Module 1: Introduction to Security Q

Question 1

Which type of threat actor would benefit the most from accessing your enterprise’s new machine learning algorithm research and development program?

Answer 1

Competitors

Competitors are threat actors who launch attacks against an opponent’s system to steal classified information like industry research or customer lists

Question 2

Which of the following types of platforms is known for its vulnerabilities due to age?

Answer 2

Legacy platform

Legacy platforms are no longer in widespread use, often because they have been replaced by an updated version of the earlier technology

Question 3

Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs.

Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers’ information until they ensure more secure protocols?

Answer 3

Hacktivist

A hacktivist is strongly motivated by ideology for the sake of their principles or beliefs

Question 4

Threat actors focused on financial gain often attack which of the following main target categories?

Answer 4

Individual users

This category focuses on individuals as the victims. Threat actors steal and use data, credit card numbers, online financial account information, or social security numbers or send millions of spam emails to peddle counterfeit drugs, pirated software, fake watches, and pornography to profit from their victims

Question 5

Which issue can arise from security updates and patches?

Answer 5

Difficulty patching firmware

Updating firmware to address a vulnerability can often be difficult and requires specialized steps. Furthermore, some firmware cannot be patched

Question 6

Which of the following is an attack vector used by threat actors to penetrate a system?

Answer 6

Email

Almost 94 percent of all malware is delivered through email to an unsuspecting user. The goal is to trick the user into opening an attachment that contains malware or click on a hyperlink that takes the user to a fictitious website

Question 7

What is a variation of a common social engineering attack targeting a specific user?

Answer 7

Spear phishing

Spear phishing targets specific users. The emails used in spear phishing are customized to the recipients, including their names and personal information, to make the message appear legitimate

Question 8

Which of the following is a social engineering method that attempts to influence the subject before the event occurs?

Answer 8

Prepending

Prepending attempts to influence the subject before the attack event occurs. A common general example is a preview of a soon-to-be-released movie that begins with the statement, “The best film you will see this year!” Threat actors use prepending with social engineering attacks, such as including the desired outcome in a statement that uses the urgency principle, as in “You need to reset my password immediately because my meeting with the board starts in five minutes.”

Question 9

Which attack embeds malware-distributing links in instant messages?

Answer 9

Spim

Spim is spam delivered through an IM service instead of email

Question 10

Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake.

What type of malicious activity will this be considered?

Answer 10

Vishing

Instead of using email to contact the potential victim, attackers can use phone calls. Known as vishing (voice phishing), an attacker calls a victim who, upon answering, hears a recorded message that pretends to be from the user’s bank stating that their credit card shows fraudulent activity or that the bank account shows unusual activity. The victim is instructed to immediately call a specific phone number (which the attacker has set up). When the victim calls, it is answered by automated instructions telling them to enter their credit card number, bank account number, social security number, or other information on the phone’s keypad

Question 11

Attackers have taken over a site commonly used by an enterprise’s leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so taking this site will allow for attacks on many organizations.

Which type of malicious activity is this?

Answer 11

Watering hole

A watering hole attack is directed towards a smaller group of specific individuals, such as the top executives working for a manufacturing company. These executives all tend to visit a common website, such as a parts supplier to the manufacturer. An attacker who wants to target this group of executives tries to determine the common website they frequent and then infects it with malware that will make its way onto the group’s computers

Question 12

Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company’s IM account. Even though no one has clicked on the messages, they are spreading throughout the network.

Which type of malicious activity is this?

Answer 12

Spimming

Spim is spam delivered through instant messaging (IM) instead of email. For threat actors, spim can have even more impact than spam. The immediacy of instant messages makes users more likely to reflexively click embedded links in a spim

Question 13

Which threat actors sell their knowledge to other attackers or governments?

Answer 13

Brokers

Brokers sell their knowledge of a weakness to other attackers or governments

Question 14

Which of the following is the most common method for delivering malware?

Answer 14

Email

Almost 94 percent of all malware is delivered through email to an unsuspecting user. The goal is to trick the user into opening an attachment that contains malware or click a hyperlink that takes the user to a fictitious website

Question 15

Which of the following computing platforms is highly vulnerable to attacks?

Answer 15

Legacy

Old and outdated computing resources used in legacy platforms make them highly vulnerable

Question 16

Your company is considering updating several electronic devices used in the enterprise network. The third-party service provider that your company approached says that they require access to the enterprise network in order to implement the updates. As the chief information security officer, you are asked to analyze the requirement and submit a report on potential vulnerabilities when giving a third-party access to the network.

Which of the following vulnerabilities should you list as the most likely to affect the enterprise network?

Answer 16

Weakest link

The enterprise network is highly vulnerable to the weakest link on the integration of a third-party. That is, if the third-party’s security has any weaknesses, it can provide an opening for attackers to infiltrate the enterprise network

Question 17

What is an officially released software security update intended to repair a vulnerability called?

Answer 17

Patch

A security patch is an officially released software security update intended to repair a vulnerability

Question 18

Your company recently purchased routers with new and updated features and deployed them in the highly secure enterprise network without changing the default settings. A few days later, the enterprise network suffered a data breach, and you are assigned to prepare a report on the data breach. Which of the following vulnerabilities should you identify as the source of the breach?

Answer 18

Configuration vulnerability

As the routers were deployed without changing configuration from the default settings, threat actors might have gained easy access to the enterprise network

Question 19

Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability?

Answer 19

A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software

A zero-day vulnerability is uncovered first by threat actors, who exploit it to penetrate systems. A configuration vulnerability occurs when a user misconfigures the system or fails to configure it past the default settings

Question 20

In an interview, the interviewer introduced the following scenario:
An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur.

Which of the following should you choose?

Answer 20

Configuration vulnerability

Misconfiguration vulnerabilities are often found in cloud platforms, as company personnel responsible for securing the platform might improperly configure the resources, resulting in a vulnerability

Question 21

Which of the following is a configuration vulnerability?

Answer 21

Weak encryption

Weak encryption is a configuration vulnerability caused by a user selecting an encryption scheme with a known weakness or a key value that is too short or by a user not changing the default configuration settings

Question 22

You work for an enterprise that provides various cybersecurity services. You are assigned to examine an enterprise’s network and suggest security measures modifications, if necessary. On examining the network, you find that the enterprise hosts most of its computing resources on a cloud platform and few resources on-premises, and both seem to have secure settings implemented. You also find that the enterprise computers use the Windows XP operating system.

Which of the following vulnerabilities should you insist on fixing first?

Answer 22

Platform vulnerability

Platform vulnerability is present in the network, as the enterprise’s computers use a legacy operating system

Question 23

An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker’s instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials.

Which of the following social engineering techniques was used here?

Answer 23

Impersonation and phishing

Here, the threat actor impersonated a higher official at an organization to trick the security team into logging on to a phishing webpage through which the attacker was able to access enterprise network credentials

Question 24

Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming?

Answer 24

Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP

Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action. Pharming is a redirection technique that attempts to exploit a URL by converting its corresponding IP address. A threat actor may install malware on a user’s computer that redirects traffic away from its intended target to a fake website instead

Question 25

Which of the following is a physical social engineering technique?

Answer 25

Dumpster diving

Dumpster diving involves digging through trash receptacles to find information that can be useful in an attack

Question 26

Several websites use URLs similar to one of the most globally popular websites, attempting to attract traffic if a user misspells the popular website’s URL. What is this social engineering technique called?

Answer 26

Typo squatting

Typo squatting involves creating websites with URLs similar to websites with high traffic in an attempt to redirect users who mistype the intended URL

Question 27

Which threat actors violate computer security for personal gain?

Answer 27

Black hat hackers

Black hat hackers are threat actors who violate computer security for personal gains, such as to steal credit card numbers or to inflict malicious damage

Question 28

A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court’s website was hacked, and the content was replaced with the text “Equal justice for all.”

Which of the following type of threat actors attacked the court’s site?

Answer 28

Hacktivists

Hacktivists are individuals who attack a computer system or network for socially or politically motivated reasons

Question 29

In cybersecurity, a threat actor is an individual or an entity responsible for cyber incidents against the technical equipment of enterprises and users. How should you differentiate an attack by a script kiddie from that of a gray hat hacker?

Answer 29

Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world

Script kiddies lack the technical knowledge to carry out hacking attacks. Instead, script kiddies use freely available scripts that they can download off the internet. Gray hat hackers attempt to break into a computer system without the organization’s permission but not for their own advantage. Instead, they publicly disclose the attack in order to shame the organization into taking action