Homework 2 Review Questions Flashcards
(21 cards)
An information technology (IT) manager is trying to persuade the chief financial officer (CFO) to sign off on a new support and update contract for the company’s virtualized environment. The CFO sees this as a waste of money since the company already has the environment up and running. The IT manager explained to the CFO that the company will no longer receive security updates to protect the environment. What describes the level of hazard posed by NOT keeping the systems up-to-date?
Risk
A recently terminated employee copied sensitive information from the company’s shared drive right before permanently leaving. This employee is what kind of threat to the company?
Internal
A large multimedia company is experiencing a distributed denial of service (DDoS) attack that has led the company’s platform to become unresponsive. Customers are submitting tickets complaining that they can no longer access the platform and cannot complete their work. What BEST describes what the company is going through?
Service Disruption
An outside nongovernment-affiliated group posted a message online claiming responsibility for shutting down the pipeline of a large oil and gas company. The group claims to have performed this through a vulnerability in the company’s supervisory control and data acquisition (SCADA) equipment that controls the flow through the pipes. What BEST describes this group of attackers?
Hacktivist
The governmental organization in charge of managing the personnel records of the country’s military service members reported that another country had accessed its database. Who BEST describes the adversary that breached the personnel records database?
Nation-state
A large multinational software company experienced a ransomware attack. After running a forensic audit and recovering data from backups, the company found that it was an organized, illicit, nonpolitical group that attempted to extort it. What describes the attack that occurred to the company?
Cybercrime
A security engineer discovered that an active employee copied sensitive information from the company’s shared drive and sold it online. What kind of actor describes this employee?
Insider Threat
A large organization’s security operations center (SOC) noticed in its Extended Detection and Response (XDR) antivirus software that a phished email gained access to the company ticketing system, then to the virtual private network (VPN) software, and lastly, to the company’s file share. What did the SOC find?
Threat Vector
A managed service provider (MSP) company decided to delay the implementation of new antivirus software for its clients after discovering that the vendor could not patch its software automatically. Why might a company NOT want software that is unable to update automatically?
It may not fix newly found vulnerabilities in a timely manner
An employee unknowingly clicked on a malicious attachment but did not notice any issues right away and assumed nothing happened. A short while later, the security operations center received a notification of a virus attempting to access an IP address outside the company. What is the malicious attachment MOST likely doing?
Attempting to create a remote connection
A construction company that receives several emails with attachments from its vendors ran into an issue with one of the emails it received. A malicious actor created an email with an attachment that appeared to be from a known vendor. As a result, the malicious actor tricked an employee into clicking on that attachment. How did the malicious actor convince the employee to click on the attachment?
The actor used a email lure
An employee reported seeing an individual outside the office drop a few thumb drives. The employee grabbed those devices and brought them to the information technology (IT) department. After conducting forensics on the devices using air-gapped machines, the IT team determined that the individual was trying to trick employees into plugging the devices into their computers to steal information. What was the malicious actor attempting on an unsuspecting employee?
The actor used a physical lure
A company uses a popular password manager. It noticed unusual breaches in its systems and forced a password reset on all employees’ accounts. What is a consideration when using third-party software for any computer function?
Every vendor is at risk of threats
A large financial firm recently brought its information technology (IT) back in-house. It made this decision after facing issues with its third-party vendor not properly securing its systems from outside threats. What consideration did the financial firm deliberate regarding the managed service provider (MSP) and returning to IT in-house services?
To limit risks to supply-chain attacks
An accountant received a phone call from an individual requesting information for an ongoing project. The call came from an unrecognized number, but the individual seemed believable and persuasive. Before giving the information over, what should the accountant protect against?
Social engineering
An accountant received a phone call from an individual requesting information for an ongoing project. The individual stated to be from a known vendor the company is working with. Before giving the information over, the accountant should protect against what?
Impersonation
A project manager’s assistant received an email requesting information for an ongoing project. The email attempted to convince the assistant that the project would fail to complete on time if they did not receive the information. Before giving the information over, what should the assistant protect against?
Urgency
An accounts payable clerk received a company-wide email requesting them to click the link within the email to update their personnel information in the human resources portal. At first glance, the email appears to be sent from a legitimate company address. Before giving the information over, what should the clerk protect against?
Phishing
A construction contractor received a phone call from a prospective client that the contractor’s website looked off from what they expected. After an investigation, the construction company discovered that the prospect went to a similar-looking website but did not get to the real one. What caused the client to go to an incorrect website?
Typosquatting
A large multimedia company is in the process of creating a new marketing campaign for a soon-to-be-released movie. However, before releasing the campaign, the company noticed an increase in fake accounts mimicking it online with a similarly-looking campaign. What could the company do to mitigate this issue?
Check for brand impersonation
A local business received numerous complaints from frequent repeat customers about fraud occurring after they ordered delivery through the company’s website, even though it was the legitimate website. What type of attack did the customers become victims of?
Watering hole attack
