Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

-Sec+ 601 > Domain 1 Questions > Flashcards

Domain 1 Questions Flashcards

1
Q

1

A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?

A Man-in-the-Browser (MitB) attack
Locally Shared Objects (LSOs)
Cross-site Request Forgery (XSRF)
HTTP Response Splitting

A

A Man-in-the-Browser (MitB) attack

A MitB attack compromises the web browser by installing malicious plug-ins, scripts, or intercepting API calls. Vulnerability exploit kits installed on a website can actively try to exploit vulnerabilities in clients browsing the site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

1

Customers receive a seemingly genuine email from their trusted bank, informing them that their password needs updating. However, when authenticating, an attacker captures the customers’ credentials. What kind of attack did the bank customers experience?

Phishing
SMiShing
Whaling
Vishing

A

Phishing

Phishing is a combination of social engineering and spoofing, where the attacker sets up a spoof website to imitate a trusted one. The attacker then emails users of the genuine website, informing them that their account must be updated, supplying a disguised link that leads to their spoofed site. When users authenticate with the spoofed site, their logon credentials are captured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

1

A vulnerability database loaded on a scanning tool such as Tenable Nessus will commonly show which of the following properties?

Select all that apply.

Score
Dictionary
Security data inputs
Packet data

A

Score
Dictionary

Score-Common Vulnerability Scoring System (CVSS) is maintained by the Forum of Incident Response and Security Teams (first.org/cvss). Scores range from 0 (low) to 9+ (critical).
Dictionary-Common Vulnerabilities and Exposures (CVE) is a dictionary of vulnerabilities in published operating systems and applications software provided by cve.mitre.org. It includes CVE ID, brief descriptions, a URL reference list, and data of entry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

1

Multiple private data sources ingest pictures to a machine learning tool on Google Cloud Platform to find specific species of butterflies. The pictures are tagged by creator names in the company before being loaded onto the various data source locations. What type of security solution can the IT team implement to prevent tainted training data from getting to the machine learning tool?

Select all that apply

Use algorithms that use collision avoidance.
Keep ML algorithm a secret.
Use SOAR to check picture properties.
Prevent infiltration of external vendors.

A

Keep ML algorithm a secret.
Use SOAR to check picture properties.

Security orchestration, automation, and response (SOAR) and automated runbooks could effectively check saved pictures before they are ingested into the machine learning tool. This will prevent malicious data from being ingested.
Machine Learning (ML) algorithm is secrecy by obscurity. An adversarial attack can skew image data by tricking the ML tool to recognize an image as something else if the algorithm is known.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

1

Where should a systems administrator search for more information on how to fix a CPU vulnerability on a Dell rack server?

Best Buy Geek Squad
Facebook
Vendor support page
Black Hat conference

A

Vendor support page

Vendors will provide guides, templates, and tools for configuring and securing operating systems, applications, and physical devices like a rack server. CPU vulnerabilities may require firmware updates that may only be available from the vendor. Conferences are hosted and sponsored by various institutions and provide an opportunity for presentations on the latest threats and technologies. The Black Hat conferences showcase the latest threats and hacker techniques in the industry. Social media platforms, such as Facebook, can showcase “How to” videos and posts, but they are limited. Support files are only available on vendor support pages. A local industry group or company like Best Buy’s Geek Squad helps with smaller commercial and consumer products and is not ideal for rack server related items.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

1

Which team performs the offensive role in a penetration exercise?

Red team
White team
Purple team
Blue team

A

Red team

The red team performs the offensive role to try to infiltrate the target. This team is one of two competing teams in a penetration testing exercise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

1

An attacker evaded antivirus detection in a Linux kernel, as multiple threads attempted to write an object at the same memory location. What type of vulnerability did the attacker use?

A race condition
A pointer dereference
A buffer overflow
An integer overflow

A

A race condition

A race condition vulnerability occurs when multiple threads are attempting to write at the same memory location. Race conditions can deploy as an anti-virus evasion technique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

1

An attacker came within close proximity of a victim and sent the mobile device user spam of an unsolicited text message. Once the user clicked the link in the message, Trojan malware infected the user’s device. What type of attack did the hacker most likely infect the mobile user with?

Bluesnarfing
Bluejacking
WiPhishing
Skimming

A

Bluejacking

WHAT YOU NEED TO KNOW
A Bluetooth-discoverable device is vulnerable to bluejacking, similar to spam, where someone sends an unsolicited text (or picture/video) message or vCard (contact details). This can also be a vector for Trojan malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

1

Security admins are evaluating Windows server vulnerabilities related to Dynamic Link Library (DLL) injections. Modern applications are running on these Windows servers. How would an attacker exploit these vulnerabilities?

Select all that apply

Navigate laterally using pass the hash.
Evade detection through refactoring.
Enable legacy mode through shimming.
Use malware with administrator privilege.

A

Evade detection through refactoring
Use malware with administrator privilege

The malware must evade detection by anti-virus to be successful. This can be done through code refactoring which means the code performs the same function by using different methods, such as changing its signature.
Dynamic Link Library (DLL) injection is deployed with malware that is already operating on the system with local administrator or system privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

1

A hacker can use Microsoft Office applications as an attack vector to automatically run multiple tasks in the background using which of the following?

ARP poisoning
Bash
VBA
PowerShell

A

VBA

Microsoft Office uses the Visual Basic for Applications (VBA) languages to script macros, for example, in a Word document to carry out multiple tasks automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

1

Which of the following are deployed similarly to a credit card skimmer?

Card cloner
Malicious USB plug
Keyloggers
Malicious flash drive

A

Malicious USB plug

A malicious Universal Serial Bus (USB) charging cable and plug are deployed similar to card skimmers. The device may be placed over a public charging port at airports and other transit locations. The device can then access a smartphone when connected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

1

A threat actor is using which of the following techniques to circumvent the usual authentication method to a remote host?

Keylogger
Rootkit
Backdoor
Logic bomb

A

Backdoor

A backdoor is any type of access method to a host that circumvents the usual authentication method and gives the remote user administrative control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

1

What would be the highest concern for an e-commerce company whose top priority is to ensure customers can shop online 24/7?

Increase of data breaches
Loss of reputation
Loss of availability
Increase of fines

A

Loss of availability

Availability loss in this case is losing redundancy in applications and servers that host and run the e-commerce website. Service availability is important to an e-commerce company that advertises 24/7 services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

1

Which attack is a brute-force type that mixes common passwords with usernames?

Dictionary
Skimming
Rainbow
Spraying

A

Spraying

Password spraying is a horizontal brute-force online attack. The attacker chooses one or more common passwords (for example, password) and tries them in conjunction with multiple usernames.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

1

Which principle of social engineering can a threat actor use to get many people to act as others would?

Scarcity
Liking
Consensus
Trust

A

Consensus

The principle of consensus or social proof refers to techniques that cause many people to act just as others would without force. The attacker can use this instinct to persuade the target that to refuse a request would be odd.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

1

Experts at a scientific facility suspect that operatives from another government entity have planted malware and are spying on one of their top-secret systems. Based on the attacker’s location and likely goals, which attacker type is likely responsible?

Hacktivists
Script kiddies
State actors
Criminal syndicates

A

State actors

State actors have been implicated in many attacks, particularly on energy and health network systems. They typically work at arm’s length from the national government that sponsors and protects them, maintaining “plausible deniability.” A criminal syndicate can operate across the internet from different jurisdictions than its victim, increasing the complexity of prosecution. Syndicates will seek any opportunity for criminal profit, but typical activities are financial fraud. A script kiddie is someone who uses hacker tools without necessarily understanding how they work or having the ability to craft new attacks. Hacktivists might attempt to obtain and release confidential information to the public domain, perform denial of service (DoS) attacks, or deface websites.

17
Q

1

Which of the following represents a non-intrusive scanning type of framework?

Metasploit
An exploitation framework
Penetration testing
Vulnerability scanning

A

Vulnerability scanning

Whether they use purely passive techniques or some sort of active session or agent, vulnerability scanners represent a non-intrusive scanning type. The scanner identifies vulnerabilities from its database by analyzing things, such as build and patch levels or system policies.

18
Q

1

A user notices several new icons for unknown applications after downloading and installing a free piece of software. IT support determines that the applications are not malicious but are classified as which type of software?

PUPs
Fileless viruses
Worms
Trojans

A

PUPs

Potentially unwanted programs (PUP) are software installed alongside a package selected by the user, or perhaps bundled with a new computer system.

19
Q

1

The local operational network consists of physical electromechanical components controlling valves, motors, and electrical switches. All devices enterprise-wide trust each other in the internal network. Which of the following attacks could overwhelm the network by targeting vulnerabilities in the headers of specific application protocols?

Man-in-the-middle attack
DDoS attack
DNS amplification attack
Malicious PowerShell attack

A

DNS amplification attack

Domain name system (DNS) amplification attack is an application attack that targets vulnerabilities in the headers and payloads of specific application protocols. It triggers a short request for a long response at the victim network.

20
Q

1

Today’s hackers are keen on knowing that security teams are actively hunting for threats on the network. Hackers may use resources to trigger a diversion to keep threat hunters busy, while another attack is initiated to carry out the primary objective of the planned penetration attack. How can a security team best circumvent this strategic hacking technique?

Monitor threat feeds from ISACs.
Review security advisories.
Apply intelligence fusion techniques.
Use a defensive maneuver.

A

Use a defensive maneuver.

A defense maneuver uses passive discovery techniques so that threat actors do not know they have been discovered. This gives the security team a chance to investigate the source of the attack and plan a resolution before the threat moves on to the next objective.

21
Q

1

Which of the following is NOT an example of improper or weak application patch management.

Application design flaw
Unmanaged assets
Performance degradation
No documentation

A

Application design flaw

An application design flaw is a vulnerability in the software. It can cause the security system to be circumvented or will cause the application to crash. For this reason, proper patch management processes are required to ensure service availability of the application.

22
Q

1

Which penetration technique allows a tester to bypass a network boundary and compromise servers on an internal network?

Persistence
Pivot
Cleanup
Lateral movement

A

Pivot

A pivot bypasses a network boundary and compromises servers on an internal network. A pivot is normally accomplished using remote access and tunneling protocols.

23
Q

1

IT discovers a flaw in a web application where it allows queries without encryption. As a result, requests are being spoofed and directories containing private files are viewable. What is happening?

Structured Query Language (SQL) injection
Dynamic Link Library (DLL) injection
Lightweight Directory Access Protocol (LDAP) injection
Extensible Markup Language (XML) injection

A

Extensible Markup Language (XML) injection

Extensible Markup Language (XML) can be used for data exchange. Without encryption, it is vulnerable to spoofing, request forgery, and injection of arbitrary code. For example, an XML External Entity (XXE) attack embeds a request for a local resource.

24
Q

1

A user at a company executes a program that displays a threatening message. The message says “files on the computer will remain encrypted until bitcoin is paid to a virtual wallet.” Which of the following best describes this type of infection?

Crypto-malware
A worm
A logic bomb
A mine

A

Crypto-malware

Ransomware is a type of Trojan malware that extorts money from the victim. The computer remains locked until the user pays the ransom. Crypto-malware is ransomware that attempts to encrypt data files. The user will be unable to access the files without the private encryption key.

25
Q

1

Choose the components a threat actor may use to set up a distributed denial of service attack (DDoS) on a local network.

Select all that apply

Remote access trojan
Botnet
Command and control
Spyware

A

Remote access trojan
Botnet
Command and control

A botnet is a group of bots that are all under the control of the same malware instance. A bot is an automated script or tool that performs some malicious activity.
A command and control (C2 or C&C) host or network controls the bots or botnet to carry out remote tasks on the local network.
A remote access trojan (RAT) is backdoor malware that mimics the functionality of legitimate remote control programs but is designed specifically to operate covertly.

26
Q

1

An administrator goes through regular tasks every morning at the office to quickly gather health metrics of the network and associated systems. The admin connects to a Windows jump server using a secure shell (SSH) to run health scripts which outputs the data to a .xls file on a local shared folder accessible to all employees. The most recent run of the health script failed immediately without any indication of the issue. If an Information System Security Officer (ISSO) examined these morning tasks, what would be considered a weak configuration?

Select all that apply

Unsecure remote access
Unformatted error messages
Open permissions
Default settings

A

Open permissions
Default settings

Open permissions can allow anyone on the network with access to files and services. Although the file share is available to internal employees, only administrators should be reviewing gathered health information.
Default settings are usually unsecure settings that leave the environment and data open to compromise. A shared folder that provides access to everyone on the Internal network is an example of a default setting when shared folders are created.

27
Q

1

Companies often update their website links to redirect users to new web pages that may feature a new promotion or to transition to a new web experience. How would an attacker take advantage of these common operations to lead users to fake versions of the website?

Select all that apply

Ruin the company’s reputation with reviews.
Add redirects to .htaccess files.
Hijack the website’s domain.
Craft phishing links in email.

A

Add redirects to .htaccess files.
Craft phishing links in email.

An attacker can craft a phishing link that might appear legitimate to a naïve user, such as: https://trusted.foo/login.php?url=”https://tru5ted.foo”.
The .htaccess file controls high-level configuration of a website. This file runs on an Apache server and can be edited to redirect users to other URLs.

28
Q

1

An attacker launches a vishing social engineering attack by impersonating a police officer. The attacker calls the victims and tries to exploit this behavior by demanding the victims give the attacker their name and address immediately. This type of attack does NOT demonstrate what type of social engineering principle?

Urgency
Authority
Intimidation
Familiarity/liking

A

Familiarity/liking

One of the basic tools of a social engineer is simply to be affable, likable, and persuasive, and to present the requests they make as completely reasonable and unobjectionable.

29
Q

1

A brute-force attack compromises a server in a company’s data center. Security experts investigate the attack type and discover which vulnerability on the server?

Default settings
Unsecure protocols
Open ports and services
Weak encryption

A

Weak encryption

Weak encryption vulnerabilities allow unauthorized access to data. An algorithm used for encryption may have known weaknesses that allow brute-force enumeration.

30
Q

1

Which of the following are examples of weak patch management for operating systems and device firmware in a classified network?

Select all that apply

A

non-centralized deployment
undocumented process

A non-centralized deployment process makes patch management difficult. For example, Microsoft Endpoint Configuration Manager can schedule, monitor, and auto-deploy patches to Windows systems and applications.
An undocumented process makes it difficult to maintain a consistent workflow for patch management in a closed or classified network. Personnel should know how to download patches from the Internet and upload them to the closed network.

31
Q

1

Which of the following is TRUE about false negatives in relation to vulnerability scanning tools?

Select all that apply

Is identified
Is not high risk
Is a high risk
Is not identified

A

Is a high risk
Is not identified

False negatives are the potential vulnerabilities that are not identified by the scanning tool. It is possible the vulnerability has not been discovered, or a hacker may have spoofed the vulnerability as if nothing is wrong.
A false negative is a high security risk because a possible threat could go unnoticed for long periods. This can be mitigated by running repeat scans and by using scanning tools from other vendors.

32
Q

1

A company purchased a few rack servers from a different vendor to try with their internal cluster. After a few months of integration failures, the company opted to remain with their previous vendor and to upgrade their other rack servers. The current commercial software will be migrated to the new rack servers. What may have caused the company to remain with their previous vendor for new rack servers?

Select all that apply

Disks are self-encrypting.
Servers are incompatible.
Vendor lacks expertise.
The code is unsecure.

A

Servers are incompatible.
Vendor lacks expertise.

Devices or software that are incompatible with other devices or software make them difficult to manage. Companies often seek compatibility factors to ensure full integration with existing assets.
A vendor that lacks expertise is also unable to support deployment and other activities required for using a rack server in the environment. Customer experience is vital to future purchases.

33
Q

1.0 Attacks, Threats, and Vulnerabilities

Security content automation protocol (SCAP) allows compatible scanners to compare computers with which of the following?

Log collector
Common Vulnerability Scoring System
Configuration baseline
Security bulletin

A

Configuration baseline

Security content automation protocol (SCAP) allows compatible scanners to determine whether a computer meets a configuration baseline. The Extensible Configuration Checklist Description Format (XCCDF) audits for best-practice configuration checklists and rules.

34
Q

1

Which attack types are client-side attacks that are impacted by malicious code?

Select all that apply

Directory traversal
Cross-site scripting
Integer overflow
Session replay

A

session replay
cross-site scripting (XSS)

A session replay is a client-side attack. This means that the attack executes arbitrary code on the user’s browser.
A cross-site scripting (XSS) attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit.

35
Q

1

Which attack vector makes it possible for a threat actor to compromise a whole platform with just one account?

E-mail
Social Media
Cloud
Supply chain

A

Cloud

On a cloud platform, an attacker only needs to find one account, service, or host with weak credentials to gain access. The attacker is likely to target the accounts used to develop services in the cloud or manage cloud systems.

36
Q

1

Which of the following is NOT a critical profiling factor when assessing the risk that any one type of threat actor poses to an organization?

Structure
Intent
Motivation
Non-repudiation

A

Non-repudiation

Non-repudiation is a term that describes a property of a secure network where a sender cannot deny having sent a message.

-Sec+ 601 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions