Threats,Attacks, and Vulnerabilities Flashcards
You have noticed some unusual network traffic outbound from a certain host. The host is communicating with a known malicious server over port 443 using an encrypted TLS tunnel. You ran a full system anti-virus scan of the host with an updated anti-virus signature file, but the anti-virus did not find any infection signs. Which of the following has MOST likely occurred?
A. Session Hijacking
B. Password Spraying
C. Zero Day Attack
D. Directory Traversal
C. Zero Day Attack
Which of the following types of attacks are usually used as part of an on-path attack?
A. Spoofing
B. Tailgating
C. Brute Force
D. DDOS
Spoofing
You have just received a phishing email disguised to look like it came from support@diontraining.com asking you to send your username and password because your account has been locked out due to inactivity. Which of the following social engineering principles is being used in this email?
A. Intimidation
B. Trust
C. Urgency
D. Consensus
B. Trust
Several users have contacted the help desk to report that they received an email from a well-known bank stating that their accounts have been compromised and they need to “click here” to reset their banking password. Some of these users are not even customers of this particular bank, though. Which of the following social engineering principles is being utilized as a part of this phishing campaign?
A. Intimidation
B. Familiarity
C. Urgency
D. Consensus
B. Familiarity
The management at Steven’s work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network?
A. A physical Survey
B. Reviewing central admin tool like an endpoint manager
C. A directory scan using port scanner
D. Router and switch based MAC address reporting
D. Router and switch based MAC address reporting
A cybersecurity analyst from BigCorp contacts your company to notify them that several of your computers were seen attempting to create a denial of service condition against their servers. They believe your company has become infected with malware, and those machines were part of a larger botnet. Which of the following BEST describes your company’s infected computers?
A. Monster
B. Bugs
C. Zombie
D. Zero Day
C.Zombie
A penetration tester hired by a bank began searching for the bank’s IP ranges by performing lookups on the bank’s DNS servers, reading news articles online about the bank, monitoring what times the bank’s employees came into and left work, searching job postings (with a special focus on the bank’s information technology jobs), and even searching the corporate office of the bank’s dumpster. Based on this description, what portion of the penetration test is being conducted?
A. Vulnerability Assessment
B. Active Information Gathering
C. Passive Information Gathering
D. Information Reporting
C. Passive Information Gathering
A cybersecurity analyst is reviewing the logs of a Citrix NetScaler Gateway running on a FreeBSD 8.4 server and saw the following output:
A. Password Spraying
B. Directory Traversal
C. SQL Injection
D. XML Injection
B. Directory Traversal
OBJ-1.3: A directory traversal attack aims to access files and directories stored outside the webroot folder. By manipulating variables or URLs that reference files with “dot-dot-slash (../)” sequences and its variations or using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code or configuration and critical system files. The example output provided comes from a remote code execution vulnerability being exploited in which a directory traversal is used to access the files. XML Injection is an attack technique used to manipulate or compromise an XML application or service’s logic. SQL injection is the placement of malicious code in SQL statements via web page input. Password spraying attempts to crack various users’ passwords by attempting a compromised password against multiple user accounts.
A cybersecurity analyst is preparing to run a vulnerability scan on a dedicated Apache server that will be moved into a DMZ. Which of the following vulnerability scans is most likely to provide valuable information to the analyst?
A. Network Vulnerability Scan
B. Web Application Vulnerability Scan
C. Port Scan
D. Database Vulnerability Scan
B. Web Application Vulnerability Scan
(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.)
A. SYN Flood
B. Ping Flood
C. Smurf Attack
D. DDoS
A.Syn Flood
(Sample Simulation – On the real exam for this type of question, you might receive a list of attack vectors and targets. Based on these, you would select the type of attack that occurred.) (1) An attacker has been collecting credit card details by calling victims and using false pretexts to trick them. (2) An attacker sends out to 100,000 random email addresses. In the email the attacker sent, it claims that “Your Bank of America account is locked out. Please click here to reset your password.” What types of attacks have occurred in (1) and (2)?
A. (1)Vishing and (2)Phishing
B. (1)Pharming and (2)Phishing
C. (1)Spearphishing and (2)Pharming
D. (1)Hoax and (2)Spearphishing
A. (1)Vishing and (2)Phishing
Which of the following is exploited by an SQL injection to give the attacker access to a database?
A. Web Application
B. Database Server
C. OS
D. Firewall
A. Web Application
A computer is infected with malware that has infected the Windows kernel to hide. Which type of malware MOST likely infected this computer?
A. Rootkit
B. Botnet
C. Trojan
D. Ransomeware
A.Rootkit
You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the attack’s target?
A.3389
B.389
C.21
D.443
D.443
Which of the following best describes the type of attack shown?
A. Smurf
B. Man in the Middle
C. Xmas Tree Attack
D. Ping of Death
A. Smurf
OBJ-1.4: A smurf attack uses a single ping with a spoofed source address sent to the broadcast address of a network. This causes every device within the network to receive a single ping, which appears to come from the device with the spoofed source address. Each network device then responds to the spoofed address, causing the victim (whose address was spoofed) to be overwhelmed with the responses to the initial ping.
What kind of attack is an example of IP spoofing?
A. Cross Site Scripting
B. ARP Poisoning
C. On Path Attack
D. SQL Injection
C. On Path Attack
A salesperson’s laptop has become unresponsive after attempting to open a PDF in their email. A cybersecurity analyst reviews the IDS and anti-virus software for any alerts or unusual behavior but finds nothing suspicious. Which of the following threats would BEST classify this scenario?
A. Zero Day Malware
B. PII Exfiltration
C. RAT
D. Ping of Death
A. Zero Day Malware
An organization is conducting a cybersecurity training exercise. What team is Jason assigned to if he has been asked to monitor and manage the defenders’ and attackers’ technical environment during the exercise?
A. Red Team
B. Purple Team
C. Blue Team
D. White Team
D. White Team
Praveen is currently investigating activity from an attacker who compromised a host on the network. The individual appears to have used credentials belonging to a janitor. After breaching the system, the attacker entered some unrecognized commands with very long text strings and then began using the sudo command to carry out actions. What type of attack has just taken place?
A. Session Hijacking
B. Phishing
C. Privilege Escalation
D. Social Engineering
C. Privilege Escalation
In 2014, Apple’s implementation of SSL had a severe vulnerability that, when exploited, allowed an attacker to gain a privileged network position that would allow them to capture or modify data in an SSL/TLS session. This was caused by poor programming in which a failed check of the connection would exit the function too early. Based on this description, what is this an example of?
A. Insufficient Logging and Monitoring
B. Insecure Object Reference
C. Improper Error Handling
D. Use of Insecure Functions
C. Improper Error Handling
Dion Training is hiring a penetration testing firm to conduct an assessment of its corporate network. As part of the contract, the company has specified that it will not provide any network details to the penetration testing firm. Instead, the company wants to see how much information about the network can be found by the penetration testers using open-source research and scanning the corporate network. What type of assessment is this considered?
A. Known environment testing
B. Semi trusted environment testing
C. Unknown environment testing
D. Partially Known environment testing
C. Unknown environment testing
You are conducting a code review of a program and observe the following calculation of 0xffffffff + 1 was attempted, but the result was returned as 0x0000000. Based on this, what type of exploit could be created against this program?
A. Impersonation
B. SQL Injection
C. Password Spraying
D. Integer Overflow Attack
D. Integer Overflow Attack
You just received a notification that your company’s email servers have been blocklisted due to reports of spam originating from your domain. What information do you need to start investigating the source of the spam emails?
A. Network flows for the DMZ containing the email servers
B. The full email header from one of the spam messages
C. Firewall logs showing the SMTP connection
D. The SMTP audit log from his company’s email server
B. The full email header from one of the spam messages
Your intrusion detection system has produced an alert based on its review of a series of network packets. After analysis, it is determined that the network packets did not contain any malicious activity. How should you classify this alert?
A. True Negative
B. True Positive
C. False Positive
D. False Negative
C. False Positive