Vulnerabilities and Threats Flashcards
A previous cloud administrator has deployed a cloud-hosted web application that uses HTTPS communications over TCP port 443 through the SSL network protocol. The web application is accessed over the Internet by customers. The underlying cloud Linux virtual machine supporting the web application defaults to employing username and password authentication. You have been tasked with hardening the web application. What should you recommend? (Choose two.)
Use TLS instead of SSL.
Change the default HTTPS port 443 to a different value.
Host the web application on an underlying Windows virtual machine instead of Linux.
Configure Linux public key authentication instead of username and password authentication.
Use TLS instead of SSL.
Configure Linux public key authentication instead of username and password authentication.
The same security issues apply to web applications hosted on-premises as well as in the public cloud. Transport Layer Security (TLS) supersedes the unsecure deprecated Secure Sockets Layer (SSL) network security protocol and should be used instead of SSL. Public key authentication enhances Linux user sign-in security by requiring the user to have knowledge of a username, as well as possessing a private key that is related to the public key stored with the Linux host. Public key authentication should always be enabled for the Linux root account
Which of the following statements are true? (Choose two.)
Worms log all typed characters to a text file.
Worms propagate themselves to other systems.
Worms can contain additional malware.
Worms infect the hard disk MBR
Worms propagate themselves to other systems.
Worms can contain additional malware.
Worms are malicious programs that do not require human interaction to multiply and self-propagate over the network, and they sometimes carry additional malware (the worm is the delivery mechanism)
While conducting an assessment of network devices, you discover legacy and modern IoT devices that do not allow administrative credentials to be reset, they do not support TLS, and they do not allow firmware updates. What should you do to secure the continued use of these devices?
Enable HTTPS on the devices.
Patch the IoT operating system.
Place the discovered devices on a firewalled and isolated network.
Place the discovered devices on a firewalled and isolated network.
Legacy devices and IoT devices that have limited security configuration options should be placed on an isolated network that has strict firewall rules in place to limit traffic to other networks. This way, a compromised device would not be on the same network with other, more sensitive, systems. IoT devices include smart devices, such as those used for commercial and residential lighting automation, heating, ventilation and air conditioning (HVAC), motion detection and video surveillance, and wearable devices such as fitness watches
Which description best defines a fileless virus?
A computer program that replicates itself
A computer program that gathers user information
A malicious computer program that loads directly into computer memory
A malicious computer program that loads directly into computer memory
A fileless virus is a type of malware that resides exclusively in a target system’s memory and is not stored in the infected computer’s file system. A traditional virus attaches itself to a file, such as a portable executable (PE), which is an executable (EXE) or dynamic linked library (DLL) file used in Windows operating systems
You are developing a custom software component for a web application that will retrieve real-time stock quote feeds over the Internet using HTTPS. Your solution will consist of custom programming code as well as code from an existing code library using the C# programming language. The data feed will originate from a cloud storage repository. Which of the following presents the biggest potential security risk for this scenario?
Cloud storage
Vulnerabilities in C#
Component integration
Component integration
Integrating systems and components into an existing environment can present security risks if the integrated items are not from a trusted source or are not themselves hardened
James is a software developer for a high-tech company. He creates a program that connects to a chat room and waits to receive commands that will gather personal user information. James embeds this program into an AVI file for a current popular movie and shares this file on a P2P file-sharing network. Once James’s program is activated as people download and watch the movie, what will be created?
Botnet
DDoS
Logic bomb
Botnet
Botnets are applications that infect computers with malware that is under a malicious user’s control. The malicious user uses command and control (C2) servers to issue commands to infected bots
A user reports USB keyboard problems. You check the back of the computer to ensure that the keyboard is properly connected and notice a small connector between the keyboard and the computer USB port. After investigating, you learn that this piece of hardware captures everything a user types in. What type of hardware is this?
Smartcard
Trojan
Keylogger
Keylogger
Hardware keyloggers capture the user’s every keystroke and store them in a chip
What is the difference between a rootkit and privilege escalation?
Rootkits propagate themselves, while privilege escalation gives attackers additional resource permissions
Privilege escalation can result from the installation of a rootkit.
Rootkits are the result of privilege escalation.
Privilege escalation can result from the installation of a rootkit.
Rootkits conceal themselves from operating systems and enable remote access with escalated privileges
Which of the following are true regarding backdoors? (Choose two.)
They are malicious code.
They enable remote users access to TCP port 25.
They are often used by rootkits.
They provide access to the Windows root account.
They are malicious code.
They are often used by rootkits.
Malicious code produces undesired results, such as a rootkit providing access to a backdoor
Which of the following is NOT an example of a smart (or IoT) device?
A wearable device
A light sensor
System on a chip
System on a chip
A system on a chip (SoC) can be a component of a smart/Internet of Things (IoT) device, but SoC is not a smart/IoT device, much like firmware can be used in a firewall device, but firmware is not a firewall
You have discovered that a driver’s license was mistakenly left on a scanner that was remotely compromised by a malicious user who scanned the document and used it to secure a bank loan. Further investigation reveals that the attacker identified vulnerabilities in the unpatched web application component built into the multifunction printer, which was revealed through web app error messages. Which terms best describe the nature of this attack? (Choose two.)
Brute force
Data exfiltration
Identity theft
Reputation loss
Data exfiltration
Identity theft
Because the driver’s license was used to secure additional services, identity theft occurred as well as the potential for personal financial loss for the victim. The unauthorized scanning of the driver’s license is considered data exfiltration, also referred to as data loss or a data breach
You have been tasked with hardening Wi-Fi networks in your office building. You plan on seeking potential Wi-Fi vulnerabilities. What should you look for? (Choose two.)
Open Wi-Fi networks
MAC address filtering
WPA2 encryption
Default settings
Open Wi-Fi networks
Default settings
An open Wi-Fi network does not require authentication for connecting devices. This means anybody could access the Wi-Fi network and then scan for vulnerable hosts/devices, flood the network with useless traffic thus affecting network and service availability, and so on. The network should at the very least be protected with an encryption passphrase. The use of default settings is a security risk because anybody could easily research the hardware or software solution to determine what the default settings are and use them to access the network
__________ is best suited for IoT sensors with small data transmission requirements.
IPSec
Narrowband IoT
A VPN
Narrowband IoT
Narrowband Internet of things (IoT) falls under the fifth-generation (5G) mobile network standard. It is designed to support a large number of IoT devices with small data transmission requirements while preserving device battery life for extended periods of time. The wireless transmission of video and other data-intensive applications uses wideband communication channels
Which term describes a digital signal before it is encoded for transmission over radio frequencies?
Broadband
5G
Baseband
Baseband
Baseband transmissions are used in radio-frequency (RF) systems including cellular communications. The signal originates as a digital signal but is then converted to an analog signal to be transmitted wirelessly using radio waves
Botnets can be used to set what type of coordinated attack in motion?
DDoS
Cross-site scripting
Privilege escalation
DDoS
Botnets (groups of computers under singular control) can be used to dispatch distributed denial of service (DDoS) attacks against hosts or other networks