exam 1 Flashcards

1
Q

Your company invites a penetration tester to conduct a test. These are the pieces of information the manager sends the tester: company name, website domain name, gateway router IP address with no internal knowledge of the target system. What kind of test is the manager expecting the tester to perform?

half known environment test

known environment test

partially known environment test

unknown environment test

A

The correct answer is Unknown environment test.

In an unknown environment or black-box testing assignment, the penetration tester is placed in the role of the average hacker, with no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The users on Guarantee Bank’s network have complained that they have been receiving a link to download an application. The bank has called you because they believe the link is being sent by an attacker. When you check, you realize that the application has a hacked license code program and it has a file which allows the attacker access to all the computers that install the application. What kind of attack have you been called in to stop?

spyware

trojan horse

cryptomalware

ransomware

A

The correct answer is Trojan horse.
A Trojan horse is a type of malware that downloads onto a computer disguised as a legitimate program. A Trojan horse is so-called due to its delivery method, which typically sees an attacker use social engineering to hide malicious code within legitimate software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Lawan is in charge of sales in a major fabric company. He was sent an email asking him to click a link and fill out a survey. He suspects the email is a fraud, but there is a mention of other companies that deal with fabrics in the email, so he thinks it might not be a fraud after all. Which of these options describes the attack best?

wishing

spear fishing

smishing

phishing

A

The correct answer is Spear phishing.
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have been invited to work on an application developed by another programmer. While checking the source code, you see a pointer de-reference so you return NULL. The software developed a segmentation fault because it tried to read from the NULL pointer. How can this affect the application?

memory leak

resources exhaustion

denial-of-services environment

application programming interface (API) attacks

A

The correct answer is Denial-of-service environment.
This type of error impacts the availability of the service so the denial of service condition is the correct answer which can stop the program of running.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your colleague, Marie, asks you to suggest uncommon prevention methods she can use to prevent credential harvesting attacks on a company’s commercial website. What would you suggest to her?

utilize ACLs

Utilize complex usernames/passwords

utilize NGFW

Utilize MFA

A

The correct answer is Utilize complex usernames/passwords.
It’s very important to use mix of special characters, numbers, upper & lower case letters, non-words and require longer length. Don’t use standard usernames such as administrator, user, user1, test, admin, etc. Don’t use usernames that are first names only such as dan, john, tom, etc.

Avoid creating passwords that include your name, dictionary words or reusing passwords from other accounts. You may want to increase the default minimum length beyond 6 characters. Using simple passwords is the easiest way for someone to compromise your server – do NOT use simple passwords that are vulnerable to brute-force and dictionary attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A malicious actor uses an on-path attack to make a remote system send HTTPS traffic to a controlled machine then on-forward it to the server which the traffic was originally meant for. What kind of password attack could be conducted with the data gathered if all the traffic was captured in a login form.

a plain text password attack

xss attack

watering hole attack

influence campaigns attack

A

The correct answer is A plain-text password attack.

An on-path attack such as the example above can receive and decrypt the HTTPS traffic in transit between the sender and the recipient allowing for the attacker to see and record the submitted details before on-forwarding them to the proper server.

The attacker may also be able to capture and record session cookies etc allowing for a session hijacking scenario.

The easiest way to protect against this kind of attack is to implement SSL/TLS on the server however this isn’t perfect so the additional security provided by HSTS can be used to force HTTPS while preventing cookie theft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your friend Mike calls to tell you that an attacker attempted to get an input value to produce the same hash as a stored password. Mike wants to know what kind of attack it is so he can read more about it online. What would you tell him?

collision attack

dns poisoning

brute force

xss attack

A

The correct answer is Collision attack.

A collision or clash is a situation that occurs when two distinct pieces of data have the same hash value, checksum, fingerprint, or cryptographic digest. This may allow an incorrect password to be accepted in the place of the correct one.

Due to the possible applications of hash functions in data management and computer security collision avoidance has become a fundamental topic in computer science.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following techniques can be used to recover forgotten passwords?

rainbow table

spraying

backdoor

dictionary

A

The correct answer is Rainbow table. A rainbow table is a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function up to a certain length consisting of a limited set of characters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A birthday attack can be categorized as what kind of attack?

cryptographic attack

password attack

cloud-based attack

on-path attack

A

The correct answer is Cryptographic attack.
A birthday attack is a type of cryptographic attack, which exploits the mathematics behind the birthday problem in probability theory. Birthday attack can be used in communication abusage between two or more parties.

The attack depends on a fixed degree of permutations (pigeonholes) and the higher likelihood of collisions found between random attack attempts, as described in the birthday paradox/problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You work as the security manager in a bank. You receive a call from someone telling you that each time he tries to access the bank’s site, he is being directed to another bank’s website. When you check, you see that a change has occurred in domain information and domain’s contact details. Since the domain is still active, what has happened?

domain reputation

dns poisoning

uniform resourse locator (URL) redirection

domain hijacking

A

The correct answer is Domain hijacking. Domain hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems.

Domain name hijacking is devastating to the original domain name owner’s business with wide ranging effects including:

Financial damages: Companies who rely on their website for business, such as ecommerce companies and SaaS companies, can lose millions of dollars when they lose control of the domain, their domain is one of their most valuable assets. Domain hijacking is one of the largest cybersecurity risks online businesses have.

Reputational damages: Domain hijackers can take control of a hijacked domain’s email accounts and use the domain name to facilitate additional cyber attacks such as installing malware or social engineering attacks.

Regulatory damages: By gaining access to a domain name, hijackers can replace the real web page with an identical web page designed to capture sensitive data or personally identifiable information (PII), this is known as phishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

John is a cybersecurity expert working for a government agency. He is worried hackers might try to attack the agency’s website server to get some classified information. John is concerned about cross-site scripting and SQL injection. What is the best way to defend against such attacks?

install web application firewall

review the site using static code analysis

use input validation

implement a set od ACL’s

A

The correct answer is: Use Input validation. Input validation, also known as data validation, is the proper testing of any input supplied by a user or application. Input validation prevents improperly formed data from entering an information system.

An input validation attack occurs when an attacker deliberately enters malicious input with the intention of confusing an application and causing it to carry out some unplanned action. Malicious input can include code, scripts and commands, which if not validated correctly can be used to exploit vulnerabilities. The most common input validation attacks include Buffer Overflow, XSS attacks and SQL injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

One of the following is not a capability of a Security, orchestration, automation, and response (SOAR) tool. Which is it?

Automation of a security operations

threat and vulnerability management

automatic of malware removal

reaction to security incidents

A

The correct answer is Automation of malware removal.
SOAR (Security Orchestration, Automation and Response) is a combination of compatible programs that enables a company to collect data on security threats from a wide variety of sources. In addition, SOAR enables an automatic reaction to certain security events without human intervention.

These are the three most important capabilities of SOAR solutions:

Threat and vulnerability management: The solutions support IT teams in eliminating vulnerabilities. In addition, they offer standardized workflow, reporting and collaboration functions.

Reaction to security incidents: These technologies support IT departments in planning, process organization, tracking and coordinating the respective reaction to a security incident.

Automation of security operations: These technologies support the automation and orchestration of procedures, processes, policy implementation and reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A common means of attacking RFID systems are? (Select TWO)

dns poisoning

man in the middle attack

jamming

reverse engineering

domain hijacking

A

The correct answers are Reverse Engineering and Man-in-the-Middle Attack. RFID systems, like most electronics and networks, are susceptible to both physical and electronic attacks. As the technology matures and becomes more widespread, so do hackers who aim to gain private information, entrance to secure areas, or take a system down for personal gain. Below are 7 known security attacks hackers can perform on an RFID system.

  1. Reverse Engineering
  2. Power Analysis
  3. Eavesdropping & Replay
  4. Man-in-the-Middle Attack or Sniffing
  5. Denial of Service
  6. Cloning & Spoofing
  7. Viruses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Dan works for the Economic and Financial Crimes Corporation. He discovered that another member of the corporations IT department has installed software that allows remote access to the corporation’s database server in order to access top-level files remotely. What sort of threat Dan has just discovered?

state actors

shadow it

insider threat

script kiddies

A

The correct answer is Insider threat. An insider threat is defined as the threat created when an employee or a contractor could use his or her authorized access, wittingly or unwittingly, to do harm to the security of a company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Dan logs into his clothing site and realizes a hacker has input Javascript code in a text box where customers are supposed to leave reviews that other customers can see. What type of attack is this?

session hijacking

pretexting

spam

cross-site scripting

A

The correct answer is Cross-site scripting. Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code.

The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly