N2K - Quiz - Threats, Vulnerabilities, and Mitigations Flashcards

1
Q

An attacker carried out an IP spoofing that included saturating your network with ICMP messages. Which attack occurred?

A)SYN flood
B)smurf
C)brute force
D)on-path

A

smurf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of these vulnerabilities is often associated with cloud computing?

A)Outdated firmware
B)Legacy applications
C)End-of-life hardware
D)Resource reuse

A

Resource reuse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following mitigation techniques would include establishing, deploying, and then maintaining a standard configuration, such as an image?

A)Decommissioning
B)Installation of endpoint protection
C)Removal of unnecessary software
D)Configuration enforcement

A

Configuration enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Management is worried about an evil twin. Which of the following BEST describes this entity?

A)signals about the wireless network marked on the outside of a building
B)cracking the WEP secret key using the initialization vector (IV)
C)an access point with the same SSID as the legitimate access point
D)an unauthorized access point

A

an access point with the same SSID as the legitimate access point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which message-based attack vector is the platform responsible for launching over 90% of all attacks?

A)IM
B)Typo-squatting
C)SMS
D)Email

A

Email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is based on impersonating an executive in an organization, with the intent of convincing an employee to do something they shouldn’t?

A)Brand impersonation
B)Typo-squatting
C)Business email compromise
D)Misinformation

A

Business email compromise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the primary goal of buffer overflow attacks?

A)SQL injection
B)Malicious update
C)Memory injection
D)Cross-site scripting

A

Memory injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A user supplies the proper credentials and logins in to a remote system from an offsite location in New York. Moments later, the same proper credentials are used to login from a different offsite location, this time from Tokyo. What type of Indicator of Compromise does this represent?

A)Resource consumption
B)Blocked content
C)Impossible travel
D)Concurrent session usage

A

Impossible travel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. Which type of network should you deploy?

A)a VPN
B)an extranet
C)a DMZ
D)a VLAN

A

a VLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Where is steganography typically used?

A)As a removable device exploitation
B)In voice calls
C)In executable file-based attacks
D)In an image-based attack

A

In an image-based attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following would most likely be the primary motivation for attacks conducted by organized crime?

A)Wartime agendas
B)Financial gain
C)Disruption and chaos
D)Revenge

A

Financial Gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Recently, while reviewing log data, you discover that a hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?

A)buffer overflow
B)backdoor
C)maintenance hook
D)privilege escalation

A

Privilege Escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following physical attacks is exemplified by making a copy of an employee’s access badge?

A)Tampering
B)RFID cloning
C)Environmental attacks
D)Brute force

A

RFID Cloning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following malware attacks is actually a collection of unwanted or unnecessary programs installed on a system?

A)Keylogger
B)Bloatware
C)Trojan
D)Rootkit

A

Bloatware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following supply chain elements are threat vectors? (Choose all that apply.)

A)Managed service providers
B)Software suppliers
C)Hardware suppliers
D)Third-party software dependencies

A

All

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Management has recently become worried about DNS poisoning after reading an article about it. Which of the following BEST describes this attack?

A)the practice of many computers transmitting malformed packets to a DNS server to cause the server to crash
B)the practice of continually sending synchronization messages with spoofed packets to a DNS server
C)the practice of dispensing IP addresses and host names with the goal of traffic diversion
D)the practice of one computer transmitting malformed packets to a DNS server to cause the server to crash

A

the practice of dispensing IP addresses and host names with the goal of traffic diversion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A man wearing a service provider’s coveralls and carrying a toolbox approaches your facility’s security guard. He says that his work crew is running some new Ethernet cable inside your office, but he left his mobile phone at home, so he can’t call his crew to let him in. The security guard admits the man through your secured door. The following week you find an undocumented network device installed in a closet.

Which social engineering attack techniques were used? (Choose all that apply.)

A)Influence campaign
B)Identity fraud
C)Pretexting
D)Eliciting information
E)Impersonation

A

Pretexting
Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Recently, an attacker tricked a user into believing he was selecting a button to direct him to a legitimate web site, but that button actually took him to another site. Which type of attack occurred?

A)Amplification
B)Pass the hash
C)Clickjacking
D)Driver manipulation

A

Clickjacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You are responsible for designing your company’s identification, authentication, and authorization system to ensure that the company’s network is protected from unauthorized access. What is the purpose of authentication on this network?

A)backing up data stored on hard disks
B)encrypting files
C)verifying the identity of users
D)allowing users to access resources

A

verifying the identity of users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following threat actor motivations is also known as a competition attack?

A)Espionage
B)Revenge
C)Philosophical beliefs
D)Ethical hacking

A

Espionage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Management is concerned that mobile device location information can be revealed to attackers. Which mobile device feature should you investigate?

A)screen lock
B)allow listing
C)geotagging
D)remote wiping

A

geotagging

22
Q

You have recently been notified by an application vendor that the application includes a rootkit. The manufacturer has released a patch that will remove the vulnerability from the application. What is a rootkit?

A)a collection of programs that grants a hacker administrative access to a computer or network
B)a program that spreads itself through network connections
C)an application that uses tracking cookies to collect and report a user’s activities
D)a software application that displays advertisements while the application is executing

A

a collection of programs that grants a hacker administrative access to a computer or network

23
Q

Which threat actor type would most likely have the most resources available?

A)Organized crime
B)Unskilled attackers
C)Nation states
D)Hacktivist

A

Nation States

24
Q

As part of your monthly report, you must classify specific vulnerabilities into a broad range of vulnerability types. Which type of vulnerability is demonstrated by an SQL injection?

A)Improper input handling
B)Misconfiguration/weak configuration
C)Improper error handling
D)Default configuration

A

Improper input handling

25
Q

Which of the following network attacks has the goal of capturing a user’s login information to use in a subsequent attack?

A)Reflected
B)Amplified
C)On-path
D)Credential replay

A

Credential Replay

26
Q

A user reports that she is unable to access a file server. You discover that there are numerous open connections on the file server from several servers and routers.

Which type of attack has affected the file server?

A)privilege escalation
B)man-in-the-middle attack
C)denial-of-service (DoS) attack
D)backdoor attack

A

Denial of Service Attack

27
Q

Which two options are threat vectors used against vulnerable software? (Choose two.)

A)Agentless
B)Default credentials
C)Unsupported systems and applications
D)Client-based

A

Agentless
Client-Based

28
Q

You are considering cloud services, and you are concerned about the interaction of your security policies and those of the hosting provider. What can alleviate your concern?

A)Stress testing
B)VDI
C)Cloud access security brokers
D)VM escape protection

A

Cloud Access Security Brokers

29
Q

A remote employee has a history of logging into the system every day between 8:50 AM and 9:05 AM. Today, the employee logs in at 3 AM. What does this exemplify?

A)Published/documented
B)Missing logs
C)Out-of-cycle logging
D)Resource inaccessibility

A

Out-Of-Cycle Logging

30
Q

Which of the following is not a cryptographic attack?

A)Collision
B)Birthday
C)Downgrade
D)Spraying

A

Spraying

31
Q

You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working well together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will include centralized logging. What could you replace them with?

A)Patch management tools
B)DLP
C)Host-based firewall
D)UTM

A

UTM

32
Q

Your company underwent an attack that involved an attacker injecting a command to access the underlying file system. Which type of attack occurred?

A)privilege escalation
B)directory traversal
C)DLP
D)resource exhaustion

A

Directory Traversal

33
Q

Which type of attack relies on mistakes made by users when they input Web addresses?

A)malicious insider threat
B)DoS
C)URL hijacking
D)watering hole attack

A

URL Hijacking

34
Q

Which cryptographic attacks attempt to produce the same hash value from a brute force attack using two inputs? (Choose two.)

A)Collision
B)Replay
C)Birthday
D)Weak Implementations

A

Collision
Birthday

35
Q

In security operations, which of the following would provide well-defined operational guidelines for processes such as incident response, security policy, vulnerability management, and security awareness?

A)System hardening
B)Windows registry
C)Logging levels
D)System processes

A

System Processes

36
Q

What is vishing?

A)a special type of phishing that targets a single power user
B)a special type of phishing that uses Voice over IP (VoIP)
C)an attack that looks for open ports
D)a special type of phishing that appears to come from a trusted individual

A

A special type of phishing that uses Voice over IP (VoIP)

37
Q

Which of the following is most likely the primary motivation for a threat actor who wants to gain notoriety by claiming responsibility for an event?

A)Revenge
B)Disruption and chaos
C)War
D)Service disruption

A

Disruption and Chaos

38
Q

You are your organization’s security analyst. Recently, you discovered that an attacker injected malicious code into a web application on your organization’s website. You discovered this attack by reviewing the log data on the web servers. Which type of attack did your organization experience?

A)buffer overflow
B)SQL injection
C)path traversal
D)cross-site scripting

A

Cross-Site Scripting

39
Q

Which of the following transmits data via Wi-Fi or Bluetooth only to a host device and are vulnerable to data interception and attack?

A)UAV
B)Wearable technology
C)Automobiles
D)Medical devices

A

Wearable Technology

40
Q

Recently there was a DoS attack on one of the servers, which succeeded in taking the server down for three hours. You would like to deploy a solution that would allow you to detect a huge rush of traffic to a specific device and route it somewhere away from the device. What technique could you use?

A)Endpoint security
B)Network segmentation
C)Sinkholes
D)System isolation

A

Sinkholes

41
Q

Which threat actor motivation is exemplified by threatening to release sensitive personally identifiable information (PII)?

A)Service disruption
B)Data exfiltration
C)Blackmail
D)Financial gain

A

Blackmail

42
Q

Your organization has a contract to provide networking services to a government agency. You are required to use certified hardware to build a secure network. Which of the following practices will help you avoid adversarial threats in the supply chain? (Choose all that apply.)

A)Inspect hardware for signs of tampering
B)Source hardware from multiple vendors in case natural disasters disrupt availability
C)Integrate supply chain management into the overall risk management framework
D)Have a legally enforceable purchase order with the hardware vendor
E)Only purchase hardware from authorized vendors or resellers
F)Request proof of equipment certification from hardware vendors

A

Inspect hardware for signs of tampering

Integrate supply chain management into the overall risk management framework

Only purchase hardware from authorized vendors or resellers

Request proof of equipment certification from hardware vendors

43
Q

You have recently been hired as a network administrator. The CIO informs you that their wireless networks are protected using firewalls. He has asked that you implement MAC filtering on all access points. What is the purpose of using this technology?

A)to restrict the clients that can access a wireless network
B)to restrict the clients that can access a Web site
C)to ensure that unused ports are not accessible by clients
D)to provide port authentication for a wireless network

A

To restrict the clients that can access a wireless network

44
Q

You have discovered that data was injected into your database, thereby causing security issues. Which injection attack most likely occurred?

A)LDAP injection
B)XML injection
C)command injection
D)SQL injection

A

SQL Injection

45
Q

A user notifies you that a software application displays advertisements while the application is executing. Of which security threat is this an example?

A)spyware
B)adware
C)virus
D)worm

A

adware

46
Q

Your organization has asked the security team to add terrorist attacks to the organization’s business continuity plan. Which type of threat does this most likely represent?

A)Politically motivated threat
B)Natural environmental threat
C)Supply system threat
D)Internal threat

A

Politically motivated threat

47
Q

Which threat actor type can be characterized by an unsophisticated skill level, the use of widely available tools, and is motivated by the need to prove their skills?

A)Competitor
B)Hacktivist
C)Unskilled attacker
D)Insider
E)Shadow IT

A

Unskilled Attacker

48
Q

Provisioning requests for the IT department have been backlogged for months. You are concerned that employees are using unauthorized cloud services to deploy VMs and store company data. Which of the following services can be used to bring this shadow IT back under the corporate security policy?

A)VPN
B)SWG
C)CASB
D)SLA

A

CASB

49
Q

Which of the following begins with the attacker creating a fake patch?

A)Memory injection
B)Malicious update
C)SQL injection
D)Cross-site scripting

A

Malicious Update

50
Q

Which of the following is not a vulnerability associated with the supply chain?

A)Hardware provider
B)Software provider
C)Service provider
D)TPM

A

TPM