Chapter 2: Threats, Attacks, and Vulnerabilities

Question 1

Question: Which threat actor is typically motivated by political or social causes, aiming to promote a message or protest?
A) Nation-State
B) Unskilled Attacker
C) Hacktivist
D) Organised Crime

Answer 1

Answer: C) Hacktivist

Question 2

Question: True or False: “Script kiddies” are often referred to as unskilled attackers.

Answer 2

Answer: True

Question 3

Question: Which attribute of threat actors refers to whether they originate from within or outside the organisation?
A) Resources/Funding
B) Level of Sophistication/Capability
C) Internal/External
D) Motivations

Answer 3

Answer: C) Internal/External

Question 4

Question: What is the primary motivation for “Organised Crime” threat actors?

Answer 4

Answer: Financial gain.

Question 5

Question: Which “threat” represents unauthorised applications, tools, or systems used within an organisation, not officially sanctioned by the IT department?
A) Insider Threat
B) Nation-State
C) Shadow IT
D) Unskilled Attacker

Answer 5

Answer: C) Shadow IT

Question 6

Question: Which motivation involves spying on entities to gather sensitive information, commonly associated with Nation-States?
A) Data Exfiltration
B) Service Disruption
C) Espionage
D) Blackmail

Answer 6

Answer: C) Espionage

Question 7

Question: Which message-based threat vector involves mobile-based text messages that can contain phishing links?
A) Email
B) Instant Messaging (IM)
C) SMS (Smishing)
D) Voice Call (Vishing)

Answer 7

Answer: C) SMS (Smishing)

Question 8

Question: True or False: Malicious payloads can be embedded in images to exploit vulnerabilities when viewed.

Answer 8

Answer: True

Question 9

Question: What type of software runs without installations or agents, making it harder to monitor and potentially vulnerable?
A) Client-based software
B) Agentless software
C) Supported software
D) Patched software

Answer 9

Answer: B) Agentless software

Question 10

Question: What is the security risk associated with “Unsupported Systems and Applications”?

Answer 10

Answer: They are outdated software that no longer receive security updates, making them a significant risk.

Question 11

Question: What is the vulnerability associated with “Default Credentials”?

Answer 11

Answer: Devices or systems with unchanged default passwords can be easily accessed by attackers.

Question 12

Question: Which supply chain threat vector, if compromised, can provide access to their client’s infrastructure?
A) Vendors
B) Suppliers
C) Managed Service Providers (MSPs)
D) Human Vectors

Answer 12

Answer: C) Managed Service Providers (MSPs)

Question 13

Question: What is “Pretexting” in the context of human vectors/social engineering?

Answer 13

Answer: Using fabricated scenarios to obtain personal data.

Question 14

Question: Which social engineering technique involves compromising a commonly used website to target its visitors?
A) Phishing
B) Vishing
C) Watering Hole
D) Typosquatting

Answer 14

Answer: C) Watering Hole

Question 15

Question: Which application vulnerability occurs when data exceeds the buffer’s capacity, leading to an overwrite of adjacent memory locations?
A) Memory Injection
B) Buffer Overflow
C) Race Conditions
D) Malicious Update

Answer 15

Answer: B) Buffer Overflow

Question 16

Question: What is a “Race Condition” vulnerability?

Answer 16

Answer: Situations where a system’s behaviour depends on the sequence or timing of uncontrollable events.

Question 17

Question: Which web-based vulnerability involves attackers inserting malicious SQL code into input fields to run unauthorised SQL queries?
A) Cross-site Scripting (XSS)
B) Structured Query Language Injection (SQLi)
C) Memory Injection
D) Buffer Overflow

Answer 17

Answer: B) Structured Query Language Injection (SQLi)

Question 18

Question: True or False: Cross-site Scripting (XSS) involves attackers injecting malicious scripts into websites, which are then executed by the victim’s browser.

Answer 18

Answer: True

Question 19

Question: What is the security concern with “End-of-life Hardware”?

Answer 19

Answer: Devices no longer supported by manufacturers, resulting in unpatched vulnerabilities.

Question 20

Question: Which virtualisation vulnerability allows an attacker to run code on a VM and break out to interact with the host system?
A) Resource Reuse
B) Cloud-specific Vulnerabilities
C) Virtual Machine (VM) Escape
D) Misconfiguration

Answer 20

Answer: C) Virtual Machine (VM) Escape

Question 21

Question: What are “Zero-day Vulnerabilities”?

Answer 21

Answer: Previously unknown vulnerabilities that are not yet patched by vendors, meaning there is no defence against them until discovered.

Question 22

Question: What is “Jailbreaking” in the context of mobile device vulnerabilities?

Answer 22

Answer: Bypassing the built-in security mechanisms of iOS leaves the device vulnerable.

Question 23

Question: A sudden file encryption, a ransom note displayed, and a change of file extensions are strong indicators of which type of malware attack?
A) Trojan
B) Worm
C) Ransomware
D) Spyware

Answer 23

Answer: C) Ransomware

Question 24

Question: What is a key indicator of a “Worm” malware attack?

Answer 24

Answer: Rapid spread across networked devices and self-replicating behaviour.

Question 25

Question: True or False: Unauthorised data transmission and pop-up ads are common indicators of Spyware.

Answer 25

Answer: True

Question 26

Question: Visible damage to locks or entry points and unauthorised entry are indicators of what type of attack? A) Malware Attack B) Network Attack C) Physical Attack D) Application Attack

Answer 26

Answer: C) Physical Attack

Question 27

Question: Large amounts of traffic from a multitude of sources is a general indicator of which network attack? A) DNS Attacks B) On-path (Man-in-the-Middle) C) Distributed Denial-of-Service (DDoS) D) Credential Replay

Answer 27

Answer: C) Distributed Denial-of-Service (DDoS)

Question 28

Question: What is "Privilege Escalation" in application attacks?

Answer 28

Answer: Lower-level users gaining higher-level access.

Question 29

Question: Which cryptographic attack involves two different data inputs producing the same output hash? A) Downgrade attack B) Collision attack C) Birthday attack D) Replay attack

Answer 29

Answer: B) Collision attack

Question 30

Question: What does "Impossible Travel" indicate in general security indicators?

Answer 30

Answer: Logins from geographically distant locations in a short timeframe, suggesting suspicious activity.

Question 31

Question: What is the purpose of "Segmentation" as a mitigation technique?

Answer 31

Answer: Dividing a network into smaller segments isolates data and services, preventing attackers from easily accessing other parts of the network if one is breached.

Question 32

Question: True or False: An Access Control List (ACL) defines who can access a particular resource and what operations they can perform.

Answer 32

Answer: True

Question 33

Question: What is the purpose of an "Application Allow List"?

Answer 33

Answer: To specify which applications are allowed to run on a system, preventing anything not on the list from executing and minimising the risk of malicious software.

Question 34

Question: What is the purpose of "Patching" as a mitigation technique?

Answer 34

Answer: Regularly updating software and systems to fix known vulnerabilities, reducing the attack surface.

Question 35

Question: Which security principle involves granting users only the permissions they need to perform their roles? A) Isolation B) Least Privilege C) Configuration Enforcement D) Decommissioning

Answer 35

Answer: B) Least Privilege

Question 36

Question: What is the purpose of "Decommissioning" in security mitigation techniques?

Answer 36

Answer: Safely removing systems or software from operation to ensure old, potentially vulnerable software or hardware doesn't remain a weak point in the network.

Question 37

Question: Which hardening technique controls incoming and outgoing network traffic at the machine level? A) Encryption B) Installation of Endpoint Protection C) Host-based Firewall D) Host-based Intrusion Prevention System (HIPS)

Answer 37

Answer: C) Host-based Firewall