PM SG 13 Flashcards
Select the most likely attack types for these indicators:
A) A web server CPU is at a constant 100% utilization
B) Private database information can be viewed in a browser-based app
C) A user’s phone contains apps not found on the official app store
D) User accounts are locked due to excessive authentication failures
1) Directory traversal
2) Downgrade
3) SQLi
4) DDoS
5) Brute force
6) Spraying
7) Side loading
A) A web server CPU is at 100% utilization —> DDoS (4)
B) Private database information visible in a browser app —-> SQL Injection (3)
C) A user’s phone has apps not from an official app store —> Sideloading (7)
D) User accounts locked due to excessive authentication failures —–> Brute force (5)
A company is writing new security policies to include concerns over GDPR. Which of the following would be the most likely focus of these policies?
1.Customer privacy options
2.Strong encryption protocols
3.Authentication factor usage
4.SSO requirements for new applications
5.SPF disposition list
Correct Answer: 1.Customer privacy options
GDPR (General Data Protection Regulation): Focuses on protecting personal data and user privacy rights.
Incorrect options:
2.Encryption protocols: Important, but GDPR is more about privacy rights than encryption itself.
Which of the following would be categorized as an operational deterrent?
1.Motion detector
2.Separation of duties
3.Firewall
4.Door lock
5.Reception desk
Correct Answer: 5.Reception desk
Operational deterrents: Prevent incidents by human presence or process enforcement (e.g., security guards, receptionists).
Incorrect options:
3.Firewall: A technical control, not operational.
4.Door lock: A physical control, not operational.
A user received an email from a Microsoft domain informing them of ( a free laptop available on the Microsoft.com website. After clicking the link, the user’s computer was infected with malware. Which of the following would best describe this attack?
1.Watering hole attack
2.Phishing
3.Disinformation attack
4.SQL injection
5.Brand impersonation
Correct Answer: 5.Brand impersonation
Brand impersonation: Attackers fake legitimate brands (e.g., Microsoft, Google) to trick users.
Incorrect options:
2.Phishing: Broad term; brand impersonation is more specific.
1.Watering hole attack: Targets websites, not emails.
Which of the following would be a common characteristic of application containerization?
1.All containers use the same operating system
2.Containers are managed through the corporate MDM
3.Each container has a different version of the same application
4.Containers do not require full disk encryption
5.Each guest operating system includes all operating system files
Correct Answer: 1.All containers use the same operating system
Containerization: Runs applications in isolated environments on the same OS kernel.
Incorrect options:
4.Full disk encryption: Containers focus on process isolation, not disk-level encryption.
A security engineer received an alert showing a change to the corporate web server configuration file. Which of the following would be the most likely source of this alert?
1.FIM
2.IPS
3.NGFW
4.IPsec VPN
5.NAC
Correct Answer: 1.FIM (File Integrity Monitoring)
FIM: Monitors files for unauthorized changes (e.g., config files, logs).
Incorrect options:
2.IPS: Detects intrusions but doesn’t track file changes.
5.NAC: Controls network access, not file integrity.
A company has decided to perform a disaster recovery exercise during an annual meeting with the IT directors and senior directors. A simulated disaster will be presented, and the participants will discuss the logistics and processes required to resolve the disaster. Which of the following would BEST describe this exercise?
1.Capacity planning
2.Business impact analysis
3.Continuity of operations
4.Tabletop exercise
Correct Answer: 4.Tabletop exercise
Tabletop exercise: Discussion-based, simulating disaster response without real-world execution.
Incorrect options:
3.Continuity of operations: A broader plan for keeping services running.
