N2K - Quiz - Threats, Vulnerabilities, and Mitigations Flashcards
An attacker carried out an IP spoofing that included saturating your network with ICMP messages. Which attack occurred?
A)SYN flood
B)smurf
C)brute force
D)on-path
smurf
Which of these vulnerabilities is often associated with cloud computing?
A)Outdated firmware
B)Legacy applications
C)End-of-life hardware
D)Resource reuse
Resource reuse
Which of the following mitigation techniques would include establishing, deploying, and then maintaining a standard configuration, such as an image?
A)Decommissioning
B)Installation of endpoint protection
C)Removal of unnecessary software
D)Configuration enforcement
Configuration enforcement
Management is worried about an evil twin. Which of the following BEST describes this entity?
A)signals about the wireless network marked on the outside of a building
B)cracking the WEP secret key using the initialization vector (IV)
C)an access point with the same SSID as the legitimate access point
D)an unauthorized access point
an access point with the same SSID as the legitimate access point
Which message-based attack vector is the platform responsible for launching over 90% of all attacks?
A)IM
B)Typo-squatting
C)SMS
D)Email
Which of the following is based on impersonating an executive in an organization, with the intent of convincing an employee to do something they shouldn’t?
A)Brand impersonation
B)Typo-squatting
C)Business email compromise
D)Misinformation
Business email compromise
What is the primary goal of buffer overflow attacks?
A)SQL injection
B)Malicious update
C)Memory injection
D)Cross-site scripting
Memory injection
A user supplies the proper credentials and logins in to a remote system from an offsite location in New York. Moments later, the same proper credentials are used to login from a different offsite location, this time from Tokyo. What type of Indicator of Compromise does this represent?
A)Resource consumption
B)Blocked content
C)Impossible travel
D)Concurrent session usage
Impossible travel
You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. Which type of network should you deploy?
A)a VPN
B)an extranet
C)a DMZ
D)a VLAN
a VLAN
Where is steganography typically used?
A)As a removable device exploitation
B)In voice calls
C)In executable file-based attacks
D)In an image-based attack
In an image-based attack
Which of the following would most likely be the primary motivation for attacks conducted by organized crime?
A)Wartime agendas
B)Financial gain
C)Disruption and chaos
D)Revenge
Financial Gain
Recently, while reviewing log data, you discover that a hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?
A)buffer overflow
B)backdoor
C)maintenance hook
D)privilege escalation
Privilege Escalation
Which of the following physical attacks is exemplified by making a copy of an employee’s access badge?
A)Tampering
B)RFID cloning
C)Environmental attacks
D)Brute force
RFID Cloning
Which of the following malware attacks is actually a collection of unwanted or unnecessary programs installed on a system?
A)Keylogger
B)Bloatware
C)Trojan
D)Rootkit
Bloatware
Which of the following supply chain elements are threat vectors? (Choose all that apply.)
A)Managed service providers
B)Software suppliers
C)Hardware suppliers
D)Third-party software dependencies
All
Management has recently become worried about DNS poisoning after reading an article about it. Which of the following BEST describes this attack?
A)the practice of many computers transmitting malformed packets to a DNS server to cause the server to crash
B)the practice of continually sending synchronization messages with spoofed packets to a DNS server
C)the practice of dispensing IP addresses and host names with the goal of traffic diversion
D)the practice of one computer transmitting malformed packets to a DNS server to cause the server to crash
the practice of dispensing IP addresses and host names with the goal of traffic diversion
A man wearing a service provider’s coveralls and carrying a toolbox approaches your facility’s security guard. He says that his work crew is running some new Ethernet cable inside your office, but he left his mobile phone at home, so he can’t call his crew to let him in. The security guard admits the man through your secured door. The following week you find an undocumented network device installed in a closet.
Which social engineering attack techniques were used? (Choose all that apply.)
A)Influence campaign
B)Identity fraud
C)Pretexting
D)Eliciting information
E)Impersonation
Pretexting
Impersonation
Recently, an attacker tricked a user into believing he was selecting a button to direct him to a legitimate web site, but that button actually took him to another site. Which type of attack occurred?
A)Amplification
B)Pass the hash
C)Clickjacking
D)Driver manipulation
Clickjacking
You are responsible for designing your company’s identification, authentication, and authorization system to ensure that the company’s network is protected from unauthorized access. What is the purpose of authentication on this network?
A)backing up data stored on hard disks
B)encrypting files
C)verifying the identity of users
D)allowing users to access resources
verifying the identity of users
Which of the following threat actor motivations is also known as a competition attack?
A)Espionage
B)Revenge
C)Philosophical beliefs
D)Ethical hacking
Espionage
Management is concerned that mobile device location information can be revealed to attackers. Which mobile device feature should you investigate?
A)screen lock
B)allow listing
C)geotagging
D)remote wiping
geotagging
You have recently been notified by an application vendor that the application includes a rootkit. The manufacturer has released a patch that will remove the vulnerability from the application. What is a rootkit?
A)a collection of programs that grants a hacker administrative access to a computer or network
B)a program that spreads itself through network connections
C)an application that uses tracking cookies to collect and report a user’s activities
D)a software application that displays advertisements while the application is executing
a collection of programs that grants a hacker administrative access to a computer or network
Which threat actor type would most likely have the most resources available?
A)Organized crime
B)Unskilled attackers
C)Nation states
D)Hacktivist
Nation States
As part of your monthly report, you must classify specific vulnerabilities into a broad range of vulnerability types. Which type of vulnerability is demonstrated by an SQL injection?
A)Improper input handling
B)Misconfiguration/weak configuration
C)Improper error handling
D)Default configuration
Improper input handling
Which of the following network attacks has the goal of capturing a user’s login information to use in a subsequent attack?
A)Reflected
B)Amplified
C)On-path
D)Credential replay
Credential Replay
A user reports that she is unable to access a file server. You discover that there are numerous open connections on the file server from several servers and routers.
Which type of attack has affected the file server?
A)privilege escalation
B)man-in-the-middle attack
C)denial-of-service (DoS) attack
D)backdoor attack
Denial of Service Attack
Which two options are threat vectors used against vulnerable software? (Choose two.)
A)Agentless
B)Default credentials
C)Unsupported systems and applications
D)Client-based
Agentless
Client-Based
You are considering cloud services, and you are concerned about the interaction of your security policies and those of the hosting provider. What can alleviate your concern?
A)Stress testing
B)VDI
C)Cloud access security brokers
D)VM escape protection
Cloud Access Security Brokers
A remote employee has a history of logging into the system every day between 8:50 AM and 9:05 AM. Today, the employee logs in at 3 AM. What does this exemplify?
A)Published/documented
B)Missing logs
C)Out-of-cycle logging
D)Resource inaccessibility
Out-Of-Cycle Logging
Which of the following is not a cryptographic attack?
A)Collision
B)Birthday
C)Downgrade
D)Spraying
Spraying
You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working well together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will include centralized logging. What could you replace them with?
A)Patch management tools
B)DLP
C)Host-based firewall
D)UTM
UTM
Your company underwent an attack that involved an attacker injecting a command to access the underlying file system. Which type of attack occurred?
A)privilege escalation
B)directory traversal
C)DLP
D)resource exhaustion
Directory Traversal
Which type of attack relies on mistakes made by users when they input Web addresses?
A)malicious insider threat
B)DoS
C)URL hijacking
D)watering hole attack
URL Hijacking
Which cryptographic attacks attempt to produce the same hash value from a brute force attack using two inputs? (Choose two.)
A)Collision
B)Replay
C)Birthday
D)Weak Implementations
Collision
Birthday
In security operations, which of the following would provide well-defined operational guidelines for processes such as incident response, security policy, vulnerability management, and security awareness?
A)System hardening
B)Windows registry
C)Logging levels
D)System processes
System Processes
What is vishing?
A)a special type of phishing that targets a single power user
B)a special type of phishing that uses Voice over IP (VoIP)
C)an attack that looks for open ports
D)a special type of phishing that appears to come from a trusted individual
A special type of phishing that uses Voice over IP (VoIP)
Which of the following is most likely the primary motivation for a threat actor who wants to gain notoriety by claiming responsibility for an event?
A)Revenge
B)Disruption and chaos
C)War
D)Service disruption
Disruption and Chaos
You are your organization’s security analyst. Recently, you discovered that an attacker injected malicious code into a web application on your organization’s website. You discovered this attack by reviewing the log data on the web servers. Which type of attack did your organization experience?
A)buffer overflow
B)SQL injection
C)path traversal
D)cross-site scripting
Cross-Site Scripting
Which of the following transmits data via Wi-Fi or Bluetooth only to a host device and are vulnerable to data interception and attack?
A)UAV
B)Wearable technology
C)Automobiles
D)Medical devices
Wearable Technology
Recently there was a DoS attack on one of the servers, which succeeded in taking the server down for three hours. You would like to deploy a solution that would allow you to detect a huge rush of traffic to a specific device and route it somewhere away from the device. What technique could you use?
A)Endpoint security
B)Network segmentation
C)Sinkholes
D)System isolation
Sinkholes
Which threat actor motivation is exemplified by threatening to release sensitive personally identifiable information (PII)?
A)Service disruption
B)Data exfiltration
C)Blackmail
D)Financial gain
Blackmail
Your organization has a contract to provide networking services to a government agency. You are required to use certified hardware to build a secure network. Which of the following practices will help you avoid adversarial threats in the supply chain? (Choose all that apply.)
A)Inspect hardware for signs of tampering
B)Source hardware from multiple vendors in case natural disasters disrupt availability
C)Integrate supply chain management into the overall risk management framework
D)Have a legally enforceable purchase order with the hardware vendor
E)Only purchase hardware from authorized vendors or resellers
F)Request proof of equipment certification from hardware vendors
Inspect hardware for signs of tampering
Integrate supply chain management into the overall risk management framework
Only purchase hardware from authorized vendors or resellers
Request proof of equipment certification from hardware vendors
You have recently been hired as a network administrator. The CIO informs you that their wireless networks are protected using firewalls. He has asked that you implement MAC filtering on all access points. What is the purpose of using this technology?
A)to restrict the clients that can access a wireless network
B)to restrict the clients that can access a Web site
C)to ensure that unused ports are not accessible by clients
D)to provide port authentication for a wireless network
To restrict the clients that can access a wireless network
You have discovered that data was injected into your database, thereby causing security issues. Which injection attack most likely occurred?
A)LDAP injection
B)XML injection
C)command injection
D)SQL injection
SQL Injection
A user notifies you that a software application displays advertisements while the application is executing. Of which security threat is this an example?
A)spyware
B)adware
C)virus
D)worm
adware
Your organization has asked the security team to add terrorist attacks to the organization’s business continuity plan. Which type of threat does this most likely represent?
A)Politically motivated threat
B)Natural environmental threat
C)Supply system threat
D)Internal threat
Politically motivated threat
Which threat actor type can be characterized by an unsophisticated skill level, the use of widely available tools, and is motivated by the need to prove their skills?
A)Competitor
B)Hacktivist
C)Unskilled attacker
D)Insider
E)Shadow IT
Unskilled Attacker
Provisioning requests for the IT department have been backlogged for months. You are concerned that employees are using unauthorized cloud services to deploy VMs and store company data. Which of the following services can be used to bring this shadow IT back under the corporate security policy?
A)VPN
B)SWG
C)CASB
D)SLA
CASB
Which of the following begins with the attacker creating a fake patch?
A)Memory injection
B)Malicious update
C)SQL injection
D)Cross-site scripting
Malicious Update
Which of the following is not a vulnerability associated with the supply chain?
A)Hardware provider
B)Software provider
C)Service provider
D)TPM
TPM
