Cyber Security Mod 1-5 exam
What is the difference between a Trojan and a RAT?
A RAT gives the attacker unauthorized remote access to the victim's computer.
CSRF
A cross-site request forgery (CSRF) takes advantage of an authentication "token" that a website sends to a user's web browser.
logic bomb
A logic bomb performs a malicious action and sending the agenda of a meeting is not malicious.
Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability?
A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software.
Which of the following is technology that imitates human abilities?
AI
Which tool is most commonly associated with state actors?
Advanced Persistent Threat (APT)
Which of the following is NOT a characteristic of a penetration test?
Automated
Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security. What technology will Oskar recommend?
Automated Indicator Sharing (AIS)
key feature in SecDevOps.
Automation
Which penetration testing consultants are not given any knowledge of the network nor any elevated privileges?
Black box
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer?
Blocking ransomware
Which threat actors sell their knowledge to other attackers or governments?
Brokers
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support?
CYOD (choose your own device)
Which type of threat actor would benefit the most from accessing your enterprise's new machine learning algorithm research and development program?
Competitors
Which of the following groups use Advanced Persistent Threats?
Criminal syndicates
Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation?
Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
Characteristics of malware
Deceive, imprison, and launch
Which of the following is NOT a characteristic of malware?
Diffusion
What is meant by "the chain of trust" in boot security?
Each step in the boot sequence relies on the confirmation from the previous boot sequence step.
Which of the following is the most common method for delivering malware?
CYOD (choose your own device)
Employees choose from a limited selection of approved devices but the employee pays the upfront cost of the device while the business owns the contract.
Which cookie is created by the website a user is currently browsing to store the customer's browsing preference information?
First-party cookie
Why was the BIOS framework relocated to flash memory from a complementary metal-oxide-semiconductor (CMOS) in later development?
Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS.
Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the application. What process did Mary use?
Fuzzing
Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges?
Gray box
Photoplethysmography uses which type of light to measure heart rate on a wearable device?
Green
Which of the following tries to detect and stop an attack?
HIPS (host intrusion prevention system)
Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols?
Hacktivist
Hacktivists and state actors are huge threats to government systems. What is the main difference between hacktivists and state actors?
Hacktivists misuse a computer system or network for socially or politically motivated reasons, whereas state actors are covertly sponsored by a government to attack its foes.
An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker's instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials. Which of the following social engineering techniques was used here?
Impersonation and phishing
Which of the following describes a memory leak attack?
In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.
NOT something that a SIEM can perform?
Incident response A SOAR, not a SIEM, can perform incident response.
Threat actors focused on financial gain often attack which of the following main target categories?
Individual users
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance?
It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.
Which of the following is FALSE about a quarantine process?
It holds a suspicious application until the user gives approval.
What is the advantage of a secure cookie?
It is sent to the server over HTTPS.
An IOC occurs when what metric exceeds its normal bounds?
KRI
KRI (key risk indicator)
KRI is a metric of the upper and lower bounds of specific indicators of normal network activit
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed?
Look at the priority and the accuracy of the vulnerability
Which of the following is a subset of artificial intelligence?
Machine learning
NOT used to describe those who attack computer systems?
Malicious agent
Which boot security mode sends information on the boot process to a remote server?
Measured Boot
What is the secure coding technique that organizes data within the database for minimum redundancy?
Normalization
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?
PCIDSS
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this?
PUP (potentially unwanted programs)
What is an officially released software security update intended to repair a vulnerability called?
Patch
NOT an issue with patching?
Patches address zero-day vulnerabilities
malware attack that uses specialized communication protocols?
RAT
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red Team
Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity?
Risk management framework (RMF)
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute?
SSAE SOC 2 Type II Standards of Attestations Engagement No. 16
In cybersecurity, a threat actor is an individual or an entity responsible for cyber incidents against the technical equipment of enterprises and users. How should you differentiate an attack by a script kiddie from that of a gray hat hacker?
Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world.
What is meant by "infrastructure as code" in SecDevOps?
SecDevOps method of managing software and hardware using principles of developing code
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered?
Security manager
would NOT be considered the result of a logic bomb?
Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
Daniel accidentally installed a vulnerable application. Which of the following system exploitations would NOT be caused by the vulnerable application?
Social engineering and phishing attacks
Which attack embeds malware-distributing links in instant messages?
Spim
What is the term used to describe the connectivity between an organization and a third party?
System integration
Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information?
TLP (Traffic Light Protocol)
A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation?
This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.
Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators' solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications. What type of attack is this?
This is an API attack.
What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation?
Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data
Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake. What type of malicious activity will this be considered?
Vishing
Which of the following is the most efficient means of discovering wireless signals?
War flying
hacker will probe a system for weaknesses and then privately provide that information back to the organization?
White hat hackers
A cybercriminal attempts to trick a computer's user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage. What should the user implement to avoid this situation?
X-Frame
Fuzzing
a process used by common dynamic software testing tools where random inputs are inputted to check exceptions, memory corruption, crashes, etc.
Application program interface (API)
attacks use hostile application APIs to access the application or device.
What can a software keylogger do
can capture screenshots, videos of users, and keystrokes and periodically transfer the information, which cannot be provided by a hardware keylogger.
A first-party cookie
created by the website a user is currently viewing and is used by the website to customize the user's preferences for a better customer experience.
The White team
enforces the rules of the penetration test.
SSAE SOC 2 Type II
examines the areas of security, availability, processing integrity and confidentiality
RAT
has the basic functionality of a Trojan but also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols.
Gray box
have limited knowledge of the network and some elevated privileges.
Black box
have no knowledge of the network and no special privileges.
An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks. As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network?
implement measured boot with UEFI
Since living off the land binaries (LOLBins)
infect a computer's system files, they start to run their code every time the operating system is loaded.
Structured Threat Information Expression (STIX)
is a language and format used to exchange cyberthreat intelligence. All information about a threat can be represented with objects and descriptive relationships.
Structured threat information system (STIX)
is a language and format used to share intelligence as a tool in automated indicator sharing (AIS) and does not monitor traffic.
Normalization
is a process that organizes data within the database for minimum redundancy.
TCP/IP (Transmission Control Protocol/Internet Protocol.)
is implemented over the network to enable communication of devices across the network. This would not be able to identify threat actors or methods.
PUP (potentially unwanted programs)
is software that the user does not want on their computer. A broad category of software that is often more annoying than malicious
What does containerization do?
it separates personal data from corporate data.
HIPS (A host intrusion prevention system)
monitors endpoint activity to immediately react to block a malicious attack by following specific rules.
The Blue team
monitors for Red team attacks and shores up defenses as necessary.
Authorization
permitting the users after validating their credentials. This takes place only after sanitizing the data on a website where sanitization is implemented.
X-Frame
prevents cybercriminals from overlaying content over the webpage.
The Purple team
provides real-time feedback between the Blue team and the Red team.
The CSP (content security policy)
response header from the server controls the resource, which the user is allowed to load within the specific webpage.
The Red team
scans for vulnerabilities and then exploits them.
Secure cookies
secure all the cookie transactions with the server and don't apply to any stored input.
IOC (immediate or cancel order)
shows a malicious activity is occurring but is still in the early stages of an attack.
Basic Input/Output System (BIOS)
the built-in core processor software responsible for booting up your system.
memory leak attack,
the threat actor exploits developer-created loopholes in a program, freeing memory, which is then used by the threat actor.
Mobile device management (MDM)
tools allow a device to be managed remotely by an organization. MDM provides a high degree of control over the device.
TLP (Traffic Light Protocol)
uses four colors (red, amber, green, and white) to indicate the expected sharing limitations that applied by the recipients.
PCIDSS Payment Card Industry Data Security Standard
was introduced to provide a minimum degree of security to organizations that handle customer information such as debit cards and credit card details daily.