Threats, Attacks and Vulnerabilities Flashcards
Which of the following terms best describes a type of software that disguises itself as legitimate software but contains malicious code that can compromise the security of a system?
A) malware
B) Ransomware
C) adware
D) firewall
Malware
short for malicious software, is software designed to infiltrate or damage computer systems while often appearing as legitimate software. It includes various types such as viruses, trojans, and spyware.
An attacker poses as a delivery person, carrying a package for a company, and convinces an employee to let them into the building. Once inside, the attacker gains unauthorized access to the company’s network. What type of social engineering technique is this?
A) tailgating
B) pretexting
C) phishing
D) vishing
Tailgating
also known as piggybacking, involves an attacker following an authorized person into a secure area by appearing as if they belong there.
Threat actors, who is motivated by financial gain and often uses malicious software to encrypt a victim’s data and demand a ransom is typically referred to as?
A) a hacktivist
B) a script kiddie
C) a cybercriminal
D) a nation-state actor
A cybercriminal
are motivated by financial gain and commonly use ransomware to demand payments from victims.
Which attack involves flooding a network with ICMP echo request packets sent to a broadcast address?
A) syn flood
B) smurf attack
C) DDoS attack
D) DNS amplification attack
Smurf attack
sends ICMP echo request packets to a network’s broadcast address, causing a flood of replies to the victim’s IP.
Which of the following best describes the concept of a “zero-day vulnerability”?
A) a vulnerability that has been in existence for zero days
B) a vulnerability that has been exploited for zero days
C) a vulnerability that is unknown to the software vendor and has no available patch
D) a vulnerability that is at the lowest risk level
A vulnerability that is unknown to the software vendor and has no available patch
What is a common characteristic of a “man-in-the-middle” (MitM) attack?
A) the attacker intercepts and alters data between two parties without their knowledge
B) the attacker floods a network with excessive traffic to overwhelm it
C) the attacker disguises malicious code as legitimate software
D) the attacker gains unauthorized access to a system using stolen credentials
The attacker intercepts and alters data between two parties without their knowledge
An employee receives an email from what appears to be their company’s IT department. The email requests that the employee reset their email password due to a security breach. The email contains a link to a login page. What kind of threat is the employee facing?
A) phishing attack
B) insider threat
C) man-in-the-middle
D) ransomware attack
Phishing attack
This scenario describes a phishing attack. Phishing is a type of attack where attackers impersonate trusted entities to trick individuals into revealing sensitive information, often by luring them to fake login pages.
A security administrator has noticed several unauthorized access attempts to the organization’s internal systems. These attempts are often based on trying common username and password combinations. Which type of attack does this scenario most likely describe?
A) SQL injection attack
B) brute-force attack
C) DDoS attack
D) cross-site scripting (XSS) attack
Brute-force attack
The scenario describes a brute-force attack where an attacker attempts to gain access by trying many possible username and password combinations. This is a common method used to crack passwords.
A company’s network administrator has discovered a new piece of software running on one of the company’s servers. The software was not installed by the IT department and is not part of the approved software list. What type of threat is this scenario indicating?
A) insider threat
B) ransomware attack
C) trojan horse
D) spear-phishing attack
Trojan horse
This scenario suggests the presence of a Trojan horse, which is a type of malware that disguises itself as legitimate software but has malicious intent. It is often installed by an attacker.
Which attack aims to manipulate a website to redirect users to a fraudulent site that appears legitimate to steal their information?
A) SQL injection
B) cross-site scripting (XSS)
C) DNS spoofing
D) URL hijacking
DNS spoofing
DNS spoofing manipulates the DNS records to redirect users to a fraudulent site, typically appearing legitimate, intending to steal their information.
An employee has lost their company-issued smartphone, and it contained sensitive corporate data. What kind of threat does this scenario illustrate?
A) phishing attack
B) insider threat
C) physical security breach
D) ransomware attack
Physical security breach
The scenario illustrates a physical security breach where the loss of a device (in this case, a smartphone) leads to the potential exposure of sensitive data.
A network administrator has implemented a firewall rule that allows only specific incoming traffic from trusted IP addresses and denies all other incoming traffic. What security principle does this rule exemplify?
A) principle of least privilege
B) defense in depth
C) zero trust
D) security by design
Principle of least privilege
The firewall rule aligns with the principle of least privilege, where access is restricted to only what is necessary for users or systems to perform their functions.
An organization has implemented a policy that requires regular patching of software and systems to address known vulnerabilities. What security practice does this policy reflect?
A) security through obscurity
B) vulnerability management
C) least privilege
D) zero-day exploitation
Vulnerability management
The policy reflects the practice of vulnerability management, which involves identifying, prioritizing, and addressing known vulnerabilities in software and systems.
A company is conducting a security audit and penetration testing on its network to identify and rectify vulnerabilities before malicious actors can exploit them. What security practice is this organization following?
A) incident response
B) security assessment
C) security awareness training
D) least privilege
Security assessment
The organization is conducting a security assessment, specifically penetration testing, to identify and rectify vulnerabilities in its network.
An organization has set up a dedicated network segment for guest wireless access, which is isolated from its internal network. What security principle does this network segmentation align with?
A) principle of least privilege
B) defense in depth
C) network segmentation
D) security by design
Network segmentation
is the practice of dividing a network into isolated segments to enhance security by controlling access and limiting the potential for lateral movement by attackers.
A company’s web application was recently compromised, and customer data was stolen. The company’s cybersecurity team discovers that the attackers exploited a vulnerability in the application’s code to gain unauthorized access. What type of attack is this?
A) SQL injection
B) man-in-the-middle
C) cross-site scripting (XSS) attack
D) zero-day vulnerability
SQL injection
The scenario describes an SQL injection attack, where attackers exploit vulnerabilities in web application code to gain unauthorized access to a database.
An organization’s security team regularly reviews and assesses logs generated by its servers and network devices to detect and investigate security incidents. What security practice does this represent?
A) security awareness training
B) log analysis and review
C) data classification
D) security policy enforcement
Log analysis and review
Regularly reviewing and analyzing logs is a key practice in identifying and responding to security incidents and potential threats.
An attacker calls an employee, pretending to be a colleague from another department, and requests sensitive information to complete a report. What type of social engineering technique is this?
A) impersonation
B) tailgating
C) phishing
D) vishing
Impersonation
involves pretending to be someone the target knows and trusts to manipulate them into disclosing sensitive information.
Which type of attack involves the modification or interception of communication between two parties without their knowledge?
A) man-in-the-middle
B) buffer overflow
C) spoofing
D) zero-day exploit
Man-in-the-middle
MitM attacks intercept and manipulate communications between two parties without their awareness, allowing attackers to eavesdrop or modify data.
An attacker calls employees, claiming to be a security auditor conducting routine checks. The attacker asks for login credentials and access to the company’s network to perform a “security check.” What type of social engineering technique is this?
A) impersonation
B) spear-phishing
C) vishing
D) tailgating
Vishing
is a social engineering technique that involves voice communication, typically over the phone, to manipulate individuals into revealing sensitive information or granting access.
During a penetration test, the tester attempts to gain unauthorized access to a system by exploiting known vulnerabilities without any prior knowledge of the target. What type of penetration testing technique is this?
A) white-box testing
B) black-box testing
C) gray-box testing
D) vulnerability scanning
Black-box testing
is a type of penetration testing where the tester has no prior knowledge of the target system and attempts to find and exploit vulnerabilities.
A penetration tester uses a vulnerability scanner to identify known security issues in a target system. What phase of the penetration testing process does this action belong to?
A) scoping
B) information gathering
C) vulnerability analysis
D) exploitation
Vulnerability analysis
Using a vulnerability scanner to identify known security issues falls under the vulnerability analysis phase of penetration testing.
Which attack involves a flood of connection requests with falsified IP addresses to overwhelm a server?
A) SYN flood
B) DDoS attack
C) man-in-the-middle
D) DNS spoofing
SYN flood
overwhelms a server with connection requests using falsified or spoofed IP addresses, consuming resources and rendering the server unavailable.
In a penetration test, tools and techniques are used to mimic an attacker trying to gain unauthorized access to a target system. What type of penetration testing is this?
A) red teaming
B) blue teaming
C) Social Engineering testing
D) passive testing
Red teaming
involves mimicking the actions of an attacker to evaluate the effectiveness of a system’s defenses.
A security analyst discovers that a particular application does not properly manage its memory allocations, which can lead to data corruption and potentially execute arbitrary code. What potential application attack indicator is this situation most likely related to?
A) buffer overflow
B) race conditions
C) error handling
D) improper input handling
Buffer overflow
occur when an application writes data beyond the allocated memory, potentially leading to data corruption and code execution.
An attacker intercepts a legitimate user’s request and resends it multiple times to manipulate the application into performing unintended actions. What potential application attack indicator does this situation most likely represent?
A) replay attack
B) integer overflow
C) request forgeries
D) memory leak
Replay attack
In a replay attack, an attacker intercepts and resends legitimate requests to manipulate the application into performing unintended actions.
Which of the following threat vectors involves tricking individuals into revealing sensitive information or performing actions that compromise security?
A) malware
B) Social Engineering
C) distributed denial of service (DDoS)
D) zero-day exploit
Social engineering
involves manipulating individuals to reveal sensitive information or perform actions against their best interests.
An organization has implemented strong encryption to protect sensitive data at rest and in transit. What security measure does this scenario represent?
A) security awareness training
B) data classification
C) data in transit protection
D) data protection mechanism
Data protection mechanism
The use of strong encryption is a data protection mechanism that safeguards data at rest and in transit.
A small business recently conducted a vulnerability scan on its network and found multiple weaknesses in its web server, leaving it susceptible to SQL injection attacks. What should be the immediate response to address these vulnerabilities?
A) consider upgrading the network infrastructure to mitigate the vulnerabilities
B) perform another vulnerability scan to verify the findings and their severity
C) implement security measures or patches to fix the SQL injection vulnerabilities
D) ignore the vulnerabilities as they may not pose an immediate threat
Implement security measures or patches to fix the SQL injection vulnerabilities
Upon discovering SQL injection vulnerabilities in the web server, the immediate response should involve implementing security measures or patches to fix these vulnerabilities and enhance security.
A type of threat vector that involves exploiting previously unknown vulnerabilities in software is commonly known as:
A) malware
B) Social Engineering
C) distributed denial of service (DDoS)
D) zero-day exploits
Zero-day exploits
target vulnerabilities that are unknown to the software vendor and have not yet been patched.
An organization’s website has been receiving an unusually high volume of web traffic, which has made the site unresponsive. The traffic appears to be coming from various sources and seems to be overloading the server. What type of attack is this scenario indicating?
A) phishing attack
B) man-in-the-middle
C) denial of service (DoS) attack
D) ransomware attack
Denial of service (DoS) attack
The scenario describes a Denial of Service (DoS) attack, where attackers flood a server or network with excessive traffic to make services unavailable to legitimate users.
Which of the following best describes a security concern associated with SQL injection vulnerabilities?
A) unauthorized disclosure of sensitive data
B) unauthorized access to system resources
C) buffer overflow leading to system crashes
D) denial of service (DoS) attacks
Unauthorized disclosure of sensitive data
SQL injection vulnerabilities can lead to unauthorized disclosure of sensitive data stored in a database.
An organization has recently implemented a policy requiring employees to change their passwords every 90 days. What security principle does this policy align with?
A) least privilege
B) security through obscurity
C) password complexity
D) password expiration
Password Expiration
is a security principle that ensures passwords are regularly changed, reducing the risk of unauthorized access due to long-term exposure.
What is a common security concern associated with cross-site request forgery (CSRF) vulnerabilities?
A) unauthorized data modification
B) unauthorized access to system resources
C) injection of malicious code into web pages
D) denial of service (DoS) attacks
Unauthorized data modification
CSRF vulnerabilities can lead to unauthorized data modification when an attacker tricks a user into performing unwanted actions.
Which of the following encryption algorithms is considered the most secure and widely used for securing internet communications?
A) DES (data encryption standard)
B) AES (advanced encryption standard)
C) RSA (rivest-shamir adleman)
D) MD5 (message digest algorithm 5)
AES (advanced encryption standard)
In a recent high-profile cybersecurity incident, attackers targeted a multinational corporation’s executive team with personalized emails, tricking them into revealing sensitive company data and financial information. What type of attack is this scenario describing?
A) ransomware attack
B) whaling attack
C) spear-phishing attack
D) DDoS attack
Whaling attack
This scenario describes a whaling attack, where high-ranking individuals within an organization are targeted with personalized emails to deceive them into revealing sensitive information.
An organization uses biometric authentication methods, such as fingerprint scanning, to grant access to highly secure areas. What security practice does this represent?
A) multi-factor authentication
B) security through obscurity
C) physical security measures
D) security awareness training
Physical security measures
Using biometric authentication for physical access control is a physical security measure to restrict access to highly secure areas.
A security researcher discovered that a popular social media website had been compromised by attackers. The attackers had injected malicious code into the site, which infected the devices of users who visited the compromised pages. What type of attack is this scenario describing?
A) ransomware attack
B) watering hole attack
C) typosquatting attack
D) spear-phishing attack
Watering hole attack
This scenario describes a watering hole attack, where attackers compromise a legitimate website that their intended victims frequently visit, infecting visitors’ devices with malware.
An attacker rummages through the company’s trash bins, searching for discarded documents, invoices, and other materials that might contain sensitive information. What kind of physical security threat does this scenario illustrate?
A) dumpster diving
B) Social Engineering attack
C) shoulder surfing
D) physical intrusion
Dumpster diving
This scenario depicts a dumpster diving attack, where an attacker searches through trash or discarded materials to obtain sensitive information.
A company’s security team discovered that a group of hackers had been scanning the organization’s network and systems, attempting to find vulnerabilities that could be exploited. This prelude to an attack is a classic example of which cybersecurity activity?
A) intrusion detection
B) dumpster diving
C) reconnaissance
D) encryption
Reconnaissance
The scenario describes the reconnaissance phase, where attackers gather information about potential targets and vulnerabilities to prepare for an attack.
Which attack involves falsifying the origin of an email to make it appear as though it’s from a trusted source?
A) smurf attack
B) phishing
C) spoofing
D) zero-day exploit
Spoofing
involves altering information to appear as if it comes from a legitimate source, commonly seen in email addresses to deceive recipients.
What could be a potential indicator of a brute force attack on a network?
A) rapid increase in legitimate traffic
B) repeated login attempts with different credentials
C) decrease in CPU usage on the server
D) increase in available system resources
Repeated login attempts with different credentials
A brute force attack involves repeated attempts to gain unauthorized access by trying various login credentials, which could be a potential indicator of this attack.
Which could be an indicator of a DNS amplification attack on a network?
A) decrease in DNS response traffic
B) multiple DNS requests from legitimate user’s
C) increase in network latency
D) unchanged DNS server configuration
Increase in network latency
DNS amplification attacks often cause an increase in network latency due to the flood of response traffic generated by the attacker.
What could be a potential indicator of an ARP poisoning attack on a network?
A) a decrease in ARP cache discrepancies
B) increased network broadcast traffic
C) consistent and stable ARP table entries
D) reduced network response times
Increased network broadcast traffic
ARP poisoning attacks often generate increased network broadcast traffic due to the manipulation of ARP requests and replies.
What is a risk associated with the use of default configurations on devices and applications?
A) improved security through standardization
B) decreased exposure to known vulnerabilities
C) increased susceptibility to unauthorized access
D) enhanced protection against phishing attacks
Increased susceptibility to unauthorized access
Default configurations are often widely known and exploited, increasing the risk of unauthorized access if not modified.
In a busy coffee shop, customers connect to the public Wi-Fi network named “FreeCoffeeShopWiFi.” An attacker sets up a similar-looking access point named “FreeCoffeeShop_WiFi” to intercept traffic. What type of wireless attack is this scenario an example of?
A) rogue access point attack
B) evil twin attack
C) de-authentication attack
D) packet sniffing attack
Evil twin attack
This scenario depicts an evil twin attack where an attacker sets up an unauthorized Wi-Fi access point with a name similar to the legitimate network, aiming to intercept and collect users’ data.
At a business conference, an attendee discovers their Bluetooth-enabled device has received unsolicited business card data from an unknown source. What kind of wireless attack might this scenario indicate?
A) bluejacking attack
B) man-in-the-middle
C) wardriving attack
D) bluesnarfing attack
Bluejacking attack
This scenario indicates a Bluejacking attack, where unsolicited messages or business card data is sent to Bluetooth-enabled devices without the users’ consent.
In a public library, a hacker placed a device to capture wireless network traffic, allowing them to collect login credentials and personal information from users connecting to the library’s public Wi-Fi. What kind of wireless attack does this scenario represent?
A) packet sniffing attack
B) evil twin attack
C) rogue access point attack
D) wardriving attack
Packet sniffing attack
This scenario describes a packet sniffing attack, where a device captures and analyzes wireless network traffic, enabling the theft of sensitive user information.
During a network security assessment, the scanning tool flags an outdated software version as a high-severity risk. After manual investigation, it’s revealed that the software’s vulnerability has been patched. What type of detection is this likely to be?
A) false positive
B) false negative
C) true positive
D) true negative
False positive
In this scenario, the scanning tool misidentifies the patched vulnerability as a high-severity risk, indicating a false positive.
In a routine vulnerability scan, the security tool fails to detect an unpatched system vulnerability, thereby missing a potential security threat. What type of detection is this likely to be?
A) false positive
B) false negative
C) true positive
D) true negative
False negative
Failing to detect an actual vulnerability, leading to a missed potential security threat, signifies a false negative in the vulnerability scan.
