Review 9 Flashcards
(20 cards)
Which of the following is a self-replicating program that does not require a host file to propagate?
Zombie
Virus
Worm
Trojan Horse
Worm
Worms can spread independently across networks without needing a host file.
Which of the following BEST describes an inside attacker?
An unintentional threat actor (the most common threat).
An attacker with lots of resources and money at their disposal.
A good individual who tries to help a company see their vulnerabilities.
An agent who uses their technical knowledge to bypass security
An unintentional threat actor (the most common threat).
Inside attackers often have legitimate access to systems.
An organization’s receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. Which type of social engineering is this individual engaging in?
Social validation
Authority
Persuasive
Commitment
Authority
The individual is exploiting their perceived authority to gain information.
Which of the following protocols is classified as a ‘secure’ protocol?
Remote Copy Protocol (RCP)
File Transfer Protocol (FTP)
Point-to-Point Protocol (PPP)
Remote Shell (RSH)
Point-to-Point Protocol (PPP)
PPP is used for secure communications over point-to-point links.
What term describes an area of security weakness?
Exploits
Vulnerabilities
Integrity
Malware
Vulnerabilities
Vulnerabilities can be exploited by attackers to compromise systems.
What is the primary countermeasure to social engineering?
Heavy management oversight
Traffic filters
Awareness
A written security policy
Awareness
Training employees to recognize social engineering tactics is crucial.
Which protocol mitigates many of the security vulnerabilities present in Session and Spoofing attacks?
IPsec
IPv6
Secure MAC
IPv4
IPv6
IPv6 includes features that enhance security compared to IPv4.
Which of the following is a malicious program that is disguised as legitimate or desirable software?
Trojan Horse
Virus
Logic Bomb
Worm
Trojan Horse
Trojan Horses often trick users into installing them by appearing harmless.
Which of the following is used to attack a switch?
MAC Flooding
ARP Poisoning
IP Spoofing
MAC Spoofing
MAC Flooding
MAC Flooding can overwhelm a switch’s memory, leading to network vulnerabilities.
What term describes an exploit of an unpublished vulnerability?
Exploit attack
Zero-Day attack
Vulnerability compromise
Real-time attack
Zero-Day attack
Zero-Day attacks are particularly dangerous as they are unknown to security vendors.
What term describes a security strategy based on the concept that no user or device should be allowed access to the network’s sensitive data without proper authentication and authorization within the network?
Zero Trust
Access Restriction
Role-Based Access Control
Principle of Least Privilege
Zero Trust
The Zero Trust model assumes that threats could originate from both inside and outside the network.
On your way into the back entrance of your work building one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do?
Tell him no and quickly close the door.
Let him in.
Let him in and help him find the restroom. Then let him work.
Direct him to the front entrance and instruct him to check in with the receptionist
Direct him to the front entrance and instruct him to check in with the receptionist
Always verify the identity of individuals requesting access to secure areas.
Which of the following is a common social engineering attack?
Using a sniffer to capture network traffic.
Distributing false information about your organization’s financial status.
Hoax virus information emails.
Logging on with stolen credentials
Hoax virus information emails
These emails often attempt to scare users into taking harmful actions.
Which of the following is NOT a mitigation strategy for ‘external threats’?
Firewall protection
External audits
Role-based access controls
Security awareness training
Role-based access controls
Role-based access controls primarily address internal security.
Which of the following is part of “Fingerprinting” enumeration?
Security configurations via social engineering or port scanning
Network topology discovery
Security configurations via social engineering or port scanning
Vulnerability probing
Identifying system/software versions
Network topology discovery
Vulnerability probing
Identifying system/software versions
Vulnerability probing
Identifying system/software versions
Fingerprinting helps identify system weaknesses through detailed analysis.
Which of the following correctly describes the CIA triad?
Confidentiality, Integrity, Authenticity
Cryptography, Integrity, Authenticity
Confidentiality, Integrity, Accessibility
Confidentiality, Integrity, Availability
Confidentiality, Integrity, Availability
The CIA triad is fundamental to information security principles.
What type of social engineering attack is it when an attacker gathers personal information about the target individual, who is a CEO?
Spearfishing
Whaling
Phishing
Vishing
Whaling
Whaling targets high-profile individuals to extract sensitive information.
Which of the following is NOT one of the four components of a defense in depth strategy?
Network segmentation
Physical Access Control
Separation of duties
Honeypots
Physical Access Control
Physical access control is important, but not one of the core components of defense in depth.
Which of the following describes a ‘rogue’?
A malicious device on your network
A vulnerable device
A device or service on your network that isn’t under the administrative control of the network staff
A device that has been compromised
A device or service on your network that isn’t under the administrative control of the network staff
Rogue devices can pose significant security risks as they may be unmanaged.
Which of the following is not a characteristic of strong passwords?
At least 7 characters in length
Contain numbers
Consist of both uppercase and lowercase letters
Contain special characters/symbols
At least 7 characters in length
Strong passwords should be longer and more complex than just 7 characters.
