Threats, Attacks, and Vulnerabilities (5) Flashcards
Which of the following type of testing utilizes an automated process of proactively identifying vulnerabilities of the computing systems present on a network?
Security audit
Vulnerability scanning
White-box test
Vulnerability scanning
Vulnerability scans use automated and semiautomated processes to identify known vulnerabilities
What type of attack is an NFC most susceptible to?
Eavesdropping
Man-in-the-middle
Buffer overflow
Eavesdropping
Near-field communication (NFC) can be susceptible to eavesdropping. Smartphones with NFC can be used as payment methods and should utilize biometric/pin to avoid information being stolen
John has been asked to do a penetration test of a company. He has been given general information but no details about the network. What kind of test is this?
Gray-box
White-box
Partial
Gray-box
A gray-box test involves the tester being given partial information about the network
Under which type of attack does an attacker’s system appear to be the server to the real client and appear to be the client to the real server?
Denial of service
Eavesdropping
Man-in-the-middle
Man-in-the-middle
In the man-in-the-middle attack, the attacker is between the client and the server, and to either end, the attacker appears like the legitimate other end
You are a security administrator for Acme Corporation. You have discovered malware on some of your company’s machines. This malware seems to intercept calls from the web browser to libraries, and then manipulates the browser calls. What type of attack is this?
Man-in-the-browser
Man-in-the-middle
Buffer overflow
Man-in-the-browser
In a man-in-the-browser attack, the malware intercepts calls from the browser to the system, such as system libraries
Your company has hired a penetration testing firm to test the company network security. The penetration tester has just been able to achieve guest-level privileges on one low-security system. What best describes this phase of the test?
Vulnerability scanning
Initial exploit
Black-box testing
Initial exploit
This is the initial exploit, which involves getting initial access to the system
What is the primary risk from using outdated software?
It may not have all the features you need.
It may not have the most modern security features.
It may no longer be supported by the vendor.
It may no longer be supported by the vendor.
When a vendor no longer supports software, there won’t be patches for vulnerabilities or other issues
You are responsible for software testing at Acme Corporation. You want to check all software for bugs that might be used by an attacker to gain entrance into the software or your network. You have discovered a web application that would allow a user to attempt to put a 64-bit value into a 4-byte integer variable. What is this type of flaw?
Memory overflow
Variable overflow
Integer overflow
Integer overflow
Placing a larger integer value into a smaller integer variable is an integer overflow
Which type of virus is most difficult to analyze by reverse engineering?
Polymorphic
Macro
Armored
Armored
Armoring can be as simple as very trivial encryption, but any process that makes it difficult to reverse-engineer a virus is armoring
What type of attack attempts to deauthorize users from a resource, such as a wireless access point (WAP)?
Disassociation
Session hijacking
Man-in-the-middle
Disassociation
Deauthorizing users from a resource is called disassociation
John is a network administrator for a large retail chain. He has discovered that his DNS server is being attacked. The attack involves false DNS requests from spoofed IP addresses. The requests are far larger than normal. What type of attack is this?
Amplification
DNS poisoning
Smurf attack
Amplification
Sending fake DNS requests that are overly large is called an amplification attack. It is a highly specialized type of denial of service
Heidi is a security officer for an investment firm. Many of the employees in her firm travel frequently and access the company intranet from remote locations. Heidi is concerned about users logging in from public WiFi, as well as other people seeing information such as login credentials or customer data. Which of the following is Heidi’s most significant concern?
Social engineering
Shoulder surfing
Man-in-the-middle attack
Shoulder surfing
In this scenario, no technical issues are mentioned—just people seeing information. So shoulder surfing best fits the scenario
Cross-site scripting is an attack on the ___ that is based on the ___ trusting the ___.
user, user, website
user, website, user
website, website, user
user, user, website
Cross-site scripting is an attack on the user that is based on the user trusting the website. Options B, C, and D are incorrect
You are a security officer for a large investment firm. Some of your stock traders handle very valuable accounts with large amounts of money. You are concerned about someone targeting these specific traders to get their login credentials and access account information. Which of the following best describes the attack you are concerned about?
Spear phishing
Man-in-the-middle
Target phishing
Spear phishing
Targeting a specific group is the definition of spear phishing
You lead an incident response team for a large retail chain store. You have discovered what you believe is spyware on the point-of-sale systems. But the malware in question is encrypted, preventing you from analyzing it. What best describes this?
An armored virus
Ransomware
Polymorphic virus
An armored virus
Encryption is one method for armored viruses
Jared has discovered malware on the workstations of several users. This particular malware provides administrative privileges for the workstation to an external hacker. What best describes this malware?
Trojan horse
Logic bomb
Rootkit
Rootkit
This is the definition of a rootkit
Users in your company report someone has been calling their extension and claiming to be doing a survey for a large vendor. Based on the questions asked in the survey, you suspect that this is a scam to elicit information from your company’s employees. What best describes this?
Spear phishing
Vishing
War dialing
Vishing
This is vishing, or using voice calls for phishing
Cross-site request forgery is an attack on the ___ that is based on the ___ trusting the ___.
website, website, user
user, user website
user, website, user
website, website, user
Cross-site request forgery is an attack on the website that is based on the website trusting the user
What type of virus can infect both a file in the operating system and the boot sector?
Multipartite
Rootkit
Ransomware
Multipartite
This is the definition of a multipartite virus
John is analyzing a recent malware infection on his company network. He discovers malware that can spread rapidly and does not require any interaction from the user. What best describes this malware?
Worm
Virus
Logic bomb
Worm
This is the definition of a worm
Your company has issued some new security directives. One of these new directives is that all documents must be shredded before being thrown out. What type of attack is this trying to prevent?
Phishing
Dumpster diving
Shoulder surfing
Dumpster diving
Dumpster diving is the process of going through the trash to find documents
What type of attack embeds malicious code into a document or spreadsheet?
Logic bomb
Trojan horse
Macro virus
Macro virus
This is the definition of a macro virus
You are a network security analyst for an online retail website. Users report that they have visited your site and had their credit cards stolen. You cannot find any evidence of any breach of your website. You begin to suspect that these users were lured to a fake site. You have found a website that is spelled exactly like your company site, with one letter different. What is this attack called?
URL hijacking
DNS poisoning
Cross-site scripting
URL hijacking
URL hijacking or typosquatting is done by naming a phishing URL very similar to an actual URL
You have discovered that someone has been trying to log on to your web server. The person has tried a wide range of likely passwords. What type of attack is this?
Rainbow table
Birthday attack
Dictionary attack
Dictionary attack
The dictionary attack uses common passwords
You have just started a new job as a security administrator for Acme Corporation. You discover they have weak authentication protocols. You are concerned that an attacker might simply capture and re-send a user’s login credentials. What type of attack is this?
Replay attack
IP spoofing
Session hijacking
Replay attack
This is the definition of a replay attack
What is the primary difference between active and passive reconnaissance?
Active is done with black-box tests and passive with white-box tests.
Active is usually done by attackers and passive by testers.
Active will actually connect to the network and could be detected; passive won’t.
Active will actually connect to the network and could be detected; passive won’t.
Active reconnaissance actually connects to the network using techniques such as port scanning
What is the primary difference between a vulnerability scan and a penetration test?
Vulnerability scans are done by employees and penetration tests by outside teams.
Vulnerability scans only use tools; penetration tests are manual.
Vulnerability scans just identify issues; penetration tests attempt to exploit them.
Vulnerability scans just identify issues; penetration tests attempt to exploit them.
Vulnerability scans identify known vulnerabilities. Penetration tests actually exploit those vulnerabilities in order to breach the system
When an attacker breaches one system and uses that as a base to attack a related system, what is this called?
Man-in-the-middle
Pivot
Shimming
Pivot
This is the definition of a pivot
Terrance is conducting a penetration test for a client. The client is a major e-commerce company and is primarily concerned about security for their web server. He has just finished running Nmap and OWASP Zap on the target web server. What is this activity called?
Passive scanning
Black-box testing
Active scanning
Active scanning
Active scanning actually connects to the target network
You have just taken over as the CISO for a large bank. You are concerned about making sure all systems are secure. One major concern you have is security misconfiguration. Which of the following is not a common security misconfiguration?
Unpatched operating system
Default accounts with passwords
No firewall running
No firewall running
A firewall not running is not a configuration issue
