Threats, Vulnerabilities, and Mitigation Flashcards
What vulnerability is associated with installing software outside of a manufacturer’s approved software repository?
Side loading
What is it called when you add random data into a one-way cryptographic hash to help protect against password cracking techniques?
Salting
What is a business email compromise attack? (BEC)
An attacker will impersonate a high-ranking authority figure to request sensitive information/actions from employees, like information to a privileged account
What would you deploy to best protect an organization’s internet-facing website from an attacker exploiting a buffer overflow?
WAF (Web Application Firewall)
What is the difference between Phishing and Smishing?
Smishing is a variant of Phishing, but is done over SMS
A company is required to use certified hardware when building networks. What would address the risks associated with procuring counterfeit hardware?
A thorough analysis of the supply chain
What is password spraying?
A type of brute-force attack used to gain access to user accounts by systematically attempting a small number of commonly used passwords against many user accounts
What string would you block to prohibit access to non-encrypted websites?
http://
What is it called when an attacker enables the use of an input field to run commands that can view or manipulate data?
SQL injection
What type of data refers to sensitive information present in an R&D employees day-to-day life?
Intellectual property
A sys admin received an alert from a file integrity monitoring tool that the hash of the cmd.exe file has changed. No patches were applied in recent times. Which attack most likely occured?
Rootkit
What is a mitigation technique for cross-site scripting?
Input validation
What tool can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
DLP (Data loss prevention)
What is it called when organizations implement access control policies that restrict or allow access to certain resources based on the geographic location of users and devices?
- Geolocation protection
- Ex. They might limit access to sensitive systems only to users connecting from a specific geographic location
What would be the best way to block unknown programs from executing?
Application allow list
What is code signing?
- A process involves applying a digital signature to software
- Verifies the identity of the developer and ensuring the code has not been altered since it was signed
What could you do if you wanted to ensure the authenticity of the code created by a software development company?
Code signing
A user logged in remotely after hours and copied large amounts of data to a personal device, what threat does this describe?
Insider threat
What does Data Loss Prevention (DLP) do?
Protects sensitive information from loss, corruption, misuse, or unauthorized access
What should an analyst do if the management team wants to reduce the impact of a user clicking links on a phishing message if there is already a phishing campaign in place?
Update the EDR policies to block automatic execution of downloaded programs
What is the best preventative/remediation action for botnets?
Enable DDoS protection
What is the best preventative/remediation action for RAT (Remote Access Trojan)?
Disable remote access service
What is the best preventative/remediation action for worms?
Change the default system password
What attacker sends multiple SYN packets to a web server from multiple sources?
Botnet
What attack establishes a connection with a user, which allows the remote commands to be executed?
RAT
What kind of attack is self-propagating and comprises a SQL database using well-known credentials as it moves through the network?
Worm
What kind of attack uses hardware to remotely monitor a user’s input activity to harvest an executive’s credentials?
Keylogger
What is the best preventative/remediation action for a keylogger?
Implement MFA using push notification
What kind of attack embeds hidden access in an internally developed application that bypasses account login?
Backdoor
What is the best preventative/remediation action for backdoor attacks?
Conduct a code review
What security solution should be configured to monitor and block known signature-based attacks on older browser versions with well-known exploits?
IPS
You receive alerts about an internal system sending a large amount of unusual DNS queries over short periods of time after hours; what is most likely occurring?
Data is being exfiltrated
What kind of attack takes advantage of database misconfigurations?
SQL injection
What group of people does whaling target?
High-profile executives
What should be done first when deploying a DLP solution to prevent the exfiltration of sensitive customer data?
Apply classifications to the data
What kind of attack targets groups of users by infecting websites they commonly visit?
Watering-hole
What solution would mitigate a network access vulnerability found in the OS of legacy IoT devices quickly?
Segmentation
What are some signs of a reflected denial of service attack?
- Unable to reach external websites
- Flooded with traffic
- Minimal resource usage on the DNS server
What vulnerability is exploited when an attacker overwrites a register with a malicious address?
Buffer overflow
What describes the process of concealing code or text inside a graphical image?
Steganography
A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. What kind of attack is occuring?
DDoS
