N2K - Flash Cards - Threats, Vulnerabilities, and Mitigations - Explain Common Threat Vectors and Attack Surfaces

Question 1

What is bluejacking?

Answer 1

An attack that sends unsolicited messages over a Bluetooth Connection

Question 2

What is the greatest security risk of instant messaging (IM)?

Answer 2

Sender Impersonation

Question 3

Which type of attack targets a more vulnerable company or resource that provides your company with third-party products or services?

Answer 3

Supply Chain Attack

Question 4

What is the risk of default credentials?

Answer 4

They are well-known and easily exploited by attackers when left unchanged

Question 5

What is impersonation or pretexting?

Answer 5

When an attacker presents as someone else to gain access to information

Question 6

Which threat vector is exemplified by creating bogus content resembling trusted logos and emblems to deceive users?

Answer 6

Brand Impersonation

Question 7

Which attack surface type introduces malware or unauthorized access to systems through USB drives or external storage?

Answer 7

Removable Device

Question 8

Which tool is used to automate spoofing or cloning Bluetooth devices and can allow one to spoof the MAC address of a given device?

Answer 8

Spooftooph (Kali Linux)

Question 9

What is the term for the types of attacks that include impersonation, pretexting, vishing and smishing?

Answer 9

Human Vectors / Social Engineering

Question 10

What is the purpose of an airgap?

Answer 10

To ensure that a secure computer network is physically isolated from unsecured networks

Question 11

Which Bluetooth attack targets IoT devices?

Answer 11

Bluetooth Low Energy (BLE) Attack

Question 12

What is bluesnarfing?

Answer 12

the act of gaining unauthorized access to a device (and the network it is connected to) through its Bluetooth Connection

Question 13

What is SMS phishing?

Answer 13

A phishing attack that uses SMS or text messages to send malware or malicious links to mobile devices

Question 14

How does a supply-chain attack work?

Answer 14

Hackers compromise a third-party managed service provider (MSP) and use their access to the company network to leverage an attack on the target company once inside their network.

Question 15

Which type of threat vector is exemplified by concealing malicious code within JPG files to exploit vulnerabilities in software or deceive users?

Answer 15

Image-Based

Question 16

What is the purpose of using a sandbox when testing applications?

Answer 16

It runs untested or untrusted software from unverified or untrusted third parties, suppliers, users, or websites in an isolated environment

Question 17

Which vulnerable software classification does not require the installation of software or applications on user devices?

Answer 17

Agentless

Question 18

Which vulnerability occurs when vendors are inconsistent with releasing updates needed to patch security issues?

Answer 18

Patching Fragmentation

Question 19

What are some examples of social engineering attacks?

Answer 19

Spoofing
Misrepresentation
Dumpster Diving

Question 20

When automating next steps after a port scan, what typically are the next steps?

Answer 20

Probing the open service ports for vulnerabilities, checking and recording configurations present, and producing a report on the configurations

Question 21

Which Bluetooth attack sends unsolicited messages over a Bluetooth connection?

Answer 21

Bluejacking

Question 22

What is the most effective way to prevent social engineering attacks?

Answer 22

User Training

Question 23

What is spimming?

Answer 23

An instance of spam sent over an instant message (IM) application

Question 24

What is a command injection attack?

Answer 24

An attack in which an attacker tries to execute commands via a vulnerable software application that the attacker is not supposed to be able to execute on a system

Question 25

To what does social engineering refer?

Answer 25

Social engineering refers to an attacker’s attempt to obtain sensitive information by using deception and fraud or by manipulating common human traits like trust and greed.

Question 26

What is vishing?

Answer 26

A special type of phishing that uses Voice over IP (VOIP)

Question 27

When does smishing occur?

Answer 27

When hackers send fake text messages to trick users into clicking bogus links

Question 28

Which type of threat vector delivers malicious content through email attachments?

Answer 28

File-Based

Question 29

Which threat vector consists of exploiting social engineering tactics or vulnerabilities to deceive or manipulate targets over phone communications?

Answer 29

Voice Calls

Question 30

Which vulnerable software classification requires the installation of software or applications on user devices?

Answer 30

Client-Based

Question 31

Why would an attacker alter an email header?

Answer 31

To obscure the sender’s identity and perform impersonation

Question 32

What is another name for voice phishing?

Answer 32

Vishing

Question 33

What does removable media control prevent?

Answer 33

Infection from malicious files found on USB drives, SD cards, CDs, DVDs, and other removable devices

Unauthorized copying or removal of project files

Question 34

To which two attacks are bluetooth networks susceptible?

Answer 34

Bluejacking and Bluesnarfing

Question 35

What occurs when an attacker profiles and compromises websites that the intended victim accesses?

Answer 35

Watering Hole Attack

Question 36

What is the term for the act of gaining unauthorized access to a device (and the network it is connected to) through its Bluetooth connection?

Answer 36

Bluesnarfing

Question 37

What are the three most common message-based threat vectors?

Answer 37

Email
Short Message Service (SMS)
Instant Messaging (IM)

Question 38

What is an Xmas Attack?

Answer 38

An attack that looks for open service ports

Question 39

What is voice phishing?

Answer 39

A phishing attack that uses voice calls to trick a victim into revealing information

Question 40

Which threat vector arises from unpatched vulnerabilities that are exploited by attackers due to lack of updates or support?

Answer 40

Unsupported systems/applications or legacy systems