Threats, Vulnerabilities, and Mitigation

Question 1

What vulnerability is associated with installing software outside of a manufacturer’s approved software repository?

Answer 1

Side loading

Question 2

What is it called when you add random data into a one-way cryptographic hash to help protect against password cracking techniques?

Answer 2

Salting

Question 3

What is a business email compromise attack? (BEC)

Answer 3

An attacker will impersonate a high-ranking authority figure to request sensitive information/actions from employees, like information to a privileged account

Question 4

What would you deploy to best protect an organization’s internet-facing website from an attacker exploiting a buffer overflow?

Answer 4

WAF (Web Application Firewall)

Question 5

What is the difference between Phishing and Smishing?

Answer 5

Smishing is a variant of Phishing, but is done over SMS

Question 6

A company is required to use certified hardware when building networks. What would address the risks associated with procuring counterfeit hardware?

Answer 6

A thorough analysis of the supply chain

Question 6

What is password spraying?

Answer 6

A type of brute-force attack used to gain access to user accounts by systematically attempting a small number of commonly used passwords against many user accounts

Question 7

What string would you block to prohibit access to non-encrypted websites?

Answer 7

http://

Question 8

What is it called when an attacker enables the use of an input field to run commands that can view or manipulate data?

Answer 8

SQL injection

Question 9

What type of data refers to sensitive information present in an R&D employees day-to-day life?

Answer 9

Intellectual property

Question 10

A sys admin received an alert from a file integrity monitoring tool that the hash of the cmd.exe file has changed. No patches were applied in recent times. Which attack most likely occured?

Answer 10

Rootkit

Question 11

What is a mitigation technique for cross-site scripting?

Answer 11

Input validation

Question 12

What tool can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

Answer 12

DLP (Data loss prevention)

Question 13

What is it called when organizations implement access control policies that restrict or allow access to certain resources based on the geographic location of users and devices?

Answer 13

• Geolocation protection
• Ex. They might limit access to sensitive systems only to users connecting from a specific geographic location

Question 14

What would be the best way to block unknown programs from executing?

Answer 14

Application allow list

Question 15

What is code signing?

Answer 15

• A process involves applying a digital signature to software
• Verifies the identity of the developer and ensuring the code has not been altered since it was signed

Question 16

What could you do if you wanted to ensure the authenticity of the code created by a software development company?

Answer 16

Code signing

Question 17

A user logged in remotely after hours and copied large amounts of data to a personal device, what threat does this describe?

Answer 17

Insider threat

Question 18

What does Data Loss Prevention (DLP) do?

Answer 18

Protects sensitive information from loss, corruption, misuse, or unauthorized access

Question 19

What should an analyst do if the management team wants to reduce the impact of a user clicking links on a phishing message if there is already a phishing campaign in place?

Answer 19

Update the EDR policies to block automatic execution of downloaded programs

Question 20

What is the best preventative/remediation action for botnets?

Answer 20

Enable DDoS protection

Question 21

What is the best preventative/remediation action for RAT (Remote Access Trojan)?

Answer 21

Disable remote access service

Question 22

What is the best preventative/remediation action for worms?

Answer 22

Change the default system password

Question 23

What attacker sends multiple SYN packets to a web server from multiple sources?

Answer 23

Botnet

Question 24

What attack establishes a connection with a user, which allows the remote commands to be executed?

Answer 24

RAT

Question 25

What kind of attack is self-propagating and comprises a SQL database using well-known credentials as it moves through the network?

Answer 25

Worm

Question 26

What kind of attack uses hardware to remotely monitor a user’s input activity to harvest an executive’s credentials?

Answer 26

Keylogger

Question 27

What is the best preventative/remediation action for a keylogger?

Answer 27

Implement MFA using push notification

Question 28

What kind of attack embeds hidden access in an internally developed application that bypasses account login?

Answer 28

Backdoor

Question 29

What is the best preventative/remediation action for backdoor attacks?

Answer 29

Conduct a code review

Question 30

What security solution should be configured to monitor and block known signature-based attacks on older browser versions with well-known exploits?

Answer 30

IPS

Question 31

You receive alerts about an internal system sending a large amount of unusual DNS queries over short periods of time after hours; what is most likely occurring?

Answer 31

Data is being exfiltrated

Question 32

What kind of attack takes advantage of database misconfigurations?

Answer 32

SQL injection

Question 33

What group of people does whaling target?

Answer 33

High-profile executives

Question 34

What should be done first when deploying a DLP solution to prevent the exfiltration of sensitive customer data?

Answer 34

Apply classifications to the data

Question 35

What kind of attack targets groups of users by infecting websites they commonly visit?

Answer 35

Watering-hole

Question 36

What solution would mitigate a network access vulnerability found in the OS of legacy IoT devices quickly?

Answer 36

Segmentation

Question 37

A company’s end users cannot reach external websites. After reviewing data, an analyst discovers that the CPU, disk, and memory usage are minimal but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to the server. What is happening?

Answer 37

Reflected denial of service

Question 38

What are some signs of a reflected denial of service attack?

Answer 38

• Unable to reach external websites
• Flooded with traffic
• Minimal resource usage on the DNS server

Question 39

What vulnerability is exploited when an attacker overwrites a register with a malicious address?

Answer 39

Buffer overflow

Question 40

What describes the process of concealing code or text inside a graphical image?

Answer 40

Steganography

Question 41

A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. What kind of attack is occuring?

Answer 41

DDoS