Lab 2.1: Module 02 Penetration Testing Techniques, ITN 260 Midterm, Lab 7.2: Module 07 Implementing a Public Key Infrastructure, Lab 7.1: Module 07 Security Assessment Techniques, Module 03: Quiz, Module 02: Quiz - Threat Management and Cybersecurity…

KEYLOGGER

Spyware that silently captures and stored each keystroke that a user types on the computer's keyboard

Which of the following statements are true for a zero-day attack?

These are the correct statements regarding a zero-day attack. A zero-day attack is impossible to detect as it exploits unknown vulnerabilities. (True) A zero-day vulnerability can be an example of an unknown threat. (True) Explanation: A zero-day attack is impossible to detect as it exploits unknown vulnerabilities. (True): Zero-day attacks take advantage of software vulnerabilities that are unknown to the vendor or the public. Because these vulnerabilities are not yet discovered or patched, traditional security measures may not be effective in detecting or preventing such attacks. This makes it challenging to detect and defend against zero-day attacks until a patch or solution is developed. A zero-day vulnerability can be an example of an unknown threat. (True): Zero-day vulnerabilities represent unknown threats because they are flaws in software that are not yet known to the software developer or the wider community. Attackers exploit these vulnerabilities before they are discovered and patched, making them a type of threat that is not yet recognized or addressed by security measures. Explanation: Zero-day attacks exploit undisclosed vulnerabilities, making detection difficult, and zero-day vulnerabilities, as unknown threats, are flaws in software exploited by attackers before discovery and patching. The other statements (2 and 3) were marked as false because: A zero-day vulnerability can only be discovered when the software is deployed. (False): Zero-day vulnerabilities can be discovered by researchers, attackers, or security professionals before the software is widely deployed. The term "zero-day" refers to the fact that developers have zero days to fix the issue once it becomes publicly known. A zero-day vulnerability can only exist within operating systems. (False): Zero-day vulnerabilities can exist in variou

LAYERED SECURITY

Creating multiple layers of security defenses through which an attacker must penetrate.

Which of the following is a condition that is shown as a result when it does not exist?

False Positive Note: A false positive is a condition that is shown as a result when it does not exist. The vulnerabilities that are missed by a vulnerability scanner are considered a false positive. A true positive is when the vulnerability scanner correctly catches the vulnerability. There is nothing called negative negative.

Which of the following code provides instructions to the hardware?

Firmware

PINNING

Hard-coding a digital certificate within a program that is using the certificate

Which of the following testing strategies will be performed by a gradual process of gaining access to a network component, infrastructure, or an application layer to minimize detection? Security Assessment Lateral Movement Penetration Testing Security Testing

Lateral Movement

CERTIFICATE CHAINING

Linking several certificates together to establish trust between all the certificates involved

VIRUS

Malicious computer code that reproduces itself on the same computer

CRYPTO MALWARE

Malware that encrypts all the files on the device so that they cannot be opened

ALGORITHM

Procedures based on a mathematical formula used to encrypt and decrypt that data

HIGH RESILIENCY

The ability to quickly recover from resource vs. security constraints

NONREPUDIATION

The process of proving that a user performed an action

KEYEXCHANGE

The process of sending and receiving secure cryptographic keys

TAILGATING

When an unauthorized individual enters a restricted-access building by following an authorized user

Which of the following is also known as a "dot dot slash" attack?

path traversal

WORM

A malicious program that uses a computer network to replicate

ADWARE

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user

EPHEMERAL KEYW

A temporary key that is used only once before it is discarded

HASH

An algorithm that creates a unique digital fingerprint called a digest

SESSION HIJACKING

An attack in which an attacker attempts to impersonate the user by using the user's session token

ZERO DAY

An attack in which there are no days of warning

PRIVLEDGE ESCALATION

An attack that exploits vulnerability in software to gain access to resources that the user normally would b restricted from accessing

Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?

Buffer Overflow

LOGIC BOMB

Computer code that lies dormant until it is triggered by a specific logical event

WEAK CONFIGURATION

Configuration options that provide limited security choices

Which of the following is known as out-of-the-box configuration?

Default settings

UNDOCUMENTED ASSETS

Devices that are not formally identified or documented in an enterprise

A root CA should always be kept online. [TRUE/FALSE]

FALSE

URL HIJACKING

Fake sites that are spelled similar

RSA

The most common asymmetric cryptography algorithm

KEY STRENGTH

The resiliency of a key to resist attacks

SYSTEM SPRAWL

The widespread proliferation of devices across an enterprise

Which of the following is a full knowledge penetration testing? Black Box Testing Red Box Testing Gray Box Testing White Box Testing

White Box Testing

For which of the following Windows versions, Microsoft has stopped providing support services?

Windows XP Windows 7 Windows 8 Windows 8.1

Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?

cross site scripting

An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?

directory listing

Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization?

horizontal privilege esculation

DIFFIE-HELLMAN

A key exchange that requires all partners to agree upon a large prime number and related integer so that the same key can be separately created

SOCIAL ENGINEERING

A means of gathering information for and attack by relying on the weaknesses of individuals

CONFUSION

A means to thwart statistical analysis so that the key does not relate in a simple way to the cipher text

INITIALIZATION VECTOR

A nonce that is selected in a non-predictable way

SPEARPHISING

A phishing attack that targets only specific users

WHALING

A phishing attack that targets only wealthy individuals

What term best describes the link to the device platform that allows a developer to access resources at a higher level.

API

TUNNEL MODE

An IPsec mode that encrypts both the header and the data portion

TRANSPORT MODE

An IPsec mode that encrypts only the data portion (payload) of each packet yet leaves the header unencrypted

AUTHENTICATION HEADER

An IPsec protocol that authenticates that packets received were sent from the source

INJECTION ATTACK

An attack that introduces new input to exploit a vulnerability

REPLAY

An attack that makes a copy of the transmission before sending it to the recipient

DNS POISONING

An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device

COLLISION ATTACK

An attempt to find two input strings of a hash function that produce the same hash result

In which of the following tests does the tester not need to have prior knowledge of the system's internal design or features? Black Box Testing Gray Box Testing White Box Testing Red Box Testing

Black Box Testing

Which of the following allows organizations to identify and remediate vulnerabilities before the public is aware of it, thus reducing the spread and intensity of abuse? Bug Bounty Enumeration Discovery Vulnerability Mapping

Bug Bounty

CRYPTO MODULES

Cryptography modules that are invoked by crypto service providers

INSIDERS

Employees, contractors, and business partners who can be responsible for an attack

Before a user requests a certificate from a CA, which of the following tasks must be completed?

Generate private and public keys

STEGANOGRAPHY

Hiding the existence of data within another type of file, such as an image file

CLICK JACKING

Hijacking a mouse click

IP SPOOFING

Imitating another computer by means of changing the IP address

MAC SPOOFING

Imitating another computer by means of changing the MAC address

Which of the following type of vulnerability scan can also attempt to exploit the vulnerabilities?

Intrusive Note: An intrusive vulnerability scan can also attempt to exploit the vulnerabilities. That is why it is always advisable not to use intrusive scans on production systems and live applications. In a non-intrusive vulnerability scan, the scanner only looks for the vulnerabilities. You can run a credentialed scan only from an administrative account. A non-credentialed scan can be run from any - user or administrative - account.

ROOTKIT

Malware that hides its presence or the presence of other malware

RANSOMEWARE

Malware that prevents a user's device from properly and fully functioning until a fee is paid

Which of the following method of threat hunting includes disrupt, deny, destroy, and degrade actions?

Maneuvering Note: Using maneuvering, you may: -Disrupt -Deny -Degrade -Destroy -Manipulate These actions are performed on the information and resources of the other parties. Threat feed is a real-time information feed about threats. It can help tighten security controls in your organization. A security advisory is a document that narrates a specific vulnerability found in a product. Intelligence fusion is collating intelligence and information from various sources.

Which of the following terms refers to attacking or taking control of a system through another compromised system? Exploitation Enumeration Vulnerability Mapping Pivoting

Pivoting

Which of the following entity in the certificate authority (CA) hierarchy validates the certificate request from a client?

Registration Authority (RA)

INTEGRITY

Security actions that ensue that the information is correct and no unauthorized person or malicious software has altered the data

Which of the following is used for continuous monitoring of logs?

Security information and event management (SIEM) Note: SIEM provides continuous log monitoring. A firewall allows or denies traffic coming in or going out of a network. IDS detects anomalies in the network traffic. UBA focuses on unusual behavior to minimize the damage. UBA can only detect but cannot prevent an attacker from getting into your network.

Which of the following certificates should you use with a Web server for testing purposes?

Self-Signed

PHISHING

Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

BACKDOOR

Software code that gives access to a computer, program of service that circumvents any normal security procedures

MALWARE

Software that enters a computer system without the user's knowledge or consent and then performs an unwanted and usually harmful action

CERTIFICATE AUTHORITY

The entity that is responsible for digital certificates

INTERNAL

The location within an enterprise in which some threat actors perform

SPYWARE

Tracking software that is deployed without the consent or control of the user

TECHNICAL CONTROLS

Using technology that is carried out or managed by device as a basis for controlling the access to and usage of sensitive data.

BLOCK CIPHER

A cipher that manipulates an entire block of plaintext at one time

SELF SIGNED

A signed digital certificate that does not depend upon any higher-level authority for authentication

INPERSONATION

A social engineering attack that involves masquerading as a real or fictitious character and then playing out the role of that person on a victim

software apps installed on a device before the purchase are known as which of the following?

PUP

BLOWFISH

A block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits

DEPRECATED ALGORITHM

A cryptographic algorithm that is still available but should not be used because of known vulnerabilities

ANTISPOOFING

A defense used to protect against IP spoofing that imitates another computer's IP address

OBJECT IDENTIFIER

A designator made up of a series of numbers separated with a dot, which names an object or entity

HOAX

A false warning

VULNERABILITY

A flaw or weakness that allows a threat agent to bypass security

Which of the following is achieved by Security Orchestration, Automation, Response (SOAR)?

Automation Note: SOAR automates and orchestrates the manual tasks, thereby strengthening the security posture of an organization. SOAR saves the organization hundreds of man hours of performing repetitive manual tasks. Confidentiality is achieved by encryption. Integrity is achieved by hashing. Availability is achieved by fault tolerance.

Which type of certificate file format contains private and public keys and is protected by a password?

*Personal information exchange (PFX)*

HACTIVISTS

A group of threat actors that is strongly motivated by ideology

STAPLING

A process for verifying the status of a certificate by sending queries at regular intervals to receive a signed time-stamped response

RESOURCE EXHAUSTION

A situation in which a hardware device with limited resources (CPU, memory, file system storage, etc.) is exploited by an attacker who intentionally tries to consume more resources than needed.

RACE CONDITION

A software occurrence when two concurrent threads of execution access a share resource simultaneously, resulting in unintended consequences

MAIL GATEWAY

A system that monitors emails for unwanted content and prevents these messages from being delivered

DIGITAL CERTIFICATE

A technology used to associate a user's identity to a public key and that has been digitally signed by a trusted third party

DIGITAL SENDER

An electronic verification of the sender

SECURE SHELL

An encrypted alternative to the Telnet protocol that is used to access remote computers

BOT

An infected computer that is under the remote control of an attacker for the purpose of launching attacks

PASSIVE IDS

An intrusion detection system that is connected to a port on a switch in which data is fed to it

Footprinting and gathering information about the target is performed in which phase of penetration testing? Discovery Exploitation Enumeration Vulnerability Mapping

Discovery