not provide the necessary level of security.
