Vulnerabilities and Threats

Question 1

A previous cloud administrator has deployed a cloud-hosted web application that uses HTTPS communications over TCP port 443 through the SSL network protocol. The web application is accessed over the Internet by customers. The underlying cloud Linux virtual machine supporting the web application defaults to employing username and password authentication. You have been tasked with hardening the web application. What should you recommend? (Choose two.)

Answer 1

Use TLS instead of SSL and Configure Linux public key authentication instead of username and password authentication.
Transport Layer Security (TLS) supersedes the unsecure deprecated Secure Sockets Layer (SSL). Public key authentication enhances Linux user sign-in security by requiring the user to have knowledge of a username, as well as possessing a private key that is related to the public key stored with Linux host. Public key authentication should always be enabled for the Linux root account.

Question 2

Which of the following statements are true? (Choose two.)

a) Worms log all typed characters to a text file.
b) Worms propagate themselves to other systems.
c) Worms can contain additional malware.
d) Worms infect the hard disk MBR.

Answer 2

Worms propagate themselves to other systems. and
Worms can contain additional malware.

Worms do not require human interaction to multiply and self-propagate over the network and they can carry additional items.

Question 3

While conducting an assessment of network devices, you discover legacy and modern IoT devices that do not allow administrative credentials to be reset, they do not support TLS, and they do not allow firmware updates. What should you do to secure the continued use of these devices?

Answer 3

Place the discovered devices on a firewalled and isolated network.

Legacy devices and IoT devices have limited security configuration options and should be placed on an isolated network that has stricter firewall rules in place to limit traffic to other networks. This way, a compromised device would not be on the same network with other, more sensitive, systems. IoT devices include smart devices, such as those used for commercial and residential lighting automation, heating, ventilation and air conditioning (HVAC), motion detection and video surveillance, and wearable devices such as fitness watches.

Question 4

Which description best defines a fileless virus?

a) A computer program that replicates itself
b) A file with a .vbs file extension
c) A computer program that gathers user information
d) A malicious computer program that loads directly into computer memory

Answer 4

A malicious computer program that loads directly into computer memory

A fileless virus is a type of malware that resides exclusively in a target system’s memory and is not stored in the infected computer’s file system. A traditional virus attaches itself to a file, such as a portable executable (PE), which is an executable (EXE) or dynamic linked library (DLL) file used in Windows operating systems.

Question 5

You are developing a custom software component for a web application that will retrieve real-time stock quote feeds over the Internet using HTTPS. Your solution will consist of custom programming code as well as code from an existing code library using the C# programming language. The data feed will originate from a cloud storage repository. Which of the following presents the biggest potential security risk for this scenario?

Answer 5

Component integration

Integrating systems and components into an existing environment can present security risks if the integrated items are not from a trusted source or are not themselves hardened.

Question 6

James is a software developer for a high-tech company. He creates a program that connects to a chat room and waits to receive commands that will gather personal user information. James embeds this program into an AVI file for a current popular movie and shares this file on a P2P file-sharing network. Once James’s program is activated as people download and watch the movie, what will be created?

Answer 6

Botnets

Botnets are applications that infect computers with malware that is under a malicious user’s control. The malicious user uses command and control (C2) servers to issue commands to infected bots.

Question 7

A user reports USB keyboard problems. You check the back of the computer to ensure that the keyboard is properly connected and notice a small connector between the keyboard and the computer USB port. After investigating, you learn that this piece of hardware captures everything a user types in. What type of hardware is this?

Answer 7

Keylogger

Hardware keyloggers capture the user’s every keystroke and store them in a chip.

Question 8

What is the difference between a rootkit and privilege escalation?

Answer 8

Privilege escalation can result from the installation of a rootkit.

Rootkits conceal themselves from operating systems and enable remote access with escalated privileges.

Question 9

Which of the following are true regarding backdoors? (Choose two.)

Answer 9

They are malicious code and they provide access to the windows root account.

Malicious code produces undesired results, such as a rootkit providing access to a backdoor.

Question 10

Which of the following is NOT an example of a smart (or IoT) device?

Answer 10

System with a chip

A system on a chip (SoC) can be a component of a smart/Internet of Things (IoT) device, but SoC is not a smart/IoT device, much like firmware can be used in a firewall device, but firmware is not a firewall.

Question 11

You have discovered that a driver’s license was mistakenly left on a scanner that was remotely compromised by a malicious user who scanned the document and used it to secure a bank loan. Further investigation reveals that the attacker identified vulnerabilities in the unpatched web application component built into the multifunction printer, which was revealed through web app error messages. Which terms best describe the nature of this attack? (Choose two.)

Answer 11

Data exfiltration and Identity theft

Because the driver’s license was used to secure additional services, identity theft occurred as well as the potential for personal financial loss for the victim. The unauthorized scanning of the driver’s license is considered data exfiltration, also referred to as data loss or a data breach.

Question 12

You have been tasked with hardening Wi-Fi networks in your office building. You plan on seeking potential Wi-Fi vulnerabilities. What should you look for? (Choose two.)

Answer 12

Open Wi-Fi networks and Default settings

An open Wi-Fi network does not require authentication for connecting devices. This means anybody could access the Wi-Fi network and then scan for vulnerable hosts/devices, flood the network with useless traffic thus affecting network and service availability, and so on. The network should at the very least be protected with an encryption passphrase. The use of default settings is a security risk because anybody could easily research the hardware or software solution to determine what the default settings are and use them to access the network

Question 13

__________ is best suited for IoT sensors with small data transmission requirements.

Answer 13

Narrowband IoT

Narrowband Internet of things (IoT) falls under the fifth-generation (5G) mobile network standard. It is designed to support a large number of IoT devices with small data transmission requirements while preserving device battery life for extended periods of time. The wireless transmission of video and other data-intensive applications uses wideband communication channels.

Question 14

Which term describes a digital signal before it is encoded for transmission over radio frequencies?

Answer 14

Baseband

Baseband transmissions are used in radio-frequency (RF) systems including cellular communications. The signal originates as a digital signal but is then converted to an analog signal to be transmitted wirelessly using radio waves.

Question 15

Botnets can be used to set what type of coordinated attack in motion?

Answer 15

DDoS

Botnets (groups of computers under singular control) can be used to dispatch distributed denial of service (DDoS) attacks against hosts or other networks.

Question 16

The Michelangelo virus was said to be triggered to overwrite the first 100 hard disk sectors with null data each year on March 6, the date of the Italian artist’s birthday. What type of virus is Michelangelo?

Answer 16

Logic bombs

Logic bombs trigger malicious code when specific conditions are satisfied, such as a particular date.

Question 17

The Stuxnet attack’s primary function is to hide its presence while reprogramming industrial computer systems such as programmable logic controllers (PLCs) within a SCADA IDS environment. The malware was spread through USB flash drives, where it transmits copies of itself to other hosts. To which of the following does Stuxnet relate? (Choose two.)

Answer 17

Rootkit and Worm

Stuxnet replicates itself, as worm malware does, and masks itself while running, like rootkits do. This malware was designed to attack a specific type of industrial control system (ICS) in a system control and data acquisition (SCADA) environment, specifically, Siemens PLCs used to control centrifuges for uranium enrichment in nuclear power plant facilities in Iran. PLCs run a real-time operation system (RTOS), which is designed to perform specific tasks in a timely and reliable manner. ICSs and SCADA environments are also used to control machinery in manufacturing environments. Industrial networks should not be connected to external networks as a security measure, even though it can complicate the logistics of data transfer, software update, and so on.

Question 18

Which of the following items are most affected by worm malware?

a) Memory
b) IP address
c) Computer name
d) Network bandwidth

Answer 18

Network bandwidth

Worms are malware that self-propagate over a network. As such, they consume bandwidth more so than the other listed resources.

Question 19

Which of the following is true regarding Trojan malware?

a) It secretly gathers user information.
b) It encrypts user data files.
c) It can be propagated through peer-to-peer file-sharing networks.
d) It automatically spreads through Windows file- and print-sharing networks.

Answer 19

It can be propagated through peer-to-peer file-sharing networks.

Trojans are malicious code that appears to be useful software. For example, a user may use a peer-to-peer file-sharing network on the Internet to illegally download pirated software. The software may install and function correctly, but a Trojan may also get installed. This Trojan could use a backdoor for attackers to gain access to the system.

Question 20

While attempting to access documents in a folder on your computer, you notice all of your files have been replaced with what appear to be random filenames. In addition, you notice a single text document containing payment instructions that will result in the decryption of your files. What type of malicious software is described in this scenario?

Answer 20

Ransomware

Ransomware makes data or an entire system inaccessible until a ransom is paid.

Question 21

What should be done to help mitigate the threat of ransomware? (Choose two.)

Answer 21

Conduct user awareness training and use offline backups

User awareness and training can help prevent users from falling prey to scams that involve users clicking file attachments that could be used to launch a ransomware attack. Frequent backups should be taken but stored offline so that a ransomware-infected device cannot also infect data backups.

Question 22

After reviewing perimeter firewall logs, you notice a recent change in activity, where internal stations are now connecting to the same unknown external IP address periodically. You are suspicious of this network traffic. Which explanation is the most likely to be correct?

Answer 22

Bots are contacting a command and control server

Because the change is recent and many internal stations are connecting to the same external IP address, this could indicate bots contacting a command and control server.

Question 23

Which network standard is designed for connecting and controlling smart home devices?

Answer 23

Zigbee

Zigbee is a wireless personal area network (WPAN) standard used for smart home automation devices that communicate over small distances up to approximately 100 meters (approximately 328 feet)

Question 24

A user complains that his system has suddenly become unresponsive and ads for various products and services are popping up on the screen and cannot be closed. Which user actions could have led to this undesirable behavior? (Choose all that apply.)

Answer 24

Clicking a web search result, Viewing a web page, Watching a move in AVI file format, and Inserting a USB flash drive

All listed items have the potential of infecting a computer. Certain controls may be in place, such as limits on which web sites can be viewed or which files can execute, but this type of preventative measure must have been in place before an infection occurred.

Question 25

A server at your place of work has had all of its files encrypted after an attacker compromised a device on the network. Which attack has taken place?

Answer 25

Crypto-malware

Crypto-malware gains access to a computer system and encrypts all files.

Question 26

After installing a new piece of software from an online web site and then reviewing system logs, you notice that programs have been running without your consent. You also realize that files have been added and removed to the system at times when you were not using the computer. Which of the following items was most likely used to result in these logged messages?

Answer 26

Remote access trojan

A. A remote access Trojan (RAT) presents itself as legitimate software that can infect a host and enable an attacker to gain privileged access to that host over a network.