Threats, Attacks and Vulnerabilities

Question 1

Which of the following terms best describes a type of software that disguises itself as legitimate software but contains malicious code that can compromise the security of a system?

A) malware
B) Ransomware
C) adware
D) firewall

Answer 1

Malware

short for malicious software, is software designed to infiltrate or damage computer systems while often appearing as legitimate software. It includes various types such as viruses, trojans, and spyware.

Question 2

An attacker poses as a delivery person, carrying a package for a company, and convinces an employee to let them into the building. Once inside, the attacker gains unauthorized access to the company’s network. What type of social engineering technique is this?

A) tailgating
B) pretexting
C) phishing
D) vishing

Answer 2

Tailgating

also known as piggybacking, involves an attacker following an authorized person into a secure area by appearing as if they belong there.

Question 3

Threat actors, who is motivated by financial gain and often uses malicious software to encrypt a victim’s data and demand a ransom is typically referred to as?

A) a hacktivist
B) a script kiddie
C) a cybercriminal
D) a nation-state actor

Answer 3

A cybercriminal

are motivated by financial gain and commonly use ransomware to demand payments from victims.

Question 4

Which attack involves flooding a network with ICMP echo request packets sent to a broadcast address?

A) syn flood
B) smurf attack
C) DDoS attack
D) DNS amplification attack

Answer 4

Smurf attack

sends ICMP echo request packets to a network’s broadcast address, causing a flood of replies to the victim’s IP.

Question 5

Which of the following best describes the concept of a “zero-day vulnerability”?

A) a vulnerability that has been in existence for zero days
B) a vulnerability that has been exploited for zero days
C) a vulnerability that is unknown to the software vendor and has no available patch
D) a vulnerability that is at the lowest risk level

Answer 5

A vulnerability that is unknown to the software vendor and has no available patch

Question 6

What is a common characteristic of a “man-in-the-middle” (MitM) attack?

A) the attacker intercepts and alters data between two parties without their knowledge
B) the attacker floods a network with excessive traffic to overwhelm it
C) the attacker disguises malicious code as legitimate software
D) the attacker gains unauthorized access to a system using stolen credentials

Answer 6

The attacker intercepts and alters data between two parties without their knowledge

Question 7

An employee receives an email from what appears to be their company’s IT department. The email requests that the employee reset their email password due to a security breach. The email contains a link to a login page. What kind of threat is the employee facing?

A) phishing attack
B) insider threat
C) man-in-the-middle
D) ransomware attack

Answer 7

Phishing attack

This scenario describes a phishing attack. Phishing is a type of attack where attackers impersonate trusted entities to trick individuals into revealing sensitive information, often by luring them to fake login pages.

Question 8

A security administrator has noticed several unauthorized access attempts to the organization’s internal systems. These attempts are often based on trying common username and password combinations. Which type of attack does this scenario most likely describe?

A) SQL injection attack
B) brute-force attack
C) DDoS attack
D) cross-site scripting (XSS) attack

Answer 8

Brute-force attack

The scenario describes a brute-force attack where an attacker attempts to gain access by trying many possible username and password combinations. This is a common method used to crack passwords.

Question 9

A company’s network administrator has discovered a new piece of software running on one of the company’s servers. The software was not installed by the IT department and is not part of the approved software list. What type of threat is this scenario indicating?

A) insider threat
B) ransomware attack
C) trojan horse
D) spear-phishing attack

Answer 9

Trojan horse

This scenario suggests the presence of a Trojan horse, which is a type of malware that disguises itself as legitimate software but has malicious intent. It is often installed by an attacker.

Question 10

Which attack aims to manipulate a website to redirect users to a fraudulent site that appears legitimate to steal their information?

A) SQL injection
B) cross-site scripting (XSS)
C) DNS spoofing
D) URL hijacking

Answer 10

DNS spoofing

DNS spoofing manipulates the DNS records to redirect users to a fraudulent site, typically appearing legitimate, intending to steal their information.

Question 11

An employee has lost their company-issued smartphone, and it contained sensitive corporate data. What kind of threat does this scenario illustrate?

A) phishing attack
B) insider threat
C) physical security breach
D) ransomware attack

Answer 11

Physical security breach

The scenario illustrates a physical security breach where the loss of a device (in this case, a smartphone) leads to the potential exposure of sensitive data.

Question 12

A network administrator has implemented a firewall rule that allows only specific incoming traffic from trusted IP addresses and denies all other incoming traffic. What security principle does this rule exemplify?

A) principle of least privilege
B) defense in depth
C) zero trust
D) security by design

Answer 12

Principle of least privilege

The firewall rule aligns with the principle of least privilege, where access is restricted to only what is necessary for users or systems to perform their functions.

Question 13

An organization has implemented a policy that requires regular patching of software and systems to address known vulnerabilities. What security practice does this policy reflect?

A) security through obscurity
B) vulnerability management
C) least privilege
D) zero-day exploitation

Answer 13

Vulnerability management

The policy reflects the practice of vulnerability management, which involves identifying, prioritizing, and addressing known vulnerabilities in software and systems.

Question 14

A company is conducting a security audit and penetration testing on its network to identify and rectify vulnerabilities before malicious actors can exploit them. What security practice is this organization following?

A) incident response
B) security assessment
C) security awareness training
D) least privilege

Answer 14

Security assessment

The organization is conducting a security assessment, specifically penetration testing, to identify and rectify vulnerabilities in its network.

Question 15

An organization has set up a dedicated network segment for guest wireless access, which is isolated from its internal network. What security principle does this network segmentation align with?

A) principle of least privilege
B) defense in depth
C) network segmentation
D) security by design

Answer 15

Network segmentation

is the practice of dividing a network into isolated segments to enhance security by controlling access and limiting the potential for lateral movement by attackers.

Question 16

A company’s web application was recently compromised, and customer data was stolen. The company’s cybersecurity team discovers that the attackers exploited a vulnerability in the application’s code to gain unauthorized access. What type of attack is this?

A) SQL injection
B) man-in-the-middle
C) cross-site scripting (XSS) attack
D) zero-day vulnerability

Answer 16

SQL injection

The scenario describes an SQL injection attack, where attackers exploit vulnerabilities in web application code to gain unauthorized access to a database.

Question 17

An organization’s security team regularly reviews and assesses logs generated by its servers and network devices to detect and investigate security incidents. What security practice does this represent?

A) security awareness training
B) log analysis and review
C) data classification
D) security policy enforcement

Answer 17

Log analysis and review

Regularly reviewing and analyzing logs is a key practice in identifying and responding to security incidents and potential threats.

Question 18

An attacker calls an employee, pretending to be a colleague from another department, and requests sensitive information to complete a report. What type of social engineering technique is this?

A) impersonation
B) tailgating
C) phishing
D) vishing

Answer 18

Impersonation

involves pretending to be someone the target knows and trusts to manipulate them into disclosing sensitive information.

Question 19

Which type of attack involves the modification or interception of communication between two parties without their knowledge?

A) man-in-the-middle
B) buffer overflow
C) spoofing
D) zero-day exploit

Answer 19

Man-in-the-middle

MitM attacks intercept and manipulate communications between two parties without their awareness, allowing attackers to eavesdrop or modify data.

Question 20

An attacker calls employees, claiming to be a security auditor conducting routine checks. The attacker asks for login credentials and access to the company’s network to perform a “security check.” What type of social engineering technique is this?

A) impersonation
B) spear-phishing
C) vishing
D) tailgating

Answer 20

Vishing

is a social engineering technique that involves voice communication, typically over the phone, to manipulate individuals into revealing sensitive information or granting access.

Question 21

During a penetration test, the tester attempts to gain unauthorized access to a system by exploiting known vulnerabilities without any prior knowledge of the target. What type of penetration testing technique is this?

A) white-box testing
B) black-box testing
C) gray-box testing
D) vulnerability scanning

Answer 21

Black-box testing

is a type of penetration testing where the tester has no prior knowledge of the target system and attempts to find and exploit vulnerabilities.

Question 22

A penetration tester uses a vulnerability scanner to identify known security issues in a target system. What phase of the penetration testing process does this action belong to?

A) scoping
B) information gathering
C) vulnerability analysis
D) exploitation

Answer 22

Vulnerability analysis

Using a vulnerability scanner to identify known security issues falls under the vulnerability analysis phase of penetration testing.

Question 23

Which attack involves a flood of connection requests with falsified IP addresses to overwhelm a server?

A) SYN flood
B) DDoS attack
C) man-in-the-middle
D) DNS spoofing

Answer 23

SYN flood

overwhelms a server with connection requests using falsified or spoofed IP addresses, consuming resources and rendering the server unavailable.

Question 24

In a penetration test, tools and techniques are used to mimic an attacker trying to gain unauthorized access to a target system. What type of penetration testing is this?

A) red teaming
B) blue teaming
C) Social Engineering testing
D) passive testing

Answer 24

Red teaming

involves mimicking the actions of an attacker to evaluate the effectiveness of a system’s defenses.

Question 25

A security analyst discovers that a particular application does not properly manage its memory allocations, which can lead to data corruption and potentially execute arbitrary code. What potential application attack indicator is this situation most likely related to?

A) buffer overflow
B) race conditions
C) error handling
D) improper input handling

Answer 25

Buffer overflow

occur when an application writes data beyond the allocated memory, potentially leading to data corruption and code execution.

Question 26

An attacker intercepts a legitimate user’s request and resends it multiple times to manipulate the application into performing unintended actions. What potential application attack indicator does this situation most likely represent?

A) replay attack
B) integer overflow
C) request forgeries
D) memory leak

Answer 26

Replay attack

In a replay attack, an attacker intercepts and resends legitimate requests to manipulate the application into performing unintended actions.

Question 27

Which of the following threat vectors involves tricking individuals into revealing sensitive information or performing actions that compromise security?

A) malware
B) Social Engineering
C) distributed denial of service (DDoS)
D) zero-day exploit

Answer 27

Social engineering

involves manipulating individuals to reveal sensitive information or perform actions against their best interests.

Question 28

An organization has implemented strong encryption to protect sensitive data at rest and in transit. What security measure does this scenario represent?

A) security awareness training
B) data classification
C) data in transit protection
D) data protection mechanism

Answer 28

Data protection mechanism

The use of strong encryption is a data protection mechanism that safeguards data at rest and in transit.

Question 29

A small business recently conducted a vulnerability scan on its network and found multiple weaknesses in its web server, leaving it susceptible to SQL injection attacks. What should be the immediate response to address these vulnerabilities?

A) consider upgrading the network infrastructure to mitigate the vulnerabilities
B) perform another vulnerability scan to verify the findings and their severity
C) implement security measures or patches to fix the SQL injection vulnerabilities
D) ignore the vulnerabilities as they may not pose an immediate threat

Answer 29

Implement security measures or patches to fix the SQL injection vulnerabilities

Upon discovering SQL injection vulnerabilities in the web server, the immediate response should involve implementing security measures or patches to fix these vulnerabilities and enhance security.

Question 30

A type of threat vector that involves exploiting previously unknown vulnerabilities in software is commonly known as:

A) malware
B) Social Engineering
C) distributed denial of service (DDoS)
D) zero-day exploits

Answer 30

Zero-day exploits

target vulnerabilities that are unknown to the software vendor and have not yet been patched.

Question 31

An organization’s website has been receiving an unusually high volume of web traffic, which has made the site unresponsive. The traffic appears to be coming from various sources and seems to be overloading the server. What type of attack is this scenario indicating?

A) phishing attack
B) man-in-the-middle
C) denial of service (DoS) attack
D) ransomware attack

Answer 31

Denial of service (DoS) attack

The scenario describes a Denial of Service (DoS) attack, where attackers flood a server or network with excessive traffic to make services unavailable to legitimate users.

Question 32

Which of the following best describes a security concern associated with SQL injection vulnerabilities?

A) unauthorized disclosure of sensitive data
B) unauthorized access to system resources
C) buffer overflow leading to system crashes
D) denial of service (DoS) attacks

Answer 32

Unauthorized disclosure of sensitive data

SQL injection vulnerabilities can lead to unauthorized disclosure of sensitive data stored in a database.

Question 33

An organization has recently implemented a policy requiring employees to change their passwords every 90 days. What security principle does this policy align with?

A) least privilege
B) security through obscurity
C) password complexity
D) password expiration

Answer 33

Password Expiration

is a security principle that ensures passwords are regularly changed, reducing the risk of unauthorized access due to long-term exposure.

Question 34

What is a common security concern associated with cross-site request forgery (CSRF) vulnerabilities?

A) unauthorized data modification
B) unauthorized access to system resources
C) injection of malicious code into web pages
D) denial of service (DoS) attacks

Answer 34

Unauthorized data modification

CSRF vulnerabilities can lead to unauthorized data modification when an attacker tricks a user into performing unwanted actions.

Question 35

Which of the following encryption algorithms is considered the most secure and widely used for securing internet communications?

A) DES (data encryption standard)
B) AES (advanced encryption standard)
C) RSA (rivest-shamir adleman)
D) MD5 (message digest algorithm 5)

Answer 35

AES (advanced encryption standard)

Question 36

In a recent high-profile cybersecurity incident, attackers targeted a multinational corporation’s executive team with personalized emails, tricking them into revealing sensitive company data and financial information. What type of attack is this scenario describing?

A) ransomware attack
B) whaling attack
C) spear-phishing attack
D) DDoS attack

Answer 36

Whaling attack

This scenario describes a whaling attack, where high-ranking individuals within an organization are targeted with personalized emails to deceive them into revealing sensitive information.

Question 37

An organization uses biometric authentication methods, such as fingerprint scanning, to grant access to highly secure areas. What security practice does this represent?

A) multi-factor authentication
B) security through obscurity
C) physical security measures
D) security awareness training

Answer 37

Physical security measures

Using biometric authentication for physical access control is a physical security measure to restrict access to highly secure areas.

Question 38

A security researcher discovered that a popular social media website had been compromised by attackers. The attackers had injected malicious code into the site, which infected the devices of users who visited the compromised pages. What type of attack is this scenario describing?

A) ransomware attack
B) watering hole attack
C) typosquatting attack
D) spear-phishing attack

Answer 38

Watering hole attack

This scenario describes a watering hole attack, where attackers compromise a legitimate website that their intended victims frequently visit, infecting visitors’ devices with malware.

Question 39

An attacker rummages through the company’s trash bins, searching for discarded documents, invoices, and other materials that might contain sensitive information. What kind of physical security threat does this scenario illustrate?

A) dumpster diving
B) Social Engineering attack
C) shoulder surfing
D) physical intrusion

Answer 39

Dumpster diving

This scenario depicts a dumpster diving attack, where an attacker searches through trash or discarded materials to obtain sensitive information.

Question 40

A company’s security team discovered that a group of hackers had been scanning the organization’s network and systems, attempting to find vulnerabilities that could be exploited. This prelude to an attack is a classic example of which cybersecurity activity?

A) intrusion detection
B) dumpster diving
C) reconnaissance
D) encryption

Answer 40

Reconnaissance

The scenario describes the reconnaissance phase, where attackers gather information about potential targets and vulnerabilities to prepare for an attack.

Question 41

Which attack involves falsifying the origin of an email to make it appear as though it’s from a trusted source?

A) smurf attack
B) phishing
C) spoofing
D) zero-day exploit

Answer 41

Spoofing

involves altering information to appear as if it comes from a legitimate source, commonly seen in email addresses to deceive recipients.

Question 42

What could be a potential indicator of a brute force attack on a network?

A) rapid increase in legitimate traffic
B) repeated login attempts with different credentials
C) decrease in CPU usage on the server
D) increase in available system resources

Answer 42

Repeated login attempts with different credentials

A brute force attack involves repeated attempts to gain unauthorized access by trying various login credentials, which could be a potential indicator of this attack.

Question 43

Which could be an indicator of a DNS amplification attack on a network?

A) decrease in DNS response traffic
B) multiple DNS requests from legitimate user’s
C) increase in network latency
D) unchanged DNS server configuration

Answer 43

Increase in network latency

DNS amplification attacks often cause an increase in network latency due to the flood of response traffic generated by the attacker.

Question 44

What could be a potential indicator of an ARP poisoning attack on a network?

A) a decrease in ARP cache discrepancies
B) increased network broadcast traffic
C) consistent and stable ARP table entries
D) reduced network response times

Answer 44

Increased network broadcast traffic

ARP poisoning attacks often generate increased network broadcast traffic due to the manipulation of ARP requests and replies.

Question 45

What is a risk associated with the use of default configurations on devices and applications?

A) improved security through standardization
B) decreased exposure to known vulnerabilities
C) increased susceptibility to unauthorized access
D) enhanced protection against phishing attacks

Answer 45

Increased susceptibility to unauthorized access

Default configurations are often widely known and exploited, increasing the risk of unauthorized access if not modified.

Question 46

In a busy coffee shop, customers connect to the public Wi-Fi network named “FreeCoffeeShopWiFi.” An attacker sets up a similar-looking access point named “FreeCoffeeShop_WiFi” to intercept traffic. What type of wireless attack is this scenario an example of?

A) rogue access point attack
B) evil twin attack
C) de-authentication attack
D) packet sniffing attack

Answer 46

Evil twin attack

This scenario depicts an evil twin attack where an attacker sets up an unauthorized Wi-Fi access point with a name similar to the legitimate network, aiming to intercept and collect users’ data.

Question 47

At a business conference, an attendee discovers their Bluetooth-enabled device has received unsolicited business card data from an unknown source. What kind of wireless attack might this scenario indicate?

A) bluejacking attack
B) man-in-the-middle
C) wardriving attack
D) bluesnarfing attack

Answer 47

Bluejacking attack

This scenario indicates a Bluejacking attack, where unsolicited messages or business card data is sent to Bluetooth-enabled devices without the users’ consent.

Question 48

In a public library, a hacker placed a device to capture wireless network traffic, allowing them to collect login credentials and personal information from users connecting to the library’s public Wi-Fi. What kind of wireless attack does this scenario represent?

A) packet sniffing attack
B) evil twin attack
C) rogue access point attack
D) wardriving attack

Answer 48

Packet sniffing attack

This scenario describes a packet sniffing attack, where a device captures and analyzes wireless network traffic, enabling the theft of sensitive user information.

Question 49

During a network security assessment, the scanning tool flags an outdated software version as a high-severity risk. After manual investigation, it’s revealed that the software’s vulnerability has been patched. What type of detection is this likely to be?

A) false positive
B) false negative
C) true positive
D) true negative

Answer 49

False positive

In this scenario, the scanning tool misidentifies the patched vulnerability as a high-severity risk, indicating a false positive.

Question 50

In a routine vulnerability scan, the security tool fails to detect an unpatched system vulnerability, thereby missing a potential security threat. What type of detection is this likely to be?

A) false positive
B) false negative
C) true positive
D) true negative

Answer 50

False negative

Failing to detect an actual vulnerability, leading to a missed potential security threat, signifies a false negative in the vulnerability scan.