Security+ Domain 2: Threats, Vulnerabilities, and Mitigations
A social engineer intercepted an end-user's phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user's home with permission. What social engineering attack did the ISP and end-user fall victim to? Pharming Impersonation Hoax Tailgating
Impersonation Impersonation is a social engineering attack in which the attacker pretends to be someone else.
A large multinational corporation has recently discovered a significant vulnerability in their widely used operating system. The vulnerability could potentially allow unauthorized remote access to sensitive corporate data. The corporation's IT team has been tasked with addressing this issue. Which of the following approaches would be the most effective in managing this vulnerability? Inform all employees about the vulnerability and ask them to be extra vigilant. Implement a patch to fix the vulnerability and conduct a thorough system-wide security audit. Ignore the vulnerability since the operating system is due to be updated in the next six months. Disconnect all systems from the network until a new operating system can be installed.
Implement a patch to fix the vulnerability and conduct a thorough system-wide security audit. Implementing a patch to fix the vulnerability is the most effective immediate response. This will close the security gap and protect the corporation's data. Conducting a thorough system-wide security audit will help identify any other potential vulnerabilities and ensure that the patch has been implemented correctly across all systems.
A hacktivist group is intercepting multiple emails between a company and a few vendors and has learned that the company is planning to purchase new laptops and some Universal Serial Bus (USB) thumb drives. In what ways can the group breach the target company MOST effectively? (Select two.) Add malicious USB drives Obtain credentials for remote access to the network Infiltrate the shipping company Steal an employee's laptop Create a fake social media account
Add malicious USB drives Infiltrate the shipping company Infiltrating the shipping company takes advantage of the supply chain. In this manner, malicious actors can replace parts of the laptop or hack the operating systems before it gets to the company. Adding malicious USB thumb drives to the order is taking advantage of removable media to trick the user into plugging them into a computer where the hacker can carry out further attacks.
A threat actor successfully breached an advanced corporate network, bypassing multi-factor authentication and intricate intrusion detection systems. The highly coordinated attack leveraged zero-day vulnerabilities and sophisticated custom-made malware. Which of the following BEST describes the capability level of this threat actor? Novice Intermediate Advanced Unskilled
Advanced The description of the threat actor's actions suggests a high degree of sophistication and technical capability, usually associated with advanced threat actors.
A nation-state developed cyber weapons to achieve military influence and has the ability to obtain and maintain access to compromised networks. What should a cybersecurity team address when this occurs to their organization's compromised networks? A hacker A hacktivist Advanced persistent threats (APT) An insider threat
Advanced persistent threats (APT) APTs are cyber nation-state adversaries that have developed cybersecurity expertise and use cyber weapons to compromise network security and achieve military and commercial goals.
Which of the following BEST describes an evil twin? A Bluetooth device that receives mobile phone commands via bluebugging. An access point configured to mimic a valid access point to obtain logon credentials and other sensitive information. An access point that is added to a network by an internal employee to provide unauthorized network access. A threat agent that marks the outside of buildings to indicate the presence of a wireless network.
An access point configured to mimic a valid access point to obtain logon credentials and other sensitive information. An evil twin is a rogue access point configured to mimic a valid access point. In contrast, a rogue access point is any unauthorized access point added to a network. The evil twin may be configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point.
You are a cybersecurity analyst at a tech company that develops mobile applications. Your team has been informed of a significant vulnerability that affects mobile operating systems. The vulnerability allows unauthorized remote access to sensitive user data. Which of the following operating systems should your team prioritize for patching and security updates, based on the information provided? Windows Mobile iOS Android BlackBerry OS
Android Android is the correct answer. Given the information provided in the question, the vulnerability affects mobile operating systems and Android is one of the most widely used mobile operating systems in the world. Therefore, prioritizing Android for patching and security updates would be the most effective strategy to protect the largest number of users.
An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? Authority Urgency Social proof Common ground
Authority Authority social engineering entails an attacker either lying about having authority or using their high status in a company to force victims to perform actions that exceed their authorization level.
A healthcare provider suddenly receives a threat from an unknown source claiming to have obtained sensitive patient data. The anonymous actor demands a significant sum of Bitcoin, threatening to release the information publicly if the provider does not make payment. This kind of scenario BEST exemplifies which threat motivation? Blackmail Espionage Service disruption Disinformation
Blackmail Blackmail involves threats to reveal damaging information unless the affected party meets the blackmailer's demands, such as demanding Bitcoin for not releasing stolen patient data.
Which of the following sends unsolicited business cards and messages to a Bluetooth device? Bluesnarfing Bluejacking Slamming Bluebugging
Bluejacking Bluejacking is a relatively harmless practice that entails an unknown sender sending business cards anonymously to a Bluetooth recipient within a distance of 10-100 meters, depending on the class of the Bluetooth device. The business cards usually include a flirtatious message so the attacker can see a visual reaction from the recipient. Multiple messages are sent to the device if the attacker thinks there is a chance they will be added as a contact. Bluetooth devices are not susceptible to bluejacking if they are set to non-discoverable mode.
What social engineering technique involves the threat actor committing resources to accurately duplicate a company's logos, formatting, and communication style to make a phishing message or fake website visually compelling and convincing? Vishing Pharming Brand impersonation Spear phishing
Brand impersonation Brand impersonation is a social engineering technique where the threat actor makes a significant effort to create a phishing message or a fake website that accurately duplicates a legitimate company's logos, formatting, and communication style. This level of detail makes the phishing attempt visually compelling and convincing to trick the target into believing it's legitimate.
The senior manager at CyberCorp receives an email from what appears to be a trusted colleague within the company. The email requests sensitive financial information to complete an urgent transaction and looks legitimate, displaying the colleague's name, company logo, and formatting. What type of sophisticated phishing attack occurs in this scenario? Whaling Business email compromise Angler phishing Mass mailer phishing
Business email compromise Business email compromise (BEC) is a sophisticated attack that targets specific individuals, such as executives. The threat actor impersonates a trusted colleague, business partner, or vendor to trick the target into performing actions or disclosing information.
Which disinformation/misinformation tactics create convincing brand impersonation for phishing attacks or pharming websites? (Select two.) Using disinformation to purposefully deceive individuals by spreading false claims and rumors with the intention of causing confusion and harm. By accurately duplicating a company's logos and formatting, such as fonts, colors, and styles, to make the fake site visually compelling. Repeating false claims or rumors without the intention to deceive others but aiming to get those false facts amplified by others. By mimicking the style or tone of email communications or website copy to create a convincing fake. Primarily focusing on providing support for IT resources such as networks, security, or web infrastructure.
By mimicking the style or tone of email communications or website copy to create a convincing fake. By accurately duplicating a company's logos and formatting, such as fonts, colors, and styles, to make the fake site visually compelling. A disinformation/misinformation campaign utilizes accurate duplications of a company's logos and formatting to appear more legitimate. Using the mimicry of communication styles creates convincing brand impersonation. This mimicry can lead to successful phishing attacks or pharming websites that appear visually compelling and authentic.
In 2011, Sony was targeted by an SQL injection attack that compromised over one million emails, usernames, and passwords. Which of the following could have prevented the attack? Scanning the operating system and application regularly for bugs and errors Careful configuration and penetration testing on the front end Using VPN technology to protect client data when connecting from a remote system Blocking, or at least monitoring, activity on ports 161 and 162
Careful configuration and penetration testing on the front end SQL attacks such as with Sony, United States Department of Energy, and MySQL could have been prevented with careful configuration and penetration testing on the front end.
Which of the following is subject to SQL injection attacks? ActiveX controls Web servers serving static content Database servers Browsers that allow client-side scripts
Database servers A SQL injection attack occurs when an attacker includes database commands within user data input fields on a form, which subsequently execute on the server. The injection attack succeeds if the server does not properly validate the input to restrict the entry of characters that could end and begin a database command.
Which of the following is the term used for creating media that looks and or sounds like someone making statements that the person did not make? Deep fake Disinformation Impersonation Brand impersonation
Deep fake Deep fakes create media that looks and or sounds like someone making statements that the person did not make or doing something in a picture or video that did not happen.
A multinational corporation recently fell victim to a series of cyberattacks, disrupting services and leading to significant financial losses. After an investigation, the corporation found that these attacks were part of a systematic campaign to undermine the corporation's market position. The highly sophisticated attacks suggest the involvement of a well-resourced entity with specific strategic objectives. Which of the following motivations BEST describes this scenario? Revenge Espionage Chaotic Financial
Espionage Espionage, characterized by stealthy, long-term breaches, aims at acquiring secret information, often for strategic advantage. The intruders' focus on the proprietary designs and their ability to remain undetected aligns with this motivation.?????
What technique does the threat actor use in a Bluetooth network attack to transmit malicious files to a user's device? Physically stealing a PC or laptop to execute the attack Obtaining credentials for remote access to the network Spoofing a trusted access point to gain unauthorized access Exploiting vulnerabilities or misconfigurations in the Bluetooth protocol
Exploiting vulnerabilities or misconfigurations in the Bluetooth protocol In a Bluetooth network attack, the threat actor exploits vulnerabilities or misconfigurations in the Bluetooth protocol to transmit a malicious file to a user's device.
In a recent incident, a hacker group infiltrated a global financial institution's systems and stole the credit card information of millions of customers. The valuable information was soon available on the dark web. Based on the scenario, what is the MOST likely motivation of the hacker group? Service disruption Financial gain Philosophical beliefs Ethical concerns
Financial gain Financial gain is a key motivator for many threat actors. In this scenario, the hacker group's main goal was to profit from the sale of stolen credit card information, which indicates financial gain as the primary motivation.
Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? Script kiddie Insider Competitor Nation state Hacktivist
Hacktivist A hacktivist is any individual whose attacks are politically motivated. Instead of seeking financial gain, hacktivists want to defame, shed light on, or cripple an organization or government. Hacktivists often work alone. Occasionally, they create unified groups with like-minded hackers. For example, the website wikileaks.org is a repository of leaked government secrets, some of which have been obtain by hacktivists.
A globally recognized fast-food chain recently experienced a cyber attack. The attackers have not shown interest in stealing sensitive data or disrupting operations but have defaced the company's website with messages promoting animal rights and the ethical treatment of livestock. Based on this information, which type of threat actor is MOST likely responsible for this attack? Hacktivist Individual hacker Insider threat Nation-state
Hacktivist Hacktivists use their skills to promote a social or political cause. The attackers' objective (in this case, defacing a website to promote animal rights) aligns with typical hacktivist motives.
A prominent multinational corporation has experienced an unexpected spike in unauthorized network traffic aimed at its web servers. Upon investigation, the corporation discovered that the goal of this traffic was to disrupt its online services rather than gain unauthorized access or steal data. The attack started shortly after the corporation made a controversial policy decision that sparked a public backlash. Which type of threat actor is MOST likely responsible? Hacktivist Individual hacker Insider threat Nation-state
Hacktivist The objective of the attack, disruption of online services following a controversial policy decision, aligns with the typical motives of a hacktivist. Hacktivists often use their skills to promote a social or political cause, which is the most likely the reason for the attack.
An environmental advocacy group uses cyber weapons to put companies at risk and promote its agenda. This scenario illustrates what type of threat actor? Hackers Advanced persistent threats (APTs) Insider threats Hacktivists
Hacktivists Hacktivists use cyber weapons to promote an agenda, steal confidential information, perform denial-of-service (DoS) attacks, or deface websites. Environmental and animal advocacy groups may target companies in various industries.
A tech startup, TechPioneers Inc., is looking to improve their network monitoring capabilities. The company operates primarily on Linux-based systems and requires a tool that can not only check connectivity but also analyze targets to gather information. The tool should be capable of sending ICMP, TCP, UDP, and RAW-IP packets. As a network administrator, which of the following tools would you recommend as the BEST solution for TechPioneers Inc.? Ping Netstat Hping Tracert/Traceroute
Hping Hping is the best solution for TechPioneers Inc. Hping can check connectivity and also analyze the target to gather information. It can send ICMP, TCP, UDP, and RAW-IP packets. Although it is primarily designed for Linux, it can also be installed in Windows, making it a versatile choice for diverse network environments.
Which type of attack is WEP extremely vulnerable to? Bluesnarfing Cloning IV attack Evil twin
IV attack Wired Equivalent Privacy (WEP) is extremely vulnerable to initialization vector (IV) attacks because WEP reuses the IVs. This makes it easy for attackers to crack them and compromise the encryption.
Which social engineering technique involves pretending to be someone else and may use persuasive or coercive approaches to manipulate the target? Impersonation Pharming Watering hole attack Phishing
Impersonation Impersonation involves pretending to be someone else and may use persuasive or coercive approaches to deceive the target.
The cybersecurity manager of a large organization is investigating a recent security breach that occurred during office hours. Investigatory research shows that the suspect convinced the janitor to let them inside the building because they had forgotten their badge at home. Once inside, the suspect pulled the fire alarm and accessed the building's network room amongst the chaos. The intruder then attached a monitoring device to a network port before escaping unnoticed. Which of the following is the social engineering technique the threat actor employed in this scenario? Impersonation Pretexting Vishing Pharming
Pretexting The threat actor used pretexting as a social engineering technique. They triggered a fire alarm to create a distraction and a convincing pretext to gain physical access to the network room, attaching a monitoring device to a network port.
Which type of application vulnerability can refer to software flaws associated with the timing or order of events within a software program, which can cause undesirable or unpredictable outcomes through manipulation? Memory injection Malicious update Buffer overflow Race conditions
Race conditions Application race condition vulnerabilities refer to software flaws associated with the timing or order of events within a software program, which can cause undesirable or unpredictable outcomes through manipulation.
A group of hackers has been monitoring recent orders from a company involving new laptops and Universal Serial Bus (USB) thumb drives. The group infiltrated the shipping company and added malicious USB thumb drives to the order. The target company received the order without any concerns. What vectors made this attack successful? (Select two.) Direct access Supply chain Social media Cloud access Removable media
Removable media Supply chain Infiltrating the shipping company takes advantage of the supply chain. Malicious actors can replace parts of the laptop or hack the operating systems before it gets to the company. Adding malicious USB thumb drives to the order takes advantage of removable media to trick the user into plugging them into a computer where the hacker can carry out further attacks.
A major online retailer experiences a sudden halt in its services during the peak holiday shopping season. It traces the cause back to an orchestrated distributed denial-of-service (DDoS) attack, which overwhelmed the retailer's servers with traffic, making it impossible for legitimate users to access the site. This attack BEST aligns with which type of threat motivation? Espionage Disinformation Financial Service disruption
Service disruption Service disruption attacks aim to prevent an organization from operating normally. In this case, the distributed denial-of-service (DDoS) attack disrupted the retailer's services.
The IT department at a large corporation noticed an unfamiliar software application running on its network. Upon investigation, they discovered that a team in the marketing department started using a new cloud-based project management tool to improve their workflow efficiency. The team did not consult with the IT department before implementing this tool. In the context of cybersecurity threats, what does this situation BEST exemplify? Shadow IT Nation-state Insider threat Careless password management
Shadow IT Shadow IT refers to hardware, software, and services used within an organization without explicit approval from the IT department. The scenario described, where the marketing team started using a new project management tool without consulting the IT department, is a classic example of Shadow IT.
Carl receives a phone call from a woman who states she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred? Shoulder surfing Social engineering Password guessing Dumpster diving
Social engineering Social engineering relies on human error. It works by feigning trustworthiness to convince someone to share information.
A threat actor poses as a remote sales representative and contacts the help desk of CloudSecure. The threat actor claims to need assistance setting up remote access. Through a series of convincing phone calls, the threat actor obtains the name and address of the remote access server and a login credential. What type of attack does this scenario illustrate? Phishing Man-in-the-middle Social engineering Denial-of-service
Social engineering The stated scenario illustrates a social engineering attack where the threat actor deceives the help desk into providing sensitive information through several persuasive phone calls.
An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's web browser. Which practice would have prevented this exploit? Implementing a script blocker Implementing client-side validation Installing antivirus, anti-spyware, pop-up blockers, and firewall software Using the latest browser version and patch level
Implementing client-side validation Client-side validation should have been used on the local system to identify input errors in the order form before the data was sent to the server. In this example, if the user entered SQL commands in an order form field, the error would have been immediately detected and blocked before the data was submitted to the server.
What type of threat actor is an individual or group with authorized access to an organization's systems and data that can potentially misuse access for malicious purposes? Unskilled attacker Insider threat Nation-state Hacktivist
Insider threat Insider threats are individuals or groups with authorized access to an organization's systems and data. They could potentially misuse their access for malicious purposes. Insider threats can include employees, contractors, or any other individuals granted internal access.
What type of threat actor will attempt to exploit their authorized access within an organization for revenge or financial gain? Nation-state Hacktivist Insider threat Unskilled attacker
Insider threat Insider threats are individuals or groups with authorized access to an organization's systems and data. They could potentially misuse their access for malicious purposes. Insider threats can include employees, contractors, or any other individuals granted internal access.
You are a cybersecurity analyst at a large organization. You have been tasked with identifying the most secure method of communication to mitigate the risk of message-based vectors. Which of the following methods would be MOST effective? Web and social media Email Instant messaging (IM) Short Message Service (SMS)
Instant messaging (IM) Instant messaging (IM) is the correct answer. Many instant messaging platforms offer end-to-end encryption, which means that only the sender and the recipient can read the messages. This makes it more difficult for attackers to intercept and read the messages, making instant messaging the most secure method of communication in this list.
A cyber security analyst notices an unusual amount of data transmitted from an employee's company computer to an unknown external IP address. The employee has all necessary permissions to access externally transferred sensitive data. What type of threat actor is MOST likely responsible for this situation? Hacktivist Nation-state Unskilled attacker Internal threat actor
Internal threat actor An internal threat actor is an individual with permissions on the system, typically an employee or contractor. The scenario describes an employee with legitimate access to the data transmitting it to an unknown external IP address, which suggests that the threat actor is internal.
You decided to purchase a natural medication online based on testimonials from several customers. Later you hear from a news report that the company selling the product has been indicted for fraud. As part of the charges, the testimonials were found to be fake. Which of the following motivation techniques did the company use to entice you to purchase the natural medication? Urgency Authority Social proof Scarcity
Social proof With a social proof technique, the attacker uses social pressure to convince the target that it is okay to share or do something. For example, the attacker might say, "If everybody is doing it, then it's okay for you to do it, too." In this scenario, the social proof technique the company utilized was fake customer testimonials.
Which of the following BEST describes shoulder surfing? Guessing someone's password because it is so common or simple. Someone nearby watching you enter your password on your computer and recording it. Giving someone you trust your username and account password. Finding someone's password in the trash can and using it to access their account.
Someone nearby watching you enter your password on your computer and recording it. Shoulder surfing is watching and recording a password, pin, or access code that is being entered by someone nearby.
A targeted attack has a budget that can allocate physical and human resources to achieve its goals. This type of attack contains what attribute? Opportunistic Sophistication Unskilled attacker Known threats
Sophistication One must consider an adversaries' sophistication and level of resources and funding. A targeted attack might use highly sophisticated tools backed by a budget that can allocate physical and human resources.
Experts at a scientific facility suspect that operatives from another government entity planted malware and are spying on one of their top secret systems. Which attacker type is likely responsible based on the attacker's location and likely goals? Unskilled attackers Hacktivists State actors Criminal syndicates
State actors State actors are responsible for many attacks, particularly on energy and health network systems. They typically work at arm's length from the national government that sponsors and protects them, maintaining plausible deniability.
Which malicious actors are likely to show great interest in another country's energy infrastructure and have unlimited resources to carry out espionage attacks? Shadow IT Semi-authorized hackers State actors Unauthorized hackers
State actors The primary goals of state actors are espionage and strategic advantage. These actors receive government backing, have virtually unlimited resources, and are known to be particular about another country's energy and health network systems.
A large hospital uses Bluetooth technology for short-range personal area networking. The organization has a security concern with bluesnarfing. What is the attacker doing to the organization? Launching highly effective attacks using a peripheral device with malicious firmware. Sending unsolicited text messages or vCards to a discoverable device. Compromising any active and unpatched system, regardless of whether discovery is enabled. Stealing information from someone else's phone by using an exploit in Bluetooth.
Stealing information from someone else's phone by using an exploit in Bluetooth. Using an exploit in Bluetooth, bluesnarfing allows attackers to steal information from someone else's phone, circumventing the authentication mechanism and accessing sensitive information without the user's knowledge or consent.
A recent attack on a major retail chain resulted in stolen customer private information, including credit card information. The report explained that a heating, ventilation, and air conditioning (HVAC) contractor copied the information to an external hard drive while servicing an air conditioner unit and later uploaded the data to a cloud storage resource. A security engineer would classify this type of attack as which of the following? Supply chain attack USB cable attack Birthday attack Cloud-based attack
Supply chain attack A supply chain attack involves a threat actor seeking methods to infiltrate a company in its supply chain. An HVAC supplier is one example of using a maintenance service to gain access to sensitive areas like a data center.
Which of the following is an example of a watering hole attack? Targeting a group of individuals who frequent an unsecured third-party website to compromise their computers to gain access. Sending deceptive emails to trick users into clicking on malicious links. Installing malicious software through a fake antivirus program. Exploiting weak login credentials to gain unauthorized network access.
Targeting a group of individuals who frequent an unsecured third-party website to compromise their computers to gain access. Injecting malware into a popular website that a specific user group frequently visits is an example of a watering hole attack. The attack leverages users' trust in the site to compromise their devices.
Employees at CloudCom receive a suspicious email claiming to be from "CloudCom Support," informing employees that their passwords need to be reset urgently due to a security breach. The email includes a link to a login page that looks identical to CloudCom's official site. What type of social engineering attack does this scenario exemplify? Watering hole attack Phishing SMiShing Typosquatting
Typosquatting Typosquatting registers domains like legitimate ones, making users believe they're accessing a trusted site. The attacker creates a hijacked subdomain using the primary domain of a trusted cloud provider. Employees may fall victim to this attack if they overlook minor differences.
Which type of threat actor is MOST likely to initiate random, unsophisticated cyberattacks, often utilizing readily available hacking tools without a clear understanding of how they work? Unskilled attacker Insider threat Hacktivist Nation-state
Unskilled attacker Unskilled attackers, also known as script kiddies, commonly use widely available hacking tools without fully understanding them. Their attacks are often random and lack sophistication.
An organization's system alerting tool detects a series of unsuccessful attempts of someone trying to gain unauthorized access to its servers. These attempts lack sophistication and appear to be using publicly available hacking tools. Which type of threat actor is MOST likely responsible for these attempts? Unskilled attacker Nation-state Insider threat Hacktivist
Unskilled attacker Unskilled attackers, often called script kiddies, typically use widely available hacking tools and lack the knowledge to mount sophisticated attacks. The haphazard, unsuccessful attempts described are characteristic of this type of threat actor.
Vishing is a type of phishing attack that uses which kind of vector? Voice or telephone Spear phishing SMiShing Pharming
Voice or telephone Vishing attacks are a social engineering tactic that uses the voice or a telephone network to deceive victims and gather sensitive information.
A recent cyberattack led to massive disruptions in a country's power grid, causing widespread blackouts and significant economic and social damage. The country's cyber team traced the attack to a hostile nation-state's cyber warfare division. In this case, what is the primary motivation of the perpetrators? Ethical concerns Levels of sophistication/capability Financial gain War
War In this case, the hostile nation-state attacked to cause widespread disruption and damage, a common objective in warfare. Such acts are a part of the broader strategy of using cyber means to achieve military and political objectives.
What social engineering attack relies on targeting individuals who frequent an unsecured third-party website to compromise their computers and gain access to a specific organization's systems? Spear phishing Impersonation Watering hole Pharming
Watering hole A watering hole attack is a social engineering technique where the attacker identifies a popular and frequently visited website used by the target group and compromises that website with exploit code. Their computers become infected when target group members visit the website, and the attacker can then use this foothold to penetrate the organization's systems.
Which of the following is a passive computer attack technique in which an attacker anticipates or observes the websites an organization uses often and infects them with malware? Social networking Watering hole Typosquatting Pretexting
Watering hole A watering hole is a passive computer attack technique in which an attacker anticipates or observes the websites an organization uses often and infects them with malware. Members of the targeted group can then become infected.
An attack that targets senior executives and high-profile victims is referred to as what? Whaling Pharming Scrubbing Vishing
Whaling Whaling is another form of phishing that targets senior executives and high-profile victims.
A user contacts a company help desk complaining about intermittent connection problems to needed network files and shares. The user also noticed connection problems occur when the network signal strength is at its highest. What could this be a sign of? (Select two.) Wireless denial-of-service Rogue access point Downgrade attack RFID attack Wireless replay
Wireless denial-of-service Rogue access point A rogue access point (AP) allows a person with malicious intent to place a rogue AP with a higher power to capture usernames and passwords without getting caught immediately. A wireless denial-of-service attack causes network problems by not allowing users access to legitimate APs due to the rogue AP's higher signal strength.
CloudSecure is facing a cybersecurity challenge where some of its critical software applications are no longer supported by vendors, making them vulnerable to potential exploits. The IT team is exploring various strategies to mitigate the risk posed by these unsupported apps. What is the MOST effective approach to enhance the security posture? Ignoring the vulnerability as it can only be exploited in specific circumstances. Consolidating all operating systems and applications into one product. Isolating the unsupported apps from other systems to reduce the attack surface. Implementing regular patch management to fix the faulty code.
Isolating the unsupported apps from other systems to reduce the attack surface. Isolating the unsupported apps from other systems helps to prevent threat actors from accessing the vulnerable app and running exploit code, thus acting as a compensating control.
You are the security analyst for your organization. Clients are complaining about being unable to connect to the wireless network. After looking into the issue, you have noticed short bursts of high-intensity RF signals are interfering with your wireless network's signal. Which type of attack are you MOST likely experiencing? Bluesnarfing Cloning Jamming Disassociation
Jamming In a jamming attack, a transmitter is tuned to the same frequency and type of modulation as the wireless network. The jamming signal overrides the legitimate wireless network radio signals. This scenario is a spark jamming attack.
A hacker scans hundreds of IP addresses randomly on the internet until they find an exploitable target. What kind of attack is this? Opportunistic attack Targeted attack Insider attack Nation-state attack
Opportunistic attack In this scenario, the hacker is looking for an easy target and doesn't care what they are attacking. This is considered an opportunistic attack.
Which type of threat actor is MOST likely to engage in cybercrime activities, such as financial fraud, blackmail, or extortion for profit, and often operates across the Internet from a different jurisdiction than their victims? Organized crime Hacktivist Unskilled attacker Nation-state
Organized crime Organized crime groups are often involved in cybercrime activities like financial fraud, blackmail, or extortion, seeking any opportunity for profit. They can operate across the Internet from a different jurisdiction than their victims, increasing the complexity of prosecution.
An employee receives an email from an unknown sender claiming to be from the IT department. The email states that there is a login issue on the network and that the user needs to run the file to resolve the problem. The executable file prompts the user to input a network password, which the threat actor records. What social engineering technique is the threat actor using in this scenario? Vishing Pharming Phishing Tailgating
Phishing Phishing aims to elicit information or get a target to perform specific actions. The threat actor attempts to deceive the user by sending a fake executable file via email and persuading them to input their network password.
Which of the following tools can be used to view and modify DNS server information in Linux? tracert netstat route dig
dig The dig command is used to view and modify DNS settings. These tools can be used to look up DNS server information and give IP addresses and domain names for a network server.
Customers receive a seemingly genuine email from their trusted bank informing them that their passwords need updating. However, when authenticating, an attacker captures the customer's credentials. What kind of attack did the bank customers experience? Whaling Phishing SMiShing Vishing
Phishing Phishing is a combination of social engineering and spoofing, where the attacker sets up a spoof website to imitate a trusted one. The attacker then emails users of the genuine website, informing them that their accounts need updating and supplying a disguised link that leads to their spoofed site. Users then authenticate with the spoofed site, capturing their login credentials.
You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use? route tracert nmap ping
ping The ping command is used to perform a connection test between two network devices. It works by sending ICMP packets to a specified device on a network and waiting for a response. This shows if there is a connection issue or not.
Which of the following attacks tricks victims into providing confidential information (such as identity information or logon credentials) through emails or websites that impersonate an online entity that the victim trusts? Pharming Phishing Pretexting Preloading
Phishing Phishing tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts. These entities could include a financial institution or well known e-commerce site. Phishing is a specific form of social engineering.
A multinational corporation recently fell victim to a series of cyberattacks, disrupting services and leading to significant financial losses. After an investigation, the corporation found that these attacks were part of a systematic campaign to undermine the corporation's market position. The highly sophisticated attacks suggest the involvement of a well-resourced entity with specific strategic objectives. Which of the following motivations BEST describes this scenario? Revenge Chaotic Financial Political
Political Political motivations typically involve strategic objectives to bring about change or achieve specific goals, often at a societal or governance level. This scenario's systematic, strategic, and sophisticated attacks and the intent to undermine the corporation's market position suggest a political motivation.
A group of threat actors disrupts the online services of an oil company due to their disagreement with the company's environmental policies. They believe their actions can force the company to change its practices. This type of threat actor is primarily driven by what kind of motivation? Financial gain Service disruption Political/philosophical beliefs Espionage
Political/philosophical beliefs The group, motivated by their philosophical beliefs about environmental responsibility, use their actions to bring about change in line with these beliefs.
Impersonation is a social engineering attack that involves which of the following? Manipulating the Domain Name System (DNS) to redirect website traffic. Using malware to compromise a network and steal data. Sending deceptive emails to trick users into revealing sensitive information. Pretending to be someone else and may use persuasive or coercive approaches to manipulate the target.
Pretending to be someone else and may use persuasive or coercive approaches to manipulate the target. Impersonation is a social engineering attack where the threat actor pretends to be a legitimate user or entity to gain unauthorized access, deceive others, or carry out fraudulent activities.
What social engineering technique occurs when a threat actor assumes the identity of a remote sales representative and contacts the help desk to urgently or authoritatively obtain login credentials for remote access? Brand impersonation Pretexting Watering hole attack Phishing
Pretexting Pretexting is a social engineering tactic where a threat actor deceives a target into sharing sensitive information.
Which of the following is an example of a social engineering attack? A fake bank email is sent to recipients asking them to update their account info via a link that leads to a fake site, capturing login details. An attacker floods a website's server with fake requests, making it slow or unresponsive to legitimate users. An employee sends information to HR, but an attacker secretly intercepts and manipulates the communication, unbeknownst to both employees. A call from a threat actor posing as a remote sales representative to obtain the login credentials to a remote access server from the help desk.
A call from a threat actor posing as a remote sales representative to obtain the login credentials to a remote access server from the help desk. The example illustrates a social engineering attack where the threat actor deceives the help desk into providing sensitive information through a persuasive phone call.
Which of the following is the BEST definition of the term hacker? Any individual whose attacks are politically motivated. A threat actor whose main goal is financial gain. The most organized, well-funded, and dangerous type of threat actor. A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention.
A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. The term hacker is a general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
SQL injections are a result of which of the following flaws? The file system Web applications The web server The database
According to testout it is The database but that doesnt make sense, they use an the not correctly protected web application to access the database, it isnt a flaw in the database inherently.
An employee suspected of modifying company invoices diverted funds from a company account to their private bank account. What kind of malicious actor type does this describe? Unskilled attacker Competitor Insider threat Hacktivist
Insider threat Insider threats are employees who harbor grievances or perpetrate fraud. An insider threat might plan and execute a campaign to modify invoices and divert funds.
As a senior IT professional, you are tasked with securing your company's file system. The company has a large number of employees who need to access various files and documents for their work. Which of the following strategies would be the MOST effective in ensuring both security and accessibility of the file system? Create shared folders with appropriate access permissions. Use a VPN for all data transfers within the company. Implement full-disk encryption on all company computers. Disable all unused services on company computers.
Create shared folders with appropriate access permissions. Creating shared folders with appropriate access permissions is the most effective strategy in this scenario. This allows employees to access the files they need while still maintaining security. Access permissions can be set according to the principle of least privilege, ensuring that employees only have access to the files they need for their work.
What type of attack takes content from a local system, encrypts it, and sends it to the attacker's server via HTTP over the port 80? Data exfiltration Input validation Denial-of-service attack DDoS attack
Data exfiltration Data exfiltration is an unauthorized copying or retrieval of data from a system. Data exfiltration attacks are a primary means for attackers to retrieve valuable data often destined for later sale on the black market.
A threat actor can infiltrate an organization's network and silently extract sensitive proprietary data without detection. The data has a high value on the black market. Which motivations BEST align with this threat actor's likely objective? Data exfiltration Service Disruption Revenge Disinformation
Data exfiltration Data exfiltration transfers a copy of valuable information from a computer or network without authorization. Threat actors might perform this type of theft because they want the data asset for themselves, can exploit its loss as blackmail, or sell it to a third party.
A threat actor gains physical access to an organization's premises and attempts to perpetrate an attack on the wired network. What specific threat vector associated with unsecured networks is likely used by the threat actor in this scenario? Bluetooth network Default credentials Direct access Remote and wireless network
Direct access The threat actor gains physical access to the site, making the direct access threat vector the most relevant choice as it involves using physical access to perpetrate an attack, such as accessing an unlocked workstation or stealing a PC.
As a new IT manager at TechCorp, you are tasked with onboarding a third-party vendor that will provide critical IT services. During the onboarding process, you discover that the vendor's security policies and incident response procedures are significantly different from those of TechCorp. What should you do? Ignore the differences and proceed with the onboarding process. Cancel the onboarding process immediately. Discuss the differences with the vendor and seek to align the policies and procedures. Report the vendor to the authorities for having different policies.
Discuss the differences with the vendor and seek to align the policies and procedures. When differences in security policies and procedures are identified, the best course of action is to discuss these differences with the vendor. The goal should be to align the policies and procedures as closely as possible to ensure the security of both organizations.
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? Social engineering Password guessing Dumpster diving Shoulder surfing
Dumpster diving Dumpster diving relies on finding sensitive information that has been discarded in garbage cans, dumpsters, or other unsecured places that create access for attackers.
In the context of network monitoring, which of the following is crucial for enforcing and maintaining the security measures put in place during the hardening process? Endpoint hardening Packet routing Top talkers IP scanning
Endpoint hardening Endpoint hardening is the correct answer. It refers to the process of securing individual devices on a network (endpoints) against threats. Network monitoring plays a vital role in endpoint hardening as it helps to enforce and maintain the security measures put in place during the hardening process. It can detect changes that weaken the hardened configuration and alert analysts of the change, which may indicate a breach.
Which of the following functions does a single quote (') perform in an SQL injection? Indicates that data has ended and a command is beginning. Indicates that the comment has ended and data is being entered. Indicates that everything after the single quote is a comment. Indicates that code is ending and a comment is being entered.
Indicates that data has ended and a command is beginning. A single quote (') indicates that data has ended and a command is beginning. The double dashes (--) indicate that code is ending and a comment is being entered. Comments are code that a program does not execute and are usually used for explanations or reminders for the coder. Applications know to ignore the comments.
You are the IT security manager at a large corporation. Your team has just discovered a significant vulnerability in the company's Linux-based server infrastructure. The vulnerability, if exploited, could allow an attacker to gain unauthorized access to sensitive data. Your team has identified a patch that can fix the vulnerability, but applying the patch will require significant downtime during peak business hours. What is the BEST course of action? Inform the senior management about the vulnerability and the potential impact of the patch on business operations, and ask for their decision. Ignore the patch since Linux is known for its security and the likelihood of an attack is low. Apply the patch immediately during peak business hours to ensure the vulnerability is fixed as soon as possible. Wait until off-peak hours to apply the patch to minimize business disruption.
Inform the senior management about the vulnerability and the potential impact of the patch on business operations, and ask for their decision. Informing the senior management about the vulnerability and the potential impact of the patch on business operations is the best option. As the IT security manager, it's your responsibility to inform senior management about the vulnerability, the potential impact of an attack, and the potential impact of the patch on business operations. This allows the senior management to make an informed decision about how to proceed, taking into consideration both the security risk and the potential business impact.
The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal includes the following: Create and follow onboarding and off-boarding procedures. Employ the principal of least privilege. Have appropriate physical security controls in place. Which type of threat actor do these steps guard against? Hacktivist Insider Competitor Script kiddie
Insider Because insiders are one of the most dangerous and overlooked threats to an organization, you need to take the appropriate steps to protect against them, such as requiring mandatory vacations, creating and following onboarding and off-boarding procedure, employing the principal of least privilege, and having appropriate physical security controls in place.
CryptoCloud is expanding its business and is considering outsourcing its IT resources to a managed services provider (MSP) to improve efficiency and reliability. Which of the following statements about MSPs and their role in the supply chain are correct? (Select two.) MSPs involves receiving an attachment or viewing an image on a webpage which triggers an exploit. MSPs primarily focus on providing support for IT resources such as networks, security, or web infrastructure. MSPs may introduce a complex security challenge as monitoring their employees can be difficult. MSPs handle the end-to-end process of designing, manufacturing, and distributing goods and services to customers. MSPs are only suitable for large enterprises with extensive IT infrastructure and are not recommended for smaller businesses.
MSPs primarily focus on providing support for IT resources such as networks, security, or web infrastructure. MSPs may introduce a complex security challenge as monitoring their employees can be difficult. Outsourcing to an MSP can be complex from a security point of view due to the difficulty in monitoring the actions of the MSP's employees, who are potential sources of insider threats. MSPs manage, monitor, and maintain the organization's IT infrastructure, applications, and services. Their services can include network management, security, data backup, cloud computing, hardware and software maintenance, help desk support, and other IT-related tasks.
Social engineers are master manipulators. Which of the following are tactics they might use? Shoulder surfing, eavesdropping, and keylogging Eavesdropping, ignorance, and threatening Moral obligation, ignorance, and threatening Keylogging, shoulder surfing, and moral obligation
Moral obligation, ignorance, and threatening Social engineers are master manipulators. Some of the most popular tactics they use are moral obligation, innate human trust, threatening, an easy reward, and ignorance.
An international financial institution recently discovered a persistent and sophisticated cyber attack. The scale and sophistication of the attack suggest that the threat actor has access to significant resources. The nature of the attack indicates that the threat actor operates with an extended timeline and appears motivated by strategic advantage rather than immediate financial gain. Which type of threat actor is MOST likely involved? Nation-state Individual hacker Hacktivist Insider threat
Nation-state Nation-state actors have the advanced capabilities, significant resources, and strategic motivations to carry out the sophisticated, long-term attack the financial institution discovered.Nation-state
Which type of threat actor is MOST likely to engage in cyber espionage with strategic or political motivations? Competitors Nation-state Organized crime Hacktivist
Nation-state Nation-state actors often have the support of governments. Their activities, including cyber espionage, are typically motivated by strategic or political reasons.
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? Ping scanner Network mapper OVAL Port scanner
Network mapper A network mapper is a tool that can discover devices on a network and show those devices in a graphical representation. Network mappers typically use a ping scan to discover devices and a port scanner to identify open ports on those devices.
As a security officer in a large corporation, you receive an email from an unknown sender claiming to be a high-ranking executive from another branch of your company. The email states that due to a sudden surge in demand for your company's product, there is a shortage of supply. The sender requests immediate access to your inventory data to assess the situation and promises a significant bonus for your prompt cooperation. The sender also mentions that this is a confidential matter and should not be discussed with anyone else. What would be the BEST response in this scenario? Immediately provide the requested data to help the company in this crisis. Report the email to your supervisor and the IT department without responding to the sender. Ignore the email as it does not concern your department. Respond to the sender asking for more details about the situation.
Report the email to your supervisor and the IT department without responding to the sender. Reporting the email to your supervisor and the IT department without responding to the sender is the best response. The email has several red flags that suggest it could be a social engineering attack. The sender is unknown, the request is urgent, confidential, and involves access to sensitive data. The promise of a bonus is a form of the scarcity technique. It's important to report such incidents to your supervisor and IT department for further investigation.
Which of the following does a threat actor need in order to support a high-level sophisticated attack? Data exfiltration System permissions Disinformation Resources and funding
Resources and funding A high level of capability must be supported by resources and funding. Sophisticated threat actor groups need to be able to acquire resources, such as customized attack tools and skilled strategists, designers, coders, hackers, and social engineers. The most capable threat actor groups receive funding from nation-states and organized crime.
A group of people lost their jobs after their company filed for bankruptcy. These employees formed a closed hacktivist group to fashion a zero-day exploit targeting specific Windows operating systems (OS) on the company network. They will use internal influences to get the exploit onto the network. Which of the following factors will greatly influence the success of this attack? (Select two.) Revenge for hardship Former colleague assistance Political motivation Criminal gang threats Nation-state influence
Revenge for hardship Former colleague assistance Personal hardship after losing a job can motivate carrying out a revenge attack and seeing it through to the end. Revenge is a common motivator for insider threats. Former colleagues, who still work for the company, are a good resource to influence and insert a zero-day exploit onto the network. These colleagues (or insider threats) may want to help because they are sympathetic toward the employees who lost their jobs.
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this? On-path attack Phishing Social engineering Physical security Rogue access point
Rogue access point A rogue access point is an unauthorized access point added to a network, or it is an access point that is configured to mimic a valid access point. Examples include: An attacker or an employee with access to the wired network installs a wireless access point on a free port. The access port then provides a way to access the network remotely. An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point. An attacker configures a wireless access point in a public location and then monitors traffic to see who connects to the access point.
A text message purporting to be from a user's bank requests the recipient to click on a link to verify a recent transaction and provide security details. What BEST describes the type of attack used? Vishing Phishing Watering hole attack SMiShing
SMiShing SMiShing is a social engineering attack that uses text messages to trick people into sharing sensitive information.
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred? SQL injection DLL injection Cross-site scripting Buffer overflow
SQL injection A SQL injection attack occurs when an attacker includes database commands within user data input fields on a form, which subsequently execute on the server. The injection attack succeeds if the server does not properly validate the input to restrict the entry of characters that could end and begin a database command. SQL injection attacks are prevented by proper programming methods that prevent commands from occurring within form data or that filter data to prevent such attacks.
An employee at a crypto security company receives an email that appears to be internal to the IT department. The email informs the employee to update the login credentials immediately to prevent account suspension. The "From" field in the email displays "[email protected]." However, upon closer inspection, the employee notices the slightly misspelled domain name as "crypt0secure.com." What technique is the threat actor using in this phishing attempt? (Select two.) Spoofing Brand impersonation Pretexting Typosquatting Pharming
Typosquatting Spoofing The threat actor is using typosquatting by registering a domain name that is like a legitimate one, hoping users will not notice the difference and assume they are receiving emails from a known source. The scenario also involves spoofing by impersonating a trusted source, deceiving the target. The company's spoofed email address makes it appear that the email is from the IT department.
Which social engineering technique involves the attacker interacting with the user to trick them into revealing their username and password? Password guessing User manipulation Physical access Dumpster diving
User manipulation User manipulation is the correct answer. In user manipulation, the attacker interacts directly with the user, often pretending to be someone they trust, to trick them into revealing their username and password.
As a cybersecurity analyst, you are tasked with reducing the supply chain attack surface in your organization. Which of the following areas should you focus on to MOST effectively mitigate this risk? Vendor management Internal IT infrastructure Employee training Customer data protection
Vendor management Vendor management is the correct answer. The supply chain attack surface is often increased by third-party vendors who have access to your organization's systems or data. By focusing on vendor management, including conducting regular security audits and enforcing strict security standards, you can significantly reduce the supply chain attack surface.
Which of the following BEST describes bluesnarfing? Cloning a mobile device Sending anonymous electronic business cards Executing commands on a mobile device Viewing calendar, emails, and messages on a mobile device without authorization
Viewing calendar, emails, and messages on a mobile device without authorization Bluesnarfing is the use of a Bluetooth connection to gain unauthorized access to an existing Bluetooth connection between phones, desktops, laptops, or PDAs. Bluesnarfing allows access to view the calendar, emails, text messages, and contact lists. Many Bluetooth devices have built-in features to prevent bluesnarfing, but it is still a known vulnerability.
Which of the following social engineering attacks uses voice over IP (VoIP) to gain sensitive information? Shoulder surfing Spear phishing Hoax Vishing
Vishing Vishing is a social engineering attack that uses voice over IP (VoIP) to gain sensitive information. The term is a combination of voice and phishing.
A representative at a company reports receiving numerous unsolicited phone calls seeking banking information for a credit report. Which social engineering variant is the finance director experiencing? SMiShing Whaling Vishing Spear phishing
Vishing Vishing is a type of phishing attack conducted through a voice channel (telephone or Voice over Internet Protocol, for instance) such as someone purporting to represent the bank or another official institution calling targets.
What is the term for a phishing attack conducted through a voice channel, such as a phone call? SMiShing Phishing Pharming Vishing
Vishing Vishing refers to a phishing attack conducted through a voice channel, typically over the phone or VoIP, where the threat actor persuades the target to reveal sensitive information.
