Threat & Vulnerabilities

Question 1

Person or event with the potential to have an impact on a valuable resource

Answer 1

Threat

Question 2

Flaw or weakness within a system that can be exploited. Quality within a resource or its environment that might allow a threat to be realized

Answer 2

Vulnerability

Question 3

The likelihood of a threat exploiting a vulnerability

Answer 3

Risk

Question 3

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption, and destruction

Answer 3

Information Security

Question 4

Threat that originates within the organization

Answer 4

Internal / Insider Threat

Question 4

The act of protecting the systems that hold and process critical data, the device holding the data

Answer 4

Information System Security

Question 5

CIA Triad

Answer 5

Confidentiality
Integrity
Availability

Question 5

Threats that are external to an organization

Answer 5

External Threat

Question 6

List of publicly disclosed computer security weaknesses

Answer 6

CVE (Common Vulnerabilities and Exposure)

Question 7

Vulnerability that is discovered or exploited before the vendor can issue a patch to fix it

Answer 7

Zero-day vulnerability

Question 8

Software code that takes advantage of a security flaw or vulnerability

Answer 8

Exploit

Question 9

Confidentiality protections such as looked doors, fences, security guards, security cameras, and safes are examples of what type of protection?

Answer 9

Physical protections

Question 10

Confidentiality protections such as encryption, passwords, firewalls, and MFA are examples of what type of protection?

Answer 10

Electronic protections

Question 11

2 best methods for integrity

Answer 11

1) Hashing
2) Checksums

Question 12

A file goes through a one way encryption algorithm that gives a unique digital fingerprint to the file

Answer 12

Hashing

Question 13

Occurs when the data is modified during storage, at rest, or transit.

Answer 13

Failure of integrity

Question 14

Having good backup strategies and disaster recovery plans ensure which one of the CIA triad?

Answer 14

Availability

Question 15

3 main things to remember when regarding CIA triad

Answer 15

Confidentiality – Encryption (like WPA2)
Integrity – Hashing (like MD5, SHA-1)
Accessibility – Redundancy & reliability

Question 16

System that is not on the baseline of what is approved by the organization.
(Configuration baseline is a set of recommendations for deploying a computer in a hardened configuration)
System that is not compliant in the configuration baseline.

Answer 16

Non-compliant System

Question 17

5 main vulnerabilities to network and systems

Answer 17

1) Non-compliant systems
2) Unpatched systems
3) Unprotected systems
4) EOL (End-of-Life) OSs
5) BYOD (Bring your own device)

Question 18

An attack that attempts to make a computer or server’s resources unavailable

Answer 18

Denial of Service (DoS)

Question 19

Specialized type of DoS attack that attempts to send more packets to a server or host

Answer 19

Flood attack

Question 20

Type of flood DoS attack that happens when too many pings (IMCP echo) are being sent

Answer 20

Ping Flood

Question 21

Type of flood DoS attack where the attacker initiates multiple TCP sessions but never completes the three-way handshake

Answer 21

SYN Flood

Question 22

3 ways to prevent DoS attacks

Answer 22

1) Flood Guards
2) Time Outs
3) Intrusion Prevention

Question 23

Type of DoS attack that exploits a security flaw to permanently break a networking device by reflashing its firmware

Answer 23

Permanent Denial of Service (PDoS)

Question 24

Attack that creates a large number of processes to use up the available processing power of a computer

Answer 24

Fork Bomb

Question 25

Uses lots of machines to attack a server to create a DoS

Answer 25

Distributed Denial of Service (DDoS)

Question 26

Type of DDoS attack that allows an attacker to send packets to flood the victim’s website to initiate DNS requests

Answer 26

DNS Amplification

Question 27

A way to prevent a DoS attack that identifies attacking IP addresses and routes them to a non-existent server through the null interface

Answer 27

Blackhole/Sinkhole

Question 28

A way to prevent a DoS attack that identifies and responds to small-scale DoS attacks

Answer 28

Intrusion Prevention

Question 29

A way to prevent a DDoS attack that scales up when demand increases

Answer 29

Elastic Cloud Infrastructure
(companies such as Cloudflare and Akamai)

Question 30

3 main spoofing attacks

Answer 30

1) IP spoofing
2) MAC spoofing
3) ARP spoofing

Question 31

Attack that occurs when an attacker masquerades as another person by falsifying their identity electronically

Answer 31

Spoofing

Question 32

Spoof that modifies the source address of an IP packet to hide the identity of the sender or impersonate another client

Answer 32

IP spoofing

Question 33

What layer of the OSI model is IP spoofing apart of?

Answer 33

Layer 3

Question 34

What layer of the OSI model is MAC spoofing apart of?

Answer 34

Layer 2

Question 35

Attacker changes the MAC address to pretend the use of a different network interface card or device

Answer 35

MAC spoofing

Question 36

Relies on a list of all known and authorized MAC addresses

Answer 36

MAC Filtering

Question 37

Command to spoof a MAC address

Answer 37

sudo ifconfig en0 ether <MAC></MAC>

Question 38

Type of spoof attack where the attacker sends falsified ARP messages over a local area network

Answer 38

ARP spoofing

Question 39

Occurs when an attacker puts themself between the victim and the intended destination

Answer 39

On-Path attack

Question 40

Ways to produce an On-Path attack

Answer 40

1) ARP poisoning
2) DNS poisoning
3) Introducing a rogue WAP (Wireless access point)
4) Introducing rogue hub/switch

Question 41

During an on-path attack happens, occurs when valid data is captured by the attacker and is then repeated immediately, or delayed, and the repeated

Answer 41

Replay

Question 42

During an on-path attack happens, occurs when the attacker inserts themself between the two hosts

Answer 42

Relay

Question 43

Occurs when an attacker tricks the encryption application into presenting the user with an HTTP connection instead of an HTTPS connection (to bypass secure encryption)

Answer 43

SSL Stripping

Question 44

Occurs when an attacker attempts to have a client or server abandon a higher security mode in favor of a lower security mode

Answer 44

Downgrade attack

Question 45

SQL stand for

Answer 45

Structured Query Language

Question 46

An attack consisting of the insertion or injection of an SQL query via input data from the client to a web application

Answer 46

SQL Injection

Question 47

Insertion of additional information or code through data input from a client to an application

Answer 47

Injection attack

Question 48

4 Common types of Injection attacks

Answer 48

1) SQL (most common)
2) HTML
3) XML
4) LDAP

Question 49

Example of SQL injection (returns value of True)

Answer 49

Typical:
username: Jason
password: pass123

SQL Injection
username: Jason
password: ‘OR 1=1;

Question 50

How can SQL injection be prevented? (2)

Answer 50

1) Input validation
2) Least privilege

Question 51

Attack occurs when an attacker embeds malicious scripting commands on a trusted website

Answer 51

Cross-Site Scripting (XSS)

Question 52

3 types of Cross-Site Scripting (XSS) attacks

Answer 52

1) Stored/Persistent
2) Reflected
3) DOM-based

Question 53

Type of XXS attack that attempts to get data provided by the attacker to be saved on the web server by the victim

Answer 53

Stored/Persistent

Question 54

Type of XXS attack that attempts to have a non-persistent effect activated by a victim clicking a link on the site

Answer 54

Reflected

Question 55

Type of XXS attack that attempts to exploit the victim’s web browser

Answer 55

Document Object Model (DOM)-based

Question 56

How to prevent XSS attacks? (2)

Answer 56

1) Output encoding
2) Proper input validation

Question 57

Attack that occurs when an attacker forces the user to execute actions on a web server for which they are already authenticated

Answer 57

Cross-Site Request Forgery (XSRF/CSRF)

Question 58

How to prevent XSRF? (4)

Answer 58

1) Tokens
2) Encryption
3) XML file scanning
4) Cookie verification

Question 59

Tool used to test the strength of passwords to ensure password policies are being followed properly

Answer 59

Password Analysis tool

Question 60

Uses comparative analysis to break passwords and systematically continues guessing until the password is determined

Answer 60

Password Cracker

Question 61

2 most well know password crackers

Answer 61

1) Cain & Abel
2) John the Ripper

Question 62

4 types of password cracking methods

Answer 62

1) Password Guessing
2) Dictionary Attack
3) Brute-force Attack
4) Cryptanalysis Attack

Question 63

Type of password cracking attack that occurs when a weak password is simply figured out by a person

Answer 63

Password Guessing

Question 64

Type of password cracking attack method where a program attempts to guess the password by using a list of possible passwords (lots common passwords)

Answer 64

Dictionary Attack

Question 65

Type of password cracking attack method where a program attempts to try every possible combination until it cracks the password (counts from 000 to 001 to 002)

Answer 65

Brute-Force attack

Question 66

Type of password cracking attack that compares a precomputed encrypted password to a value in a lookup table / rainbow table

Answer 66

Cryptanalysis Attack

Question 67

(No longer included in exam)
Type of password cracking attack that attempts to crack a password by threatening or causing a person physical harm in order to make them tell you the password

Answer 67

Rubber Hose Attack

Question 68

An employee or other trusted insider who uses their authorized network access in unauthorized ways to harm the company

Answer 68

Insider Threat

Question 69

A specific type of malware that is tied to either a logical event or a specific time (like entering a code every 24 hours)

Answer 69

Logic Bomb

Question 70

Which type of threat actor can accidentally or inadvertently cause a security incident in your organization?

a) Hacktivist
b) Insider threat
c) Organized Crime
d) APT (advanced persistent threats)

Answer 70

b) Insider threat

Question 70

Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization’s database?

a) SQL injection
b) Cross-site scripting
c) Buffer overflow
d) Denial of Service

Answer 70

a) SQL injection

*SQL injection is a type of attack where malicious SQL code is inserted into a web application’s input fields, such as search boxes or login forms, in order to manipulate the database. If the application does not properly validate or sanitize user input, the attacker could exploit this vulnerability to: Retrieve unauthorized data from the database.
Expose sensitive information such as passwords, personal details, or other confidential records. Potentially modify or delete data, depending on the severity of the vulnerability. This attack directly targets the database and could lead to inadvertent disclosure of sensitive information, especially if the attacker successfully exploits the vulnerability to retrieve private or restricted data.

Why the other attacks are less likely for inadvertent disclosure:
b) Cross-site scripting (XSS): XSS attacks primarily target the users of a website, not the database. They allow attackers to inject malicious scripts into web pages viewed by other users, which could lead to the theft of cookies or session tokens, but not necessarily database information.

c) Buffer overflow: This attack generally targets vulnerabilities in a program’s memory and can lead to crashes or code execution on the system. While it can be dangerous, its primary goal is not to retrieve data from a database.

d) Denial of Service (DoS): A DoS attack seeks to make a system or service unavailable by overwhelming it with traffic or requests. It does not aim to extract or disclose information from a database but rather to disrupt services.*

Question 70

Tony works for a company as a cybersecurity analyst. His company runs a website that allows public postings. Recently, users have started complaining about the website having pop-up messages asking for their username and password. Simultaneously, your security team has noticed a large increase in the number of compromised user accounts on the system. What type of attack is most likely the cause of both of these events?

a) SQL injection
b) Rootkit
c) Cross-Site request forgery
d) Cross-Site scripting

Answer 70

d) Cross-Site scripting