1.0 - Threats, Attacks and Vulnerabilities

Question 1

Code is changing after each use, so that signature-based scanning does not always work.

Type of threat?

Answer 1

Polymorphic Malware

Question 2

Code is encrypted so that it cannot be decomplied or reverse engineered.

Type of threat?

Answer 2

Armored Virus

Question 3

Files are encrypted, either permanently or until a ransom is paid.

Type of threat?

Answer 3

Crypto-Malware

Question 4

Files are encrypted, and request for ransom is received.

Type of threat?

Answer 4

Ransomware

Question 5

Malicious code that attaches itself to another piece of executable code. It only runs when the executable it is attached to is run.

Type of threat?

Answer 5

Virus

Question 6

Malicious code that spreads across a network without being attached to another executable. Can also move via email, open network shares, IIS, SQL. Type of threat?

Answer 6

Worm

Question 7

Software that appears to do one thing, such as a game, but also has embedded malicious code.

Type of threat?

Answer 7

Trojan

Question 8

Threat that modifies the OS, often by re-writing the kernel.

Type of threat?

Answer 8

Rootkit

Question 9

Malicious code that records keystrokes.

Type of threat?

Answer 9

Keylogger

Question 10

Software that makes ads appear. Can be malicious or legitimate.

Type of software?

Answer 10

Adware

Question 11

Software that monitors a user’s activities, including: keylogging, browsing, cheating on games, software usage.

Type of software?

Answer 11

Spyware

Question 12

A large number of infected PCs that can be controlled by one malicious user.

Type of threat?

Answer 12

Botnet

Question 13

A hacker installs a toolkit on a remote PC that lets them record keystrokes, take screenshots, install software, see and change system settings.

What is this toolkit called?

Answer 13

RAT (Remote-Access Trojan)

Question 14

An administrator installs a piece of code that will delete files or do other damage if they are fired.

What is this called?

Answer 14

Logic Bomb (or Time Bomb if it will go off a specific number of days later)

Question 15

A developer is able to get back into a system even after new layers of security have been added.

What method did they use.

Answer 15

Backdoor / Trapdoor. Often a hard-coded password, which is difficult to remove.

Question 16

List common Indicators of Compromise (IOC)

Answer 16

Common IOCs are:

Network:

• Unusual outbound network traffic
• Geographical irregularities in network traffic
• HTML response sizes
• Mismatched port-application traffic
• Unusual DNS requests
• Signs of DDoS activity
• Web traffic with nonhuman behavior

Accounts:

• Anomalies in privileged user account activity
• Account login red flags

OS & Applications:

• Increase in database read volumes
• Large number of requests for the same file
• Suspicious registry or system file changes
• Unexpected patching of systems
• Mobile device profile changes
• Bundles of data in the wrong place

Question 17

A threat returns even after the OS is wiped and reloaded while the system is air-gapped.

Likely type of threat?

Answer 17

Firmware Rootkit, possibly in a video card or expansion card firmware.

Question 18

This threat loads before the OS, as a virtualization layer for the OS. This allows it to intercept hardware calls to the OS.

Answer 18

Virtual Rootkit or Vitual Machine-Based Rootkit (VMBR).

Question 19

This type of threat operates at the OS level, giving it priviledged access to the system.

Answer 19

Kernal Rootkit

Question 20

This type of threat infects libraries, such as .DLL files, so they can execute inside a target process to spoof it, or overwrite the memory of the target application.

Answer 20

Library Rootkit

Question 21

Any threat will attack at least one of the three security requirements (the CIA of security). These are?

Answer 21

Confidentiality

Integrity

Availability

Question 22

A user receives an email indicating that they need to login to resolve an account issue at a website.

What type of threat is this?

Answer 22

Phishing

Question 23

Members of just the accounting team receive emails asking them to login to the corporate bank account, with an invalid link.

What type of attack is this?

Answer 23

Spear Phishing

Question 24

The CEO receives a ficticious email or phone call, which was tailored just for her. What type of attack is this?

Answer 24

Whaling

Question 25

A threat actor spoofs the company’s HR phone number and calls users asking them for personal information. What kind of attack is this?

Answer 25

Vishing

Question 26

How can users protect against phishing and vishing attacks?

Answer 26

Never use the link or phone number provided in the incoming message.

Educate users about these threats.

Question 27

Someone sparks up a conversation with an employee as they are heading into work, then follows them though the door without authenicating. What just happened and how can it be avoided?

Answer 27

The treat actor was Tailgating to gain entry to the building. Educating employees about proper entry procedures or a mantrap are possible solutions.

Question 28

How might a threat actor avoid third-party authorization?

Answer 28

They may:

1. Arrive with knowledge of an existing project or issue
2. Use the guise of trouble to create a sense of urgency
3. Name drop someone important who is currently unavailable

Question 29

What types of parties might a threat actor impersonate?

Answer 29

Help Desk / Support

Contractors / Outside Parties

Question 30

What is the best defense against impersonation attacks?

Answer 30

A standard process for verifying identity and user education.

Question 31

An attacker goes through the organization trash looking for sensitive information. What is this technique called?

Answer 31

Dumpster Diving

Question 32

An attacker watches the keypad on an ATM machine to get users’ PIN numbers, possibily from afar with a telephoto lens. What type of attack is this?

Answer 32

Shoulder Surfing

Question 33

What are some methods to prevent shoulder surfing?

Answer 33

Blinders around PIN keypads

Keypads the move the numbers around

User education

Question 34

Users receive a viral email telling them to delete an important system file in order to prevent future attacks. What is this?

Answer 34

A Hoax, but a damaging one.

Question 35

A website is altered to distribute malware, often just to users in a certain geographical area. What is this attack called?

Answer 35

Watering Hole

These are difficult and time-consuming to setup, so they tend to use zero-day attacks, and are often backed by nation states.

Question 36

A threat actor pretends to be calling from from the IRS. What social engineering principal are they using?

Answer 36

Authority

Question 37

A threat actor implies that a user’s job may be on the line if they do not cooperate. What social engineering principal are they using?

Answer 37

Intimidation

Question 38

A threat actor works within a group to push the decision making process in a particular direction. What social engineering principal are they using?

Answer 38

Consensus

Question 39

A phishing email says that user only has a few minutes to reset their account. What social engineering principal is being used?

Answer 39

Urgency

Question 40

An advertisment says that only a few items are left for sale. What social engineering principal is being used?

Answer 40

Scarcity

Question 41

A threat actor talks to a user about how they have been in similar situations or had similar feelings. What social engineering principal is being used?

Answer 41

Familiarity

Question 42

A social engineer’s goal is not to force someone to do something they don’t want to do, but to create a perception in their mind that they are doing the right thing. What social engineering principal is this?

Answer 42

Trust

Question 43

Describe a social engineer’s primary goal and technique.

Answer 43

Their goal is to manipulate a person’s perception in order to change their actions.

They do this by preying on a person’s beliefs, biases and stereotypes.

Question 44

A system if flooded with TCP SYN requests that return back to a non-existent IP address. This causes the system to lock up. What type of attack is this?

Answer 44

DoS (Denial of Service)

Question 45

A threat actor is able to send commands to a few master systems, which control hundreds or thousands of zombie PCs, which are infected with the correct malware. When the order is received these systems all flood one target with requests, bringing it down. What type of attack is this?

Answer 45

DDoS (Distributed Denial of Service)

Question 46

What precautions can be taken against DDoS attacks?

Answer 46

Precautions against DDoS attacks include:

1. Consistent patching
2. Shorter timeouts for TCP connections
3. Distributed workloads
4. Block ICMP packets at the border
5. Scan your network for zombie systems (helps others more than you)

Question 47

An attacker steals a cookie from a user and is able to hijack their session, by rerouting all communication through another PC. This allows the attacker to see the data being moved (if not encrypted) and see who the target is communicating with. What type of attack is this?

Answer 47

Man-in-the-Middle (session hijacking specifically)

Question 48

Lack of input error-checking in programs is the root cause of this common attack where new commands are injected into a program through the input fields.

Answer 48

Buffer Overflow

Question 49

Describe the 2014 Heartbleed attack.

Answer 49

It took advantage of a buffer overflow vulnerability in the OpenSSL library.

Question 50

Describe some types of Injection attacks.

Answer 50

SQL injection - allows unauthorized SQL commands to run

XML injection - allows access to data

LDAP injection - allows access to data

Command injection - gives privledged command-line access

Question 51

What is the difference between XSS and SQL injection?

Answer 51

XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application’s database.

Question 52

Lack of input validation on a web site allows attackers to include a script and have it rendered. What is this method called?

Answer 52

Cross-Site Scripting (XSS)

Question 53

How can Cross-Site Scripting (XSS) be migated?

Answer 53

Cross-Site Scripting (XSS) mitigation:

• Use anti-XSS libraries to strip scripts from the input strings
• Limit types of uploads, screen or whitelist uploads
• Testing with encoded and unencoded inputs to find vulnerabilities

Question 54

A user is logged into a banking site. Meanwhile code is executed in a separate browser tab to perform a transaction at the site without the user’s knowledge. What type of attack is this?

Answer 54

Cross-Site Request Forgery (XSRF)

Question 55

What methods can migate against Cross-Site Request Forgeries (XSRF)?

Answer 55

• Re-validate the user on important transactions
• Limit authentication time
• Cookie expiration
• Use anti-CSRF tokens in form submissions. These are sent to the user at authentication, then included in subsequent HTTP requests. This the most effective method.

Question 56

An attacker gets standard access to a system, then duplicates an elevated token to run processes as an elevated user. What type of attack is this?

Answer 56

Privilege Escalation

Question 57

What methods can mitigate privilege escalation attacks?

Answer 57

• Follow the least-privilege model
• Regularly review administrative accounts
• Monitor privileged accounts for unusual behavior
• Reduce processes and services that run in elevated mode

Question 58

An attacker sends incorrect ARP and RARP requests to a network, feeding incorrect data into system ARP tables. They then use this corruption to setup a man-in-the-middle attack. What is this method?

Answer 58

ARP Poisoning

Question 59

An attacker sends ICMP Ping commands to a network address, with the reply aimed at a specific PC. This floods the target PC with ping requests. When an attacker is able to create a greater effect than would be possible with a single client, what is it called?

Answer 59

Amplification

Question 60

Running nslookup shows that a system’s local DNS cache is pointing certain DNS names to the wrong IP addresses. What type of attack has occurred?

Answer 60

DNS Poisoning

Question 61

You login to GoDaddy to discover that you no longer own and control one of you domain names. What has occurred?

Answer 61

Domain Hijacking

Question 62

A trojan element is added to a user’s browser that intercepts and changes data as they browse certain websites. What is this attack called?

Answer 62

Man-in-the-Browser (MitB)

Question 63

An attacker uses a vulnerability that is unknown to the developer, so even the latest patches will not protect systems. What is this called?

Answer 63

Zero Day attack

Question 64

An attacker captures communication between two parties and retransmits them at a later time. What is this called?

Answer 64

Replay

Question 65

What best defends against replay attacks?

Answer 65

Defenses against replay attacks:

• Encryption
• Short time frames for transactions

Question 66

An attacker captures a hash file and injects it into a system. This allows them to authenticate without knowing the password. What is this called?

Answer 66

Pass the Hash.

This is technically demanding attack, but tools have been developed to make it easier.

Question 67

When a user clicks on a certain design element, their click is altered by a transparent overlay, causing them to click elsewhere and executing the attacker’s code. What is this type of attack?

Answer 67

Clickjacking

Question 68

A user receives a DoS attack, taking down their system. At the same time, the attacker takes over a Telnet or web session that the user was running. What is this called?

Answer 68

Session Hijacking

Question 69

A peice of malware alters the URL a user is attempting to browse to, causing them to go to a fake website. What is this called?

Answer 69

URL Hijacking

Question 70

A user receives an email from the bank asking them to login. The URL in the mail looks similar to their bank’s, but the actual domain is different. What is this called?

Answer 70

URL Hijacking, Fake URL, Brandjacking, Typo Squatting

Question 71

An attack puts a layer of code between a driver and the OS, changing hardware responses without altering the driver itself. What is this form of driver manipulation called?

Answer 71

Shimming

Question 72

An attacker modifies internal code to add functionality without changing other external behavior of the code or driver. What is this called?

Answer 72

Refactoring

Question 73

An attacker puts the IP of the target system into certain web traffic to facilitate an attack. What is this called?

Answer 73

IP Spoofing

Question 74

A target system is flooded with ICMP requests after the attacker sent the ICMP request to the network address. What technique was used?

Answer 74

IP Spoofing - in the initial request to the network address. This called a Smurf attack.

Question 75

What can mitigate IP spoofing attacks?

Answer 75

• Limit trust relationships between hosts
• Configure firewalls to reject packets from outside that have an inside IP in the From address

Question 76

Why are IP spoofing SYN/ACK attacks more difficult from outside the network?

Answer 76

The attacker will have to guess the sequence numbers for the SYN/ACK transaction.

Question 77

Wireless networks are especially succeptible to this attack where conversations are recorded and sent later on.

Answer 77

Replay attacks

Question 78

WEP wireless encryption was suseptible to this exploit where an initial key sequence was send in the plaintext part of the message.

Answer 78

Initialization Vector (IV). Software such as AirSnort can intercept each packet with weak IV and eventually crack the WEP encryption key for a WAP.

Question 79

You discover a wireless access point hidden in a cupboard. It is configured to emulate a company WAP and intercept user data. What is this called?

Answer 79

Evil Twin

Question 80

A non-company owned AP is allowing clients to authenticate to a real company AP. The attacker uses this to collect user credentials.

Answer 80

Rogue AP

Question 81

A certain radio spectrum is targed by a rogue wireless device. What is this called?

Answer 81

Jamming

Question 82

This easy to use wireless authentication system has the user enter an 8-digit code to authenticate and is susceptible to brute-force attacks.

Answer 82

WPS (Wi-Fi Protected Setup)

Question 83

A user is in a crowded airport when they receive a text message or image via Bluetooth from an unknown and unauthorized user. What type of attack is this?

Answer 83

Bluejacking

Question 84

What can be done to avoid bluejacking?

Answer 84

• Disable Bluetooth
• Set Bluetooth devices to nondiscoverable

Question 85

An attacker copies data from a target phone via Bluetooth. This can include emails, contacts, calendar, and media files. What is this attack called?

Answer 85

Bluesnarfing

Question 86

What is the key difference between bluejacking and bluesnarfing?

Answer 86

Bluejacking sends unauthorized data. Bluesnaring uses an authorized connection to steal data.

Question 87

What types of attacks are RFID readers succeptible to?

Answer 87

• Replay - the attacker intercepts signals and replays them later to authenticate.
• Cloning - a dupilcate RFID card can be created using eavesdropping data.

Question 88

An attacker sends deauthentication frames to a WAP to remove it from the network. What is this called?

Answer 88

Disassociation

Question 89

Why would an attacker disassociate a WAP?

Answer 89

• To sniff the reconnect, including the WPA four-way handshake. This provides initial information needed in a brute-force or dictionary-based WPA attack.
• It forces users to reconnect, which is a chance to mount a man-in-the-middle attack.

Question 90

This brute-force cryptographic attack looks for collisions within hash functions, or duplicate hash functions.

Answer 90

Birthday attack

Question 91

An attacker gathers the original plaintext and the ciphertext for that message, then uses them to key through brute-force attemptes. What is this attack called?

Answer 91

Known Plaintext/Ciphertext

Question 92

What can be done to mitigate Known Plaintext/Ciphertext attacks?

Answer 92

Large keyspace, so that a brute-force attack is no longer feasible.

Question 93

These lists of hash values associated with passwords make password cracking easier.

Answer 93

Rainbow tables

Question 94

What method makes rainbow tables useless?

Answer 94

Salted Hashes, where an additional salt value makes the precomputing process not replicable.

Question 95

A list of common words is used to crack a password.

Answer 95

Dictionary attack

Question 96

Every possible password is attemted against a system or hash file, in this computing-intensive attack.

Answer 96

Brute Force

Question 97

Which type of brute force attack is easy to notice?

Answer 97

Online Brute Force attacks are often detected as the system sees many authentication attempts on the same account.

Question 98

This type of brute force attack requries that the attacker first steal the hash file.

Answer 98

Offline Brute Force attack

Question 99

What types of methods are often part of a hybrid password attack?

Answer 99

Hybrid password attack may start with a dictionary attack, the move on to brute force methods.

Question 100

When two different inputs produce the same output of a hash function, what type of attack is possible?

Answer 100

Collision attack. Many versions of the hash file are produced, then a birthday attack is used to find collisions between them.

Question 101

An attacker take acvantage of a backword compatibility feature in the protocol and forces a TSL/SSL conversation to use a lesser form of encryption. What is this method?

Answer 101

Downgrade

Question 102

If developers do not follow best practices, attackers can record and use conversations to break even encrypted systems with this relatively simple technique.

Answer 102

Replay

Question 103

This common web security protocol has been hacked in all of its version but is still commonly used. What is it, and what should it be replaced with.

Answer 103

SSL has been cracked. It should be replace with TLS. Unfortunately, weak implementations are one of the main issues in IT security.

Question 104

This type of threat actor has little technical knowledge and relies on pre-fab tools.

Answer 104

Script Kiddies

Question 105

When hackers work collectively, usually on the behalf if a cause, they are what?

Answer 105

Hacktivists

Question 106

These type of hackers work to monetize their efforts and work in large, organized units.

Answer 106

Organized Crime. Criminal cybersecurity is now larger in dollar terms and the international drug trade.

Question 107

Often the most skilled of hackers work for these organizations, useing highly structured attacks and defenses.

Answer 107

Nation States. They often use Advanced Persistent Threats (APT) against other nation states or economic interests.

Question 108

With this method, hackers achieve a presense on a target network over a long period of time to gather as much data as possible.

Answer 108

Advanced Persistent Threat (APT)

Question 109

This group of intruders are especially difficult to protect against since they already have some access and understanding of the systems.

Answer 109

Insiders

Question 110

This type of attack is used sparingly - only when other methods are not available - because it usually cannot be used more than once.

Answer 110

Zero Day

Question 111

List the common attributes of threat actors.

Answer 111

Attributes of threat actors include:

• Resources
• Level of sophistication
• Location
• Motivation

Question 112

A cooperative group of government and non-government, sharing and analyzing threat data is an example of what?

Answer 112

Open Source Intelligence

Question 113

Would a penetration test use a zero day attack? Why or why not?

Answer 113

Pen Tests look for common and known vulnerabilities, so they can be mitigated.

Question 114

What goals would a pen tester set?

Answer 114

To hack the system with the same objectives as a likely threat actor. Try to get to the data or system that is most valued to a hacker.

Question 115

Pen testers use tools to directly interract with the target network and learn about it. What is this called?

Answer 115

Active Reconnaissance

Question 116

Pen testers may use publicly-available sources to gather information about a target network. What is this called?

Answer 116

Passive Reconnaissance

Question 117

Pen testers use passive and active tools. What is the difference?

Answer 117

Passive tools scan a network without detection. Active tools can be detected.

Question 118

An attacker establishes a presence on a PC, uploads tools to it, and uses it to scan that portion of the network. They repeat this process to gain information about larger portions of the network. What is the process called?

Answer 118

Pivoting or network traversal

Question 119

This step in the pen testing process shows that a network vulnerability exists, but stops short of damaging any systems.

Answer 119

Initial Exploitation

Question 120

List some common techinques used by pen testers.

Answer 120

Common pen testing techniques include:

• Initial exploitation
• Pivoting / network traversal
• Escalation of privilege
• Perstence

Question 121

This testing technique exposes the program, system or network to malformed input data and looks for flaws in the output data. The tester has no knowledge of how the syhstem works.

Answer 121

Black Box Testing.

This is a common testing technique for web-based applications.

Question 122

This testing technique looks at the internal structures and data processing of an application. The tester has detailed knowledge of the application.

Answer 122

White Box Testing

Question 123

This testing technique is efficient becuase the testers have some knowledge of the software, network or system they are testing. This is efficient becuase entire paths can be eliminated from the test.

Answer 123

Grey Box Testing

Question 124

What is the difference between Pen Testing and Vulnerablility Scanning?

Answer 124

Vulnerability Scanning will find vulnerabilities, whether they can be exploited or not.

Pen Testing will determine which vulnerabilities can be exploitated.

Question 125

What is the difference between credential and non-credentialed vulnerability scans? Why are both scans important?

Answer 125

The difference is whether the vulnerability scan tool was given valid account credentials to use.

Both tests should be run, as a real attacker may not have credentials initially, but might later on in the process.

Question 126

List the common steps in a vulnerability scan.

Answer 126

Common steps in the vulnerability scan are:

• Identify vulnerability
• Identify missing or ineffective security contols
• Identify common misconfigurations

Question 127

What is the difference between intrusive and non-intrusive vulnerability tests?

Answer 127

Intrusive tests will make a change to the system state. This is more accurate at detecting vulnerabilities but it can cause system disruption.

Question 128

An attacker sends similar commands in fast sequence. The data is not received in the expected order, allowing the attacker to gain access. This is an example of what?

Answer 128

Race Conditions

Question 129

What methods can be used to prevent race conditions?

Answer 129

Race conditions can be prevented by:

• Reference counters
• Kernal locks
• Thread syncronization

Question 130

An organization chooses to continue using a server that is running and older OS, which no longer receives updates. What type of vulnerability is this?

Answer 130

End of Life System

Question 131

The primary software on a server receives patches from the vendor, but some of the lesser components from a third party are not patched. What are these vulnerable components called?

Answer 131

Embedded Systems

Question 132

Your organization is using a software that is many versions old, so the vendor support contract has run out. What vulnerability is this?

Answer 132

Lack of Vendor Support

Question 133

This is the most common general type of software vulnerabilty, and can be mitigated with input validation.

Answer 133

Improper Input Handling

Question 134

List types of Improper Input Handling

Answer 134

Types of Improper Input Handing include:

• Buffer Overflows
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (XSRF)
• Injection attacks
• Canonical Structure Errors

Question 135

Which is a better error handling method? Report error to user, or write it to a log file.

Answer 135

Writing errors to a log file is safer, if it is stored where access can be limited by an ACL.

Question 136

A hacker forces errors in a system and records each error message to learn more about the system. What vulnerability is this?

Answer 136

Improper Error Handling

Question 137

A new system is configured with older, less secure, protocols enabled even though they are not needed. What vulnerability is this?

Answer 137

Misconfiguration or Weak Configuration

Question 138

New access points are installed without changing the factory-set admin password. What vulnerability is this?

Answer 138

Default Configuration

Question 139

An attacker floods a target sytem with requests until it runs out of memory or bandwidth and it crashes. What is this technique?

Answer 139

Resource Exhaustion

Question 140

Someone in marketing clicks on the URL in a phishing email, causing a system failure. What would have best prevented this event?

Answer 140

User training

Question 141

A user is able to get into an advanced system because IT Security didn’t realize that one of his group memberships also grants the extra access. What type of vulnerability is this?

Answer 141

Improperly Configured Account

Question 142

The accounting software is confgured to pay on invoices without matching them to purchase orders. What type of vulnerabilty is this?

Answer 142

Vulnerable Business Process

Question 143

The security team would like to build their own custom cryptographic algorithm and implementation. Is this a good idea?

Answer 143

No. Custom cipher suites are not considered secure because they are very difficult to create and implement effectively. It is better to choose an existing cypher system that has been proven to be effective.

Question 144

SSL or TLS?

Answer 144

SSL bad

TLS good

Question 145

A program crashes after a certain amount of time, after mis-written memory overwrites parts of the program’s memory space. What is this called?

Answer 145

Memory Leak

Question 146

An attacker crashes a system by sending it numerical values that are larger than the programmers intended. What is this technique called?

Answer 146

Integer Overflow

Question 147

An attacker enters 150 digits into the phone number field of a form, causing the program to crash or execute an unintended command. What is this called?

Answer 147

Buffer Overflow

Question 148

An attacker inputs invalid data designed to prompt the program to reference the wrong area a memory. What is this called?

Answer 148

Pointer Dereference

Question 149

You discover that a copy of MS Office now has extra functions, including dangerous tools that could be used by a hacker. What is the likely type of attack?

Answer 149

DLL Injection

Question 150

Your organization has acquired numerous smaller companies. As a result, some of the system are not documented or accounted for. This is an example of what?

Answer 150

System Sprawl and Undocumented Assets

Question 151

Your large network has no subnets or VLANs. This is what type of vulnerability?

Answer 151

Architecture / Design Weakness

Question 152

Your organization receives a successful targeted attack, despite all of the latest patches being applied. What is the likely type of attack?

Answer 152

Zero Day

Question 153

Compensating Controls can block the path of an attack without directly addressing the underlying vulnerability. What type of attack are they especially effective against?

Answer 153

Zero Day

Question 154

The employee who updates the certificate server got a job in Florida last year and has not been replaced. What vulnerabilty does your network likely have now?

Answer 154

Improper Certificate and Key Management