Vulnerabilities and Threats Flashcards
A previous cloud administrator has deployed a cloud-hosted web application that uses HTTPS communications over TCP port 443 through the SSL network protocol. The web application is accessed over the Internet by customers. The underlying cloud Linux virtual machine supporting the web application defaults to employing username and password authentication. You have been tasked with hardening the web application. What should you recommend? (Choose two.)
Use TLS instead of SSL.
Change the default HTTPS port 443 to a different value.
Host the web application on an underlying Windows virtual machine instead of Linux.
Configure Linux public key authentication instead of username and password authentication.
Use TLS instead of SSL.
Configure Linux public key authentication instead of username and password authentication.
The same security issues apply to web applications hosted on-premises as well as in the public cloud. Transport Layer Security (TLS) supersedes the unsecure deprecated Secure Sockets Layer (SSL) network security protocol and should be used instead of SSL. Public key authentication enhances Linux user sign-in security by requiring the user to have knowledge of a username, as well as possessing a private key that is related to the public key stored with the Linux host. Public key authentication should always be enabled for the Linux root account
Which of the following statements are true? (Choose two.)
Worms log all typed characters to a text file.
Worms propagate themselves to other systems.
Worms can contain additional malware.
Worms infect the hard disk MBR
Worms propagate themselves to other systems.
Worms can contain additional malware.
Worms are malicious programs that do not require human interaction to multiply and self-propagate over the network, and they sometimes carry additional malware (the worm is the delivery mechanism)
While conducting an assessment of network devices, you discover legacy and modern IoT devices that do not allow administrative credentials to be reset, they do not support TLS, and they do not allow firmware updates. What should you do to secure the continued use of these devices?
Enable HTTPS on the devices.
Patch the IoT operating system.
Place the discovered devices on a firewalled and isolated network.
Place the discovered devices on a firewalled and isolated network.
Legacy devices and IoT devices that have limited security configuration options should be placed on an isolated network that has strict firewall rules in place to limit traffic to other networks. This way, a compromised device would not be on the same network with other, more sensitive, systems. IoT devices include smart devices, such as those used for commercial and residential lighting automation, heating, ventilation and air conditioning (HVAC), motion detection and video surveillance, and wearable devices such as fitness watches
Which description best defines a fileless virus?
A computer program that replicates itself
A computer program that gathers user information
A malicious computer program that loads directly into computer memory
A malicious computer program that loads directly into computer memory
A fileless virus is a type of malware that resides exclusively in a target system’s memory and is not stored in the infected computer’s file system. A traditional virus attaches itself to a file, such as a portable executable (PE), which is an executable (EXE) or dynamic linked library (DLL) file used in Windows operating systems
You are developing a custom software component for a web application that will retrieve real-time stock quote feeds over the Internet using HTTPS. Your solution will consist of custom programming code as well as code from an existing code library using the C# programming language. The data feed will originate from a cloud storage repository. Which of the following presents the biggest potential security risk for this scenario?
Cloud storage
Vulnerabilities in C#
Component integration
Component integration
Integrating systems and components into an existing environment can present security risks if the integrated items are not from a trusted source or are not themselves hardened
James is a software developer for a high-tech company. He creates a program that connects to a chat room and waits to receive commands that will gather personal user information. James embeds this program into an AVI file for a current popular movie and shares this file on a P2P file-sharing network. Once James’s program is activated as people download and watch the movie, what will be created?
Botnet
DDoS
Logic bomb
Botnet
Botnets are applications that infect computers with malware that is under a malicious user’s control. The malicious user uses command and control (C2) servers to issue commands to infected bots
A user reports USB keyboard problems. You check the back of the computer to ensure that the keyboard is properly connected and notice a small connector between the keyboard and the computer USB port. After investigating, you learn that this piece of hardware captures everything a user types in. What type of hardware is this?
Smartcard
Trojan
Keylogger
Keylogger
Hardware keyloggers capture the user’s every keystroke and store them in a chip
What is the difference between a rootkit and privilege escalation?
Rootkits propagate themselves, while privilege escalation gives attackers additional resource permissions
Privilege escalation can result from the installation of a rootkit.
Rootkits are the result of privilege escalation.
Privilege escalation can result from the installation of a rootkit.
Rootkits conceal themselves from operating systems and enable remote access with escalated privileges
Which of the following are true regarding backdoors? (Choose two.)
They are malicious code.
They enable remote users access to TCP port 25.
They are often used by rootkits.
They provide access to the Windows root account.
They are malicious code.
They are often used by rootkits.
Malicious code produces undesired results, such as a rootkit providing access to a backdoor
Which of the following is NOT an example of a smart (or IoT) device?
A wearable device
A light sensor
System on a chip
System on a chip
A system on a chip (SoC) can be a component of a smart/Internet of Things (IoT) device, but SoC is not a smart/IoT device, much like firmware can be used in a firewall device, but firmware is not a firewall
You have discovered that a driver’s license was mistakenly left on a scanner that was remotely compromised by a malicious user who scanned the document and used it to secure a bank loan. Further investigation reveals that the attacker identified vulnerabilities in the unpatched web application component built into the multifunction printer, which was revealed through web app error messages. Which terms best describe the nature of this attack? (Choose two.)
Brute force
Data exfiltration
Identity theft
Reputation loss
Data exfiltration
Identity theft
Because the driver’s license was used to secure additional services, identity theft occurred as well as the potential for personal financial loss for the victim. The unauthorized scanning of the driver’s license is considered data exfiltration, also referred to as data loss or a data breach
You have been tasked with hardening Wi-Fi networks in your office building. You plan on seeking potential Wi-Fi vulnerabilities. What should you look for? (Choose two.)
Open Wi-Fi networks
MAC address filtering
WPA2 encryption
Default settings
Open Wi-Fi networks
Default settings
An open Wi-Fi network does not require authentication for connecting devices. This means anybody could access the Wi-Fi network and then scan for vulnerable hosts/devices, flood the network with useless traffic thus affecting network and service availability, and so on. The network should at the very least be protected with an encryption passphrase. The use of default settings is a security risk because anybody could easily research the hardware or software solution to determine what the default settings are and use them to access the network
__________ is best suited for IoT sensors with small data transmission requirements.
IPSec
Narrowband IoT
A VPN
Narrowband IoT
Narrowband Internet of things (IoT) falls under the fifth-generation (5G) mobile network standard. It is designed to support a large number of IoT devices with small data transmission requirements while preserving device battery life for extended periods of time. The wireless transmission of video and other data-intensive applications uses wideband communication channels
Which term describes a digital signal before it is encoded for transmission over radio frequencies?
Broadband
5G
Baseband
Baseband
Baseband transmissions are used in radio-frequency (RF) systems including cellular communications. The signal originates as a digital signal but is then converted to an analog signal to be transmitted wirelessly using radio waves
Botnets can be used to set what type of coordinated attack in motion?
DDoS
Cross-site scripting
Privilege escalation
DDoS
Botnets (groups of computers under singular control) can be used to dispatch distributed denial of service (DDoS) attacks against hosts or other networks
The Michelangelo virus was said to be triggered to overwrite the first 100 hard disk sectors with null data each year on March 6, the date of the Italian artist’s birthday. What type of virus is Michelangelo?
Worm
Trojan
Logic bomb
Logic bomb
Logic bombs trigger malicious code when specific conditions are satisfied, such as a particular date
The Stuxnet attack’s primary function is to hide its presence while reprogramming industrial computer systems such as programmable logic controllers (PLCs) within a SCADA IDS environment. The malware was spread through USB flash drives, where it transmits copies of itself to other hosts. To which of the following does Stuxnet relate? (Choose two.)
Rootkit
Spam
Worm
Adware
Rootkit
Worm
Stuxnet replicates itself, as worm malware does, and masks itself while running, like rootkits do. This malware was designed to attack a specific type of industrial control system (ICS) in a system control and data acquisition (SCADA) environment, specifically, Siemens PLCs used to control centrifuges for uranium enrichment in nuclear power plant facilities in Iran. PLCs run a real-time operation system (RTOS), which is designed to perform specific tasks in a timely and reliable manner. ICSs and SCADA environments are also used to control machinery in manufacturing environments. Industrial networks should not be connected to external networks as a security measure, even though it can complicate the logistics of data transfer, software update, and so on
Which of the following items are most affected by worm malware?
Memory
IP address
Network bandwidth
Network bandwidth
Worms are malware that self-propagate over a network. As such, they consume bandwidth more so than the other listed resources
Which of the following is true regarding Trojan malware?
It secretly gathers user information.
It encrypts user data files.
It can be propagated through peer-to-peer file-sharing networks.
It can be propagated through peer-to-peer file-sharing networks.
Trojans are malicious code that appears to be useful software. For example, a user may use a peer-to-peer file-sharing network on the Internet to illegally download pirated software. The software may install and function correctly, but a Trojan may also get installed. This Trojan could use a backdoor for attackers to gain access to the system
While attempting to access documents in a folder on your computer, you notice all of your files have been replaced with what appear to be random filenames. In addition, you notice a single text document containing payment instructions that will result in the decryption of your files. What type of malicious software is described in this scenario?
Trojan
Fileless virus
Ransomware
Ransomware
Ransomware makes data or an entire system inaccessible until a ransom is paid
What should be done to help mitigate the threat of ransomware? (Choose two.)
Modify packet-filtering firewall rules.
Perform online backups.
Conduct user awareness training.
Use offline backups.
Conduct user awareness training.
Use offline backups.
User awareness and training can help prevent users from falling prey to scams that involve users clicking file attachments that could be used to launch a ransomware attack. Frequent backups should be taken but stored offline so that a ransomware-infected device cannot also infect data backups
After reviewing perimeter firewall logs, you notice a recent change in activity, where internal stations are now connecting to the same unknown external IP address periodically. You are suspicious of this network traffic. Which explanation is the most likely to be correct?
Internal stations are infected with worm malware.
Operating system updates are being installed.
Bots are contacting a command and control server.
Bots are contacting a command and control server.
Because the change is recent and many internal stations are connecting to the same external IP address, this could indicate bots contacting a command and control server
Which network standard is designed for connecting and controlling smart home devices?
5G
Zigbee
Narrowband IoT
Zigbee
Zigbee is a wireless personal area network (WPAN) standard used for smart home automation devices that communicate over small distances up to approximately 100 meters (approximately 328 feet)
A user complains that his system has suddenly become unresponsive and ads for various products and services are popping up on the screen and cannot be closed. Which user actions could have led to this undesirable behavior? (Choose all that apply.)
Clicking a web search result
Viewing a web page
Watching a move in AVI file format
Inserting a USB flash drive
Clicking a web search result
Viewing a web page
Watching a move in AVI file format
Inserting a USB flash drive
All listed items have the potential of infecting a computer. Certain controls may be in place, such as limits on which web sites can be viewed or which files can execute, but this type of preventative measure must have been in place before an infection occurred
A server at your place of work has had all of its files encrypted after an attacker compromised a device on the network. Which attack has taken place?
Virus
Worm
Crypto-malware
Crypto-malware
Crypto-malware gains access to a computer system and encrypts all files
After installing a new piece of software from an online web site and then reviewing system logs, you notice that programs have been running without your consent. You also realize that files have been added and removed to the system at times when you were not using the computer. Which of the following items was most likely used to result in these logged messages?
Remote access Trojan
Adware
Logic bomb
Remote access Trojan
A remote access Trojan (RAT) presents itself as legitimate software that can infect a host and enable an attacker to gain privileged access to that host over a network
