Vulnerabilities and Threats Flashcards

1
Q

A previous cloud administrator has deployed a cloud-hosted web application that uses HTTPS communications over TCP port 443 through the SSL network protocol. The web application is accessed over the Internet by customers. The underlying cloud Linux virtual machine supporting the web application defaults to employing username and password authentication. You have been tasked with hardening the web application. What should you recommend? (Choose two.)

Use TLS instead of SSL.

Change the default HTTPS port 443 to a different value.

Host the web application on an underlying Windows virtual machine instead of Linux.

Configure Linux public key authentication instead of username and password authentication.

A

Use TLS instead of SSL.

Configure Linux public key authentication instead of username and password authentication.

The same security issues apply to web applications hosted on-premises as well as in the public cloud. Transport Layer Security (TLS) supersedes the unsecure deprecated Secure Sockets Layer (SSL) network security protocol and should be used instead of SSL. Public key authentication enhances Linux user sign-in security by requiring the user to have knowledge of a username, as well as possessing a private key that is related to the public key stored with the Linux host. Public key authentication should always be enabled for the Linux root account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following statements are true? (Choose two.)

Worms log all typed characters to a text file.

Worms propagate themselves to other systems.

Worms can contain additional malware.

Worms infect the hard disk MBR

A

Worms propagate themselves to other systems.

Worms can contain additional malware.

Worms are malicious programs that do not require human interaction to multiply and self-propagate over the network, and they sometimes carry additional malware (the worm is the delivery mechanism)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

While conducting an assessment of network devices, you discover legacy and modern IoT devices that do not allow administrative credentials to be reset, they do not support TLS, and they do not allow firmware updates. What should you do to secure the continued use of these devices?

Enable HTTPS on the devices.

Patch the IoT operating system.

Place the discovered devices on a firewalled and isolated network.

A

Place the discovered devices on a firewalled and isolated network.

Legacy devices and IoT devices that have limited security configuration options should be placed on an isolated network that has strict firewall rules in place to limit traffic to other networks. This way, a compromised device would not be on the same network with other, more sensitive, systems. IoT devices include smart devices, such as those used for commercial and residential lighting automation, heating, ventilation and air conditioning (HVAC), motion detection and video surveillance, and wearable devices such as fitness watches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which description best defines a fileless virus?

A computer program that replicates itself

A computer program that gathers user information

A malicious computer program that loads directly into computer memory

A

A malicious computer program that loads directly into computer memory

A fileless virus is a type of malware that resides exclusively in a target system’s memory and is not stored in the infected computer’s file system. A traditional virus attaches itself to a file, such as a portable executable (PE), which is an executable (EXE) or dynamic linked library (DLL) file used in Windows operating systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are developing a custom software component for a web application that will retrieve real-time stock quote feeds over the Internet using HTTPS. Your solution will consist of custom programming code as well as code from an existing code library using the C# programming language. The data feed will originate from a cloud storage repository. Which of the following presents the biggest potential security risk for this scenario?

Cloud storage

Vulnerabilities in C#

Component integration

A

Component integration

Integrating systems and components into an existing environment can present security risks if the integrated items are not from a trusted source or are not themselves hardened

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

James is a software developer for a high-tech company. He creates a program that connects to a chat room and waits to receive commands that will gather personal user information. James embeds this program into an AVI file for a current popular movie and shares this file on a P2P file-sharing network. Once James’s program is activated as people download and watch the movie, what will be created?

Botnet

DDoS

Logic bomb

A

Botnet

Botnets are applications that infect computers with malware that is under a malicious user’s control. The malicious user uses command and control (C2) servers to issue commands to infected bots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A user reports USB keyboard problems. You check the back of the computer to ensure that the keyboard is properly connected and notice a small connector between the keyboard and the computer USB port. After investigating, you learn that this piece of hardware captures everything a user types in. What type of hardware is this?

Smartcard

Trojan

Keylogger

A

Keylogger

Hardware keyloggers capture the user’s every keystroke and store them in a chip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the difference between a rootkit and privilege escalation?

Rootkits propagate themselves, while privilege escalation gives attackers additional resource permissions

Privilege escalation can result from the installation of a rootkit.

Rootkits are the result of privilege escalation.

A

Privilege escalation can result from the installation of a rootkit.

Rootkits conceal themselves from operating systems and enable remote access with escalated privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following are true regarding backdoors? (Choose two.)

They are malicious code.

They enable remote users access to TCP port 25.

They are often used by rootkits.

They provide access to the Windows root account.

A

They are malicious code.

They are often used by rootkits.

Malicious code produces undesired results, such as a rootkit providing access to a backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is NOT an example of a smart (or IoT) device?

A wearable device

A light sensor

System on a chip

A

System on a chip

A system on a chip (SoC) can be a component of a smart/Internet of Things (IoT) device, but SoC is not a smart/IoT device, much like firmware can be used in a firewall device, but firmware is not a firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have discovered that a driver’s license was mistakenly left on a scanner that was remotely compromised by a malicious user who scanned the document and used it to secure a bank loan. Further investigation reveals that the attacker identified vulnerabilities in the unpatched web application component built into the multifunction printer, which was revealed through web app error messages. Which terms best describe the nature of this attack? (Choose two.)

Brute force

Data exfiltration

Identity theft

Reputation loss

A

Data exfiltration

Identity theft

Because the driver’s license was used to secure additional services, identity theft occurred as well as the potential for personal financial loss for the victim. The unauthorized scanning of the driver’s license is considered data exfiltration, also referred to as data loss or a data breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have been tasked with hardening Wi-Fi networks in your office building. You plan on seeking potential Wi-Fi vulnerabilities. What should you look for? (Choose two.)

Open Wi-Fi networks

MAC address filtering

WPA2 encryption

Default settings

A

Open Wi-Fi networks

Default settings

An open Wi-Fi network does not require authentication for connecting devices. This means anybody could access the Wi-Fi network and then scan for vulnerable hosts/devices, flood the network with useless traffic thus affecting network and service availability, and so on. The network should at the very least be protected with an encryption passphrase. The use of default settings is a security risk because anybody could easily research the hardware or software solution to determine what the default settings are and use them to access the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

__________ is best suited for IoT sensors with small data transmission requirements.

IPSec

Narrowband IoT

A VPN

A

Narrowband IoT

Narrowband Internet of things (IoT) falls under the fifth-generation (5G) mobile network standard. It is designed to support a large number of IoT devices with small data transmission requirements while preserving device battery life for extended periods of time. The wireless transmission of video and other data-intensive applications uses wideband communication channels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which term describes a digital signal before it is encoded for transmission over radio frequencies?

Broadband

5G

Baseband

A

Baseband

Baseband transmissions are used in radio-frequency (RF) systems including cellular communications. The signal originates as a digital signal but is then converted to an analog signal to be transmitted wirelessly using radio waves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Botnets can be used to set what type of coordinated attack in motion?

DDoS

Cross-site scripting

Privilege escalation

A

DDoS

Botnets (groups of computers under singular control) can be used to dispatch distributed denial of service (DDoS) attacks against hosts or other networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The Michelangelo virus was said to be triggered to overwrite the first 100 hard disk sectors with null data each year on March 6, the date of the Italian artist’s birthday. What type of virus is Michelangelo?

Worm

Trojan

Logic bomb

A

Logic bomb

Logic bombs trigger malicious code when specific conditions are satisfied, such as a particular date

17
Q

The Stuxnet attack’s primary function is to hide its presence while reprogramming industrial computer systems such as programmable logic controllers (PLCs) within a SCADA IDS environment. The malware was spread through USB flash drives, where it transmits copies of itself to other hosts. To which of the following does Stuxnet relate? (Choose two.)

Rootkit

Spam

Worm

Adware

A

Rootkit

Worm

Stuxnet replicates itself, as worm malware does, and masks itself while running, like rootkits do. This malware was designed to attack a specific type of industrial control system (ICS) in a system control and data acquisition (SCADA) environment, specifically, Siemens PLCs used to control centrifuges for uranium enrichment in nuclear power plant facilities in Iran. PLCs run a real-time operation system (RTOS), which is designed to perform specific tasks in a timely and reliable manner. ICSs and SCADA environments are also used to control machinery in manufacturing environments. Industrial networks should not be connected to external networks as a security measure, even though it can complicate the logistics of data transfer, software update, and so on

18
Q

Which of the following items are most affected by worm malware?

Memory

IP address

Network bandwidth

A

Network bandwidth

Worms are malware that self-propagate over a network. As such, they consume bandwidth more so than the other listed resources

19
Q

Which of the following is true regarding Trojan malware?

It secretly gathers user information.

It encrypts user data files.

It can be propagated through peer-to-peer file-sharing networks.

A

It can be propagated through peer-to-peer file-sharing networks.

Trojans are malicious code that appears to be useful software. For example, a user may use a peer-to-peer file-sharing network on the Internet to illegally download pirated software. The software may install and function correctly, but a Trojan may also get installed. This Trojan could use a backdoor for attackers to gain access to the system

20
Q

While attempting to access documents in a folder on your computer, you notice all of your files have been replaced with what appear to be random filenames. In addition, you notice a single text document containing payment instructions that will result in the decryption of your files. What type of malicious software is described in this scenario?

Trojan

Fileless virus

Ransomware

A

Ransomware

Ransomware makes data or an entire system inaccessible until a ransom is paid

21
Q

What should be done to help mitigate the threat of ransomware? (Choose two.)

Modify packet-filtering firewall rules.

Perform online backups.

Conduct user awareness training.

Use offline backups.

A

Conduct user awareness training.

Use offline backups.

User awareness and training can help prevent users from falling prey to scams that involve users clicking file attachments that could be used to launch a ransomware attack. Frequent backups should be taken but stored offline so that a ransomware-infected device cannot also infect data backups

22
Q

After reviewing perimeter firewall logs, you notice a recent change in activity, where internal stations are now connecting to the same unknown external IP address periodically. You are suspicious of this network traffic. Which explanation is the most likely to be correct?

Internal stations are infected with worm malware.

Operating system updates are being installed.

Bots are contacting a command and control server.

A

Bots are contacting a command and control server.

Because the change is recent and many internal stations are connecting to the same external IP address, this could indicate bots contacting a command and control server

23
Q

Which network standard is designed for connecting and controlling smart home devices?

5G

Zigbee

Narrowband IoT

A

Zigbee

Zigbee is a wireless personal area network (WPAN) standard used for smart home automation devices that communicate over small distances up to approximately 100 meters (approximately 328 feet)

24
Q

A user complains that his system has suddenly become unresponsive and ads for various products and services are popping up on the screen and cannot be closed. Which user actions could have led to this undesirable behavior? (Choose all that apply.)

Clicking a web search result

Viewing a web page

Watching a move in AVI file format

Inserting a USB flash drive

A

Clicking a web search result

Viewing a web page

Watching a move in AVI file format

Inserting a USB flash drive

All listed items have the potential of infecting a computer. Certain controls may be in place, such as limits on which web sites can be viewed or which files can execute, but this type of preventative measure must have been in place before an infection occurred

25
Q

A server at your place of work has had all of its files encrypted after an attacker compromised a device on the network. Which attack has taken place?

Virus

Worm

Crypto-malware

A

Crypto-malware

Crypto-malware gains access to a computer system and encrypts all files

26
Q

After installing a new piece of software from an online web site and then reviewing system logs, you notice that programs have been running without your consent. You also realize that files have been added and removed to the system at times when you were not using the computer. Which of the following items was most likely used to result in these logged messages?

Remote access Trojan

Adware

Logic bomb

A

Remote access Trojan

A remote access Trojan (RAT) presents itself as legitimate software that can infect a host and enable an attacker to gain privileged access to that host over a network