CSS 200 final
Which of the following ISO framework provides requirements for an information security management system and focuses on managing information security within an organization? · 27002 · 27001 · 27701 · 31000
27001
What is the highest level of normalization that you can achieve with a database?
6NF - Sixth Normal Form
What is the difference between a Trojan and a RAT?
A RAT gives the attacker unauthorized remote access to the victim's computer.
What is another name for footprinting?
Active reconnaissance
In which type of software environment are you most likely to find Microsoft Visual Studio and Eclipse?
Development
Which of the following is known as a network virus? a. C&C b. Remote exploitation virus (REV) c. Worm d. TAR
Worm
Which of the following standards provide guidelines for hardening a Webserver? · Center for Internet Security (CIS) · International Organization for Standardization (ISO) · Cloud Control Matrix (CCM) · Statements on Standards for Attestation Engagements (SSAE)
· Center for Internet Security (CIS)
Which of the following are examples of technical control? [Choose all that apply] · A non-disclosure agreement (NDA) · Dead-bolted steel doors · Router · Firewall · Alarm systems
· Router · Firewall
You received a call from a person who was pretending to be from a law firm. The caller wanted to know some confidential information about your organization. Which of the following social engineering method was the person using?
Authority
Which of the following is NOT a characteristic of a penetration test?
Automated
Which of the following attack uses CDs, DVDs, or USB drives? Tailgating Baiting Hoax Shoulder surfing
Baiting
Which type of hackers break into systems for personal or financial gain?
Black hat
Which group is responsible for the Cloud Controls Matrix?
CSA
What word is used today to refer to network-connected hardware devices?
Endpoint
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute?
SSAE SOC 2 Type II
Which of the following manipulates the trusting relationship between web servers? a. EXMAL b. CSRF c. SSRF d. SCSI
SSRF
Which of the following is not something that a SIEM can perform? a. Sentiment analysis b. User behavior analysis c. Incident response d. Log aggregation
Incident response
Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it? a. Integrity b. Confidentiality c. Assurance d. Availability
Integrity
Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet? a. Spam b. Malware c. Ad fraud d. LOLBins
LOLBins
Which of the following testing strategies will be performed by a gradual process of gaining access to a network component, infrastructure, or an application layer to minimize detection? · Security Assessment · Security Testing · Lateral Movement · Penetration Testing
Lateral Movement
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
Which of these would NOT be considered the result of a logic bomb? a. Delete all human resource records regarding Augustine one month after he leaves the company. b. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting. c. Erase the hard drives of all the servers 90 days after Alfredo's name is removed from the list of current employees. d. If the company's stock price drops below $50, then credit Oscar's retirement account with one additional year of retirement credit.
Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following? Session Sequencing Session Fixation Session Hijacking Session Takeover
Session Hijacking
Which type of phishing targets specific individuals and companies?
Spear phishing
For which of the following Windows versions, Microsoft has stopped providing support services? [Choose all that apply.] Windows 7 Windows 8.1 Windows XP Windows 8
Windows XP Windows 7
Which of the following is not used to describe those who attack computer systems? a. attacker b. malicious agent c. threat actor d. hacker
malicious agent
Which of the following statements are true for a zero-day attack? [Choose all that apply.] A zero-day vulnerability can only exist within the operating systems A zero-day attack is impossible to detect as it exploits the unknown vulnerabilities A zero-day vulnerability can only be discovered when the software is deployed A zero-day vulnerability can be example of an unknown threat
A zero-day attack is impossible to detect as it exploits the unknown vulnerabilities A zero-day vulnerability can only be discovered when the software is deployed A zero-day vulnerability can be example of an unknown threat
Which of the following ensures that only authorized parties can view protected information? a. Confidentiality b. Integrity c. Availability d. Authorization
Confidentiality
Which of the following enables attackers to inject client-side scripts into web pages viewed by other users? Path Traversal Cross Site Scripting Cross Site Request Forgery SQL Injection
Cross Site Scripting
Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation?
Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
Which of the following is known as out-of-the-box configuration? Errors Unsecured root accounts Default settings Open permissions
Default settings
Which type of control identifies a security risk that might be present in a policy, process, or procedure? · Detective · Corrective · Compensating · Preventative Deterrent
Detective
Which of the following is not a reason why a legacy platform has not been updated? a. Limited hardware capacity b. An application only operates on a specific OS version c. Neglect d. No compelling reason for any updates
No compelling reason for any updates
What is a standard for the handling of customer card information?
PCI DSS
Which of the following is not true regarding security? a. Security includes the necessary steps to protect from harm. b. Security is a process. c. Security is a war that must be won at all costs. d. Security is a goal
Security is a war that must be won at all costs.
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered? a. Security manager b. Security administrator c. Security officer d. Security technician
Security manager
Which statement regarding a keylogger is NOT true? a. Keyloggers can be used to capture passwords, credit card numbers, or personal information. b. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. c. Software keyloggers are generally easy to detect. d. Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet.
Software keyloggers are generally easy to detect.
Which premise is the foundation of threat hunting?
Threat actors have already infiltrated our network.
Which of the following is NOT a characteristic of malware? a. Launch b. Imprison c. Diffusion d. Deceive
Diffusion
Which of the following is a full knowledge penetration testing? · Red Box Testing · Black Box Testing · White Box Testing · Gray Box Testing
White Box Testing
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? a. White hat hackers b. Red hat hackers c. Black hat hackers d. Gray hat hackers
White hat hackers
Which of the following is not a recognized attack vector? a. email b. on-perm c. social media d. supply chain
on-perm
Which of the following groups use Advanced Persistent Threats? a. Criminal syndicates b. State actors c. Shadow IT d. Brokers
state actors
Which of the following statements are true for artificial intelligence (AI)? [Choose all that apply] · AI learns on its own without any input data · AI focuses on the broad idea of making a system execute a task · Machine Learning or ML is a subset of AI · A self-driving car is an example of AI
AI focuses on the broad idea of making a system execute a task Machine Learning or ML is a subset of AI A self-driving car is an example of AI
Which of the following type of attacker keeps exfiltrating the data quietly, without being detected? Script kiddies Advanced Persistent Threat (APT) Hacktivists Criminal syndicates Insider threats
Advanced Persistent Threat (APT)
Which of the following allows organizations to identify and remediate vulnerabilities before the public is aware of it, thus reducing the spread and intensity of abuse? · Discovery · Enumeration · Vulnerability Mapping · Bug Bounty
Bug Bounty
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website? a. DRCR b. DLLS c. CSRF d. SSFR
CSRF
An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application? Cross Site Scripting Directory Listing Buffer Overflow Race Condition
Directory Listing
Footprinting and gathering information about the target is performed in which phase of penetration testing?
Discovery
Which of the following attacks targets the external software component that is a repository of both code and data? a. OS REG attack b. Dynamic-link library (DLL) injection attack c. Application program interface (API) attack d. Device driver manipulation attack
Dynamic-link library (DLL) injection attack
Which of the following is NOT a means by which a bot communicates with a C&C device? a. Email b. Signing in to a third-party website c. Signing in to a website the bot herder operates d. Command sent through Twitter posts
Which type of malware relies on LOLBins?
Fileless virus
Which of the following is also known as a "dot dot slash" attack? SQL Injection Cross Site Scripting Path Traversal Cross Site Request Forgery
Path Traversal
Which of the following terms refers to attacking or taking control of a system through another compromised system? · Exploitation · Vulnerability Mapping · Enumeration · Pivoting
Pivoting
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Planning
Which of the following malware does not harm the system but only targets the data? · Logic bomb · Ransomware · Trojan · Worm
Ransomware
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red team
What term refers to changing the design of existing code?
Refactoring
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals? a. Benchmarks b. Legislation c. Regulations d. White papers
Regulations
Which is the final rule of engagement that would be conducted in a pen test?
Reporting
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
Which of the following groups have the lowest level of technical knowledge? a. Hactivists b. Insiders c. Script kiddies d. State actors
Script kiddies
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo? a. They would have to stay overnight to perform the test. b. The employees could have inside knowledge of the network that would give them an advantage. c. There may be a lack of expertise. d. Employees may have a reluctance to reveal a vulnerability.
They would have to stay overnight to perform the test.
How do vendors decide which should be the default settings on a system? a. Those settings that provide the means by which the user can immediately begin to use the product. b. There is no reason behind why specific default settings are chosen. c. The default settings are always mandated by industry standards. d. Those that are the most secure are always the default settings.
Those settings that provide the means by which the user can immediately begin to use the product.
What race condition can result in a NULL pointer/object dereference?
Time of check/time of use race condition
What is an objective of state-sponsored attackers?
To spy on citizens
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. a. through products, people, and procedures on the devices that store, manipulate, and transmit the information b. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network c. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources d. through a long-term process that results in ultimate security
through products, people, and procedures on the devices that store, manipulate, and transmit the information
Insider threats are generated by the individuals who are either the organization's employees or are closely associated with the organization as a vendor or a third-party. [TRUE/FALSE]
true
Which tool is most commonly associated with state actors? a. Advanced Persistent Threat (APT) b. Closed-Source Resistant and Recurrent Malware (CSRRM) c. Network Spider and Worm Threat (NSAWT) d. Unlimited Harvest and Secure Attack (UHSA)
Advanced Persistent Threat
Which of the following type of attack is a pre-cursor to the collision attack? · Brute-force · Birthday · Downgrade · Dictionary
Birthday
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Black Box
In which of the following tests does the tester not need to have prior knowledge of the system's internal design or features? · Red Box Testing · Black Box Testing · White Box Testing Gray Box Testing
Black Box Testing
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer?
Blocking ransomware
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? a. Competitors b. Resource managers c. Cyberterrorists d. Brokers
Brokers
Password spraying cyber-attack can be categorized as which of the following type of attack? · Dictionary · Unencrypted · Brute-force Wordlist
Brute force
Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?
Buffer overflow
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
You have a version control system installed. Several developers work with this system. A new developer wants to work on the code. What is the first task that the developer must perform?
Check out existing code
Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker? Error Based SQL Injection No SQL Injection Time Based SQL Injection Blind SQL Injection
Error Based SQL Injection
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose? a. Personal security b. Fortune c. Financial gain d. Fame
Fame
Which of the following code provides instructions to the hardware? Service Pack Application Operating System Firmware
Firmware
Which of the following standard/law focuses on protecting the financial non-public information? · Federal Information Security Management Act (FISMMA) · Health Insurance Portability and Accountability Act (HIPAA) · GRAMM-LEACH-BILLEY ACT (GLBA) · US Privacy Act of 1974
GRAMM-LEACH-BILLEY ACT (GLBA)
Which of the following performs hacking for either a political reason or wants to bring in a social change? Criminal syndicates Script kiddies Insider threats Hacktivists
Hacktivists
Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization? Horizontal Privilege Escalation DOM Based Cross Scripting Vertical Privilege Escalation Reflected Cross Scripting
Horizontal Privilege Escalation
Which ISO contains controls for managing and controlling risk?
ISO 31000
Which of the following is NOT an advantage of crowdsourced penetration testing? a. Ability to rotate teams b. Faster testing c. Less expensive d. Conducting multiple tests simultaneously
Less expensive
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this?
PUP
Which of the following is not an issue with patching? a. Delays in patching OSs b. Few patches exist for application software c. Difficulty patching firmware d. Patches address zero-day vulnerabilities
Patches address zero-day vulnerabilities
Which of the following are the phases in Open Source Intelligence (OSINT)? [Choose all that apply] Result Delivery Data Analysis Source Identification Data Processing Data Harvesting
Result Delivery Data Analysis Source Identification Data Processing Data Harvesting
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
What is the relationship between security and convenience?
Security and convenience are inversely proportional
What is the term used to describe the connectivity between an organization and a third party? a. Platform support b. Resource migration c. System integration d. Network layering
System integration
A USB can be used to drop which of the following types of malware? [Choose all that apply] · Trojan · Backdoor · Worms · Keyboard loggers
Trojan Backdoor Worms Keyboard loggers
Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity? a. Local industry groups b. Conferences c. Vendor websites d. Twitter
Malware can be delivered using which of the following methods? [Choose all that apply] USB E-mail attachments Website Through user
USB Email Website
Which of the following loop runs until a statement becomes true? While loop Do loop Until loop If...else loop
Until loop
Which type of phishing is conducted over the Voice over IP (VoIP) lines where the attacker pretends to be a legitimate caller from a bank or a financial institution?
Vishing
Which type of attack does the attacker infect a website that is often visited by the target users?
Watering hole
Which of the following attacks is based on a website accepting user input without sanitizing it? a. RSS b. SQLS c. SSXRS d. XSS
XSS
Which of the following statements is true for the scalability of a system? When workload increases, additional resources for the application are provided in an automated fashion Scalability is a popular phenomenon in the cloud environment You can add more resources to the system to gain optimal application performance It is the same as elasticity and the two terms can be used interchangeably
You can add more resources to the system to gain optimal application performance
