Security+
An end-user received a web pop-up that claimed to identify a virus infection on their computer. The pop-up offered a link to download a program to fix the problem. After clicking the link, the security operations center (SOC) received an alert from the computer that the user downloaded a Trojan. Which of the following is most likely true about the pop-up? The tool claiming to fix the problem was actually a hoax attack. The tool claiming to fix the problem was actually a rogueware attack. The tool claiming to fix the problem was actually a phishing attack. The tool claiming to fix the problem was actually a spyware attack.
The tool claiming to fix the problem was actually a hoax attack.
An IT staff member used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user received pop-up ads, frequent crashes, slow computer performance, and strange services running when the staff member turns on the computer. What most likely happened to cause these issues? The user installed adware. The user installed rogueware malware. The user installed crypto-malware. The user installed Trojan horse malware.
The user installed Trojan horse malware.
After an attacker gathered Open Source Intelligence (OSINT) from a social media site on an employee, the attacker called the employee and extracted important information regarding the company the employee works for. Which of the following did the social engineer successfully perform? Trust A lunchtime attack Shoulder surfing Tailgating
Trust
If an attacker purchases a fake domain that has a similar name of a real domain, and then uses the fake domain to send the legitimate company forged notices by email, which of the following attacks did the malicious user perform? Tasting Typosquatting Kiting Domain hijacking
Typosquatting
Which of the following best describes spam email? Fraudulent invoice Bulk text messages Unsolicited email Fake security alert
Unsolicited email
An attacker sends a phishing email to bank employees regarding their compromised bank accounts, and they need to click a link to change their passwords as soon as possible. Which of the following describes a social engineering technique the attacker used? Consensus/social proof Familiarity/liking Urgency Authority
Urgency
Which of the following situations describes identity fraud? (Select all that apply.) Using another person's name Creating fake security messages Using a stolen credit card Entering behind another person
Using another person's name Using a stolen credit card
An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select all that apply.) A Pre-Shared Key (PSK) A dictionary word Wi-Fi Protected Access (WPA) A rainbow table
A dictionary word A rainbow table
Using social engineering, an attacker called an employee to extract the name and contact information of the Chief Information Security Officer (CISO). What social engineering deception did the attacker utilize? Pharming Vishing SMiShing Phishing
Vishing
An attacker remotely compromised a closed-circuit television (CCTV) server and used it to steal a user's password. Which of the following can help prevent this type of shoulder surfing? An ID badge An access list A colocation A privacy filter
A privacy filter
Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee's workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts? A. A worm that has propagated itself across the intranet, which was initiated by presentation media B. A fileless virus that is contained on a vCard that is attempting to execute an attack C. A Trojan that has passed through and executed malicious code on the hosts D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
Which of the following part(s) of the Authentication, Authorization, and Account (AAA) is responsible for measuring the resources a user consumes during access to a system? A. Accounting B. Authentication C. Authorization D. Authentication and Authorization
A. Accounting
A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs? A. An air gap B. A Faraday cage C. A shielded cable D. A demilitarized zone
A. An air gap
A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would best prevent this attack from reoccuring? A. Configure the perimeter firewall to deny inbound external connections to SMB ports. B. Ensure endpoint detection and response systems are alerting on suspicious SMB connections. C. Deny unauthenticated users access to shared network folders. D. Verify computers are set to install monthly operating system updates automatically.
A. Configure the perimeter firewall to deny inbound external connections to SMB ports.
Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot connect to the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring? A. DDoS B. Man-in-the-middle C. Mac flooding D. Domain hijacking
A. DDoS
Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services? A. Data encryption B. Data masking C. Anonymization D. Tokenization
A. Data encryption
A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.) A. Dual power supply B. Off-site backups C. Automatic OS upgrades D. NIC teaming E. Scheduled penetration testing F. Network-attached storage
A. Dual power supply B. Off-site backups
Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots? A. Footprinting B. White-box testing C. A drone/UAV D. Pivoting
A. Footprinting
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic protection to mitigate the majority of the risk. Which of the following would be BEST to mitigate CEO's concern? (Select TWO.) A. Geolocation B. Time-of-day restrictions C. Certificates D. Tokens E. Geotagging F. Role-based access controls
A. Geolocation C. Certificates
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy? A. Mobile device management B. Full-device encryption C. Remote wipe D. Biometrics
A. Mobile device management
A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform? A. PCI DSS B. ISO 22301 C. ISO 27001 D. NIST CSF
A. PCI DSS
Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attacks? A. Red team B. White team C. Blue team D. Purple team
A. Red team
A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective? A. Security Information and Event Management B. A web application firewall C. A vulnerability scanner D. A next-generation firewall
A. Security Information and Event Management
A social engineer suspects the upper management department of a company is more vulnerable to ordinary phishing attacks than the normal IT staff since the management staff is reluctant to learn basic security procedures. Therefore, the attacker crafted a campaign targeting these individuals. What type of attack did the social engineer perform? Whaling A watering hole attack Tailgating A lunchtime attack
Whaling
Which of the following refers to applications and systems that are used within an organization without consent or approval? A. Shadow IT B. OSINT C. Dark web D. Insider threats
A. Shadow IT
Which of the following products using Software as a Service cloud model? (Choose all that apply.) A. Slack B. Google Compute Engine C. Dropbox D. AWS EC2 E. MailChimp F. Google Apps
A. Slack C. Dropbox E. MailChimp F. Google Apps
Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server? A. The document is a honeyfile and is meant to attract the attention of a cyberintruder. B. The document is a backup file if the system needs to be recovered. C. The document is a standard file that the OS needs to verify the login credentials. D. The document is a keylogger that stores all keystrokes should the account be compromised.
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the following should the network security manager consult FIRST to determine a priority list for forensic review? A. The vulnerability scan output B. The IDS logs C. The full packet capture data D. The SIEM alerts
A. The vulnerability scan output
In which of the following risk management strategies would cybersecurity insurance be used? A. Transference B. Avoidance C. Acceptance D. Mitigation
A. Transference
Cloud backup is a strategy for sending a copy of files database to a secondary server which is usually hosted by a third-party service provider, for preservation in case of equipment failure or catastrophe. (True/False) A. True B. False
A. True
A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee's hard disk. Which of the following should the administrator use? A. dd B. chmod C. dnsenum D. logger
A. dd
After performing reconnaissance on a victim, a social engineer spoofed the phone number of the doctor's office the target frequently visits. Posing as the receptionist, the attacker called the victim and requested the victim's Social Security Number (SSN). What type of social engineering attack did the social engineer exercise? Authority Urgency Consensus Liking
Authority
A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.) A. Trusted Platform Module B. A host-based firewall C. A DLP solution D. Full disk encryption E. A VPN F. Antivirus software
B. A host-based firewall E. A VPN
A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log: ... [03/06/20xx:17:20:18] system 127.0.0.1 FindXPath=\\Users[Usersnames\text()="foo" or 7 equals 7 or "o"="o" And Passwords\texts="bar" [03/06/20xx:17:21:18] appadmin 194.28.114.102 action:login result:success [03/06/20xx:17:22:18] appadmin 194.28.114.102 action:open.account (12345) result:fail [03/06/20xx:17:23:18] appadmin 194.28.114.102 action:open.account (23456) result:fail [03/06/20xx:17:23:18] appadmin 194.28.114.102 action:open.account (23456) result:fail [03/06/20xx:17:23:18] appadmin 194.28.114.102 action:open.account (45678) result:fail Which of the following can the security analyst conclude? A. A replay attack is being conducted against the application. B. An injection attack is being conducted against a user authentication system. C. A service account password may have been changed, resulting in continuous failed logins within the application. D. A credentialed vulnerability scanner attack is testing several CVEs against the application.
B. An injection attack is being conducted against a user authentication system.
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations? A. Investigation B. Containment C. Recovery D. Lessons learned
B. Containment
A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process? A. Continuous delivery B. Continuous integration C. Continuous validation D. Continuous monitoring
B. Continuous integration
You have been tasked to find a way to transform a plain text sensitive file into a non-readable form and send it through the web. Which of the following technique will you use to send the file through the web and only authorized parties can understand the information? A. Data masking B. Encryption C. Tokenization D. Data at rest
B. Encryption
Asymmetrical encryption uses a single key that needs to be shared among the people who need to receive the message while symmetric encryption uses a pair of a public key and a private key to encrypt and decrypt messages when communicating. (True/False) A. True B. False
B. False
An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization's needs for a third factor? A. Date of birth B. Fingerprints C. PIN D. TPM
B. Fingerprints
An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.) A. Voice B. Gait C. Vein D. Facial E. Retina F. Fingerprint
B. Gait D. Facial
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson's laptop. The sales department has a higher-than average rate of lost equipment. Which of the following recommendations would BEST address the CSO's concern? A. Deploy an MDM solution. B. Implement managed FDE. C. Replace all hard drives with SEDs. D. Install DLP agents on each laptop.
B. Implement managed FDE.
Your company migrates its infrastructure to the public cloud because of the advantages the cloud offers. Which of the following options are considered advantages for using public cloud services? (Choose all that apply.) A. Full-control B. Near-unlimited scalability C. High reliability D. Lower costs E. No maintenance F. Secure data
B. Near-unlimited scalability C. High reliability D. Lower costs E. No maintenance
A member of the company asks for a financial transfer by sending an encrypted message to the financial administrator. An attacker eavesdrops on this message, captures it, and is now in a position to resend it. Because it's authentic message that has simply been resent, the message is already correctly encrypted and looks legitimate to the financial administrator. Then the financial administrator is likely to respond to this new request, that response could include sending a large sum of money to the attacker's bank account. Which of the following type of attack does the scenario describe? A. SSL Stripping B. Replay attack C. Improper Input Handling D. Pass the hash attack
B. Replay attack
The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future? A. Install a NIDS device at the boundary. B. Segment the network with firewalls. C. Update all antivirus signatures daily. D. Implement application blacklisting.
B. Segment the network with firewalls.
A company's bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company's forensics team to assist in the cyber-incident investigation. An incident responder learns the following information: - The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs. - All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network. - Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected. Which of the following is the MOST likely root cause? A. HTTPS sessions are being downgraded to insecure cipher suites B. The SSL inspection proxy is feeding events to a compromised SIEM C. The payment providers are insecurely processing credit card charges D. The adversary has not yet established a presence on the guest WiFi network
B. The SSL inspection proxy is feeding events to a compromised SIEM
Which of the following BEST explains the difference between a data owner and a data custodian? A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data
B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to: A. perform attribution to specific APTs and nation-state actors. B. anonymize any PII that is observed within the IoC data. C. add metadata to track the utilization of threat intelligence reports. D. assist companies with impact assessments based on the observed data.
B. anonymize any PII that is observed within the IoC data.
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach? A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls. B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries. C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors. D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used? A. Order of volatility B. Data recovery C. Chain of custody D. Non-repudiation
C. Chain of custody
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing? A. Developing an incident response plan B. Building a disaster recovery plan C. Conducting a tabletop exercise D. Running a simulation exercise
C. Conducting a tabletop exercise
A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS? A. Corrective B. Physical C. Detective D. Administrative
C. Detective
Which of the following cryptographic technique will you use to validate the authenticity and integrity of a message or digital document? A. Hashing B. Salting C. Digital signatures D. Key stretching
C. Digital signatures
An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing? A. Incident response B. Communications C. Disaster recovery D. Data retention
C. Disaster recovery
Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST likely help mitigate this issue? A. DNSSEC and DMARC B. DNS query logging C. Exact mail exchanger records in the DNS D. The addition of DNS conditional forwarders
C. Exact mail exchanger records in the DNS
A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company's data? A. Containerization B. Geofencing C. Full-disk encryption D. Remote wipe
C. Full-disk encryption
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors? A. SSAE SOC 2 B. PCI DSS C. GDPR D. ISO 31000
C. GDPR
Which of the following cloud models provides clients with servers, storage, and networks but nothing else? A. SaaS B. PaaS C. IaaS D. DaaS
C. IaaS
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message: Warning: Remote Host Identification Has Change! It is possible that somwone is doing something nasty! The fingerprint for the RSA key sent by the remote host is SHA256:cBqYja16ToV3jEIJHUSKtjjVd4Cz+1fhTM6+k4. Please contact your system administrator. RSA host key for 18.231.33.78 has changed and you have requested strict checking. Host key verification failed. Which of the following network attacks is the researcher MOST likely experiencing? A. MAC cloning B. Evil twin C. Man-in-the-middle D. ARP poisoning
C. Man-in-the-middle
A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA? A. One-time passwords B. Email tokens C. Push notifications D. Hardware authentication
C. Push notifications
A cybersecurity analyst needs to implement secure authentication to third-party websites without users' passwords. Which of the following would be the BEST way to achieve this objective? A. OAuth B. SSO C. SAML D. PAP
C. SAML
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident? A. MOU B. MTTR C. SLA D. NDA
C. SLA
Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations? A. Least privilege B. Awareness training C. Separation of duties D. Mandatory vacation
C. Separation of duties
A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users' traffic. Which of the following would be BEST to solve this issue? A. IPSec B. Always On C. Split tunneling D. L2TP
C. Split tunneling
An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance's vulnerable state? A. The system was configured with weak default security settings. B. The device uses weak encryption ciphers. C. The vendor has not supplied a patch for the appliance. D. The appliance requires administrative credentials for the assessment.
C. The vendor has not supplied a patch for the appliance.
Which of the following is the purpose of a risk register? A. To define the level or risk using probability and likelihood B. To register the risk with the required regulatory agencies C. To identify the risk, the risk owner, and the risk measures D. To formally log the type of risk mitigation strategy the organization is using
C. To identify the risk, the risk owner, and the risk measures
A social engineer used vishing and polite behavior to persuade a target to visit a fake website with fake reviews. The attacker then persuaded the victim to enter personally identifiable information (PII) in a web form. Which of the following did the attacker use to make the site appear more legitimate? (Select all that apply.) Authority Urgency Consensus/social proof Familiarity/liking
Consensus/social proof Familiarity/liking
How would an attacker elicit information from a user to gain access to a social media account? (Select all that apply.) Produce a fraudulent invoice with payment details. Create an executable file that prompts for input. Pose as a sales representative needing help. Use an Internet messaging service to communicate.
Create an executable file that prompts for input. Pose as a sales representative needing help. Use an Internet messaging service to communicate.
In which of the following situations would it be BEST to use a detective control type for mitigation? A. A company implemented a network load balancer to ensure 99.999% availability of its web application. B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster. C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department. D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic. E. A company purchased liability insurance for flood protection on all capital assets.
D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic
Which of the following options allows your application to interact with an external service using a simple set of commands rather than having to create complex processes yourself? A. Microservice B. Containers C. Thin Client D. API
D. API
A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media? A. Monitoring large data transfer transactions in the firewall logs B. Developing mandatory training to educate employees about the removable media policy C. Implementing a group policy to block user access to system files D. Blocking removable-media devices and write capabilities using a host-based security tool
D. Blocking removable-media devices and write capabilities using a host-based security tool
An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy? A. The theft of portable electronic devices B. Geotagging in the metadata of images C. Bluesnarfing of mobile devices D. Data exfiltration over a mobile hotspot
D. Data exfiltration over a mobile hotspot
A network engineer needs to build a solution that will allow guests at the company's headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet. Which of the following should the engineer employ to meet these requirements? A. Implement open PSK on the APs B. Deploy a WAF C. Configure WIPS on the APs D. Install a captive portal
D. Install a captive portal
A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication? A. Hard token B. Retina scan C. SMS text D. Keypad PIN
D. Keypad PIN
A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement? A. Discretionary B. Rule-based C. Role-based D. Mandatory
D. Mandatory
Recently the physical network adapter card from your company's server broke. As a result, your co-workers couldn't access important resources for hours. You have been instructed to implement a solution to eliminate this from happening again in the event of a network adapter failure. Which of the following solutions will you implement to meet the requirement? A. PDU B. UPS C.. Power generator D. NIC teaming
D. NIC teaming
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output: CPU 0 percent, busy, from 300 sec ago 1 sec ave: 99 percent busy 5 sec ave: 97 percent busy 1 min ave: 83 percent busy Which of the following is the router experiencing? A. DDoS attack B. Memory leak C. Buffer overflow D. Resource exhaustion
D. Resource exhaustion
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events: Keywords: Date/Time EventID Kerberose preauthentication failed. 12/26/2019 11:37:21 PM 4771 Kerberose preauthentication failed. 12/26/2019 11:37:21 PM 4771 Kerberose preauthentication failed. 12/26/2019 11:37:22 PM 4771 To better understand what is going on, the analyst runs a command and receives the following output: Name: LastBadPassWdAttempt BadPassWdCount John.Smith 12/26/2019 11:37:21 PM 7 Joe.Jones 12/26/2019 11:37:21 PM 13 Michael.Johnson 12/26/2019 11:37:22 PM 8 Mary.Wilson 12/26/2019 11:37:22 PM 8 Jane.Brown 12/26/2019 11:37:23 PM 12 Based on the analyst's findings, which of the following attacks is being executed? A. Credential harvesting B. Keylogger C. Brute-force D. Spraying
D. Spraying
The IT department's on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production? A. Limit the use of third-party libraries. B. Prevent data exposure queries. C. Obfuscate the source code. D. Submit the application to QA before releasing it.
D. Submit the application to QA before releasing it.
If a hacker compromised multiple computers with Trojan malware to create a botnet, what type of attack can the hacker launch? Worm replication Distributed Denial of Service (DDoS) Smurf attack Spyware attack
Distributed Denial of Service (DDoS)
A social engineer, impersonating a suppliant, rummaged through the garbage of a high-ranking loan officer, hoping to find discarded documents and removable media containing personally identifiable information (PII). Which of the following social engineering techniques did the attacker utilize? Piggy backing A lunchtime attack Dumpster diving Shoulder surfing
Dumpster diving
Which of the following is a way to protect against birthday attacks? Encryption algorithms, demonstrating collision avoidance Understanding the use of environmental controls Implementing a captive portal requiring login credentials Allowing access to only necessary services
Encryption algorithms, demonstrating collision avoidance
Which of the following social engineering techniques has less of a chance of arousing suspicion and getting caught? (Select all that apply.) Familiarity Liking Intimidation Authority
Familiarity Liking
If a user's device becomes infected with crypto-malware, which of the following is the best way to mitigate this compromise? Have up-to-date backups of the encrypted files. Remove the infection with antivirus. Pay the ransom. Update the operating system after the infection.
Have up-to-date backups of the encrypted files.
A social engineer intercepted an end-user's phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user's home with permission. What type of social engineering attack did the ISP and end-user fall victim to? Impersonation Hoax Pharming Tailgating
Impersonation
A user purchased a laptop from a local computer shop. After powering on the laptop for the first time, the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT security specialist classify these programs? Trojans PUP Ransomware Virus
PUP
A hacker is trying to gain remote access to a company computer by trying brute force password attacks using multiple passwords in conjunction with multiple usernames. What specific type of password attack is the hacker most likely performing? Online password attack Dictionary password attack Password spraying attack Offline password attack
Password spraying attack
Password Spraying
Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.
An attacker corrupted the database of a domain name server (DNS) in a small office. When users attempt to login to the company's homepage using a browser bookmark, they connect directly to the attacker's web portal. What type of attack has occurred? Typosquatting Credential harvesting Pharming Watering hole
Pharming
An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user's Windows computer. What type of malware did the attacker install on the victim host? Spyware Crypto-malware Adware Rootkit
Rootkit
An attacker is attempting to gather information about a person by using text messages. Which of the following describes the attacker's phishing technique? Spam SMiShing SPIM Vishing
SMiShing
A user contacted customer support via the company's WhatsApp link on a website. A few days later, the user received a lot of advertisements from outside of the country, using the same messaging service. Which of the following best describes the type of attack the user is experiencing? SPIM Spam Whaling Spear phishing
SPIM
A user contacted customer support via the company's WhatsApp link on a website. A few days later, the user received a lot of advertisements from outside of the country, using the same messaging service. Which of the following best describes the type of attack the user is experiencing? Spear phishing Whaling Spam SPIM
SPIM
SPIM
SPIM is spam (or mass unsolicited messages) but over instant messaging or Internet messaging services, such as WhatsApp, Facebook Messenger, Skype, or Telegram.
A group of college students receives a phone call from someone claiming to be from a debt consolidation firm. The solicitor tried to convince the students that for a limited time, a rare offer will expire, which could erase their student loan debt if they provide their Social Security Number and other personally identifiable information (PII). Which of the following tactics did the caller use? Familiarity and liking Scarcity and urgency Authority and intimidation Consensus and social proof
Scarcity and urgency
Shadow IT
Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit IT department approval.
What type of attack is occuring when a counterfeit card reader is in use? Skimming Malicious charging Password spraying Card cloning
Skimming
Where do most companies and employees post a large amount of information about themselves and their businesses, which can exploit the vulnerabilities of the business? Dark web Dark net Social media Deep web
Social media
An attacker gathered personal information from an employee by using Open Source Intelligence (OSINT). The attacker then emailed the employee and used the employee's full name, job title, and phone number to convince the victim that the communication was legitimate. What type of scam did the attacker pull off? Vishing SMiShing Phishing Spear phishing
Spear phishing