Threats, Attacks, and Vulnerabilities (5)

Question 1

Which of the following type of testing utilizes an automated process of proactively identifying vulnerabilities of the computing systems present on a network?

Security audit

Vulnerability scanning

White-box test

Answer 1

Vulnerability scanning

Vulnerability scans use automated and semiautomated processes to identify known vulnerabilities

Question 2

What type of attack is an NFC most susceptible to?

Eavesdropping

Man-in-the-middle

Buffer overflow

Answer 2

Eavesdropping

Near-field communication (NFC) can be susceptible to eavesdropping. Smartphones with NFC can be used as payment methods and should utilize biometric/pin to avoid information being stolen

Question 3

John has been asked to do a penetration test of a company. He has been given general information but no details about the network. What kind of test is this?

Gray-box

White-box

Partial

Answer 3

Gray-box

A gray-box test involves the tester being given partial information about the network

Question 4

Under which type of attack does an attacker’s system appear to be the server to the real client and appear to be the client to the real server?

Denial of service

Eavesdropping

Man-in-the-middle

Answer 4

Man-in-the-middle

In the man-in-the-middle attack, the attacker is between the client and the server, and to either end, the attacker appears like the legitimate other end

Question 5

You are a security administrator for Acme Corporation. You have discovered malware on some of your company’s machines. This malware seems to intercept calls from the web browser to libraries, and then manipulates the browser calls. What type of attack is this?

Man-in-the-browser

Man-in-the-middle

Buffer overflow

Answer 5

Man-in-the-browser

In a man-in-the-browser attack, the malware intercepts calls from the browser to the system, such as system libraries

Question 6

Your company has hired a penetration testing firm to test the company network security. The penetration tester has just been able to achieve guest-level privileges on one low-security system. What best describes this phase of the test?

Vulnerability scanning

Initial exploit

Black-box testing

Answer 6

Initial exploit

This is the initial exploit, which involves getting initial access to the system

Question 7

What is the primary risk from using outdated software?

It may not have all the features you need.

It may not have the most modern security features.

It may no longer be supported by the vendor.

Answer 7

It may no longer be supported by the vendor.

When a vendor no longer supports software, there won’t be patches for vulnerabilities or other issues

Question 8

You are responsible for software testing at Acme Corporation. You want to check all software for bugs that might be used by an attacker to gain entrance into the software or your network. You have discovered a web application that would allow a user to attempt to put a 64-bit value into a 4-byte integer variable. What is this type of flaw?

Memory overflow

Variable overflow

Integer overflow

Answer 8

Integer overflow

Placing a larger integer value into a smaller integer variable is an integer overflow

Question 9

Which type of virus is most difficult to analyze by reverse engineering?

Polymorphic

Macro

Armored

Answer 9

Armored

Armoring can be as simple as very trivial encryption, but any process that makes it difficult to reverse-engineer a virus is armoring

Question 10

What type of attack attempts to deauthorize users from a resource, such as a wireless access point (WAP)?

Disassociation

Session hijacking

Man-in-the-middle

Answer 10

Disassociation

Deauthorizing users from a resource is called disassociation

Question 11

John is a network administrator for a large retail chain. He has discovered that his DNS server is being attacked. The attack involves false DNS requests from spoofed IP addresses. The requests are far larger than normal. What type of attack is this?

Amplification

DNS poisoning

Smurf attack

Answer 11

Amplification

Sending fake DNS requests that are overly large is called an amplification attack. It is a highly specialized type of denial of service

Question 12

Heidi is a security officer for an investment firm. Many of the employees in her firm travel frequently and access the company intranet from remote locations. Heidi is concerned about users logging in from public WiFi, as well as other people seeing information such as login credentials or customer data. Which of the following is Heidi’s most significant concern?

Social engineering

Shoulder surfing

Man-in-the-middle attack

Answer 12

Shoulder surfing

In this scenario, no technical issues are mentioned—just people seeing information. So shoulder surfing best fits the scenario

Question 13

Cross-site scripting is an attack on the ___ that is based on the ___ trusting the ___.

user, user, website

user, website, user

website, website, user

Answer 13

user, user, website

Cross-site scripting is an attack on the user that is based on the user trusting the website. Options B, C, and D are incorrect

Question 14

You are a security officer for a large investment firm. Some of your stock traders handle very valuable accounts with large amounts of money. You are concerned about someone targeting these specific traders to get their login credentials and access account information. Which of the following best describes the attack you are concerned about?

Spear phishing

Man-in-the-middle

Target phishing

Answer 14

Spear phishing

Targeting a specific group is the definition of spear phishing

Question 15

You lead an incident response team for a large retail chain store. You have discovered what you believe is spyware on the point-of-sale systems. But the malware in question is encrypted, preventing you from analyzing it. What best describes this?

An armored virus

Ransomware

Polymorphic virus

Answer 15

An armored virus

Encryption is one method for armored viruses

Question 16

Jared has discovered malware on the workstations of several users. This particular malware provides administrative privileges for the workstation to an external hacker. What best describes this malware?

Trojan horse

Logic bomb

Rootkit

Answer 16

Rootkit

This is the definition of a rootkit

Question 17

Users in your company report someone has been calling their extension and claiming to be doing a survey for a large vendor. Based on the questions asked in the survey, you suspect that this is a scam to elicit information from your company’s employees. What best describes this?

Spear phishing

Vishing

War dialing

Answer 17

Vishing

This is vishing, or using voice calls for phishing

Question 18

Cross-site request forgery is an attack on the ___ that is based on the ___ trusting the ___.

website, website, user

user, user website

user, website, user

Answer 18

website, website, user

Cross-site request forgery is an attack on the website that is based on the website trusting the user

Question 19

What type of virus can infect both a file in the operating system and the boot sector?

Multipartite

Rootkit

Ransomware

Answer 19

Multipartite

This is the definition of a multipartite virus

Question 20

John is analyzing a recent malware infection on his company network. He discovers malware that can spread rapidly and does not require any interaction from the user. What best describes this malware?

Worm

Virus

Logic bomb

Answer 20

Worm

This is the definition of a worm

Question 21

Your company has issued some new security directives. One of these new directives is that all documents must be shredded before being thrown out. What type of attack is this trying to prevent?

Phishing

Dumpster diving

Shoulder surfing

Answer 21

Dumpster diving

Dumpster diving is the process of going through the trash to find documents

Question 22

What type of attack embeds malicious code into a document or spreadsheet?

Logic bomb

Trojan horse

Macro virus

Answer 22

Macro virus

This is the definition of a macro virus

Question 23

You are a network security analyst for an online retail website. Users report that they have visited your site and had their credit cards stolen. You cannot find any evidence of any breach of your website. You begin to suspect that these users were lured to a fake site. You have found a website that is spelled exactly like your company site, with one letter different. What is this attack called?

URL hijacking

DNS poisoning

Cross-site scripting

Answer 23

URL hijacking

URL hijacking or typosquatting is done by naming a phishing URL very similar to an actual URL

Question 24

You have discovered that someone has been trying to log on to your web server. The person has tried a wide range of likely passwords. What type of attack is this?

Rainbow table

Birthday attack

Dictionary attack

Answer 24

Dictionary attack

The dictionary attack uses common passwords

Question 25

You have just started a new job as a security administrator for Acme Corporation. You discover they have weak authentication protocols. You are concerned that an attacker might simply capture and re-send a user’s login credentials. What type of attack is this?

Replay attack

IP spoofing

Session hijacking

Answer 25

Replay attack

This is the definition of a replay attack

Question 26

What is the primary difference between active and passive reconnaissance?

Active is done with black-box tests and passive with white-box tests.

Active is usually done by attackers and passive by testers.

Active will actually connect to the network and could be detected; passive won’t.

Answer 26

Active will actually connect to the network and could be detected; passive won’t.

Active reconnaissance actually connects to the network using techniques such as port scanning

Question 27

What is the primary difference between a vulnerability scan and a penetration test?

Vulnerability scans are done by employees and penetration tests by outside teams.

Vulnerability scans only use tools; penetration tests are manual.

Vulnerability scans just identify issues; penetration tests attempt to exploit them.

Answer 27

Vulnerability scans just identify issues; penetration tests attempt to exploit them.

Vulnerability scans identify known vulnerabilities. Penetration tests actually exploit those vulnerabilities in order to breach the system

Question 28

When an attacker breaches one system and uses that as a base to attack a related system, what is this called?

Man-in-the-middle

Pivot

Shimming

Answer 28

Pivot

This is the definition of a pivot

Question 29

Terrance is conducting a penetration test for a client. The client is a major e-commerce company and is primarily concerned about security for their web server. He has just finished running Nmap and OWASP Zap on the target web server. What is this activity called?

Passive scanning

Black-box testing

Active scanning

Answer 29

Active scanning

Active scanning actually connects to the target network

Question 30

You have just taken over as the CISO for a large bank. You are concerned about making sure all systems are secure. One major concern you have is security misconfiguration. Which of the following is not a common security misconfiguration?

Unpatched operating system

Default accounts with passwords

No firewall running

Answer 30

No firewall running

A firewall not running is not a configuration issue