Objective 2 Flashcards
Which of the following are hardware issues that result from products that are no longer being made or supported, but are still usable?
Hardware cloning
Hardware tampering
Legacy vulnerability
End-of-life vulnerability
End-of-life vulnerability is the correct answer. This occurs when hardware products are no longer supported by the manufacturer, meaning they no longer receive updates, patches, or support. While the hardware may still function, its lack of updates makes it vulnerable to security issues and failures.
Hardware cloning is incorrect because it refers to unauthorized duplication of hardware, not the result of products being out of support. Hardware tampering is incorrect because it involves intentional modifications to hardware, often for malicious purposes, which is unrelated to the lifecycle of the product. Legacy vulnerability is incorrect in this context because it refers more broadly to risks associated with outdated systems, while end-of-life vulnerability specifically addresses unsupported hardware.
Which of the following hardening techniques can help protect systems or devices from attacks by installing software like a firewall or antivirus directly on user devices to report and block potential attacks?
Changing Default Passwords
Installation of endpoint protection
Least Privilege
Patching
Installation of endpoint protection is the correct answer. This hardening technique involves deploying software like firewalls, antivirus, and other security tools directly on user devices to monitor, report, and block potential attacks. Endpoint protection enhances the security of individual devices and safeguards them against various threats.
Changing default passwords is incorrect because, while it is an essential hardening step, it does not involve installing software for active threat protection. Least privilege is incorrect because it focuses on limiting user access rights and permissions, not on directly blocking attacks through software. Patching is incorrect because it refers to updating software to fix vulnerabilities, which is distinct from installing security tools like endpoint protection.
Which of the following vulnerabilities BEST describes a situation where a threat actor can manipulate data after it has been verified by an application, but before the application uses it for a specific operation?
Memory leaks
Resource exhaustion
Race conditions
Time-of-check (TOC)
Time-of-check (TOC) is the correct answer. This vulnerability occurs when a threat actor can manipulate data after it has been verified by an application (at the time of the check), but before the application uses it for a specific operation. This window of time allows for malicious changes to be made, leading to potential security issues.
Memory leaks are incorrect because they refer to the situation where an application fails to release memory that is no longer needed, leading to resource waste but not affecting the manipulation of data. Resource exhaustion is incorrect because it describes a scenario where system resources like memory or CPU are depleted, leading to denial of service, not data manipulation. Race conditions are incorrect because they involve multiple processes attempting to access shared resources simultaneously, which may lead to unpredictable behavior, but the specific manipulation of data after a check is best described by TOC.
Which of the following motivations refers to any act of stealing information from a system or network?
Data exfiltration
Ethical motivations
Disruption/chaos
Service disruption
Data exfiltration is the correct answer. This refers to the act of stealing or transferring data from a system or network, often with malicious intent, such as stealing sensitive information for unauthorized use.
Ethical motivations are incorrect because they relate to actions taken with good intentions, typically by security professionals, to help protect or improve systems, not to steal data. Disruption/chaos is incorrect because it refers to actions aimed at causing confusion or disarray, rather than stealing data. Service disruption is incorrect because it involves actions that intentionally disrupt the availability of services, but it doesn’t necessarily involve stealing information.
Dion Training has recently implemented a new web portal for their customers. During a routine security review, the IT team notices that some suspicious activities have been logged. An unknown user attempted to access the system with a strange pattern: when requesting a particular user file, instead of the usual URL structure ( /users/[username]/profile ) the system registered requests like ( /users/../admin/config ). Within a short span of time, several such patterns were identified, each trying to reach different sensitive files and directories. Given this information, which of the following types of attack is the user MOST likely attempting?
Attempting to escalate their privileges on the system.
Attempting to access files outside of intended directories.
Attempting to exploit a buffer overflow vulnerability.
Attempting to inject malicious scripts into the system.
The user is most likely attempting to access files outside of intended directories. This behavior suggests a directory traversal attack, where the attacker manipulates the URL path to access files or directories that are not meant to be accessed by the user, such as sensitive configuration files. The use of “/../” in the URL indicates an attempt to traverse up the directory structure to access restricted areas.
Attempting to escalate privileges is incorrect because the focus here is on accessing files, not gaining higher privileges on the system. Attempting to exploit a buffer overflow vulnerability is incorrect because buffer overflow attacks typically involve inputting data to overwrite memory, which is not evident from the behavior described. Attempting to inject malicious scripts is incorrect because script injection typically targets web applications with the aim of executing harmful code, which is not the primary issue in this scenario.
Which of the following vulnerabilities is unique to cloud computing environments, posing risks related to unauthorized access and data manipulation?
Side loading
Buffer overflow
Cross-site scripting (XSS)
Insecure Interfaces and APIs
Insecure Interfaces and APIs is the correct answer. This vulnerability is unique to cloud computing environments because many cloud services rely on APIs to allow access and interaction with cloud-based resources. If these APIs are not properly secured, they can be exploited for unauthorized access or data manipulation, posing significant risks to cloud-based systems.
Side loading is incorrect because it refers to installing software from unofficial sources, not directly related to cloud-specific vulnerabilities. Buffer overflow is incorrect because it is a general vulnerability that can occur in any environment, not just cloud computing. Cross-site scripting (XSS) is incorrect because it typically affects web applications and browsers, and while it can occur in cloud environments, it is not unique to them.
Travid is evaluating an attack that has occurred on his organization’s system. He sees that the attacker entered a lot of data into the the area of memory in the API that temporarily stores user input. What type of attack did Travid discover?
Memory leak
Buffer overflow
Buffer underflow
Memory fragmentation
Buffer overflow is the correct answer. In this scenario, the attacker has entered a large amount of data into a memory area that temporarily stores user input, which is characteristic of a buffer overflow attack. The attacker likely overflowed the buffer, causing the excess data to overwrite adjacent memory, potentially allowing the attacker to execute malicious code or alter the behavior of the system.
Memory leak is incorrect because it refers to a situation where memory is not properly released after use, leading to resource exhaustion over time. Buffer underflow is incorrect because it occurs when there is insufficient data to fill a buffer, which is the opposite of a buffer overflow. Memory fragmentation is incorrect because it involves inefficient use of memory, where free memory is split into small blocks, but it doesn’t specifically involve an attack or data overflow.
Which of the following BEST describes a threat actor who primarily depends on commonly found tools, often easily accessible from the web or dark web?
Bug bounty hunter
Script kiddie
APT
Ethical hacker
Script kiddie is the correct answer. A script kiddie is a threat actor who relies on pre-written tools or scripts, often easily accessible from the web or dark web, to carry out attacks. These attackers typically lack the advanced technical skills to develop their own exploits and depend on readily available resources.
Bug bounty hunters are incorrect because they are individuals who are hired to find vulnerabilities in systems and report them responsibly for rewards, not to carry out malicious activities. APT (Advanced Persistent Threat) is incorrect because it refers to highly skilled, well-funded threat actors who employ sophisticated, targeted attacks over an extended period, typically involving custom tools. Ethical hackers are incorrect because they use their skills to help organizations identify and fix security vulnerabilities, not to exploit them.
Which method accurately demonstrates the authentication process used in WPA2 Personal mode?
Dragonfly handshake with a MAC address hash.
QR codes for client device configuration.
Using a passphrase to generate a pairwise master key (PMK).
Password Authenticated Key Exchange (PAKE).
Using a passphrase to generate a pairwise master key (PMK) is the correct answer. In WPA2 Personal mode, the authentication process involves using a pre-shared key (PSK), which is a passphrase that is used to generate a pairwise master key (PMK). This PMK is then used to derive encryption keys for securing the communication between the client and the access point.
Dragonfly handshake with a MAC address hash is incorrect because the Dragonfly handshake is used in WPA3, not WPA2. QR codes for client device configuration are incorrect because QR codes are typically used for simplifying device setup, not the authentication process itself. Password Authenticated Key Exchange (PAKE) is incorrect because it is a protocol used for secure password-based authentication but is not the specific method used in WPA2 Personal.
Which of the following ports, if left open and unmonitored, might allow database queries from unauthorized external sources?
Port 53
Port 443
Port 21
Port 1433
Port 1433 is the correct answer. Port 1433 is the default port used by Microsoft SQL Server for database communication. If left open and unmonitored, it can allow unauthorized external sources to send database queries, potentially leading to unauthorized access to the database.
Port 53 is incorrect because it is used for DNS (Domain Name System) queries, not for database connections. Port 443 is incorrect because it is used for HTTPS traffic, which secures web communications, not for database queries. Port 21 is incorrect because it is used for FTP (File Transfer Protocol), which is related to file transfers, not database queries.
You are a security analyst at Dion Training and you discover that an unauthorized device has been connected to the company’s network. As you investigate, you discover that the device was added so the employee could play video games during her breaks. What type of threat actor are you dealing with?
Insider Threat
Nation-state Actor
Shadow IT
Unskilled Actor
Shadow IT is the correct answer. Shadow IT refers to devices, applications, or services that are used within an organization without the knowledge or approval of the IT department. In this case, the employee added an unauthorized device to the network for personal use (playing video games), which is a typical example of shadow IT.
Insider threat is incorrect because it refers to individuals within the organization who intentionally or unintentionally cause harm, often with malicious intent, which doesn’t fit the situation here. Nation-state actor is incorrect because it refers to a government or state-sponsored group conducting cyberattacks or espionage, which doesn’t apply to an employee’s personal use. Unskilled actor is incorrect because it usually refers to someone who lacks the skills to perform sophisticated attacks, but in this case, the employee’s actions are more about circumventing rules rather than lacking technical ability.
