Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ Review > Threats, Attacks, Vulnerabilities > Flashcards

Threats, Attacks, Vulnerabilities Flashcards

1
Q

You have noticed some unusual network traffic outbound from a certain host. The host is communicating with a known malicious server over port 443 using an encrypted TLS tunnel. You ran a full system anti-virus scan of the host with an updated anti-virus signature file, but the anti-virus did not find any infection signs. Which of the following has MOST likely occurred?

Zero-day attack
Directory traversal
session hijacking
password spraying

A

Zero-day attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The management at Steven’s work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network?

A physical survey
Router and switch-based MAC address reporting
A discovery scan using a port scanner
Reviewing a central administration tool like an endpoint manager

A

A discovery scan using a port scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following types of attacks are usually used as part of an on-path attack?

DDOS
Tailgating
Spoofing
Brute force

A

Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

White Team

A

The white team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender’s mission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Purple Team

A

The purple team is made up of both the blue and red teams to work together to maximize their cyber capabilities through continuous feedback and knowledge transfer between attackers and defenders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What kind of attack is an example of IP spoofing?

On-path attack
SQL injections
Cross-site scripting
ARP poisoning

A

On-path attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Several users have contacted the help desk to report that they received an email from a well-known bank stating that their accounts have been compromised and they need to “click here” to reset their banking password. Some of these users are not even customers of this particular bank, though. Which of the following social engineering principles is being utilized as a part of this phishing campaign?

Familiarity
Urgency
Consensus
Intimidation

A

Familiarity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A salesperson’s laptop has become unresponsive after attempting to open a PDF in their email. A cybersecurity analyst reviews the IDS and anti-virus software for any alerts or unusual behavior but finds nothing suspicious. Which of the following threats would BEST classify this scenario?

Ping of death
RAT
Zero-day malware
PII exfiltration

A

Zero-day malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a common attack model of an APT attack?

Relies on worms to spread laterally
Involves sophisticated DDoS attacks
Holds an organization’s data hostage using encryption
Quietly gathers information from compromised systems

A

Quietly gathers information from compromised systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You just received a notification that your company’s email servers have been blocklisted due to reports of spam originating from your domain. What information do you need to start investigating the source of the spam emails?

Network flows for the DMZ containing the email servers
The full email header from one of the spam messages
Firewall logs showing the SMTP connections
The SMTP audit log from his company’s email server

A

The full email header from one of the spam messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are investigating a suspected compromise. You have noticed several files that you don’t recognize. How can you quickly and effectively check if the files have been infected with malware?

Scan the files using a local anti-virus/anti-malware engine
Run the Strings tool against each file to identify common malware identifiers
Disassemble the files and conduct static analysis on them using IDA Pro
Submit the files to an open-source intelligence provider like VirusTotal

A

Submit the files to an open-source intelligence provider like VirusTotal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your intrusion detection system has produced an alert based on its review of a series of network packets. After analysis, it is determined that the network packets did not contain any malicious activity. How should you classify this alert?

False negative
True negative
True positive
False positive

A

False positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A cybersecurity analyst is working at a college that wants to increase its network’s security by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?

Combination of cloud-based and server-based scanning engines
Passive scanning engine located at the core of the network infrastructure
Combination of server-based and agent-based scanning engines
Active scanning engine installed on the enterprise console

A

Active scanning engine installed on the enterprise console

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have been asked to determine if Dion Training’s web server is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server?

Vulnerability scan
Passive scan
Protocol analysis
Banner grabbing

A

Banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is a best practice that should be followed when scheduling vulnerability scans of an organization’s data center?

Schedule scans to be conducted evenly throughout the day
Schedule scans to run during periods of low activity
Schedule scans to begin at the same time every day
Schedule scans to run during peak times to simulate performance under load

A

Schedule scans to run during periods of low activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

As a cybersecurity analyst conducting vulnerability scans, you have just completed your first scan of an enterprise network comprising over 10,000 workstations. As you examine your findings, you note that you have less than 1 critical finding per 100 workstations. Which of the following statement does BEST explain these results?

The network has an exceptionally strong security posture
The scanner was not compatible with the devices on your network
An uncredentialled scan of the network was performed
The scanner failed to connect with the majority of workstations

A

An uncredentialled scan of the network was performed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A customer brought in a computer that has been infected with a virus. Since the infection, the computer began redirecting all three of the system’s web browsers to a series of malicious websites whenever a valid website is requested. You quarantined the system, disabled the system restore, and then perform the remediation to remove the malware. You have scanned the machine with several anti-virus and anti-malware programs and determined it is now cleaned of all malware. You attempt to test the web browsers again, but a small number of valid websites are still being redirected to a malicious website. Luckily, the updated anti-virus you installed blocked any new malware from infecting the system. Which of the following actions should you perform NEXT to fix the redirection issue with the browsers?

Perform a System Restore to an earlier date before the infection
Reformat the system and reinstall the OS
Verify the hosts file has not been maliciously modified
Install a secondary anti-malware solution on the system

A

Verify the hosts file has not been maliciously modified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following would NOT be useful in defending against a zero-day threat?

Patching
Segmentation
Allow listing
Threat intelligence

A

Patching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What type of malware changes its binary pattern in its code on specific dates or times to avoid detection by antimalware software?

Trojan
Logic bomb
Polymorphic virus
Ransomware

A

Polymorphic virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

During your annual cybersecurity awareness training in your company, the instructor states that employees should be careful about what information they post on social media. According to the instructor, if you post too much personal information on social media, such as your name, birthday, hometown, and other personal details, it is much easier for an attacker to conduct which type of attack to break your passwords?

Cognitive password attack
Rainbow table attack
Birthday attack
Brute force attack

A

Cognitive password attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect if an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring?

Heuristic
Trend
Anomaly
Behavior

A

Behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You are trying to find a rogue device on your wired network. Which of the following options would NOT help find the device?

Site Surveys
War Walking
Port Scanning
Mac Validation

A

War Walking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

An employee contacts the service desk because they cannot open an attachment they receive in their email. The service desk agent conducts a screen-sharing session with the user and investigates the issue. The agent notices that the attached file is named Invoice1043.pdf, and a black pop-up window appears and then disappears quickly when the attachment was double-clicked. Which of the following is most likely causing this issue?

The user doesn’t have a PDF reader installed on their computer
The email is a form of spam and should be deleted
The file contains an embedded link to a malicious website
The attachment is using a double file extension to mask its identity

A

The attachment is using a double file extension to mask its identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You are performing a web application security test, notice that the site is dynamic, and must be using a back-end database. You decide you want to determine if the site is susceptible to an SQL injection. What is the first character that you should attempt to use in breaking a valid SQL request?

Exclamation mark
Double quote
Single quote
Semicolon

A

Single quote

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Ted, a file server administrator at Dion Training, has noticed that many sensitive files have been transferred from a corporate workstation to an IP address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company’s security analyst, verifying that the workstation’s anti-malware solution is up-to-date and the network’s firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation?

Session Hijacking
MAC Spoofing
Zero-day
Impersonation

A

Zero-day

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A penetration tester is using a known vulnerability to compromise an Apache webserver. After they gain access to the webserver, what is their next step to pivot to a protected system outside of the screened subnet?

Vulnerability scanning
Patching
Installing additional tools
Privilege escalation

A

Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A recent vulnerability scan found several vulnerabilities on an organization’s public-facing IP addresses. To reduce the risk of a breach, which of the following vulnerabilities should be prioritized for remediation?

A buffer overflow that is known to allow remote code execution
An HTTP response that reveals an internal IP address
A website utilizing a self-signed SSL certificate
A cryptographically weak encryption cipher

A

A buffer overflow that is known to allow remote code execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

During a penetration test, you find a hash value related to malware associated with an APT. What best describes what you have found?

SQL injection
Indicator of compromise
XSRF
Botnet

A

Indicator of compromise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A cybersecurity analyst has received an alert that sensors continuously observe well-known call home messages at their network boundary. Still, the organization’s proxy firewall is properly configured to successfully drop the messages before leaving the network. Which of the following is MOST likely the cause of the call home messages being sent?

An infected workstation is attempting to reach a command and control server
An attacker is performing reconnaissance of the organization’s workstation

A

An infected workstation is attempting to reach a command and control server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Your smartphone begins to receive unsolicited messages while eating lunch at the restaurant across the street from your office. What might cause this to occur?

Geotagging
Packet sniffing
Bluesnarfing
Bluejacking

A

Bluejacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization’s database?

Buffer Overflow
Cross-site scripting
Denial of Service
SQL Injection

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Several users have contacted the help desk to report that they received an email from a well-known bank stating that their accounts have been compromised and they need to “click here” to reset their banking password. Some of these users are not even customers of this particular bank, though. Which of the following social engineering principles is being utilized as a part of this phishing campaign?

Familiarity
Urgency
Intimidation
Consensus

A

Familiarity

33
Q

You are conducting a review of a VPN device’s logs and found the following URL being accessed:-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-https://sslvpn/dana-na/../diontraining/html5acc/teach/../../../../../../etc/passwd?/diontraining/html5acc/teach/-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Based upon this log entry alone, which of the following most likely occurred?

A XML injection attack caused the VPN server to return the password file

The /etc/passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted

An SQL injection attack caused the VPN server to return the password file

The /etc/passwd file was downloaded using a directory traversal attack

A

The /etc/passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted

34
Q

A cybersecurity analyst notices that an attacker is trying to crack the WPS pin associated with a wireless printer. The device logs show that the attacker tried 00000000, 00000001, 00000002 and continued to increment by 1 number each time until they found the correct PIN of 13252342. Which of the following type of password cracking was being performed by the attacker?

Brute-force

Hybrid

Rainbow table

Dictionary

A

Brute-force

35
Q

The Pass Certs Fast corporation has recently been embarrassed by several high profile data breaches. The CIO proposes improving the company’s cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?

The company has already paid for the physical servers and will not fully realize their ROI on them due to the migration

This approach assumes that the cloud will provide better security than is currently done on-site

This approach only changes the location of the network and not the attack surface of it

This is a reasonable approach that will increase the security of the servers and infrastructure

A

This approach only changes the location of the network and not the attack surface of it

36
Q

Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization’s database?

Denial of service

SQL injection

Cross-site scripting

Buffer overflow

A

SQL injection

A SQL injection could allow the attacker to execute remote commands on the database server and lead to sensitive information disclosure.

37
Q

Praveen is currently investigating activity from an attacker who compromised a host on the network. The individual appears to have used credentials belonging to a janitor. After breaching the system, the attacker entered some unrecognized commands with very long text strings and then began using the sudo command to carry out actions. What type of attack has just taken place?

Phishing

Social engineering

Privilege escalation

Session hijacking

A

Privilege escalation

The use of long query strings points to a buffer overflow attack, and the sudo command confirms the elevated privileges after the attack. This indicates a privilege escalation has occurred

38
Q

An attacker recently compromised an e-commerce website for a clothing store. Which of the following methods did the attacker use to harvest an account’s cached credentials when the user logged into an SSO system?

Pivoting

Pass the hash

Lateral movement

Golden ticket

A

Pass the hash

39
Q

You have been asked to determine if Dion Training’s web server is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server?

Banner grabbing

Protocol analysis

Passive scan

Vulnerability scan

A

Banner grabbing

40
Q

You are analyzing the SIEM for your company’s e-commerce server when you notice the following URL in the logs of your SIEM: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-https://www.diontraining.com/add_to_cart.php?itemId=5”+perItemPrice=”0.00”+quantity=”100”+/>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Based on this line, what type of attack do you expect has been attempted?

Buffer overflow

SQL injection

Session hijacking

XML injection

A

XML injection

41
Q

You are conducting threat hunting on your organization’s network. Every workstation on the network uses the same configuration baseline and contains a 500 GB HDD, 4 GB of RAM, and the Windows 10 Enterprise operating system. You know from previous experience that most of the workstations only use 40 GB of space on the hard drives since most users save their files on the file server instead of the local workstation. You discovered one workstation that has over 250 GB of data stored on it. Which of the following is a likely hypothesis of what is happening, and how would you verify it?

The host might be used as a command and control node for a botnet – you should immediately disconnect the host from the network

The host might be the victim of a remote access trojan – you should reimage the machine immediately

The host might use as a staging area for data exfiltration – you should conduct volume-based trend analysis on the host’s storage device

The host might be offline and conducted backups locally – you should contact a system administrator to have it analyzed

A

The host might use as a staging area for data exfiltration – you should conduct volume-based trend analysis on the host’s storage device

42
Q

You are analyzing the following network utilization report because you suspect one of the servers has been compromised. -=-=-=-=-=–=-=-=-=-=–=-=-=-=-=–=-=-=-=-=–=-=-=-=-=–=-=-=-=-=- IP Address Name Uptime Historical Current 192.168.20.2 web01 7D 12H 32M 06S 42.6 GB 44.1 GB 192.168.20.3 webdev02 4D 07H 12M 45S 1.95 GB 2.13 GB 192.168.20.4 dbsvr01 12D 02H 46M 14S 3.15 GB 24.6 GB 192.168.20.5 marketing01 2D 17H 18M 41S 5.2 GB 4.9 GB -=-=-=-=-=–=-=-=-=-=–=-=-=-=-=–=-=-=-=-=–=-=-=-=-=–=-=-=-=-=- Based on the report above, which of the following servers do you suspect has been compromised and should be investigated further?

marketing01

webdev02

dbsvr01

web01

A

dbsvr01

43
Q

Which of the following is a common attack model of an APT attack?

Quietly gathers information from compromised systems

Holds an organization’s data hostage using encryption

Involves sophisticated DDoS attacks

Relies on worms to spread laterally

A

Quietly gathers information from compromised systems

44
Q

You just received a notification that your company’s email servers have been blacklisted due to reports of spam originating from your domain. What information do you need to start investigating the source of the spam emails?

Network flows for the DMZ containing the email servers

The full email header from one of the spam messages

Firewall logs showing the SMTP connections

The SMTP audit log from his company’s email server

A

The full email header from one of the spam messages

45
Q

An insurance company has developed a new web application to allow its customers to choose and apply for an insurance plan. You have been asked to help perform a security review of the new web application. You have discovered that the application was developed in ASP and used MSSQL for its backend database. You have been able to locate an application’s search form and introduced the following code in the search input field: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IMG SRC=vbscript:msgbox(“Vulnerable_to_Attack”);> originalAttribute=”SRC” originalPath=”vbscript:msgbox(“Vulnerable_to_Attack “);>” -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- When you click submit on the search form, your web browser returns a pop-up window that displays Vulnerable_to_Attack. Which of the following vulnerabilities did you discover in the web application?

Cross-site request forgery

Command injection

Cross-site scripting

SQL injection

A

SQL injection

46
Q

A penetration tester hired by a bank began searching for the bank’s IP ranges by performing lookups on the bank’s DNS servers, reading news articles online about the bank, monitoring what times the bank’s employees came into and left work, searching job postings (with a special focus on the bank’s information technology jobs), and even searching the corporate office of the bank’s dumpster. Based on this description, what portion of the penetration test is being conducted?

Information reporting

Active information gathering

Passive information gathering

Vulnerability assessment

A

Active information gathering

47
Q

You have been hired as a penetration tester by an organization that wants you to conduct a risk assessment of their DMZ. The company provided Rules of Engagement states that you must do all penetration testing from an external IP address without being given any prior knowledge of the internal IT system architecture. What kind of penetration test have you been hired to perform?

Red team

White box

Black box

Gray box

A

Black box

(A black box penetration test requires no previous information and usually takes the approach of an uninformed attacker. In a black box penetration test, the penetration tester has no previous information about the target system or network.)

48
Q

An employee contacts the service desk because they are unable to open an attachment they receive in their email. The service desk agent conducts a screen sharing session with the user and investigates the issue. The agent notices that the attached file is named Invoice1043.pdf, and a black pop-up window appears and then disappears quickly when the attachment was double-clicked. Which of the following is most likely causing this issue?

The file contains an embedded link to a malicious website

The email is a form of spam and should be deleted

The attachment is using a double file extension to mask its identity

The user doesn’t have a PDF reader installed on their computer

A

The attachment is using a double file extension to mask its identity

49
Q

Yoyodyne Systems has recently bought out its competitor, Whamiedyne Systems, which went out of business due to a series of data breaches. As a cybersecurity analyst for Yoyodyne, you are assessing Whamiedyne’s existing applications and infrastructure. During your analysis, you discover the following URL is used to access an application:

You change the URL to end with 12346 and notice that a different user’s account information is now displayed. Which of the following type of vulnerabilities or threats have you discovered?

SQL injection

XML injection

Race condition

Insecure direct object reference

A

Insecure direct object reference

50
Q

You are creating a script to filter some logs so that you can detect any suspected malware beaconing. Which of the following is NOT a typical means of identifying a malware beacons behavior on the network?

The beacon’s protocol

The beacon’s persistence

The beaconing interval

The removal of known traffic

A

The beacon’s protocol

Unless you specifically knew the protocol being used by the suspected beacon, filtering out beacons by the protocol seen in the logs could lead you to eliminate malicious behavior prematurely

51
Q

Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect when an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring?

Trend

Anomaly

Heuristic

Behavior

A

Behavior

52
Q

You are conducting threat hunting on your organization’s network. Every workstation on the network uses the same configuration baseline and contains a 500 GB HDD, 4 GB of RAM, and the Windows 10 Enterprise operating system. You know from previous experience that most of the workstations only use 40 GB of space on the hard drives since most users save their files on the file server instead of the local workstation. You discovered one workstation that has over 250 GB of data stored on it. Which of the following is a likely hypothesis of what is happening, and how would you verify it?

The host might be offline and conducted backups locally – you should contact a system administrator to have it analyzed

The host might be the victim of a remote access trojan – you should reimage the machine immediately

The host might use as a staging area for data exfiltration – you should conduct volume-based trend analysis on the host’s storage device

The host might be used as a command and control node for a botnet – you should immediately disconnect the host from the network

A

The host might use as a staging area for data exfiltration – you should conduct volume-based trend analysis on the host’s storage device

53
Q

Which of the following types of attacks occurs when an attacker attempts to obtain person or private information through domain spoofing to by poisoning a DNS Server

Hoax
Vishing
Spamming
Spear phishing
Pharming

A

Pharming

54
Q

As a cybersecurity analyst conducting vulnerability scans, you have just completed your first scan of an enterprise network comprising over 10,000 workstations. As you examine your findings, you note that you have less than 1 critical finding per 100 workstations. Which of the following statement does BEST explain these results?

The scanner failed to connect with the majority of workstations

The network has an exceptionally strong security posture

An uncredentialed scan of the network was performed

The scanner was not compatible with the devices on your network

A

An uncredentialed scan of the network was performed

55
Q

A new alert has been distributed throughout the information security community regarding a critical Apache vulnerability. What action could you take to ONLY identify the known vulnerability?

Perform an authenticated scan on all web servers in the environment

Perform a web vulnerability scan on all servers in the environment

Perform a scan for the specific vulnerability on all web servers

Perform an unauthenticated vulnerability scan on all servers in the environment

A

Perform a scan for the specific vulnerability on all web servers

56
Q

focuses on attempting only one or two passwords per user

A

Password Spray

57
Q

focuses on trying multiple passwords for a single user

A

Brute Force

58
Q

You have been hired to perform a web application security test. During the test, you notice that the site is dynamic and, therefore, must be using a backend database. You decide you want to test to determine if the site is susceptible to a SQL injection. What is the first character that you should attempt to use in breaking a valid SQL request?

Semicolon
Double quote
Single quote

A

Single quote

The single quote character (‘) is used because this is the character limiter in SQL. With a single quote,’ you delimit strings, and therefore you can test whether the strings are properly escaped in the targeted application or not

59
Q

A cybersecurity analyst is working at a college that wants to increase the security of its network by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must be able to scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally-managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?

Active scanning engine installed on the enterprise console

Combination of server-based and agent-based scanning engines

Combination of cloud-based and server-based scanning engines

Passive scanning engine located at the core of the network infrastructure

A

Active scanning engine installed on the enterprise console

60
Q

OBJ-1.7: Since the college wants to ensure there is a centrally-managed enterprise console, using an active scanning engine installed on the enterprise console would best meet these requirements. Then, the college’s cybersecurity analysts could perform scans on any devices that are connected to the network using the active scanning engine at the desired intervals. Agent-based scanning would be ineffective since the college cannot force the installation of the agents onto each of the personally owned devices brought in by the students or faculty. A cloud-based or server-based engine may be useful, but it won’t address the centrally-managed requirement. Passive scanning is less intrusive but is subject to a high number of false positives.

Credentialed scan
External scan
Internal scan
Non-credentialed scan

A

Credentialed scan

61
Q

A penetration tester has been hired to conduct an assessment, but the company wants to exclude social engineering from the list of authorized activities. Which of the following documents would include this limitation?

Acceptable use policy
Service level agreement
Memorandum of understanding
Rules of engagement

A

Rules of engagement

62
Q

https://test.diontraining.com/profile.php?userid=1546
https://test.diontraining.com/profile.php?userid=5482
https://test.diontraining.com/profile.php?userid=3618
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
What type of vulnerability does this website have?

Insecure direct object reference
Race condition
Improper error handling
Weak or default configurations

A

Insecure direct object reference

Insecure direct object references (IDOR) are a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks. In this scenario, an attacker could simply change the userid number and directly access any user’s profile page

63
Q

A cybersecurity analyst has received an alert that well-known call home messages are continuously observed by sensors at their network boundary, but the organization’s proxy firewall is properly configured to successfully drop the messages prior to them leaving the network. Which of the following is MOST likely the cause of the call home messages being sent?

An infected workstation is attempting to reach a command and control server

An attacker is performing reconnaissance the organization’s workstations

A malicious insider is trying to exfiltrate information to a remote network

Malware is running on a company workstation or server

A

An infected workstation is attempting to reach a command and control server

64
Q

A macOS user is browsing the internet in Google Chrome when they see a notification that says “Windows Enterprise Defender: Your computer is infected with a virus, please click here to remove it!” What type of threat is this user experiencing?

Rogue anti-virus
Phishing
Worm
Pharming

A

Rogue anti-virus

65
Q

Your company is making a significant investment in infrastructure-as-a-service (IaaS) hosting to replace its data centers. Which of the following techniques should be used to mitigate the risk of data remanence when moving virtual hosts from one server to another in the cloud?

Zero-wipe drives before moving systems
Span multiple virtual disks to fragment data
Use full-disk encryption
Use data masking

A

Use full-disk encryption

66
Q

You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and causes an impact on the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why?

Firewall logs
Network mapping
NIDS
Syslog

A

Syslog

The syslog server is a centralized log management solution. By looking through the logs on the syslog server, the technician could determine which service failed on which server, since all the logs are retained on the syslog server from all of the network devices and servers

66
Q

An organization is conducting a cybersecurity training exercise. Which team is Jason assigned if he has been asked to monitor and manage the technical environment that is being used by the defenders and attackers during the exercise?

Purple team
Red team
White team
Blue team

A

White team

The white team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender’s mission. The purple team made up of members of both the blue and red teams in order to work together to maximize their cyber capabilities through continuous feedback and knowledge transfer between attackers and defenders.

66
Q

What is used as a measure of biometric performance to rate the system’s ability to correctly authenticate an authorized user by measuring the rate that an unauthorized user is mistakenly permitted access?

Crossover error rate
False acceptance rate
False rejection rate
Failure to capture

A

False acceptance rate

66
Q

A cybersecurity analyst is applying for a new job with a penetration testing firm. He received the job application as a secured Adobe PDF file, but unfortunately, the firm locked the file with a password so the potential employee cannot fill in the application. Instead of asking for an unlocked copy of the document, the analyst decides to write a script in Python to attempt to unlock the PDF file by using passwords from a list of commonly used passwords until he can find the correct password or attempts every password in his list. Based on this description, what kind of cryptographic attack did the analyst perform?

Dictionary attack
Man-in-the-middle attack
Brute-force attack
Session hijacking

A

Dictionary attack

67
Q

Which cloud computing concept is BEST described as focusing on the replacement of applications and programs on a customer’s workstation with cloud-based resources?

PaaS
IaaS
SaaS
DBaaS

A

SaaS

68
Q

The paparazzi have found copies of pictures of a celebrity’s new baby online. The celebrity states they were never publicly released but were uploaded to their cloud provider’s automated photo backup. Which of the following threats was the celebrity MOST likely a victim of?

Unintended Bluetooth pairing
Unauthorized root access
Unauthorized camera activation
Leaked personal files

A

Leaked personal files

69
Q

https://sslvpn/dana-na/../diontraining/html5acc/teach/../../../../../../etc/passwd?/diontraining/html5acc/teach/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Based upon this log entry alone, which of the following most likely occurred?

The /etc/passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted

The /etc/passwd file was downloaded using a directory traversal attack

A XML injection attack caused the VPN server to return the password file

A

The /etc/passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted

70
Q

https://www.diontraining.com/add_to_cart.php?itemId=5”+perItemPrice=”0.00”+quantity=”100”+/><item+id=”5&quantity=0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Based on this line, what type of attack do you expect has been attempted?

SQL injection
Buffer overflow
Session hijacking
XML injection

A

XML injection

The original XML structure would be: <addToCart> <item></item> </addToCart>. By using the URL above, this would be modified to the following: <addToCart> <item></item> <item></item> </addToCart>

71
Q

A cybersecurity analyst has received an alert that well-known call home messages are continuously observed by sensors at their network boundary, but the organization’s proxy firewall is properly configured to successfully drop the messages prior to them leaving the network. Which of the following is MOST likely the cause of the call home messages being sent?

Malware is running on a company workstation or server

An infected workstation is attempting to reach a command and control server

An attacker is performing reconnaissance the organization’s workstations

A malicious insider is trying to exfiltrate information to a remote network

A

An infected workstation is attempting to reach a command and control server

72
Q

You are creating a script to filter some logs so that you can detect any suspected malware beaconing. Which of the following is NOT a typical means of identifying a malware beacons behavior on the network?

The beacon’s protocol
The beaconing interval
The beacon’s persistence
The removal of known traffic

A

The beacon’s protocol

The beacon’s protocol is not typically a means of identifying a malware beacon. A beacon can be sent over numerous protocols, including ICMP, DNS, HTTP, and numerous others. Unless you specifically knew the protocol being used by the suspected beacon, filtering out beacons by the protocol seen in the logs could lead you to eliminate malicious behavior prematurely

73
Q

While conducting a penetration test of an organization’s web applications, you attempt to insert the following script into the search form on the company’s web site: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 

alert("This site is vulnerable to an attack!")
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Then, you clicked the search button, and a pop-up box appears on your screen showing the following text, “This site is vulnerable to an attack!” Based on this response, what vulnerability have you uncovered in the web application?

Distributed denial of service
Cross-site scripting
Buffer overflow
Cross-site request forgery

A

Cross-site scripting

74
Q

During her login session, Sally is asked by the system for a code that is sent to her via text (SMS) message. Which of the following concerns should she raise to her organization’s AAA services manager?

SMS should be encrypted to be secure
SMS is a costly method of providing a second factor of authentication
SMS messages may be accessible to attackers via VoIP or other systems
SMS should be paired with a third factor

A

SMS messages may be accessible to attackers via VoIP or other systems

75
Q
A

Sec+ Review (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions