Cysa Objective 1 view
A set of devices of the same type are receiving an update to take advantage of extra features. This update will require a firmware upgrade kit or software. What type of devices are receiving this update?
-Embedded Devices -ICS devices
An administrator uses Nmap Security Scanner to scan a large IP scope to perform only host discovery. Which of the following switches will the administrator use?
-sn
Race condition
A _____ occurs when the outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.
A basic scan
A basic scan, or fast scan, will present options for comparing operating system and application settings against a policy template.
Code Review
A code review is the human analysis of software source code. It is a manual peer review that is conducted by developers other than the original coders.
A community cloud
A community cloud is when multiple organizations share ownership of a cloud service. This is usually done to pool resources for a common concern, like standardization and security policies.
A configuration baseline
A configuration baseline comprises the recommended settings for services and policy configuration for a server operating in a specific application role (e.g., web server).
A credential scan
A credential scan is a scan assigned to a user account with log-on rights for various hosts, plus any other permissions appropriate for the testing routines.
A deep scan
A deep scan, also called a full scan, is a comprehensive scan that can be configured by forcing the use of all plug-in types. The scanning of each host takes longer, and there may be more risk of service disruption.
A false positive (Scanning)
A false positive occurs when a scanner identifies a vulnerability that is not accurate. The configuration of the scanner will likely miss vulnerabilities resulting in false negatives.
Field Programmable Gate Array (FPGA)
A field programmable gate array (FPGA) is a type of controller that can be configured by the end user to run an application. This is prone to misconfigurations.
A hybrid cloud
A hybrid cloud can be composed of public cloud, private cloud, and on-premises infrastructure. Interconnections within this hybrid infrastructure are made by software-coded orchestration tools.
A non-persistent XSS
A non-persistent XSS is a reflected XSS.
DOM XSS
A persistent (or stored) XSS attack aims to insert code into a back-end database used by the trusted site. For example, the attacker may submit a post to a bulletin board with a malicious script embedded in the message. When other users view the message, the malicious script is executed.
Persistent XSS
A persistent (or stored) XSS attack aims to insert code into a back-end database used by the trusted site. For example, the attacker may submit a post to a bulletin board with a malicious script embedded in the message. When other users view the message, the malicious script is executed.
A private cloud model
A private cloud model can be deployed within an organization's local network. This deployment does not require orchestration, although it may help speed setup and configuration processes.
Protocol Fuzzer
A protocol fuzzer transmits manipulated packets to the application using unexpected values in the headers or payload.
A public cloud
A public cloud is a service offered over the Internet by cloud service providers (CSP) to cloud consumers. With this model, businesses can offer subscriptions or pay-as-you-go financing.
A null pointer dereference exploit
A race condition vulnerability is typically found where multiple threads are attempting to write a variable or object at the same memory location. A null pointer dereference exploit is one means of triggering a race condition.
A real-time operating system (RTOS)
A real-time operating system (RTOS) is an embedded system that must have response times that are predictable to within microsecond tolerances. Therefore, they cannot tolerate reboots or crashes.
Reflected XSS
A reflected XSS involves a trusted site, a client browsing the trusted site, and the attacker's site. It tricks a user in clicking a malicious link.
A stress test
A stress test is a type of dynamic analysis that is designed to evaluate how an application performs under an extreme processing load.
A time of check to time of use (TOCTTOU) vulnerability
A time of check to time of use (TOCTTOU) vulnerability is a race condition that occurs when there is a change between when an app checked a resource and when the app used the resource. This change invalidates the check.
A true Negative
A true negative occurs when a scanner does not find a vulnerability and no vulnerability exists.
A true negative
A true negative occurs when a scanner does not find a vulnerability and no vulnerability exists.
A vulnerability does not have countermeasures put in place because the level of risk does not justify the cost. Which type of remediation plan does this demonstrate?
Acceptance (of risk)
Active scanning
Active scanning involves probing the configuration of the system using some form of network connection to the target. Active scanning uses more bandwidth in the network and runs the risk of crashing the scan target or triggering some other kind of outage.
Agent-based scanning
Agent-based scanning is a form of active scanning that utilizes a scanning program installed on the host.
Aircrack-ng
Aircrack-ng is a suite of utilities designed for wireless network security testing. The principal tools are airmon-ng, airodump-ng, and aireplay-ng.
An attacker uses Aircrack-ng to inject frames to obtain the authentication credentials for an access point. Which tool does the attacker use?
Aireplay-ng
Extensible Markup Language (XML) attack
An Extensible Markup Language (XML) attack takes advantage of data submitted via XML with no encryption or input validation. This makes it vulnerable to spoofing, request forgery, and injection of arbitrary data.
An application fuzzer
An application fuzzer identifies input streams accepted by the application, such as input boxes, command line switches, or import/export functions.
semi-passive scanning technique
An example of a semi-passive technique is referred to as low and slow or sparse. This technique uses probes that are difficult to distinguish from legitimate traffic. The probes are used infrequently so that the enumeration scanning cannot be easily identified.
An integer overflow
An integer overflow occurs when the result of an arithmetic operation exceeds the bounds of that operation. For example, a positive number becomes a negative number (e.g., changing a bank debit to a credit, for instance).
Arachni
Arachni is an open-source web scanner application. It can audit HTML forms, JavaScript forms, JSON input, XML input, links, and any orphan input elements.
A technician must perform vulnerability management on a large network. The technician starts performing a risk assessment of the hosts and intermediate systems that require scanning or remediation to create a prioritized list of vulnerable systems. What does this list refer to?
Asset Criticality
Asset criticality
Asset criticality is identified through the processes of system identification and risk assessment. The nature of an asset will also determine the tools that will be used to detect and manage its vulnerabilities.
A hacker can manipulate which of the following after taking over a controller area network (CAN) serial communications bus?
Automobiles Unmanned Aerial Vehicles
Broken Authentication
Broken authentication refers to an app that fails to deny access to malicious actors. This can derive from weak password reset mechanisms.
Broken authentication
Broken authentication refers to an application that fails to deny access to malicious actors. This can derive from a number of faults to include not requiring sufficiently strong passwords.
What is Burp Suite
Burp suite is a tool used for testing web application security. Burp allows an automated scan for vulnerabilities and crawls an application to discover content.
Business process interruption
Business process interruption is an inhibitor to remediation due to the fact that in some cases, this type of interruption is considered too much of a risk to the business's operations.
Which cloud deployment model may cause security design and operation to be unclear between organizations?
Community Cloud
A medium sized company is trying to follow security standards for processing card payments. If a particular control is not feasible from a technological or business standpoint, what method can the company use instead to meet the standard?
Compensating Controls
Compensating control
Compensating control is one that replaces a control specified in a compliance framework. The framework might allow the use of a compensating control if there are sound technical or business reasons for not deploying the recommended control.
Credential stuffing
Credential stuffing is when the attacker tests username and password combinations against multiple sites.
Data Feeds
Data feeds are lists of known bad indicators, such as domain names or IP addresses associated with spam or distributed Denial of Service (DDoS) attacks.
When using a Platform as a Service (PaaS) cloud deployment model, a client company should consider which of the following when addressing cybersecurity risks and vulnerabilities? Select all that apply
Data-at-rest encryption Data Availability to other locationsw
An organization performs a scan that has a higher risk of service disruption. The organization configures the scan to ignore previous results and rescans for each type of vulnerability. Evaluate the assessment scan sensitivity levels to deduce which type of scan the organization performs.
Deep
Dereferencing
Dereferencing is a software vulnerability that can occur when the code attempts to remove the relationship between a pointer in memory and the thing it points to (pointee).
Embedded systems
Embedded systems are those where software is burned into the hardware. These systems are typically static environments and are therefore easier to protect.
Enumeration
Enumeration aims to identify and scan network ranges and hosts belonging to the target and map out an attack surface.
An organization hires a new senior administrator. The new employee realizes that a vulnerability scanner performs scans from outside of the firewall. The employee raises concerns to the manager. What type of results will the employee discuss with the manager?
FALSE Negatives
A host system detection maps out open ports, file shares, and running services. Which of the following is this system performing?
Fingerprinting
Fingerprinting
Fingerprinting uses tools to perform host system detection to map out open ports, file shares, running services, and applications. Fingerprinting can be performed by active, semi-passive, and passive tools.
Footprinting
Footprinting uses tools to map out the layout of a network, typically in terms of IP address usage and routing topology. Footprinting can be performed in active mode to obtain quick results at the risk of detection or by using slow semi-passive and passive techniques.
Function as a Service (FaaS)
Function as a Service (FaaS) is a serverless architecture where if an operation needs to be processed, the cloud spins up a container to run the code, performs the processing, and destroys the container.
Fuzzing
Fuzzing is a technique designed to test software for bugs and vulnerabilities. A poorly secured application will likely crash during fuzzing.
An attacker targets an area of memory allocated by the application during execution to store a variable. This scenario demonstrates what type of overflow attack?
Heap
NMAP - Normal Output
Human readable output **But** this is directed to a file or folder for **Later** Analysis - Interactive gives immediate on screen feedback
The IT director is looking to expand its architecture to the cloud for peak seasons. The company wants to minimize vulnerabilities and misconfigurations by using their existing orchestration tools. Which cloud model would fit very well with this company?
Hybrid Cloud
Impersonation
Impersonation refers to obtaining a user account fraudulently and exploiting some weakness in the identity checking process. A hacker would typically do this by obtaining personally identifiable information (PII) or identity document.
Platform as a Service (PaaS)
In a Platform as a Service (PaaS) model, the cloud service provider (CSP) provides the virtual infrastructure and multi-tier web application/database and secures it. It is handed to clients to build customer applications with.
XML bomb (Billion laughs) attack
In an XML bomb (Billion laughs) attack, XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it.
Industrial control system (ICS)
Industrial control system (ICS) devices provide mechanisms for workflow and process automation. ICS is a generic term that include various devices, controls, or systems to achieve automation. Some may require firmware updates in person.
Cloud engineers were able to automate the deployment of a whole warm site for the branch office to the cloud. The logs confirm a successful deployment from start to finish, and the vulnerability scans are very low, as it was in the test lab. How were the engineers able to effectively deploy a whole secondary site in the cloud with very low vulnerabilities? Select all that apply
Infrastructure as Code Orchestration Tools
Infrastructure as Code (IaC)
Infrastructure as Code (IaC) is an approach to automating infrastructure management using orchestration tool that reads machine-readable files for the baseline configuration.
Infrastructure as a Service (Iaas)
Infrastructure as a Service (Iaas) provisions IT resources such as servers and storage components. The client manages its security.
Which of the Nmap output options will result in a human-readable output that is viewable on-screen?
Interactive
Key management in a cloud deployment
Key management in a cloud deployment is used to make API calls. Key management is the process in which a key is securely acquired, and then securely used to invoke API calls.
Legacy systems
Legacy systems are those that are no longer supported by its developer or vendor.
Which of the following is the binary code the processor executes and is typically two hexadecimal digits for each byte?
Machine Code
Microsoft's System Center Configuration Manager (SCCM) is an example of a management system for which process?
Microsoft System Center Configuration Manager (SCCM) provides patching and configuration solutions. Patching a system prevents the same exploit from being used by an attacker again. Effective patch management procedures and software can simplify and automate this process.
A small business purchases a commercial vulnerability scanner. The business uses the professional version for the small network. Default scans use plugins from subscription feeds. Compare vulnerability scanners to determine which one the business employs.
Nessus
Nessus
Nessus is available as a Nessus Professional version that is designed for small networks. The product is also available on-premises as Nessus Manager and through the cloud. Default scans can be performed using the plug-ins from Nessus's subscription feeds.
This common process makes flows between network zones more predictable and easier to filter, providing performance and security benefits.
Network Segmentation
What is Nikto
Nikto is open-source software for Linux and can be used to find known web server vulnerabilities and misconfigurations.
A hacker wants to impersonate the Chief Executive Officer (CEO) of a company and send an email to all employees to cause havoc. The hacker uses social engineering to understand the CEO and the company more. What actions could the hacker take to pose as the CEO? Select all that apply
Obtain some PII Gain Access to the IM Account
Degradation of functionality
One inhibitor is the chance that the remediation control will degrade functionality, either temporarily or permanently. Degradation of functionality is often the case with systems that are flawed by design, such as those that did not incorporate security as a fundamental element of the design process.
What factors contribute to the reason Android devices are a favorite target for hackers and malware? Select all that apply
Open Customizability Third-Party apps Largest Market Share
OSINT
Open-source Intelligence (OSINT) tools query publicly available information, mostly using web and social media search tools.
OpenVAS
OpenVAS is an open-source fork of the Nessus scanner software that performs vulnerability scans on the network.
Pacu
Pacu is designed as an exploitation framework to test the security configuration of an Amazon Web Services (AWS) account. It includes modules to attempt exploits such as obtaining application program interfaces (API) keys or gaining control of a Virtual Machine (VM) instance.
Passive Scanning
Passive scanning means analyzing indirect evidence resulting from a certain setup by intercepting network traffic (usually via a mirroring port) and attempting to detect policy deviations or common vulnerabilities and exposures (CVE) matches.
Multiple websites are triggering "denied access" logs within an hour timespan. A hacker is most likely using what methods of attack to gain access? Select all that apply
Password Spraying Credential Stuffing
Should we patch immediately upon release?
Patches should be installed after they have been tested for network compatibility. Patches for critical security vulnerabilities may need to be installed outside of the regular schedule.
An audit tool evaluates cloud infrastructure against the Center for Internet Security (CIS) benchmarks for Amazon Web Services (AWS). The tool only provides audits for AWS. Compare cloud infrastructure audit tools to determine which is in use.
Prowler
Prowler
Prowler is an audit tool for use with AWS only. It can be used to evaluate cloud infrastructure against the Center for Internet Security (CIS) benchmarks for AWS.
What is Qualys?
Qualys is a cloud-based service. Users install sensors at various points in their network and the sensors upload data to the Qualys cloud platform for analysis.
A hacker is targeting a company file server. The goal is to crash the system. The hacker takes advantage of a null pointer dereference exploit. What type of vulnerability did the hacker trigger?
Race Condition
Which of the following systems is intolerable to reboots?
Real-Time O/S
What is the tool Reaver used for?
Reaver is designed to exploit the Wi-Fi Protected Setup (WPS) mechanism. The implementation of the PIN-based security WPS mechanism is flawed, making brute force attacks against it feasible in a time frame of a few hours.
A victim system queries a nonexistent name. An attacker uses a man-in-the-middle tool that exploits name resolution to map out names on the network and selects a target. What type of tool is the attacker using?
Responder - Responder is a python tool, capable of harvesting credentials through Man in the Middle (MiTM) attack within the Windows networks. The tool makes use of Windows default name resolution protocols and rogue servers to accomplish the task. The three protocols exploited by the tool include LLMNR, NBT-NS, and MDNS.
Risk acceptance
Risk acceptance means that no countermeasures are put in place, either because the level of risk does not justify the cost or because there will be unavoidable delays before the countermeasures are deployed.
A web developer performs a quality assurance (QA) check on the new website. After testing web form fields, the developer decides to limit users' input to a specific range of characters. Adding this feature is the best defense to which types of attack?
SQL Injection Cross-site Scripting
Which on-demand cloud model would require a cloud service provider (CSP) to be responsible for platform or infrastructure security, and not application security, including account provisioning and authorizations?
SaaS
Which of the following cloud infrastructure assessment tools is an open-source tool written in Python that can audit instances and policies created on multi-cloud platforms?
ScoutSuite
Scoutsuite
Scoutsuite is an open-source tool written in Python that can be used to audit instances and policies created on multi-cloud platforms, including AWS, Microsoft Azure, and Google Cloud Platform.
Segmentation
Segmentation breaks a computer network into smaller parts to improve network reliability and security.
Data submitted via Extensible Markup Language (XML) with no encryption and input validation is vulnerable to what type of security risks?
Sensitive data exposure Host memory overflow
After an incident regarding a defacement of the company's website, web developers have installed patches on the web servers to further harden the system's security. The developers have also implemented input validation features into the website's form fields. Performing these changes can better defend the website from which types of attacks?
Session Hijacking Cross-site Scripting SQL Injection
Session hijacking
Session hijacking most often involves exploiting a cookie. An attacker may use a fixed session ID information from the cookie and send that to a target. To counter this, admins can delete cookies from the client's browser cache when the client terminates the session.
Software as a Service (SaaS)
Software as a Service (SaaS) uses virtual infrastructure to provision on-demand applications. The cloud service provider (CSP) manages and secures the infrastructure, while the client secures the virtual machine or applications on top.
An administrator runs software that looks for the top ten application security risks against a code prior to launching an application. Which assessment method does the administrator use?
Static Code Analysis
Static Code Analysis
Static code analysis is performed against the application code before it is compiled into an executable process. This analysis, performed by an automated tool, can reveal issues ranging from faulty logic to insecure libraries before the application runs.
System hardening
System hardening is a part of the recovery process involving securing a network by reducing its potential vulnerabilities through configuration changes and other steps.
System-on-chip (SoC)
System-on-chip (SoC) is a system design where processors, controllers, and devices are provided on a single processor, die, or chip. It is a smaller package and are power efficient.
nmap -PS
The -PS switch probes ports other than the default ports. This switch creates a port list and may be used to defeat a firewall.
nmap -sl
The -sI switch is another way to make a scan stealthy and uses a "zombie" host to appear to start the scan which disguises the identity of the host that launches the scan.
NMAP -sL
The -sL switch lists the IP addresses from the supplied target range and performs a reverse-Domain Name System (DNS) query to discover any host names associated with those IPs.
What is the Zed Attack Proxy?
The Zed Attack Proxy is written in Java and is available under an open-source license for Windows and Linux.
Analysis Phase
The analysis phase identifies anomalies that may point to a potential problem. A comprehensive data set is more likely to capture data that identifies problems. Analysis needs to be performed in the context of use cases.
Modbus
The components of an ICS network are often described as an operational technology (OT) network, which uses a network application protocol called the Modbus. This gives control servers and SCADA hosts the ability to query and change the configuration of each PLC.
Dissemination Phase
The dissemination phase refers to publishing information produced by analysis to consumers who need to act on the insights developed.
Feed Back Phase
The feedback phase has the goal of improving the implementation of the previous phases.
"The Heap"
The heap is an area of memory allocated by the application during execution to store a variable. A heap overflow can overwrite those variables.
What does aireplay-ng do?
The tool aireplay-ng injects frames to perform an attack to obtain the authentication credentials for an access point. This is usually performed using a deauthentication attack which forces the victim station to reauthenticate which generates the required traffic.
What is Airmon-ng?
The tool airmon-ng can be used to enable and disable monitor mode.
What does airodump-ng do?
The tool airodump-ng captures 802.11 frames and uses this output to identify the Media Access Control (MAC) address of the access point.
The IT director has decided to use a hybrid cloud model to offload their web services during peak season. The IT engineers were ecstatic and were able to automate the integration in about 4 months with zero misconfigurations on the virtual machine deployments. How was the company able to reduce misconfiguration issues during deployment? Select all that apply
Use of orchestration tools Implement infrastructure as code
UAT
User acceptance testing (UAT) is a beta phase of software testing. A limited set of users who follow test schemes and report on findings test the software.
An Infrastructure as a Service (IaaS) cloud model will require a client company to manage security threats and vulnerability to which of the following? Select all that apply
VM O/S Application Security
Hackers often try to hack wireless devices known as Internet of Things (IoT) devices. Which of the following are examples of these IoT devices?
Vehicles Cell Phones Fitness Trackers
Remediation is not complete until it can accomplish this task.
Verification of Mitigation
Verification of mitigation
Verification of mitigation is the process of testing that a fix provides complete mitigation of the vulnerability.
Narrative Reports
a written document that provides valuable information and knowledge in a format that must be assimilated manually by analysts.
Data Feeds
lists of known bad indicators, such as domain names or IP addresses associated with spam or distributed Denial of Service (DDoS) attacks.
What is olcHashcat
olcHashcat is the Graphics Processors Unit (GPU) optimized version of Hashcat, which is a password recovery tool or password cracking tool. Its OpenCL programming code library can leverage the use of GPUs.
CTI - Cyber Threat Intelligence
provides data about the external threat landscape, such as active hacker groups and malware outbreaks.
Directory traversal
type of attack describes an adversary ordering an application to backtrack through a directory path so that the application reads or executes a file in a parent directory
A True positive
A true positive occurs when a scanner identifies a valid vulnerability.
A vulnerability assessment
A vulnerability assessment is an evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.
Patching
Patching is a key part of vulnerability mitigation. In addition, if an attack uses a software or firmware exploit, the target system must be patched.
Patching
Patching is the appropriate preventative measure used if software or firmware are exploited but performing it after an attack will not block unauthorized users from accessing compromised systems.
Proprietary systems
Proprietary systems are systems that are developed in-house or not widely marketed.
Security Intelligence
The process through which data generated in the ongoing use of information systems is collected, processed, integrated, evaluated, analyzed, and interpreted to provide insights into the security status of those systems.
Requirements Phase
The requirements phase sets out the goals for the intelligence gathering effort. This phase is also widely referred to as Planning and Direction. This phase will show how intelligence will support business goals.
A controller area network
A controller area network (CAN) is a serial communication bus used by electric control units (ECU) that control engines and power systems of an automobile, for example.