Domain 2 Threats, Vulnerabilities, and Mitigations

Question 1

Which of the following terms best describes a type of software that disguises itself as legitimate software but contains malicious code that can compromise the security of a system?

Answer 1

Malware

Question 2

Which of the following best describes the concept of a “zero-day vulnerability”?

Answer 2

A vulnerability that is unknown to the software vendor and has no available patch.

Question 3

What is the primary goal of a “honeypot” in a network security?

Answer 3

A deceptive system designed to attract and monitor malicious activity

Question 4

What is a common characteristic of a “man-in-the-middle” (MitM) attack?

Answer 4

The attacker intercepts and alters data between two parties without their knowledge.

Question 5

A security administrator has noticed several unauthorized access attempts to the organization’s internal systems. These attempts are often based on trying common username and password combinations. Which type of attack does this scenario most likely describe?

Answer 5

Brute-force attack

Question 6

A company’s web application was recently compromised, and customer data was stolen. The company’s cybersecurity team discovers that the attackers exploited a vulnerability in the application’s code to gain unauthorized access. What type of attack is this?

Answer 6

SQL injection attack

Question 7

An organization’s website has been receiving an unusually high volume of web traffic, which has made the site unresponsive. The traffic appears to be coming from various sources and seems to be overloading the server. What type of attack is this scenario indicating?

Answer 7

Denial of Service (DoS) attack

Question 8

What is the primary purpose of a Denial of Service (DoS) attack?

Answer 8

To disrupt or make a service unavailable to its users.

Question 9

An employee has lost their company-issued smartphone, and it contained sensitive corporate data. What kind of threat does this scenario illustrate?

Answer 9

Physical security breach

Question 10

A network administrator has implemented a firewall rule that allows only specific incoming traffic from trusted IP addresses and denies all other incoming traffic. What security principle does this rule exemplify?

Answer 10

Principle of least privilege

Question 11

Which attack involves a flood of connection requests with falsified IP addresses to overwhelm a server?

Answer 11

SYN Flood

Question 12

A company is conducting a security audit and penetration testing on its network to identify and rectify vulnerabilities before malicious actors can exploit them. What security practice is this organization following?

Answer 12

Security assessment

Question 13

An organization has set up a dedicated network segment for guest wireless access, which is isolated from its internal network. What security principle does this network segmentation align with?

Answer 13

Segmentation

Question 14

An organization is setting up a disaster recovery site in a geographically distant location from its primary data center. What type of disaster recovery strategy is this?

Answer 14

Hot site

Question 15

An attacker calls an employee, pretending to be a colleague from another department, and requests sensitive information to complete a report. What type of social engineering technique is this?

Answer 15

Impersonation

Question 16

An attacker poses as a delivery person, carrying a package for a company, and convinces an employee to let them into the building. Once inside, the attacker gains unauthorized access to the company’s network. What type of social engineering technique is this?

Answer 16

Tailgating

Question 17

An employee receives an email from what appears to be their company’s IT department. The email requests that the employee reset their email password due to a security breach. The email contains a link to a login page. What kind of threat is the employee facing?

Answer 17

Phishing attack

Question 18

During a penetration test, the tester attempts to gain unauthorized access to a system by exploiting known vulnerabilities without any prior knowledge of the target. What type of penetration testing technique is this?

Answer 18

Black-box testing

Question 19

A penetration tester uses a vulnerability scanner to identify known security issues in a target system. What phase of the penetration testing process does this action belong to?

Answer 19

Vulnerability analysis

Question 20

In a penetration test, tools and techniques are used to mimic an attacker trying to gain unauthorized access to a target system. What type of penetration testing is this?

Answer 20

Red teaming

Question 21

A security analyst discovers that a particular application does not properly manage its memory allocations, which can lead to data corruption and potentially execute arbitrary code. What potential application attack indicator is this situation most likely related to?

Answer 21

Buffer overflows

Question 22

An attacker intercepts a legitimate user’s request and resends it multiple times to manipulate the application into performing unintended actions. What potential application attack indicator does this situation most likely represent?

Answer 22

Replay attack

Question 23

Threat actors who is motivated by financial gain and often uses malicious software to encrypt a victim’s data and demand a ransom is typically referred to as:

Answer 23

A cybercriminal

Question 24

Which attack involves flooding a network with ICMP echo request packets sent to a broadcast address?

Answer 24

Smurf attack

Question 25

Which of the following threat vectors involves tricking individuals into revealing sensitive information or performing actions that compromise security?

Answer 25

Social engineering

Question 26

What is a common security concern associated with cross-site request forgery (CSRF) vulnerabilities?

Answer 26

Unauthorized data modification

Question 27

Which of the following encryption algorithms is considered the most secure and widely used for securing internet communications?

Answer 27

AES (Advanced Encryption Standard).

Question 28

In a recent high-profile cybersecurity incident, attackers targeted a multinational corporation’s executive team with personalized emails, tricking them into revealing sensitive company data and financial information. What type of attack is this scenario describing?

Answer 28

Whaling attack

Question 29

A security researcher discovered that a popular social media website had been compromised by attackers. The attackers had injected malicious code into the site, which infected the devices of users who visited the compromised pages. What type of attack is this scenario describing?

Answer 29

Watering hole attack

Question 30

A cybercriminal registers domain names that are similar to well-known banking websites but contain minor typographical errors. Users who mistype the URLs may be redirected to these fraudulent sites, leading to potential credential theft. What kind of attack is being depicted in this scenario?

Answer 30

Typosquatting attack

Question 31

An attacker goes through the company’s trash bins, searching for discarded documents, invoices, and other materials that might contain sensitive information. What kind of physical security threat does this scenario illustrate?

Answer 31

Dumpster diving

Question 32

A company’s security team discovered that a group of hackers had been scanning the organization’s network and systems, attempting to find vulnerabilities that could be exploited. This prelude to an attack is a classic example of which cybersecurity activity

Answer 32

Reconnaissance

Question 33

Which attack aims to manipulate a website to redirect users to a fraudulent site that appears legitimate to steal their information?

Answer 33

DNS spoofing

Question 34

Which type of attack involves the modification or interception of communication between two parties without their knowledge?

Answer 34

Man-in-the-Middle (MitM)

Question 35

Which attack involves falsifying the origin of an email to make it appear as though it’s from a trusted source?

Answer 35

Spoofing

Question 36

What is the primary aim of a SQL injection attack?

Answer 36

Gaining unauthorized access to a database

Question 37

Which attack involves falsifying the origin of an email to make it appear as though it’s from a trusted source?

Answer 37

Spoofing

Question 38

What could be a potential indicator of a brute force attack on a network?

Answer 38

Repeated login attempts with different credentials

Question 39

Which team is primarily focused on the defense, prevention, and mitigation of security threats within an organization?

Answer 39

Blue-team

Question 40

Which team facilitates collaboration between red and blue teams to improve overall security measures within an organization?

Answer 40

Purple-team

Question 41

What is a risk associated with the use of default configurations on devices and applications?

Answer 41

Increased susceptibility to unauthorized access

Question 42

What best defines a USB drop attack?

Answer 42

Placing USB drives with malware in public areas to trick people into using them.

Question 43

In a busy coffee shop, customers connect to the public Wi-Fi network named “FreeCoffeeShopWiFi.” An attacker sets up a similar-looking access point named “FreeCoffeeShop_WiFi” to intercept traffic. What type of wireless attack is this scenario an example of?

Answer 43

Evil twin attack

Question 44

At a business conference, an attendee discovers their Bluetooth-enabled device has received unsolicited business card data from an unknown source. What kind of wireless attack might this scenario indicate?

Answer 44

Bluejacking attack

Question 45

In a public library, a hacker placed a device to capture wireless network traffic, allowing them to collect login credentials and personal information from users connecting to the library’s public Wi-Fi. What kind of wireless attack does this scenario represent?

Answer 45

Packet sniffing attack

Question 46

A small business recently conducted a vulnerability scan on its network and found multiple weaknesses in its web server, leaving it susceptible to SQL injection attacks. What should be the immediate response to address these vulnerabilities?

Answer 46

Implement security measures or patches to fix the SQL injection vulnerabilities.

Question 47

A user downloads and installs what appears to be a legitimate software application, but it contains hidden malicious code that compromises the security of the user’s system. What type of malicious software does this scenario describe?

Answer 47

Trojan

Question 48

During a network security assessment, the scanning tool flags an outdated software version as a high-severity risk. After manual investigation, it’s revealed that the software’s vulnerability has been patched. What type of detection is this likely to be?

Answer 48

False positive

Question 49

A piece of malicious software spreads across a network by exploiting vulnerabilities in software and making copies of itself on other devices. What type of malicious software does this scenario describe?

Answer 49

Worm

Question 50

A user unknowingly installs software on their computer that secretly monitors their online activities, records keystrokes, and sends this information to a remote server. What type of malicious software does this scenario describe?

Answer 50

Spyware