Test 7 Flashcards
Exploiting known vulnerability is a common threat vector for:
Unsupported systems/apps
A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is called:
WPS
Which of the wireless technologies listed below are considered potential threat vectors and should be avoided due to their known vulnerabilities? (Select all that apply)
WPS
WPA
WPA2
WEP
The term “Evil twin” refers to a rogue WAP set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate AP and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate AP to connecting hosts.
True
Which of the following answers refers to a threat vector characteristic only to wired networks?
Cable tapping
Examples of threat vectors related to Bluetooth communication include: bluesmacking (a type of DoS attack that targets Bluetooth devices by overwhelming them with excessive traffic), bluejacking (the practice of sending unsolicited messages or data to a Bluetooth-enabled device), bluesnarfing (gaining unauthorized access to a Bluetooth device and data theft), and bluebugging (gaining remote control over a Bluetooth device).
True
Which of the answers listed below refers to the most probable cause of an unauthorized access caused by the exploitation of a specific network entry point?
Open service ports
The importance of changing default usernames and passwords can be illustrated by the example of certain network devices (such as routers), which are often shipped with default and well-known admin credentials that can be looked up on the web.
True
Which of the following would be the best solution for a company that needs IT services but lacks any IT personnel?
MSP
Which of the terms listed below refers to a third-party vendor offering IT security management services? (Select best answer)
MSSP
Which of the following answers refer to common threat vectors that apply to MSPs, vendors, and suppliers in the supply chain? (Select 2 answers)
Propagation of malware
Social engineering techniques
A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:
Phishing
Which social engineering attack relies on identity theft?
Impersonation
A BEC attack is an example of:
Phishing
Which of the answers listed below refers to a social engineering technique where an attacker creates a false scenario or situation to deceive the victim into revealing sensitive information?
Pretexting