Threats, Attacks, and Vulnerabilities (2) Flashcards
When phishing attacks are so focused that they target a specific individual, they are called what?
Spear phishing
Phishing
Whaling
Whaling
Whaling is targeting a specific individual
You are concerned about a wide range of attacks that could affect your company’s web server. You have recently read about an attack wherein the attacker sends more data to the target than the target is expecting. If done properly, this could cause the target to crash. What would best prevent this type of attack?
An SPI firewall
An active IDS/IPS
Checking buffer boundaries
Checking buffer boundaries
You are concerned about buffer overflows, and thus checking buffer boundaries is the best defense
You work for a large retail company that processes credit card purchases. You have been asked to test your company network for security issues. The specific test you are conducting involves primarily checking policies, documentation, and past incident reports. Which of the following best describes this type of test?
Vulnerability scan
Penetration test
Security audit
Security audit
Security audits typically focus on checking policies, documents, and so forth
Maria is a salesperson with your company. After a recent sales trip, she discovers that many of her logins have been compromised. You carefully scan her laptop and cannot find any sign of any malware. You do notice that she had recently connected to a public WiFi at a coffee shop, and it is only since that connection that she noticed her logins had been compromised. What would most likely explain what has occurred?
She connected to a rogue AP.
She downloaded spyware.
She is the victim of a buffer overflow attack.
She connected to a rogue AP.
Although many things could explain what she is experiencing, the scenario most closely matches connecting to a rogue access point where her login credentials were stolen
You are the manager for network operations at your company. One of the accountants sees you in the hall and thanks you for your team keeping his antivirus software up to date. When you ask him what he means, he mentions that one of your staff, named Mike, called him and remotely connected to update the antivirus. You don’t have an employee named Mike. What has occurred?
IP spoofing
Man-in-the-middle attack
Social engineering
Social engineering
This is a classic example of an attacker using social engineering on the accountant, in order to gain access to his system
You are a security administrator for a bank. You are very interested in detecting any breaches or even attempted breaches of your network, including those from internal personnel. But you don’t want false positives to disrupt work. Which of the following devices would be the best choice in this scenario?
IPS
WAF
IDS
IDS
An intrusion detection system will simply report issues, and not block the traffic
One of your users cannot recall the password for their laptop. You want to recover that password for them. You intend to use a tool/technique that is popular with hackers, and it consists of searching tables of precomputed hashes to recover the password. What best describes this?
Rainbow table
Backdoor
Social engineering
Rainbow table
A rainbow table is a table of precomputed hashes, used to retrieve passwords
You have noticed that when in a crowded area, you sometimes get a stream of unwanted text messages. The messages end when you leave the area. What describes this attack?
Bluejacking
Bluesnarfing
Evil twin
Bluejacking
Bluejacking involves sending unsolicited messages to Bluetooth devices when they are in range
Someone has been rummaging through your company’s trash bins seeking to find documents, diagrams, or other sensitive information that has been thrown out. What is this called?
Dumpster diving
Trash diving
Social engineering
Dumpster diving
This is the term for rummaging through the waste/trash
You have noticed that when in a crowded area, data from your cell phone is stolen. Later investigation shows a Bluetooth connection to your phone, one that you cannot explain. What describes this attack?
Bluejacking
Bluesnarfing
Evil twin
Bluesnarfing
Bluesnarfing involves accessing data from a Bluetooth device when it is in range
Louis is investigating a malware incident on one of the computers on his network. He has discovered unknown software that seems to be opening a port, allowing someone to remotely connect to the computer. This software seems to have been installed at the same time as a small shareware application. Which of the following best describes this malware?
RAT
Backdoor
Logic bomb
RAT
This is a remote-access Trojan (RAT), malware that opens access for someone to remotely access the system
This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and privileges than what is required for the tasks the user needs to perform. What best describes this scenario?
Excessive rights
Excessive permissions
Excessive privileges
Excessive privileges
The term used in the industry is excessive privileges, and it is the opposite of good security practice, which states that each user should have least privileges (i.e., just enough privileges to do his or her job)
Jared is responsible for network security at his company. He has discovered behavior on one computer that certainly appears to be a virus. He has even identified a file he thinks might be the virus. However, using three separate antivirus programs, he finds that none can detect the file. Which of the following is most likely to be occurring?
The computer has a RAT.
The computer has a zero-day exploit.
The computer has a logic bomb.
The computer has a zero-day exploit.
zero-day exploits are new, and they are not in the virus definitions for the antivirus programs. This makes them difficult to detect, except by their behavior
There are some computers on your network that use Windows XP. They have to stay on Windows XP due to a specific application they are running. That application won’t run on newer operating systems. What security concerns does this situation give you?
No special concerns; this is normal.
The machines cannot be patched; XP is no longer supported.
The machines cannot coordinate with an SIEM since XP won’t support that.
The machines cannot be patched; XP is no longer supported.
When using products the vendor no longer supports, also known as end-of-life, one major concern is that there won’t be patches available for any issues or vulnerabilities
Farès has discovered that attackers have breached his wireless network. They seem to have used a brute-force attack on the WiFi-protected setup PIN to exploit the WAP and recover the WPA2 password. What is this attack called?
Evil twin
Rogue WAP
WPS Attack
WPS Attack
WiFi protected setup (WPS) uses a PIN to connect to the wireless access point (WAP). The WPS attack attempts to intercept that PIN in transmission, connect to the WAP, and then steal the WPA2 password
Your wireless network has been breached. It appears the attacker modified a portion of data used with the stream cipher and utilized this to expose wirelessly encrypted data. What is this attack called?
Evil twin
Rogue WAP
IV attack
IV attack
Initialization vectors are used with stream ciphers. An IV attack attempts to exploit a flaw to use the IV to expose encrypted data
John is concerned about disgruntled employees stealing company documents and exfiltrating them from the network. He is looking for a solution that will detect likely exfiltration and block it. What type of system is John looking for?
IPS
SIEM
Honeypot
IPS
Any of these systems could help with detecting malicious activity by an insider, but the intrusion prevention system will block such activity, if detected
Some users on your network use Acme Bank for their personal banking. Those users have all recently been the victim of an attack, wherein they visited a fake Acme Bank website and their logins were compromised. They all visited the bank website from your network, and all of them insist they typed in the correct URL. What is the most likely explanation for this situation?
Trojan horse
Clickjacking
DNS poisoning
DNS poisoning
This appears to be a situation where your network’s DNS server is compromised and sending people to a fake site
Users are complaining that they cannot connect to the wireless network. You discover that the WAPs are being subjected to a wireless attack designed to block their WiFi signals. Which of the following is the best label for this attack?
IV attack
Jamming
Botnet
Jamming
This is a classic description of jamming
What type of attack involves users clicking on something different on a website than what they intended to click on?
Clickjacking
Bluejacking
Evil twin
Clickjacking
This is the classic description of clickjacking
What type of attack exploits the trust that a website has for an authenticated user to attack that website by spoofing requests from the trusted user?
Cross-site scripting
Cross-site request forgery
Bluejacking
Cross-site request forgery
Cross-site request forgery sends fake requests to a website that purport to be from a trusted, authenticated user
John is a network administrator for Acme Company. He has discovered that someone has registered a domain name that is spelled just one letter different than his company’s domain. The website with the misspelled URL is a phishing site. What best describes this attack?
Session hijacking
Cross-site request forgery
Typosquatting
Typosquatting
This is a classic example of typosquatting. The website is off by only one or two letters, hoping that when users to the real website mistype the URL they will go to the fake website
Frank has discovered that someone was able to get information from his smartphone using a Bluetooth connection. The attacker was able to get his contact list and some emails he had received. What is this type of attack called?
Bluesnarfing
Session hijacking
Backdoor attack
Bluesnarfing
Bluesnarfing uses Bluetooth to extract data from a Bluetooth device
Juanita is a network administrator for Acme Company. Some users complain that they keep getting dropped from the network. When Juanita checks the logs for the wireless access point (WAP), she finds that a deauthentication packet has been sent to the WAP from the users’ IP addresses. What seems to be happening here?
Problem with users’ WiFi configuration
Disassociation attack
Session hijacking
Disassociation attack
This is a classic example of a disassociation attack. The attacker tricks users into disassociating from the device
John has discovered that an attacker is trying to get network passwords by using software that attempts a number of passwords from a list of common passwords. What type of attack is this?
Dictionary
Rainbow table
Brute force
Dictionary
This is an example of a dictionary attack. The attacker uses a list of words that are believed to be likely passwords
You are a network security administrator for a bank. You discover that an attacker has exploited a flaw in OpenSSL and forced some connections to move to a weak cipher suite version of TLS, which the attacker could breach. What type of attack was this?
Disassociation attack
Downgrade attack
Session hijacking
Downgrade attack
This is a classic example of a downgrade attack
When an attacker tries to find an input value that will produce the same hash as a password, what type of attack is this?
Rainbow table
Brute force
Collision attack
Collision attack
A collision is when two different inputs produce the same hash
Farès is the network security administrator for a company that creates advanced routers and switches. He has discovered that his company’s networks have been subjected to a series of advanced attacks over a period of time. What best describes this attack?
DDoS
Brute force
APT
APT
An advanced persistent threat (APT) involves sophisticated (i.e., advanced) attacks over a period of time (i.e., persistent)
You are responsible for incident response at Acme Company. One of your jobs is to attempt to attribute attacks to a specific type of attacker. Which of the following would not be one of the attributes you consider in attributing the attack?
Resources/funding
Intent/motivation
Amount of data stolen
Amount of data stolen
Whether the attacker is an organized criminal, hacktivist, nation-state attacker, or script kiddie, the amount of data stolen could be large or small
John is running an IDS on his network. Users sometimes report that the IDS flags legitimate traffic as an attack. What describes this?
False positive
False negative
False trigger
False positive
When an IDS or antivirus mistakes legitimate traffic for an attack, this is called a false positive
