Domain 2: Threats, Vulnerabilities, and Mitigations Flashcards
Question 1 of 20
As a system administrator, you are tasked with hardening the system in your organization.
Which of the following strategies is MOST effective in reducing the impact if a single system is compromised?
answer
Using complex passwords
Installing anti-virus software on all systems
Role separation
Regularly updating all software to the latest version
Correct Answer:
Role separation
Question 2 of 20
As a security administrator, you have been tasked with hardening a critical application in your organization’s IT infrastructure.
The application is complex and developed by a third party. It is also designed to accept input from users. The application has unique functionalities necessary for business operations but may pose security risks.
Which of the following application hardening techniques would be the BEST solution for you to use?
answer
Use exception rules.
Control access to executable files.
Block process spawning.
Implement third-party application hardening tools.
Correct Answer:
Use exception rules.
Question 3.
An organization experienced disruptions in its business operations due to repeated crashes of a critical application.
The IT department suspects a security issue and initiates a thorough investigation. The findings suggest the application failed due to excessive data processing beyond its expected limits.
What does the IT department confirm is the cybersecurity threat occurring in its business operations?
answer
On-path attack
Buffer overflow attack
Distributed denial-of-service (DDoS) attack
Social engineering attack
Correct Answer:
Buffer overflow attack
Question 4 of 20
You need to limit a compromised application from causing harm to other assets in your network.
Which strategy should you employ?
answer
Segmentation
Isolation
Containment
SOAR
ial engineering attack
ird-party application hardening tools
Correct Answer:
Isolation
Question 5 of 20
Which of the following malware recovery techniques is often faster and more effective than malware removal and cleanup of an infected computer?
answer
Enabling privacy controls
Remove removable drives
Re-imaging the computer
Block specific executable files
Correct Answer:
Re-imaging the computer
Question 6 of 20
CloudSecure is facing a cybersecurity challenge where some of its critical software applications are no longer supported by vendors, making them vulnerable to potential exploits. The IT team is exploring various strategies to mitigate the risk posed by these unsupported apps.
What is the MOST effective approach to enhance the security posture?
answer
-Consolidating all operating systems and applications into one product.
-Implementing regular patch management to fix the faulty code.
-Ignoring the vulnerability as it can only be exploited in specific circumstances.
-Isolating the unsupported apps from other systems to reduce the attack surface
Correct Answer:
Isolating the unsupported apps from other systems to reduce the attack surface
Question 7 of 20
A cyber security analyst at a multinational corporation detects abnormal network activities that indicate a possible security breach. The analyst investigates and confirms that an unauthorized person has accessed sensitive customer information. The incident response team must act quickly to contain the breach and stop further data loss.
What should the initial responder do first?
answer
-Initiate a threat hunting exercise to discover evidence of TTPs proactively.
-Notify law enforcement authorities about the incident for immediate action.
-Restore affected systems from secure backups to eliminate the threat.
-Disconnect the affected server from the network to isolate it from the production environment.
Correct Answer:
Disconnect the affected server from the network to isolate it from the production environment.
Question 8 of 20
The IT department at a large corporation noticed an unfamiliar software application running on its network. Upon investigation, they discovered that a team in the marketing department started using a new cloud-based project management tool to improve their workflow efficiency.
The team did not consult with the IT department before implementing this tool.
In the context of cybersecurity threats, what does this situation BEST exemplify?
answer
Careless password management
Shadow IT
Nation-state
Insider threat
Correct Answer:
Shadow IT
Question 9 of 20
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored.
An attacker is able to insert database commands in the input fields and have those commands execute on the server.
Which type of attack has occurred?
answer
Cross-site scripting
DLL injection
Buffer overflow
SQL injection
Correct Answer:
SQL injection
Question 10 of 20
An employee at a crypto security company receives an email that appears to be internal to the IT department. The email informs the employee to update the login credentials immediately to prevent account suspension.
The “From” field in the email displays “it_support@cryptosecure.com.” However, upon closer inspection, the employee notices the slightly misspelled domain name as “crypt0secure.com.”
What technique is the threat actor using in this phishing attempt? (Select two.)
answer
Pharming
Spoofing
Typosquatting
Brand impersonation
Pretexting
Correct Answer:
Spoofing
Correct Answer:
Typosquatting
Question 11 of 20
In a rapidly evolving IT environment, a cloud service provider offers various services to businesses, enabling them to store and process data securely. To enhance security, the provider regularly updates its systems and software.
Despite these efforts, a security researcher discovers a previously unknown vulnerability in one of the cloud-specific applications, leaving customer data exposed to potential threats.
In this scenario, which vulnerability is the security researcher likely to have found in the cloud-specific application?
answer
Cross-site scripting (XSS) vulnerability
SQL injection vulnerability
Network misconfiguration
Zero-day vulnerability
Correct Answer:
Zero-day vulnerability
Question 12 of 20
In 2011, Sony was targeted by an SQL injection attack that compromised over one million emails, usernames, and passwords.
Which of the following could have prevented the attack?
answer
Scanning the operating system and application regularly for bugs and errors
Careful configuration and penetration testing on the front end
Blocking, or at least monitoring, activity on ports 161 and 162
Using VPN technology to protect client data when connecting from a remote system
Correct Answer:
Careful configuration and penetration testing on the front end
Question 13 of 20
As a network administrator, you are tasked with implementing measures to secure and control access to logical ports within your organization’s computer system. You are considering several strategies to accomplish this task.
Which of the following would be the MOST effective method to protect logical ports?
answer
Correct Answer:
Implementing firewalls
Regularly updating software
Implementing service hardening practices
Using secure protocols for data exchange
Correct Answer:
Implementing firewalls
Question 14 of 20
You need to limit the impact of a security breach for a particular file server with sensitive company data.
Which strategy would you employ?
answer
Isolation
Containment
Segmentation
SOAR
Correct Answer:
Segmentation
Question 15 of 20
Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?
answer
DACL
SACL
User rights
Permissions
Correct Answer:
SACL
Question 16 of 20
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
answer
Bluebugging
Bluejacking
Slamming
Bluesnarfing
Correct Answer:
Bluejacking
Question 17 of 20
of the following are characteristics of a rootkit? (Select two.)
answer
-Resides below regular antivirus software detection.
-Uses cookies saved on the hard drive to track user preferences.
-Monitors user actions and opens pop-ups based on user preferences.
-Requires administrator-level privileges for installation.
-Collects various types of personal information.
Correct Answer:
Resides below regular antivirus software detection.
Correct Answer:
Requires administrator-level privileges for installation.
Question 18 of 20
An IT security specialist at a mid-size corporation observes a trend of unauthorized apps appearing on company-provided mobile devices. The specialist suspects the employees are either sideloading apps or have jailbroken their devices.
What steps should the security specialist take to verify the cause of the unauthorized applications and to re-establish proper security protocols? (Select two.)
answer
-Implement mobile device management (MDM) policies to restrict unauthorized application installation.
-Conduct device audits to identify unauthorized applications and to detect any signs of jailbreaking or sideloading.
-Hire external IT consultants to manage mobile device usage.
-Purchase new mobile devices to replace all current ones.
-Implement a credential management policy.
Correct Answer:
Implement mobile device management (MDM) policies to restrict unauthorized application installation.
Correct Answer:
Conduct device audits to identify unauthorized applications and to detect any signs of jailbreaking or sideloading.
Question 19 of 20
As a security administrator for your company, you have noticed that certain applications have been modifying sensitive areas of the system, leading to potential security vulnerabilities.
Which application hardening technique would be the MOST effective in this situation?
answer
Use Data Execution Prevention
Protect OS components
Use exception rule
Monitor logs
Correct Answer:
Protect OS components
Question 20 of 20
You have configured the following rules. What is the effect?
sudo iptables -A INPUT -p tcp –dport 25 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp –sport 25 -m conntrack –ctstate ESTABLISHED -j ACCEPT
answer
Block SSH traffic
Block SMTP traffic
Allow SSH traffic
Allow SMTP traffic
Correct Answer:
Allow SMTP traffic
