Threats, Attacks, and Vulnerabilities

Question 1

Q. What type of virus produces a different hash as it replicates through your network?

Answer 1

Polymorphic virus

Question 2

Q. What type of attack can use a hidden password that has been in place since the application was installed?

Answer 2

A backdoor is put into an application by a programmer so that if the user locks themselves out, they can gain access to the application. A backdoor attack is where they use this password that has been in place since the application was created.

Question 3

Q. What type of attack involves an agent attacking a high‐level executive calling them on a telephone and leaving a voicemail?

Answer 3

vishing

Question 4

What type of attack involves a huge fireman arriving in the reception area of your company and you letting him into your server room?

Answer 4

Letting a fireman into your server room is a social engineering urgency attack; if you don’t let him in, your building could burn down.

Question 5

What type of attack involves downloading a performance-enhancing computer program that says that I have 20,000 exploits and that I should purchase the full version of the product to remove them?

Answer 5

This is a disguised ransomware attack; you are parting with money to purchase the full version of the product

Question 6

What type of attack collects passwords from your computer and sends them back to the hacker who then uses these passwords to gain access to your computer system?

Answer 6

A Remote Access Trojan (RAT) sends passwords to the hacker who then uses them to access your computer system.

Question 7

What type of attack cannot be detected by a NIPS, NIDS, firewall, or a SIEM system, but can only be detected by using baselines?

Answer 7

A zero‐day virus can only be detected by using baselines. Day zero is when it is launched and it might take the vendor a few days to find a solution.

Question 8

An employee leaves the company, then three months later, files are deleted from a file server, even though it has been isolated from the network. On investigation, it was found that the damage was caused by a script being launched. What type of attack was carried out?

Answer 8

A logic bomb

Question 9

What type of attack is a stealth attack that tracks your internet habits and usage?

Answer 9

Spyware is a stealth attack that secretly tracks your internet usage and habits.

Question 10

What type of attack uses multiple popups as its attack vector?

Answer 10

Adware uses pop ups as its attack vector.

Question 11

What type of attack infects a well‐known, trusted website where the users do not suspect anything?

Answer 11

A watering hole attack infects a well‐known trusted website.

Question 12

What type of attack is launched against a manager using email as its attack medium?

Answer 12

phishing

Question 13

What type of attack is launched against managers using email as its attack medium?

Answer 13

spear phishing attack

Question 14

A company is employing a third party to collect all of its shredded waste that will then be taken to a remote site and incinerated. What type of attack does this prevent?

Answer 14

Employing a third party to incinerate your paper waste prevents dumpster diving.

Question 15

What type of attack is launched when you receive an email from the CEO threatening you with disciplinary action if you do not complete a form that was requested earlier by the human resources department (you don’t remember the earlier correspondence)?

Answer 15

Obtaining an email from the CEO or HR demanding you complete an attached form is a social engineering authority attack.

Question 16

You have just started working at the reception desk of a multinational corporation. During your induction period, one of the middle managers asks your coworker for some information. You are not too sure if he is entitled to that information. The next day, when your coworker has gone to lunch, the middle manager arrives asking you for the same information, this time updated a little. You don’t want to be seen as different from other employees, and so you give him the information. What type of attack has just been launched?

Answer 16

Social engineering consensus is where you want to be accepted as part of a team, so you do what the team does.

Question 17

The CEO has received an email asking him to click on a link and carry out an action so that his salary information can be updated, as the company is moving to a new financial system. What type of attack has just been launched?

Answer 17

This is whaling where the CEO clicks on a link.

Question 18

What type of attack can be launched using HTML tags and/or JavaScript?

Answer 18

Cross-Site Scripting uses HTML tags and/or JavaScript.

Question 19

When might an intrusive scan be used, and could it cause any damage to the system?

Answer 19

An intrusive scan is used during a penetration test and can cause considerable damage to your system.

Question 20

Five seconds after connecting to the company’s wireless network, the sessions drop. What type of wireless attack have I been the victim of?

Answer 20

A wireless disassociation attack keeps disconnecting you from your wireless access point.

Question 21

A hacker has managed to gain access to my Bluetooth phone and has been texting all of my friends, announcing that I am going to get married next year. This information is false. What type of attack has just been carried out?

Answer 21

Taking control and sending messages or texts is called Bluejacking; you are basically hijacking the phone.

Question 22

A hacker has managed to gain access to my Bluetooth phone and has been able to steal my contact information. What type of attack has been carried out?

Answer 22

Stealing contacts from a Bluetooth phone is called bluesnarfing.

Question 23

What type of attack is an interception attack where the data has been replayed immediately?

Answer 23

A man‐in‐the‐middle attack is an interception attack where the data is replayed immediately.

Question 24

What type of attack is an interception attack where the data has been replayed at a later date?

Answer 24

A replay attack is an interception attack where the data is replayed at a later date.

Question 25

I receive a call from my bank saying that they need to move my account to an interest-bearing account, and ask me to go through the application process. They ask me for my account details and direct me to choose a new online password. They need my old password for account verification. What type of attack has been carried out?

Answer 25

vishing

Question 26

What types of attack might use port 1900 and port 5000? Name two.

Answer 26

A virus could use port 1900 and a worm could use port 5000.

Question 27

In the morning, I swipe my card and open the door to the main offices. I am about to close the door when I see a young lady struggling with a big box, and so I keep the door open for her. What type of attack has just occurred?

Answer 27

This is social engineering tailgating as you have let someone in who has not produced any credentials.

Question 28

The customer service desk receives a call from Frank, who says he is from the IT help desk. He says there is a glitch in the system, so they are having to change everyone’s passwords. I change my password and ask Helen from the HR department how long Frank has been working for the company. She says that she is not aware of someone called Frank who works at the help desk. What type of attack has just occurred?

Answer 28

This is a social engineering impersonation attack as they pretend to be from your company.

Question 29

What type of attack is it when a group of infected computers attacks another computer to render it unusable?

Answer 29

This is a botnet carrying out a Distributed Denial of Service (DDoS) attack.

Question 30

I went to the ATM to withdraw some cash to purchase a new pair of shoes from a local market stall that only accepts cash. I was unaware that the person standing behind me had taken his cell phone out and was using the video to record my transaction. What type of attack has been carried out?

Answer 30

This is where someone stands behind you in the ATM queue with a camera videoing your transaction; this is a more modern version of a shoulder surfing attack.

Question 31

An attacker has inserted too much data into a data field on a web form causing it to crash. What type of attack has just occurred?

Answer 31

Inserting too much data into a data field is a buffer overflow attack.

Question 32

What type of attack uses the phrase 1=1? What are the two best solutions to prevent this attack?

Answer 32

A SQL injection attack uses the phrase 1 = 1. The best form of mitigation is to use stored procedures where the SQL commands are embedded into a script. You would then run the script name. Input validation is another form of mitigation where you control the input.

Question 33

My website traffic is being controlled by a load balancer that is ensuring that each web request is going to the least-utilized host. A DDoS attack is now being launched against the company websites. What is the best way to deal with this attack? Will the load balancer cope?

Answer 33

To prevent a DDoS attack, use a firewall to prevent the attack from reaching the website. You may use a Web Application Firewall or a stateful firewall if your web server is located inside your DMZ. A load balancer cannot deal with DDoS.

Question 34

When I go to my local coffee shop, I am given the wireless network SSID and access code so I can use the internet while drinking coffee. When I sit down at my table, I notice that the SSID comes up, and when I connect to the wireless network, I am not asked for a password. What type of attack has just occurred?

Answer 34

This is an evil twin where the attacker’s WAP looks like the legitimate WAP by using a similar SSID.

Question 35

How can I protect my network from someone who wants to connect a rogue access point to it?

Answer 35

You can use 802.1x on a managed switch where the legitimate devices use a certificate. This way the 802.1x can validate the device that it lets connect to the switch and rogue devices will be rejected.

Question 36

What type of attack interferes with my wireless network?

Answer 36

Jamming is a wireless interference attack.

Question 37

My laptop had a virus, so I reinstalled the operating system and the virus came back. What type of attack is causing this?

Answer 37

In the CompTIA Security+ exam, if you reinstall an operating system but the virus keeps returning, this is known as a rootkit virus.

Question 38

My domain controller uses NTLM authentication. What type of attack makes it vulnerable?

Answer 38

A computer system that uses NTLM authentication is vulnerable to the pass the hash attack. This can be prevented by using Kerberos authentication or disabling NTLM.

Question 39

Someone goes to the dark web and purchases a program that he can modify to carry out an attack. What type of threat actor is the attacker?

Answer 39

A script kiddie is someone who will purchase a program to launch his attack from. A good place to purchase dangerous tools would be the unregulated dark web.

Question 40

An attacker has just carried out an attack rendering a website unusable. When he has finished the attack, he then has to rush off, as he is going to attend a political rally. What type of threat actor is he?

Answer 40

A hacktivist is a politically motivated attacker.

Question 41

What is the most difficult threat actor to detect and why?

Answer 41

The most difficult threat actor to detect is the insider threat, sometimes called a malicious insider. He is already inside your network legitimately and therefore is more difficult to track.

Question 42

What type of threat actor will try to steal your trade secrets so that they can manufacture your new product and get it to market before you can?

Answer 42

A competitor is a threat actor who will steal your trade secrets to beat you to market.

Question 43

An attacker has managed to gain access to your corporate network through a host that was not fully patched. Once he gained access to that host, he then launched an attack on your SQL database server so that he could steal your customer’s credit card details. What type of technique did the attacker adopt?

Answer 43

Pivoting is a technique where you will gain access to a network via a vulnerable low‐level host, and then launch an attack against a more critical computer system such as a SQL database server.

Question 44

Your company has contracted a third party to carry out penetration testing to identify any weaknesses in your system, as you recently had it upgraded. You have given them no information except a small diagram of a remote part of your network. What type of penetration test is being carried out?

Answer 44

A gray box penetration tester knows something about your company network, no matter how trivial it seems.

Question 45

Why would a white-box penetration tester who knows everything about your network and applications adopt a technique called fuzzing when testing a new application?

Answer 45

Fuzzing is a technique where random information is submitted to an application to see what information is output. A white box tester does this to see whether any vulnerabilities need to be addressed before putting the application into production.

Question 46

How much information should a black-box penetration tester be given and what would be the first technique that he should adopt?

Answer 46

A black box penetration tester is given no information at all. He would try and use a vulnerability scanner to see whether your computer systems have any vulnerabilities that he could exploit. First of all, he looks at initial exploitation.

Question 47

How do penetration testing and vulnerability scanning differ?

Answer 47

Penetration testing is aggressive and penetrates deep into your network and could cause severe damage, whereas a vulnerability scan is passive and identifies missing patches.

Question 48

If I had an end-of-life controller for my HVAC system, but could not afford to replace it for another four months, how might I mitigate the risk that it poses?

Answer 48

You would place an end-of-life HVAC controller into a VLAN to mitigate the risk of attack.

Question 49

You are the Chief Information Security Officer (CISO) for a large multinational corporation and you are going to write a policy for the website developer to control any errors that come from the website. How will you describe the errors that the users receive and those errors that the IT support team receives?

Answer 49

The Chief Security Information Officer (CISO) should write that errors on the customer side should be short and very vague but on the internal side should be long and as detailed as possible to help the support team to diagnose the problem.

Question 50

You have an older monitoring system that is not detecting any new vulnerabilities, but the security team informs you that data has been exfiltrated. What is it called when the monitoring system is not detecting attacks?

Answer 50

A monitoring system that does not detect any attacks is known as a false negative.

Question 51

Your security team has informed you that the CPU usage on the SQL server is running at 100%. Which vulnerability is it suffering from and how can you mitigate it?

Answer 51

Resource exhaustion is where the CPU usage is running at 100%. You would mitigate this by purchasing a faster processor, installing another processor, or moving some of the load to another server.

Question 52

What type of attack launches directed IP broadcasts to the border router where the victim is overloaded with the resulting ping replies? What can you do to mitigate this attack?

Answer 52

A smurf attack is an amplification attack launching directed IP broadcasts to the border router. This is a massive amount of ping packets that are seen to be coming from the victim, and this results in the victim getting four times the replies. You can prevent this by disabling IP broadcasts on the border router.

Question 53

What type of attack redirects you from a legitimate website and sends you to a fraudulent website?

Answer 53

A pharming attack redirects you from going to a legitimate website and sends you to a fraudulent website.

Question 54

What is the purpose of DNSSEC, what records does it produce, and what type of attack does it prevent?

Answer 54

DNSSEC encrypts the DNS traffic to prevent DNS poisoning attacks. It produces RRSIG records.

Question 55

What type of attack involves your cookies being copied onto a different computer to launch an attack?

Answer 55

Session hijacking is an attack where the attacker steals cookies from your computer system.

Question 56

When would a typosquatting attack be performed?

Answer 56

If you type your URL incorrectly, you could be redirected to a fraudulent website; this is known as typo‐squatting.

Question 57

A hacker has gone to the dark web and has obtained a 690-GB rainbow table. What are they intending to do with this table and what is the table comprised of?

Answer 57

Rainbow tables are pre-computed lists of passwords and their corresponding hash values. Rainbow tables are used for collision attacks against passwords stored as hash values.

Question 58

What is the best way to avoid someone cracking your password if they intend to use a dictionary attack as the attack vector? Name two examples.

Answer 58

A dictionary attack uses only proper words that you would expect in a dictionary. Any passwords that have random characters or passwords that are misspelled prevent a dictionary attack.

Question 59

What is the purpose of a brute-force attack and what is the only way to prevent it?

Answer 59

A brute force attack is a password attack that uses every available combination of letters and characters. It can be prevented using account lockout with a low value.

Question 60

What can I do to stop users in my company from storing duplicate passwords and at the same time slow down brute-force attacks?

Answer 60

To prevent duplicate passwords being stored, we would salt them; this would append random characters to the password, making them longer and unique. This is sometimes known as key stretching.