Security Plus

Question 1

Attack an account with the top three (or more) passwords. If they don’t work, move to the next account. No lockouts, no alarms, no alerts.

Answer 1

Spraying attack

Question 2

They identify patterns in data and improve their predictions.

Answer 2

Machine Learning

Question 3

Gain higher-level access to a system. Horizontal privilege escalation User A can access user B resources.

Answer 3

Privilege escalation

Question 4

Attacker embeds malicious scripting commands on a trusted website.

Answer 4

Cross-Site Scripting (XSS)

Question 5

Attempts to get data provided by the attacker to be saved on the web server by the victim. Attacker posts a message to a social network with malicious payload.

Answer 5

Cross-Site Scripting (Stored/Persistent)

Question 6

Attempts to have a non-persistent effect activated by a victim clicking a link on the site. Attacker emails a link that takes advantage of this vulnerability. Runs a script that sends credentials/session IDs/cookies to the attacker.

Answer 6

Cross-Site Scripting (Reflected)

Question 7

Attack consisting of the insertion or injection of an SQL query data from the client to a web application.

Answer 7

SQL injection

Question 8

Insertion of additional information or code through data input from a client to an application. Examples, SQL, HTML, XML, and LDAP.

Answer 8

Injection Attack.

Question 9

What injection attack is prevented through input validation and using least privilege when accessing a database.

Answer 9

SQL injection.

Question 10

’ OR 1=1

Answer 10

SQL Injection.

Question 11

Application verify that information received from a user matchers a specific format or range of value.

Answer 11

Input Validation.

Question 12

Occurs when a process stores data outside the memory range allocated by the developer

Answer 12

Buffer Overflows.

Question 13

Network-based attack where a valid data transmission is fraudulently or malicious rebroadcast, repeated, or delayed.

Answer 13

Replay Attack.

Question 14

A technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the associated plaintext password.

Answer 14

Pass the Hash.

Question 15

Attacker intercepts the session ID and uses it to access the server with the victim’s credentials.

Answer 15

Session Hijacking.

Question 16

Occurs when an attacker forces a user to execute actions on a web server for which they are already authenticated.

Answer 16

Cross-site Request Forgery (XSRF/CSRF)

Question 17

Shimming (filling space between two objects) and Refactoring (different program each times its downloaded.

Answer 17

Driver Manipulation

Question 18

Time synchronization

Answer 18

Network Time Protocol (NTP)

Question 19

Vulnerability is found where multiple threads are attempting to write a variable or object at the same memory locations.

Answer 19

Race condition

Question 20

Able to read file from a web server that are outside of the websites file directory.

Answer 20

Directory traversal.

Question 21

A library of programming utilities used to enable software developers to access functions of another application.

Answer 21

API (Application Programming Interface.

Question 22

An unauthorized WAP or Wireless Router that allows to the secure network.

Answer 22

Rogue Access Point.

Question 23

A rogue, counterfeit, and unauthorized WAP with the same SSID as your valid one.

Answer 23

Evil Twin.

Question 24

Sending of unsolicited messages to BLuetooth enabled devices such as mobile phones and tablets.

Answer 24

Bluejacking

Question 25

Unauthorized access of information from a wireless device through a Bluetooth connection.

Answer 25

Bluesnarfing

Question 26

Focuses on learning as much information from open sources such as social media. corporate websites, and business organizations.

Answer 26

Passive footprinting.

Question 27

Privacy Information Management Systems (PIMS)

Answer 27

(International Organization for Standardization) ISO 27001

Question 28

Information security controls are the focus for international standards.

Answer 28

ISO 27002

Question 29

The foundational standard for Information Management Systems (ISMS)

Answer 29

ISO 27701

Question 30

International standards for risk management.

Answer 30

ISO 31000

Question 31

Response designed to make security teams more effective by automating process and integrating 3rd party security tools.

Answer 31

SOAR (Security Orchestration, Automation, and Response)

Question 32

Allowing members of one organization to authenticate using the credentials of another organization.

Answer 32

Federation.

Question 33

Attack commonly associated with wireless networks, and they usually cause disconnects and lack of connectivity. Network outage or disconnection.

Answer 33

Disassociation.

Question 34

Attack often associated with a 3rd-party who is actively intercepting network traffic. Entity in the middle would not be able to provide a valid SSL certification for a 3rd party website, and certification error will appear in the browser as a warning.

Answer 34

On-path

Question 35

Prediction of how often a repairable system will fail.

Answer 35

MTBF (Mean Time Between Failures).

Question 36

A det of objectives needed to restore a particular service level.

Answer 36

Recovery Time Objectives.

Question 37

The amount of time it takes to repair a component.

Answer 37

MTTR (Mean Time to Restore).

Question 38

The expected lifetime of a non-repairable product or system.

Answer 38

MTTF (Mean Time to Failure).

Question 39

Attack that takes advantage of authority and urgency principle in an effort to convince someone else to circumvent normal security controls.

Answer 39

Social Engineering.