N2K - Quiz - Threats, Vulnerabilities, and Mitigations

Question 1

An attacker carried out an IP spoofing that included saturating your network with ICMP messages. Which attack occurred?

A)SYN flood
B)smurf
C)brute force
D)on-path

Answer 1

smurf

Question 2

Which of these vulnerabilities is often associated with cloud computing?

A)Outdated firmware
B)Legacy applications
C)End-of-life hardware
D)Resource reuse

Answer 2

Resource reuse

Question 3

Which of the following mitigation techniques would include establishing, deploying, and then maintaining a standard configuration, such as an image?

A)Decommissioning
B)Installation of endpoint protection
C)Removal of unnecessary software
D)Configuration enforcement

Answer 3

Configuration enforcement

Question 4

Management is worried about an evil twin. Which of the following BEST describes this entity?

A)signals about the wireless network marked on the outside of a building
B)cracking the WEP secret key using the initialization vector (IV)
C)an access point with the same SSID as the legitimate access point
D)an unauthorized access point

Answer 4

an access point with the same SSID as the legitimate access point

Question 5

Which message-based attack vector is the platform responsible for launching over 90% of all attacks?

A)IM
B)Typo-squatting
C)SMS
D)Email

Answer 5

Email

Question 6

Which of the following is based on impersonating an executive in an organization, with the intent of convincing an employee to do something they shouldn’t?

A)Brand impersonation
B)Typo-squatting
C)Business email compromise
D)Misinformation

Answer 6

Business email compromise

Question 7

What is the primary goal of buffer overflow attacks?

A)SQL injection
B)Malicious update
C)Memory injection
D)Cross-site scripting

Answer 7

Memory injection

Question 8

A user supplies the proper credentials and logins in to a remote system from an offsite location in New York. Moments later, the same proper credentials are used to login from a different offsite location, this time from Tokyo. What type of Indicator of Compromise does this represent?

A)Resource consumption
B)Blocked content
C)Impossible travel
D)Concurrent session usage

Answer 8

Impossible travel

Question 9

You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. Which type of network should you deploy?

A)a VPN
B)an extranet
C)a DMZ
D)a VLAN

Answer 9

a VLAN

Question 10

Where is steganography typically used?

A)As a removable device exploitation
B)In voice calls
C)In executable file-based attacks
D)In an image-based attack

Answer 10

In an image-based attack

Question 11

Which of the following would most likely be the primary motivation for attacks conducted by organized crime?

A)Wartime agendas
B)Financial gain
C)Disruption and chaos
D)Revenge

Answer 11

Financial Gain

Question 12

Recently, while reviewing log data, you discover that a hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?

A)buffer overflow
B)backdoor
C)maintenance hook
D)privilege escalation

Answer 12

Privilege Escalation

Question 13

Which of the following physical attacks is exemplified by making a copy of an employee’s access badge?

A)Tampering
B)RFID cloning
C)Environmental attacks
D)Brute force

Answer 13

RFID Cloning

Question 14

Which of the following malware attacks is actually a collection of unwanted or unnecessary programs installed on a system?

A)Keylogger
B)Bloatware
C)Trojan
D)Rootkit

Answer 14

Bloatware

Question 15

Which of the following supply chain elements are threat vectors? (Choose all that apply.)

A)Managed service providers
B)Software suppliers
C)Hardware suppliers
D)Third-party software dependencies

Answer 15

All

Question 16

Management has recently become worried about DNS poisoning after reading an article about it. Which of the following BEST describes this attack?

A)the practice of many computers transmitting malformed packets to a DNS server to cause the server to crash
B)the practice of continually sending synchronization messages with spoofed packets to a DNS server
C)the practice of dispensing IP addresses and host names with the goal of traffic diversion
D)the practice of one computer transmitting malformed packets to a DNS server to cause the server to crash

Answer 16

the practice of dispensing IP addresses and host names with the goal of traffic diversion

Question 17

A man wearing a service provider’s coveralls and carrying a toolbox approaches your facility’s security guard. He says that his work crew is running some new Ethernet cable inside your office, but he left his mobile phone at home, so he can’t call his crew to let him in. The security guard admits the man through your secured door. The following week you find an undocumented network device installed in a closet.

Which social engineering attack techniques were used? (Choose all that apply.)

A)Influence campaign
B)Identity fraud
C)Pretexting
D)Eliciting information
E)Impersonation

Answer 17

Pretexting
Impersonation

Question 18

Recently, an attacker tricked a user into believing he was selecting a button to direct him to a legitimate web site, but that button actually took him to another site. Which type of attack occurred?

A)Amplification
B)Pass the hash
C)Clickjacking
D)Driver manipulation

Answer 18

Clickjacking

Question 19

You are responsible for designing your company’s identification, authentication, and authorization system to ensure that the company’s network is protected from unauthorized access. What is the purpose of authentication on this network?

A)backing up data stored on hard disks
B)encrypting files
C)verifying the identity of users
D)allowing users to access resources

Answer 19

verifying the identity of users

Question 20

Which of the following threat actor motivations is also known as a competition attack?

A)Espionage
B)Revenge
C)Philosophical beliefs
D)Ethical hacking

Answer 20

Espionage

Question 21

Management is concerned that mobile device location information can be revealed to attackers. Which mobile device feature should you investigate?

A)screen lock
B)allow listing
C)geotagging
D)remote wiping

Answer 21

geotagging

Question 22

You have recently been notified by an application vendor that the application includes a rootkit. The manufacturer has released a patch that will remove the vulnerability from the application. What is a rootkit?

A)a collection of programs that grants a hacker administrative access to a computer or network
B)a program that spreads itself through network connections
C)an application that uses tracking cookies to collect and report a user’s activities
D)a software application that displays advertisements while the application is executing

Answer 22

a collection of programs that grants a hacker administrative access to a computer or network

Question 23

Which threat actor type would most likely have the most resources available?

A)Organized crime
B)Unskilled attackers
C)Nation states
D)Hacktivist

Answer 23

Nation States

Question 24

As part of your monthly report, you must classify specific vulnerabilities into a broad range of vulnerability types. Which type of vulnerability is demonstrated by an SQL injection?

A)Improper input handling
B)Misconfiguration/weak configuration
C)Improper error handling
D)Default configuration

Answer 24

Improper input handling

Question 25

Which of the following network attacks has the goal of capturing a user’s login information to use in a subsequent attack?

A)Reflected
B)Amplified
C)On-path
D)Credential replay

Answer 25

Credential Replay

Question 26

A user reports that she is unable to access a file server. You discover that there are numerous open connections on the file server from several servers and routers.

Which type of attack has affected the file server?

A)privilege escalation
B)man-in-the-middle attack
C)denial-of-service (DoS) attack
D)backdoor attack

Answer 26

Denial of Service Attack

Question 27

Which two options are threat vectors used against vulnerable software? (Choose two.)

A)Agentless
B)Default credentials
C)Unsupported systems and applications
D)Client-based

Answer 27

Agentless
Client-Based

Question 28

You are considering cloud services, and you are concerned about the interaction of your security policies and those of the hosting provider. What can alleviate your concern?

A)Stress testing
B)VDI
C)Cloud access security brokers
D)VM escape protection

Answer 28

Cloud Access Security Brokers

Question 29

A remote employee has a history of logging into the system every day between 8:50 AM and 9:05 AM. Today, the employee logs in at 3 AM. What does this exemplify?

A)Published/documented
B)Missing logs
C)Out-of-cycle logging
D)Resource inaccessibility

Answer 29

Out-Of-Cycle Logging

Question 30

Which of the following is not a cryptographic attack?

A)Collision
B)Birthday
C)Downgrade
D)Spraying

Answer 30

Spraying

Question 31

You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working well together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will include centralized logging. What could you replace them with?

A)Patch management tools
B)DLP
C)Host-based firewall
D)UTM

Answer 31

UTM

Question 32

Your company underwent an attack that involved an attacker injecting a command to access the underlying file system. Which type of attack occurred?

A)privilege escalation
B)directory traversal
C)DLP
D)resource exhaustion

Answer 32

Directory Traversal

Question 33

Which type of attack relies on mistakes made by users when they input Web addresses?

A)malicious insider threat
B)DoS
C)URL hijacking
D)watering hole attack

Answer 33

URL Hijacking

Question 34

Which cryptographic attacks attempt to produce the same hash value from a brute force attack using two inputs? (Choose two.)

A)Collision
B)Replay
C)Birthday
D)Weak Implementations

Answer 34

Collision
Birthday

Question 35

In security operations, which of the following would provide well-defined operational guidelines for processes such as incident response, security policy, vulnerability management, and security awareness?

A)System hardening
B)Windows registry
C)Logging levels
D)System processes

Answer 35

System Processes

Question 36

What is vishing?

A)a special type of phishing that targets a single power user
B)a special type of phishing that uses Voice over IP (VoIP)
C)an attack that looks for open ports
D)a special type of phishing that appears to come from a trusted individual

Answer 36

A special type of phishing that uses Voice over IP (VoIP)

Question 37

Which of the following is most likely the primary motivation for a threat actor who wants to gain notoriety by claiming responsibility for an event?

A)Revenge
B)Disruption and chaos
C)War
D)Service disruption

Answer 37

Disruption and Chaos

Question 38

You are your organization’s security analyst. Recently, you discovered that an attacker injected malicious code into a web application on your organization’s website. You discovered this attack by reviewing the log data on the web servers. Which type of attack did your organization experience?

A)buffer overflow
B)SQL injection
C)path traversal
D)cross-site scripting

Answer 38

Cross-Site Scripting

Question 39

Which of the following transmits data via Wi-Fi or Bluetooth only to a host device and are vulnerable to data interception and attack?

A)UAV
B)Wearable technology
C)Automobiles
D)Medical devices

Answer 39

Wearable Technology

Question 40

Recently there was a DoS attack on one of the servers, which succeeded in taking the server down for three hours. You would like to deploy a solution that would allow you to detect a huge rush of traffic to a specific device and route it somewhere away from the device. What technique could you use?

A)Endpoint security
B)Network segmentation
C)Sinkholes
D)System isolation

Answer 40

Sinkholes

Question 41

Which threat actor motivation is exemplified by threatening to release sensitive personally identifiable information (PII)?

A)Service disruption
B)Data exfiltration
C)Blackmail
D)Financial gain

Answer 41

Blackmail

Question 42

Your organization has a contract to provide networking services to a government agency. You are required to use certified hardware to build a secure network. Which of the following practices will help you avoid adversarial threats in the supply chain? (Choose all that apply.)

A)Inspect hardware for signs of tampering
B)Source hardware from multiple vendors in case natural disasters disrupt availability
C)Integrate supply chain management into the overall risk management framework
D)Have a legally enforceable purchase order with the hardware vendor
E)Only purchase hardware from authorized vendors or resellers
F)Request proof of equipment certification from hardware vendors

Answer 42

Inspect hardware for signs of tampering

Integrate supply chain management into the overall risk management framework

Only purchase hardware from authorized vendors or resellers

Request proof of equipment certification from hardware vendors

Question 43

You have recently been hired as a network administrator. The CIO informs you that their wireless networks are protected using firewalls. He has asked that you implement MAC filtering on all access points. What is the purpose of using this technology?

A)to restrict the clients that can access a wireless network
B)to restrict the clients that can access a Web site
C)to ensure that unused ports are not accessible by clients
D)to provide port authentication for a wireless network

Answer 43

To restrict the clients that can access a wireless network

Question 44

You have discovered that data was injected into your database, thereby causing security issues. Which injection attack most likely occurred?

A)LDAP injection
B)XML injection
C)command injection
D)SQL injection

Answer 44

SQL Injection

Question 45

A user notifies you that a software application displays advertisements while the application is executing. Of which security threat is this an example?

A)spyware
B)adware
C)virus
D)worm

Answer 45

adware

Question 46

Your organization has asked the security team to add terrorist attacks to the organization’s business continuity plan. Which type of threat does this most likely represent?

A)Politically motivated threat
B)Natural environmental threat
C)Supply system threat
D)Internal threat

Answer 46

Politically motivated threat

Question 47

Which threat actor type can be characterized by an unsophisticated skill level, the use of widely available tools, and is motivated by the need to prove their skills?

A)Competitor
B)Hacktivist
C)Unskilled attacker
D)Insider
E)Shadow IT

Answer 47

Unskilled Attacker

Question 48

Provisioning requests for the IT department have been backlogged for months. You are concerned that employees are using unauthorized cloud services to deploy VMs and store company data. Which of the following services can be used to bring this shadow IT back under the corporate security policy?

A)VPN
B)SWG
C)CASB
D)SLA

Answer 48

CASB

Question 49

Which of the following begins with the attacker creating a fake patch?

A)Memory injection
B)Malicious update
C)SQL injection
D)Cross-site scripting

Answer 49

Malicious Update

Question 50

Which of the following is not a vulnerability associated with the supply chain?

A)Hardware provider
B)Software provider
C)Service provider
D)TPM

Answer 50

TPM