Module 1: Introduction to Security Q Flashcards
Which type of threat actor would benefit the most from accessing your enterprise’s new machine learning algorithm research and development program?
Competitors
Competitors are threat actors who launch attacks against an opponent’s system to steal classified information like industry research or customer lists
Which of the following types of platforms is known for its vulnerabilities due to age?
Legacy platform
Legacy platforms are no longer in widespread use, often because they have been replaced by an updated version of the earlier technology
Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs.
Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers’ information until they ensure more secure protocols?
Hacktivist
A hacktivist is strongly motivated by ideology for the sake of their principles or beliefs
Threat actors focused on financial gain often attack which of the following main target categories?
Individual users
This category focuses on individuals as the victims. Threat actors steal and use data, credit card numbers, online financial account information, or social security numbers or send millions of spam emails to peddle counterfeit drugs, pirated software, fake watches, and pornography to profit from their victims
Which issue can arise from security updates and patches?
Difficulty patching firmware
Updating firmware to address a vulnerability can often be difficult and requires specialized steps. Furthermore, some firmware cannot be patched
Which of the following is an attack vector used by threat actors to penetrate a system?
Almost 94 percent of all malware is delivered through email to an unsuspecting user. The goal is to trick the user into opening an attachment that contains malware or click on a hyperlink that takes the user to a fictitious website
What is a variation of a common social engineering attack targeting a specific user?
Spear phishing
Spear phishing targets specific users. The emails used in spear phishing are customized to the recipients, including their names and personal information, to make the message appear legitimate
Which of the following is a social engineering method that attempts to influence the subject before the event occurs?
Prepending
Prepending attempts to influence the subject before the attack event occurs. A common general example is a preview of a soon-to-be-released movie that begins with the statement, “The best film you will see this year!” Threat actors use prepending with social engineering attacks, such as including the desired outcome in a statement that uses the urgency principle, as in “You need to reset my password immediately because my meeting with the board starts in five minutes.”
Which attack embeds malware-distributing links in instant messages?
Spim
Spim is spam delivered through an IM service instead of email
Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake.
What type of malicious activity will this be considered?
Vishing
Instead of using email to contact the potential victim, attackers can use phone calls. Known as vishing (voice phishing), an attacker calls a victim who, upon answering, hears a recorded message that pretends to be from the user’s bank stating that their credit card shows fraudulent activity or that the bank account shows unusual activity. The victim is instructed to immediately call a specific phone number (which the attacker has set up). When the victim calls, it is answered by automated instructions telling them to enter their credit card number, bank account number, social security number, or other information on the phone’s keypad
Attackers have taken over a site commonly used by an enterprise’s leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so taking this site will allow for attacks on many organizations.
Which type of malicious activity is this?
Watering hole
A watering hole attack is directed towards a smaller group of specific individuals, such as the top executives working for a manufacturing company. These executives all tend to visit a common website, such as a parts supplier to the manufacturer. An attacker who wants to target this group of executives tries to determine the common website they frequent and then infects it with malware that will make its way onto the group’s computers
Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company’s IM account. Even though no one has clicked on the messages, they are spreading throughout the network.
Which type of malicious activity is this?
Spimming
Spim is spam delivered through instant messaging (IM) instead of email. For threat actors, spim can have even more impact than spam. The immediacy of instant messages makes users more likely to reflexively click embedded links in a spim
Which threat actors sell their knowledge to other attackers or governments?
Brokers
Brokers sell their knowledge of a weakness to other attackers or governments
Which of the following is the most common method for delivering malware?
Almost 94 percent of all malware is delivered through email to an unsuspecting user. The goal is to trick the user into opening an attachment that contains malware or click a hyperlink that takes the user to a fictitious website
Which of the following computing platforms is highly vulnerable to attacks?
Legacy
Old and outdated computing resources used in legacy platforms make them highly vulnerable
Your company is considering updating several electronic devices used in the enterprise network. The third-party service provider that your company approached says that they require access to the enterprise network in order to implement the updates. As the chief information security officer, you are asked to analyze the requirement and submit a report on potential vulnerabilities when giving a third-party access to the network.
Which of the following vulnerabilities should you list as the most likely to affect the enterprise network?
Weakest link
The enterprise network is highly vulnerable to the weakest link on the integration of a third-party. That is, if the third-party’s security has any weaknesses, it can provide an opening for attackers to infiltrate the enterprise network
What is an officially released software security update intended to repair a vulnerability called?
Patch
A security patch is an officially released software security update intended to repair a vulnerability
Your company recently purchased routers with new and updated features and deployed them in the highly secure enterprise network without changing the default settings. A few days later, the enterprise network suffered a data breach, and you are assigned to prepare a report on the data breach. Which of the following vulnerabilities should you identify as the source of the breach?
Configuration vulnerability
As the routers were deployed without changing configuration from the default settings, threat actors might have gained easy access to the enterprise network
Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability?
A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software
A zero-day vulnerability is uncovered first by threat actors, who exploit it to penetrate systems. A configuration vulnerability occurs when a user misconfigures the system or fails to configure it past the default settings
In an interview, the interviewer introduced the following scenario:
An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur.
Which of the following should you choose?
Configuration vulnerability
Misconfiguration vulnerabilities are often found in cloud platforms, as company personnel responsible for securing the platform might improperly configure the resources, resulting in a vulnerability
Which of the following is a configuration vulnerability?
Weak encryption
Weak encryption is a configuration vulnerability caused by a user selecting an encryption scheme with a known weakness or a key value that is too short or by a user not changing the default configuration settings
You work for an enterprise that provides various cybersecurity services. You are assigned to examine an enterprise’s network and suggest security measures modifications, if necessary. On examining the network, you find that the enterprise hosts most of its computing resources on a cloud platform and few resources on-premises, and both seem to have secure settings implemented. You also find that the enterprise computers use the Windows XP operating system.
Which of the following vulnerabilities should you insist on fixing first?
Platform vulnerability
Platform vulnerability is present in the network, as the enterprise’s computers use a legacy operating system
An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker’s instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials.
Which of the following social engineering techniques was used here?
Impersonation and phishing
Here, the threat actor impersonated a higher official at an organization to trick the security team into logging on to a phishing webpage through which the attacker was able to access enterprise network credentials
Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming?
Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP
Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action. Pharming is a redirection technique that attempts to exploit a URL by converting its corresponding IP address. A threat actor may install malware on a user’s computer that redirects traffic away from its intended target to a fake website instead
Which of the following is a physical social engineering technique?
Dumpster diving
Dumpster diving involves digging through trash receptacles to find information that can be useful in an attack
Several websites use URLs similar to one of the most globally popular websites, attempting to attract traffic if a user misspells the popular website’s URL. What is this social engineering technique called?
Typo squatting
Typo squatting involves creating websites with URLs similar to websites with high traffic in an attempt to redirect users who mistype the intended URL
Which threat actors violate computer security for personal gain?
Black hat hackers
Black hat hackers are threat actors who violate computer security for personal gains, such as to steal credit card numbers or to inflict malicious damage
A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court’s website was hacked, and the content was replaced with the text “Equal justice for all.”
Which of the following type of threat actors attacked the court’s site?
Hacktivists
Hacktivists are individuals who attack a computer system or network for socially or politically motivated reasons
In cybersecurity, a threat actor is an individual or an entity responsible for cyber incidents against the technical equipment of enterprises and users. How should you differentiate an attack by a script kiddie from that of a gray hat hacker?
Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world
Script kiddies lack the technical knowledge to carry out hacking attacks. Instead, script kiddies use freely available scripts that they can download off the internet. Gray hat hackers attempt to break into a computer system without the organization’s permission but not for their own advantage. Instead, they publicly disclose the attack in order to shame the organization into taking action
