Domain 2 Threats, Vulnerabilities, and Mitigations Flashcards
Which of the following terms best describes a type of software that disguises itself as legitimate software but contains malicious code that can compromise the security of a system?
Malware
Which of the following best describes the concept of a “zero-day vulnerability”?
A vulnerability that is unknown to the software vendor and has no available patch.
What is the primary goal of a “honeypot” in a network security?
A deceptive system designed to attract and monitor malicious activity
What is a common characteristic of a “man-in-the-middle” (MitM) attack?
The attacker intercepts and alters data between two parties without their knowledge.
A security administrator has noticed several unauthorized access attempts to the organization’s internal systems. These attempts are often based on trying common username and password combinations. Which type of attack does this scenario most likely describe?
Brute-force attack
A company’s web application was recently compromised, and customer data was stolen. The company’s cybersecurity team discovers that the attackers exploited a vulnerability in the application’s code to gain unauthorized access. What type of attack is this?
SQL injection attack
An organization’s website has been receiving an unusually high volume of web traffic, which has made the site unresponsive. The traffic appears to be coming from various sources and seems to be overloading the server. What type of attack is this scenario indicating?
Denial of Service (DoS) attack
What is the primary purpose of a Denial of Service (DoS) attack?
To disrupt or make a service unavailable to its users.
An employee has lost their company-issued smartphone, and it contained sensitive corporate data. What kind of threat does this scenario illustrate?
Physical security breach
A network administrator has implemented a firewall rule that allows only specific incoming traffic from trusted IP addresses and denies all other incoming traffic. What security principle does this rule exemplify?
Principle of least privilege
Which attack involves a flood of connection requests with falsified IP addresses to overwhelm a server?
SYN Flood
A company is conducting a security audit and penetration testing on its network to identify and rectify vulnerabilities before malicious actors can exploit them. What security practice is this organization following?
Security assessment
An organization has set up a dedicated network segment for guest wireless access, which is isolated from its internal network. What security principle does this network segmentation align with?
Segmentation
An organization is setting up a disaster recovery site in a geographically distant location from its primary data center. What type of disaster recovery strategy is this?
Hot site
An attacker calls an employee, pretending to be a colleague from another department, and requests sensitive information to complete a report. What type of social engineering technique is this?
Impersonation
An attacker poses as a delivery person, carrying a package for a company, and convinces an employee to let them into the building. Once inside, the attacker gains unauthorized access to the company’s network. What type of social engineering technique is this?
Tailgating
An employee receives an email from what appears to be their company’s IT department. The email requests that the employee reset their email password due to a security breach. The email contains a link to a login page. What kind of threat is the employee facing?
Phishing attack
During a penetration test, the tester attempts to gain unauthorized access to a system by exploiting known vulnerabilities without any prior knowledge of the target. What type of penetration testing technique is this?
Black-box testing
A penetration tester uses a vulnerability scanner to identify known security issues in a target system. What phase of the penetration testing process does this action belong to?
Vulnerability analysis
In a penetration test, tools and techniques are used to mimic an attacker trying to gain unauthorized access to a target system. What type of penetration testing is this?
Red teaming