Security+ Practice Tests 1-5 Flashcards by Angelina Hart

Registering a misspelled domain name in the hopes of getting traffic from unsuspecting users who type the URL in wrong.

URL hijacking
AKA typosquatting

How well did you know this?

Not at all

Perfectly

Attaching a piece of data to the beginning of another

Prepending

How well did you know this?

Not at all

Perfectly

A form of cyberattack that targets a group of users by infecting websites that they commonly visit.

Watering hole attack

How well did you know this?

Not at all

Perfectly

What is the platform for watering hole attacks?

Websites

How well did you know this?

Not at all

Perfectly

Where does a fileless virus reside?

RAM

How well did you know this?

Not at all

Perfectly

What is the function of a C2 server?

Botnet control

How well did you know this?

Not at all

Perfectly

A computer controlled by an attacker used to send commands to systems compromised by malware.

C2 (Command and Control) server

How well did you know this?

Not at all

Perfectly

Malware that restricts access to a computer system by encrypting data.

Cryptomalware

How well did you know this?

Not at all

Perfectly

A type of trojan that enables remote access to a compromised system.

RAT (Remote Access Trojan)

How well did you know this?

Not at all

Perfectly

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network.

Rootkit

How well did you know this?

Not at all

Perfectly

Which attack uses a short list of commonly used passwords tried against a large number of user accounts?

Spraying attack

How well did you know this?

Not at all

Perfectly

The practice of making an unauthorized copy of a payment card.

Cloning

How well did you know this?

Not at all

Perfectly

An AI feature that enables it to accomplish tasks based on training data without explicit human instructions.

ML (machine learning)

How well did you know this?

Not at all

Perfectly

When a hashing algorithm produces the same hash value for two distinct pieces of data.

Hash collision.

How well did you know this?

Not at all

Perfectly

A cryptographic attack that forces a network protocol to revert to its older, less secure version.

Downgrade attack

How well did you know this?

Not at all

Perfectly

A means of restricting access to system resources based on the sensitivity of the information and the clearance of users to access information of such sensitivity.

MAC (Mandatory Access Control)

How well did you know this?

Not at all

Perfectly

Which attack would use this string?:

SELECT * FROM users WHERE userName=’Alice’ AND password =” OR ‘1’=’1’;

SQL injection

How well did you know this?

Not at all

Perfectly

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources.

DLL (dynamic link library)

How well did you know this?

Not at all

Perfectly

A type of application attack that relies on executing a library of code.

DLL injection

How well did you know this?

Not at all

Perfectly

Which type of attack would use these bits of string?:

Administrator)&))
Search.aspx?name=username)(zone=*)

LDAP injection attack

How well did you know this?

Not at all

Perfectly

A vulnerability in which queries are constructed from untrusted input without proper validation or sanitization.

LDAP injection

How well did you know this?

Not at all

Perfectly

A protocol that makes it possible for applications to query user information.

LDAP (lightweight directory access protocol)

How well did you know this?

Not at all

Perfectly

Which type of attack would use this string?

…p@$$w0rd</password></user><user><name>attacker</name></user>

XML injection attack

How well did you know this?

Not at all

Perfectly

A language format that’s commonly used for storing, transmitting, and reconstructing data.

A software- and hardware-independent tool for storing and transporting data.

XML (extensible markup language)

For example:

<note>
<to>Tove</to>
<from>Jani</from>
<heading>Reminder</heading>
<body>Don't forget me this weekend!</body>
</note>

How well did you know this?

Not at all

Perfectly

A category of vulnerabilities where an application doesn't correctly validate/sanitize user input before using it in an XML document or query.

XML injection

A malicious attempt to trick a web application into displaying the contents of a directory other than the one requested by the user and gain access to sensitive files on a server.

Directory traversal attack AKA dot-dot-slash attack

Which type of attack would use these URLs?: http://www.example.com/var/../etc/passwd http://www.example.com/var/www/../../../etc/passwd http://www.example.com/var/www/files/../../../etc/passwd http://www.example.com/var/www/files/images/../../../../etc/passwd

Directory traversal attack AKA dot-dot-slash attack

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application.

Buffer overflow

A situation in which an application writes to an area of memory it's not supposed to have access to.

Buffer overflow

A malfunction in a preprogrammed sequential access to a shared resource.

Race condition

An undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time, but because of the nature of the device or system, the operations must be done in the proper sequence to be done correctly.

Race condition

A vulnerability caused by race conditions.

TOCTOU (time-of-check time-of-use)

A class of software bugs caused by a race condition involving the checking of the state of a part of a system and the use of the results of that check.

TOCTOU (time-of-check time-of-use)

When software checks the state of a resource before using that resource, but the resource's state changes between the check and the use in a way that invalidates the results of the check.

TOCTOU (time-of-check time-of-use)

The average time between system breakdowns.

MTBF (mean time between failures)

The average amount of time a non-repairable asset operates before it fails.

MTTF (mean time to failure)

Which 2 programming aspects are critical to secure application development processes?

Input validation Error and exception handling

A situation in which a web form field accepts data other than expected

Improper input validation

A countermeasure against code injection

Input validation

When an attacker intercepts sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized operations.

Network replay attack

When an attacker steals a valid session ID of a user and resends it to the server with the intent of gaining unauthorized access or tricking the server into unauthorized operations.

Session replay attack

A programming error where an application tries to store a numeric value in a variable that's too small to hold it.

Integer overflow

A type of exploit that allows an attacker to take control over a server and use it as a proxy for unauthorized actions.

SSRF (server side request forgery)

An attack where an attacker executes arbitrary JavaScript within the browser of a victim user.

XSS (cross-site scripting)

An attack where an attacker induces a victim user to perform actions that they do not intend to.

XSRF (cross-site request forgery) AKA CSRF

What enables the exchange of information between computer programs?

API (application programming interface) Most web APIs sit between the application and the web server. The user initiates an API call that tells the application to do something, then the application will use an API to ask the web server to do something.

What is the purpose of a DoS attack?

Resource exhaustion

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required.

Memory leak

SSL stripping is a type of what two attacks?

Downgrade attack On-path attack

An attack performed by a malicious user that leads to a downgrade from an HTTPS secure connection to a less secure encrypted HTTP connection. As a result, the whole web connection is not encrypted anymore.

SSL stripping

An attack where an attacker sits in the center between two stations and can catch and sometimes change the data that is being sent across the organization.

On-path attack MITM attack

An attack that seeks to cause a connection, protocol, or cryptographic algorithm to drop to an older and less secure version.

Downgrade attack AKA version rollback attack AKA bidding-down attack

A software/hardware driver manipulation technique. A cyberattack technique that allows an attacker to alter the external behavior of an application without introducing any changes to the application's code.

Shimming

SDK stands for:

Software development kit

Installing software obtained from a third-party source rather than an official retailer.

Sideloading

A software/hardware driver manipulation technique. The practice of modifying an application's code without changing its external behavior.

Refactoring

The process of a client application submitting a request to an API and that API receiving the requested data from the external server or program and delivering it back to the client.

API call

2 methods that refer to software/hardware driver manipulation techniques.

Refactoring Shimming

A technique that allows an attacker to authenticate to a remote server without extracting cleartext passwords from a digest.

Pass the hash.

The term that refers to a rogue WAP set up for eavesdropping or stealing sensitive user data. This rogue WAP replaces the legitimate access point and by advertising its own presence with the same SSID (network name) appears as a legitimate access point to connecting hosts.

Evil twin

Gaining unauthorized access to a Bluetooth device.

Bluesnarfing

The practice of sending unsolicited messages over Bluetooth.

Bluejacking

A wireless disassociation attack is a type of which 2 attacks?

Deauthentication attack DoS attack

An attack that sends forged deauthentication frames to a WAP or client device, causing the device to disconnect from the network.

Wireless deauthentication attack

An attack that sends forged disassocation frames to a WAP, causing the device to no longer be associated to the WAP. The client can still be authenticated to a previously associated network, and they may send reassociation requests to the network they were disconnected from to resume connection.

Disassociation attack.

Wireless jamming is a type of which attack?

DoS attack

An attack in which an attacker transmits interfering wireless signals to decrease the signal-to-noise ratio at the receiving device.

RF (radio frequency) jamming

An attack in which an attacker sends random bits of data over a network to use up the bandwidth. This attack may happen intermittently, constantly, or by targeting times in which one individual is attempting to communicate.

Wireless jamming

A wireless technology that enables identification and tracking of tags attached to objects.

RFID

A type of identification badge that can be held within a certain distance of a reader device to authenticate its holder.

RFID badge

WTLS stands for

Wireless transport layer security

WAF stands for

Web application firewall

A hardware authentication device used to grant access to a restricted digital asset.

Hard token For example, keys, USB drives, badges, etc.

A digital authentication device used to grant access to a restricted digital asset.

Soft token For example, multi-factor authentication, authenticator apps, clickable authentication links, etc.

RFID is vulnerable to which attack(s)? Spoofing Eavesdropping Data interception Replay attacks DoS attacks All of the above

All of the above

A technology used for contactless payment transactions.

NFC (near field communication)

NFC is vulnerable to which attack(s)? Data interception Replay attacks DoS attacks All of the above

All of the above

Which 2 processes provide randomization during the encryption process?

Salting IV (Initialization Vector)

A binary vector used as the input to initialize the algorithm for encryption to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment. This produces a unique stream independent from other streams produced by the same encryption key.

IV (Initialization Vector)

A type of attack also known as a MITM attack. Attackers place themselves on the communication route between two devices. Attackers intercept or modify packages sent between two communicating devices.

On-path attack

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

ARP poisoning

A network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table.

MAC (Media Access Control) flooding

An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as which 2 names?

MAC spoofing MAC cloning

A technique by which an attacker sends spoofed ARP messages onto a network. This does NOT spoof the IP or MAC address. The attacker merely responds first to the ARP request before the legitimate device is able to.

ARP poisoning

4 examples of layer 2 attacks

MAC cloning ARP poisoning MAC flooding MAC spoofing

A situation in which domain registrants, due to unlawful actions of third parties, lose control over their domain names.

Domain hijacking

A type of network attack where the intruder attempts to disrupt the network's normalcy, modify data, and alter the system resources.

Active attack

A type of network attack where the intruder intercepts data traveling through the network. They eavesdrop, but do not modify the message. (MITM is a type of this network attack.)

Passive attack

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:

Phishing

Which of the following answers refer to smishing? (Select 2 answers) Social engineering Email communication SPIT SPIM Text messaging

Social engineering Text messaging

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

Vishing

A term describing an unsolicited advertising message

Spam Remember that adware causes spam, but adware is NOT the message itself. It is only the software that causes it.

What type of spam relies on text-based communication? Vishing SPIM Bluesnarfing SPIT

SPIM (spam over internet messaging)

Phishing scams targeting a specific group of people

Spear phishing

The practice of sifting through trash for discarded documents containing sensitive data.

Dumpster diving

A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:

Shoulder surfing

Which of the following answers refer to the characteristic features of pharming? (Select 3 answers) Domain hijacking Traffic redirection Fraudulent website Password attack Credential harvesting

Traffic redirection Fraudulent website Credential harvesting Remember that pharming often involves the victim clicking on a link to redirect them to the fraudulent website.

Gaining unauthorized access to restricted areas by following another person

Tailgating

The use of casual conversation to extract non-public information from people without giving them the feeling they're being interrogated.

Elicitation

A type of social engineering attack that involves providing a high and low estimate in order to entice a more specific number

Bracketing

A type of social engineering attack that involves pretending to divulge confidential information in hopes of receiving confidential information in return

Confidential bait

A type of social engineering attack that involves saying something wrong in the hopes that the person will correct the statement with true information

Deliberate false statements AKA Denial of the obvious

A type of social engineering attack that involves pretending to be ignorant of a topic in order to exploit the person’s tendency to educate

Feigned ignorance

A type of social engineering attack that involves using praise to coax a person into providing information

Flattery

Phishing scams targeting people holding high positions in a business

Whaling

Which of the following is used in data URL phishing? Prepending Typosquatting Pretexting Domain hijacking

Prepending

The use of emails to redirect recipients to a fake website and coerce them into divulging sensitive data.

Data URL phishing

Adding something to the beginning of something else. Used when an attacker attaches a trustworthy value like “RE:” or “MAILSAFE: PASSED” to a message in order to make the message appear more trustworthy.

Prepending

Use of a fabricated story to gain a victim's trust and trick or manipulate them into sharing sensitive information, downloading malware, sending money to criminals, or otherwise harming themselves or the organization they work for.

Pretexting

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

Virus hoax

What is the platform for watering hole attacks?

Websites

The internal telephone network of a business or other entity. It manages phone calls internally and externally for an organization.

PBX (Private Branch Exchange) system

A type of email server that protects an organization's or users' internal email servers. It acts as a gateway through which every incoming and outgoing email passes through.

Email gateway

The practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.

URL hijacking AKA typosquatting

An attacker impersonates a company's managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers) Urgency Familiarity Authority Consensus Intimidation Scarcity

Urgency Authority Intimidation Remember that this manager might not be very familiar with the lower ranking employee. Urgency is because the task must be completed same-day. Authority is because the attacker is impersonating the employee's manager. Intimidation is because they threatened the employee with financial loss.

An attacker impersonating a software beta tester replies to a victim's post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers) Authority Intimidation Consensus Scarcity Familiarity Trust Urgency

Scarcity Familiarity Trust Scarcity because it is a closed beta version not available to anyone else Familiarity because this is a person with whom the victim has already interacted with before Trust because the attacker is impersonating a software beta tester

While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario? Scarcity Authority Consensus Intimidation Urgency

Consensus

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

Malware

Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is known as:

Ransomware

A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program. This type of malware might act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.

Trojan horse

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:

Worm

A cyberattack to gain illicit access of elevated rights, permissions, entitlements, or privileges beyond what is assigned for an identity, account, user, or machine. This attack can involve an external threat actor or an insider threat.

Privilege escalation

Spam messages symptomatic of widely-used free instant messaging apps like Messenger, Whatsapp, Viber, Telegram, Skype and WeChat. These spam messages are usually commercial-type spam but can contain malware and spyware.

SPIM (spam over instant messaging)

Unsolicited bulk messages broadcast over VoIP (Voice over Internet Protocol) to phones connected to the Internet.

SPIT (spam over internet telephony) AKA vam (voice/VoIP spam)

What is a PUP (Potentially Unwanted Program)? (Select 3 answers.) Not explicitly classified as malware by AV software An app downloaded and installed w/out the user's consent (illegal app) A type of software that may adversely affect the computer's security and performance, compromise user's privacy, or display unsolicited ads An app downloaded and installed with the user's consent (legal app) Explicitly classified as malware by AV software A type of free, utility software often bundled with a paid app

Not explicitly classified as malware by AV software A type of software that may adversely affect the computer's security and performance, compromise user's privacy, or display unsolicited ads An app downloaded and installed w/ the user's consent

A type of free, utility software often bundled with a paid app

Bloatware

A malware-infected network host under remote control of a hacker is commonly referred to as:

Bot

A private network similar to an intranet, but typically open to external parties, such as business partners, suppliers, key customers, etc.

Extranet

A private network contained within an enterprise that is used to securely share company information and computing resources among employees.

Intranet

A network set up to catch a hacker's attention. It's designed to look, feel, and act just like a network packed tight with valuable resources. But it also contains plenty of monitoring tools.

Honeynet

A keylogger is an example of what type of malware?

Spyware

Malicious software collecting info about users w/out their knowledge/consent is known as:

Spyware

A type of service that, through a joint digital channel, enables users to plan, book, and pay for multiple types of mobility services. The concept describes a shift away from personally-owned modes of transportation and towards mobility provided as a service.

MaaS (Mobility as a Service)

An undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system

Backdoor

Which password attack bypasses account-lockout policies? Birthday Spraying Dictionary Replay

Spraying attack

T/F: One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline.

True

T/F: Rainbow tables are lookup tables used to speed up the process of password guessing.

True

What are the contents of a rainbow table entry?

Hash/Password

Due to added functionality in its plug, malicious USB cables can be used for: GPS tracking Capturing keystrokes Sending and receiving commands Delivering and executing malware Any of the above

Any of the above

Theft of personal data from a payment card is known as:

Skimming

A technique in which an attacker moves from one compromised system to the next in a network.

Pivoting

The process of unlocking or jailbreaking a device, such as a smartphone or tablet.

Rooting

RAD stands for

Rapid Application Development

A cryptographic attack that relies on the concepts of probability theory

Birthday

A type of attack where the attacker has an access to the ciphertext and its corresponding plaintext (crib). His goal is to guess the secret key (or a number of secret keys) or to develop an algorithm which would allow him to decrypt any further messages.

KPA (known-plaintext attack)

AAA stands for

Authentication, Authorization, Accounting

T/F: A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.

False A hash collision is where 2 different data inputs have the same hash

A situation where a cryptographic hash function produces the same message digest for two distinct data inputs.

Hash collision

A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:

Downgrade attack

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply) System/application vulnerability Principle of least authority Social engineering techniques MAC (Mandatory Access Control) System/application misconfiguration

System/application vulnerability Social engineering techniques System/application misconfiguration Remember that Mandatory Access Control and principle of least authority are both ways to PREVENT a privilege escalation attack.

Which of the following answers can be used to describe characteristics of a cross-site scripting attack? (Select 3 answers) Exploits the trust a user's web browser has in a website A malicious script is injected into a trusted website User's browser executes the attacker's script Exploits the trust a website has in the user's web browser A user is tricked by an attacker into submitting unauthorized web requests Website executes attacker's requests

Exploits the trust a user's web browser has in a website A malicious script is injected into a trusted website User's browser executes the attacker's script

Which of the following indicates an SQL injection attack attempt? DELETE FROM itemDB WHERE itemID = '1'; SELECT * FROM users WHERE userName = 'Alice' AND password = '' OR '1' = '1'; DROP TABLE itemDB; SELECT * FROM users WHERE email = 'example@example.com' AND password = '';

SELECT * FROM users WHERE userName = 'Alice' AND password = '' OR '1' = '1';

Which of the following fragments of input might indicate an LDAP injection attack attempt? (Select 2 answers) ... AND password = '' OR '1' = '1'; administrator)(&)) ... search.aspx?name=userName)(zone=*) ... p@$$w0rdattacker ....

administrator)(&)) search.aspx?name=userName)(zone=*)

Which of the following fragments of input might indicate an XML injection attack attempt? ... search.aspx?name=userName)(zone=*) ... p@$$w0rdattacker .... administrator)(&)) ... AND password = '' OR '1' = '1';

... p@$$w0rdattacker ....

An attempt to read a variable value from an invalid memory address?

Null-pointer deference

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:

Buffer overflow

A type of attack in which the attacker uses mathematical algorithms to predict the IV in encryption. Once the IV is known, the attacker can use it to decrypt encrypted messages.

IV attack

An automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities. A tool injects these inputs into the system and then monitors for exceptions such as crashes or information leakage.

Fuzz test

A malfunction in a preprogrammed sequential access to a shared resource is described as:

Race condition

The process of reorganizing data in a database so that it meets two basic requirements: There is no redundancy of data, all data is stored in only one place.

Normalization

Which of the following are the characteristic features of a session ID? (Select 3 answers) Stored on a server A unique identifier assigned by the website to a specific user Contains user's authentication credentials, e.g. username and password A piece of data that can be stored in a cookie, or embedded as an URL parameter Stored in a visitor’s browser A unique identifier assigned to a server

A unique identifier assigned by the website to a specific user A piece of data that can be stored in a cookie, or embedded as a URL parameter Stored in a visitor's browser

Which type of exploit allows an attacker to take control over a server and use it as a proxy for unauthorized actions?

SSRF (Server-side request forgery)

Which of the following answers can be used to describe characteristics of a cross-site request forgery attack? (Select 3 answers) Exploits the trust a website has in the user's web browser A user is tricked by an attacker into submitting unauthorized web requests Website executes attacker's requests Exploits the trust a user's web browser has in a website A malicious script is injected into a trusted website User's browser executes attacker's script

Exploits the trust a website has in the user's web browser A user is tricked by an attacker into submitting unauthorized web requests Website executes attacker's requests

T/F: In an on-path attack, attackers generate forged packets and inject them in the network.

False A MITM attack is AKA eavesdropping attack. It does not involve forging new data.

SDN stands for

Software-Defined Networking

An approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network.

SDN (Software-Defined Networking)

PED stands for

Portable electronic device

The process of hiding original data with modified content such as characters or other data

Obfuscation

The process of hiding original data with modified content such as characters or other data

Obfuscation

A type of network attack which involves the attacker injecting their own forged packets into the data stream.

Packet injection attack

APT stands for

Active Persistent Threat

Remapping a domain name to a rogue IP address is what kind of exploit?

DNS poisoning

URL redirection is a characteristic feature of what kind of attack?

Pharming

Which has the biggest impact on domain reputation? Domain age Missing SSL certificate Derivative content Bounce rate Distribution of spam

Distribution of spam

What is the most common form of DDoS attack?

Network-based

Which type of DDoS attack uses IoT devices as bots to carry out the attack?

IoT-based

OT stands for

Operational Technology

The use of hardware and software to monitor and control physical processes, devices, and infrastructure.

OT (Operational Technology)

Robots, industrial control systems (ICS), Supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and computer numerical control (CNC) are examples of what?

OT (Operational Technology)

Which type of DDoS attack industrial equipment and infrastructure?

Which type of DDoS attack targets application services such as web servers and application firewalls?

Application

ATT&CK stands for

Adversarial Tactics, Techniques, and Common Knowledge

A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

ATT&CK

IoC stands for

Indicators of Compromise

During a cybersecurity incident, the digital breadcrumbs that reveal that an attack has occurred, what tools were used in the attack, and who's behind it.

IoC (Indicators of Compromise)

Microsoft PowerShell script file extension

.ps1

A filename extension used in a cross-platform, general-purpose programming language?

.py (Python programming language)

A filename extension for a UNIX shell executable file.

.sh

A filename extension for a Microsoft Visual Basic file

.vbs

A filename extension for a batch file

.bat

DOM stands for

Document Object Model

An application programming interface (API) for HTML and XML documents. It defines the logical structure of documents and the way a document is accessed and manipulated. It connects web pages to scripts or programming languages by representing the structure of a document in memory. It represents a document with a logical tree. Each branch of the tree ends in a node, and each node contains objects. With them, you can change the document's structure, style, or content.

DOM (Document Object Model)

VBA stands for

Visual Basic for Applications

Which of the following enables running macros in Microsoft Office applications?

VBA (Visual Basic for Applications)

A computer programming language developed and owned by Microsoft. Used to create macros to automate repetitive word- and data-processing functions, and generate custom forms, graphs, and reports.

VBA (Visual Basic for Applications)

A filename extension for JavaScript file

.js

A filename extension for a source code file created in Visual Basic language

.vb

Which statements best describe the attributes of an APT? (Select 3 answers) Lack of extensive resources/funding High level of technical sophistication Extensive amount of resources/funding Threat actors are individuals Low level of technical sophistication Typically funded by governments/nation states

High level of technical sophistication Extensive amount of resources/funding Typically funded by governments/nation states

A disgruntled employee abusing legitimate access to a company's internal resources is called

Insider threat

A person who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own.

Script kiddie

Hackers that use their technical skills to defraud and blackmail others.

Black hat

Hackers that use their technical skills to protect the world from bad hackers.

White hat

Hackers that use their technical skills with good intentions, but do not take the ethical route. They may penetrate networks to look for vulnerabilities without your consent, but do not cause harm.

Gray hat

Hackers that use their technical skills with good intentions, but use extreme and sometimes illegal routes to achieve their goals. They deploy dangerous cyber attacks against black hat hackers.

Red hat

Hackers that work as security professionals outside the organization. They are invited to test new software and find vulnerabilities. They perform penetration testing without causing damage.

Blue hat

Hackers that are still learning about techniques and programming. This type is different from a script kiddie because this type of hacker works hard to continue to learn and develop skills.

Green hat

Which of the following statements does not match a typical description of nation states or state-funded groups identified as threat actors? Political or economic motivation High level of technical sophistication Advanced Persistent Threat (APT) High level of resources/funding Typically classified as an internal threat

Typically classified as an internal threat

A person who breaks into a computer network or system for a politically or socially motivated purpose is usually described as a(n):

Hacktivist

Which statements best describe the attributes of a script kiddie? (Select 2 answers) Motivated by money Low level of technical sophistication Motivated by ideology High level of technical sophistication Lack of extensive resources/funding

Low level of technical sophistication Lack of extensive resoruces/funding

Threat actors whose sole intent behind breaking into a computer system or network is monetary gain

Criminal syndicates

People or groups who use their technology skills to facilitate hacking, sabotage, theft, misinformation and other operations on behalf of a country. They are state-sponsored.

Nation-state threat actors

A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time. Usually done to steal data.

APT (Advanced Persistent Threat)

Which types of hacking are authorized? (Select 2) Black hat Gray hat White hat Blue hat Green hta

White hat Blue hat

Which types of hacking are unauthorized? Gray hat White hat Black hat Blue hat

Black hat

Which type of hacking is semi-authorized? Blue hat Black hat Gray hat White hat

Gray hat

Software and hardware used w/in an organization, but outside of the organization's official IT infrastructure.

Shadow IT

Threat actors that engage in illegal activities to get the know-how and gain market advantage?

Competitors

Any combination of persons or enterprises engaging, or having the purpose of engaging, on a continuing basis in conduct that violates one or more provisions of a felony statute of a United States jurisdiction.

Criminal syndicate

Which of the following answers does not relate to a direct access threat vector? Malicious USB cable Backdoor Malicious URL Lack of physical security controls Malicious flash drive

Malicious URL

Which of the following answers refer(s) to wireless threat vector(s)? (Select all that apply) Network protocol vulnerabilities (WEP/WPA) Rogue AP / Evil twin Default security configurations Malicious email attachments Vulnerabilities in network security standards (WPS)

Network protocol vulnerabilities (WEP/WPA) Rogue AP/ evil twin Default security configurations Vulnerabilities in network security standards (WPS)

WEP stands for

Wired Equivalent Privacy It's a sucky security protocol.

WPA stands for

Wi-Fi Protected Access More secure than WEP

WPS stands for

Wi-Fi Protected Setup A feature supplied with many routers. It is designed to make the process of connecting to a secure wireless network from a computer or other device easier. It makes routers extremely vulnerable to cyberattacks.

A type of attack vector where the attacker gains physical access to a computer and performs malicious actions.

Direct access attack vector

Which of the following enables client-side URL redirection? host hosts hostname localhost

hosts