exam 1 Flashcards
Your company invites a penetration tester to conduct a test. These are the pieces of information the manager sends the tester: company name, website domain name, gateway router IP address with no internal knowledge of the target system. What kind of test is the manager expecting the tester to perform?
half known environment test
known environment test
partially known environment test
unknown environment test
The correct answer is Unknown environment test.
In an unknown environment or black-box testing assignment, the penetration tester is placed in the role of the average hacker, with no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network.
The users on Guarantee Bank’s network have complained that they have been receiving a link to download an application. The bank has called you because they believe the link is being sent by an attacker. When you check, you realize that the application has a hacked license code program and it has a file which allows the attacker access to all the computers that install the application. What kind of attack have you been called in to stop?
spyware
trojan horse
cryptomalware
ransomware
The correct answer is Trojan horse.
A Trojan horse is a type of malware that downloads onto a computer disguised as a legitimate program. A Trojan horse is so-called due to its delivery method, which typically sees an attacker use social engineering to hide malicious code within legitimate software.
Lawan is in charge of sales in a major fabric company. He was sent an email asking him to click a link and fill out a survey. He suspects the email is a fraud, but there is a mention of other companies that deal with fabrics in the email, so he thinks it might not be a fraud after all. Which of these options describes the attack best?
wishing
spear fishing
smishing
phishing
The correct answer is Spear phishing.
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
You have been invited to work on an application developed by another programmer. While checking the source code, you see a pointer de-reference so you return NULL. The software developed a segmentation fault because it tried to read from the NULL pointer. How can this affect the application?
memory leak
resources exhaustion
denial-of-services environment
application programming interface (API) attacks
The correct answer is Denial-of-service environment.
This type of error impacts the availability of the service so the denial of service condition is the correct answer which can stop the program of running.
Your colleague, Marie, asks you to suggest uncommon prevention methods she can use to prevent credential harvesting attacks on a company’s commercial website. What would you suggest to her?
utilize ACLs
Utilize complex usernames/passwords
utilize NGFW
Utilize MFA
The correct answer is Utilize complex usernames/passwords.
It’s very important to use mix of special characters, numbers, upper & lower case letters, non-words and require longer length. Don’t use standard usernames such as administrator, user, user1, test, admin, etc. Don’t use usernames that are first names only such as dan, john, tom, etc.
Avoid creating passwords that include your name, dictionary words or reusing passwords from other accounts. You may want to increase the default minimum length beyond 6 characters. Using simple passwords is the easiest way for someone to compromise your server – do NOT use simple passwords that are vulnerable to brute-force and dictionary attacks.
A malicious actor uses an on-path attack to make a remote system send HTTPS traffic to a controlled machine then on-forward it to the server which the traffic was originally meant for. What kind of password attack could be conducted with the data gathered if all the traffic was captured in a login form.
a plain text password attack
xss attack
watering hole attack
influence campaigns attack
The correct answer is A plain-text password attack.
An on-path attack such as the example above can receive and decrypt the HTTPS traffic in transit between the sender and the recipient allowing for the attacker to see and record the submitted details before on-forwarding them to the proper server.
The attacker may also be able to capture and record session cookies etc allowing for a session hijacking scenario.
The easiest way to protect against this kind of attack is to implement SSL/TLS on the server however this isn’t perfect so the additional security provided by HSTS can be used to force HTTPS while preventing cookie theft.
Your friend Mike calls to tell you that an attacker attempted to get an input value to produce the same hash as a stored password. Mike wants to know what kind of attack it is so he can read more about it online. What would you tell him?
collision attack
dns poisoning
brute force
xss attack
The correct answer is Collision attack.
A collision or clash is a situation that occurs when two distinct pieces of data have the same hash value, checksum, fingerprint, or cryptographic digest. This may allow an incorrect password to be accepted in the place of the correct one.
Due to the possible applications of hash functions in data management and computer security collision avoidance has become a fundamental topic in computer science.
Which of the following techniques can be used to recover forgotten passwords?
rainbow table
spraying
backdoor
dictionary
The correct answer is Rainbow table. A rainbow table is a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function up to a certain length consisting of a limited set of characters.
A birthday attack can be categorized as what kind of attack?
cryptographic attack
password attack
cloud-based attack
on-path attack
The correct answer is Cryptographic attack.
A birthday attack is a type of cryptographic attack, which exploits the mathematics behind the birthday problem in probability theory. Birthday attack can be used in communication abusage between two or more parties.
The attack depends on a fixed degree of permutations (pigeonholes) and the higher likelihood of collisions found between random attack attempts, as described in the birthday paradox/problem.
You work as the security manager in a bank. You receive a call from someone telling you that each time he tries to access the bank’s site, he is being directed to another bank’s website. When you check, you see that a change has occurred in domain information and domain’s contact details. Since the domain is still active, what has happened?
domain reputation
dns poisoning
uniform resourse locator (URL) redirection
domain hijacking
The correct answer is Domain hijacking. Domain hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems.
Domain name hijacking is devastating to the original domain name owner’s business with wide ranging effects including:
Financial damages: Companies who rely on their website for business, such as ecommerce companies and SaaS companies, can lose millions of dollars when they lose control of the domain, their domain is one of their most valuable assets. Domain hijacking is one of the largest cybersecurity risks online businesses have.
Reputational damages: Domain hijackers can take control of a hijacked domain’s email accounts and use the domain name to facilitate additional cyber attacks such as installing malware or social engineering attacks.
Regulatory damages: By gaining access to a domain name, hijackers can replace the real web page with an identical web page designed to capture sensitive data or personally identifiable information (PII), this is known as phishing.
John is a cybersecurity expert working for a government agency. He is worried hackers might try to attack the agency’s website server to get some classified information. John is concerned about cross-site scripting and SQL injection. What is the best way to defend against such attacks?
install web application firewall
review the site using static code analysis
use input validation
implement a set od ACL’s
The correct answer is: Use Input validation. Input validation, also known as data validation, is the proper testing of any input supplied by a user or application. Input validation prevents improperly formed data from entering an information system.
An input validation attack occurs when an attacker deliberately enters malicious input with the intention of confusing an application and causing it to carry out some unplanned action. Malicious input can include code, scripts and commands, which if not validated correctly can be used to exploit vulnerabilities. The most common input validation attacks include Buffer Overflow, XSS attacks and SQL injection.
One of the following is not a capability of a Security, orchestration, automation, and response (SOAR) tool. Which is it?
Automation of a security operations
threat and vulnerability management
automatic of malware removal
reaction to security incidents
The correct answer is Automation of malware removal.
SOAR (Security Orchestration, Automation and Response) is a combination of compatible programs that enables a company to collect data on security threats from a wide variety of sources. In addition, SOAR enables an automatic reaction to certain security events without human intervention.
These are the three most important capabilities of SOAR solutions:
Threat and vulnerability management: The solutions support IT teams in eliminating vulnerabilities. In addition, they offer standardized workflow, reporting and collaboration functions.
Reaction to security incidents: These technologies support IT departments in planning, process organization, tracking and coordinating the respective reaction to a security incident.
Automation of security operations: These technologies support the automation and orchestration of procedures, processes, policy implementation and reporting.
A common means of attacking RFID systems are? (Select TWO)
dns poisoning
man in the middle attack
jamming
reverse engineering
domain hijacking
The correct answers are Reverse Engineering and Man-in-the-Middle Attack. RFID systems, like most electronics and networks, are susceptible to both physical and electronic attacks. As the technology matures and becomes more widespread, so do hackers who aim to gain private information, entrance to secure areas, or take a system down for personal gain. Below are 7 known security attacks hackers can perform on an RFID system.
- Reverse Engineering
- Power Analysis
- Eavesdropping & Replay
- Man-in-the-Middle Attack or Sniffing
- Denial of Service
- Cloning & Spoofing
- Viruses
Dan works for the Economic and Financial Crimes Corporation. He discovered that another member of the corporations IT department has installed software that allows remote access to the corporation’s database server in order to access top-level files remotely. What sort of threat Dan has just discovered?
state actors
shadow it
insider threat
script kiddies
The correct answer is Insider threat. An insider threat is defined as the threat created when an employee or a contractor could use his or her authorized access, wittingly or unwittingly, to do harm to the security of a company.
Dan logs into his clothing site and realizes a hacker has input Javascript code in a text box where customers are supposed to leave reviews that other customers can see. What type of attack is this?
session hijacking
pretexting
spam
cross-site scripting
The correct answer is Cross-site scripting. Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code.
The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.
