Module 01 Enterprise Threats and Vulnerabilities

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is geo-tagging? a. Restricting where an app functions based on its location. b. Adding geographical identification data to media. c. Tracking a victim who is wearing a GPS-enabled wearable device. d. Using the GPS feature of a smartphone.

Adding geographical identification data to media.

Jan is explaining to his colleague the reasons why a web application infrastructure is a tempting target for attackers. Which of the following is NOT a reason Jan would give? a. A successful compromise could impact all web users who access the web server. b. An attack could provide a pathway into the enterprise's network infrastructure. c. An attack on a web application infrastructure is considered the easiest attack to create. d. The multiple elements in a web application infrastructure provide for a range of vulnerabilities that can be used as different attack vectors.

An attack on a web application infrastructure is considered the easiest attack to create.

Which of the following is FALSE about a cross-site scripting (XSS) attack? a. The underlying web application that accepts the malicious code becomes the vehicle to deliver the malicious script to every user's browser when he or she accesses that site. b. An attacker attempts to execute malicious scripts in the victim's web browser by directly injecting it into the user's web browser. c. XSS is essentially a client-side code injection attack using a web application. d. The term cross-site scripting refers to an attack using scripting that originates on one site (the web server) to impact another site (the user's computer).

An attacker attempts to execute malicious scripts in the victim's web browser by directly injecting it into the user's web browser.

Why is credential stuffing effective? a. Because users repeat their passwords on multiple accounts b. Because it can circumvent all known password security protections c. Because it is the fastest known password cracking attack d. Because it is the oldest and most reliable attack on passwords

Because users repeat their passwords on multiple accounts

What is the network used in vehicles for communications? a. CAN b. ECU c. EDU d. M-BUS

CAN

Which area of computer memory is dynamic memory for the programmer to allocate as necessary? a. Text b. Stack c. Heap d. Data

Heap

Which of the following is FALSE about a password spraying attack? a. It takes one or a small number of commonly used passwords in attempts to break into an account. b. Because it is spread across many different accounts, it is much less likely to raise any alarms. c. It is considered as the optimal means for breaking into accounts. d. It is a type of targeted guessing.

It is considered as the optimal means for breaking into accounts.

What is the goal of a directory traversal attack? a. It has no goal other than to silently look through files stored on a file server. b. Its goal is to move from the root directory to other restricted directories. c. Its goal is to identify a vulnerability in a server or endpoint so that access can be gained into a network. d. Its goal is to pivot to another server.

Its goal is to move from the root directory to other restricted directories.

Bette is researching how a session hijacking attack could occur. Which of the following would she NOT find as a means for the attack to occur? a. MITM b. XSS c. Guessing the session ID d. MVFL

MVFL

The organization for which Cho works has just purchased a manufacturing plant that has many machines using Modbus. Cho has been asked to research Modbus. Which of the following will Cho NOT find regarding Modbus? a. Many SCADA systems use Modbus. b. The original version of Modbus used serial ports. c. A later variation to Modbus incorporated the TCP/IP protocol. d. Modbus is robust security.

Modbus is robust security.

What is pretexting? a. Sending text messages to selected victims b. Obtaining private information c. Preparing to enter a network through a RCE vulnerability d. Moving laterally before entering a vulnerable endpoint

Obtaining private information

Which of the following is NOT a security constraint for embedded systems and specialized devices? a. Power b. Compute c. Cost d. Patches

Patches

Which of the following is the greatest asset but also a security vulnerability of a mobile device? a. Low cost b. Portability c. Cameras d. Small screen

Portability

Which type of OS is found on an embedded system? a. RSTS b. SoC c. RTOS d. XRXS

RTOS

Ricardo is reviewing the different types of XSS attacks. Which attack only impacts the user who entered the text on the website? a. Reflected XSS b. Persistent XSS c. Document Object Model XSS d. Universal XSS

Reflected XSS

Aiko has been asked by her friend if she should download and install an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called? a. Jailbreaking b. Side-caring c. Rooting d. Pivoting

Rooting

Which of the following is FALSE about rootkits? a. A rootkit is malware that can hide the presence of other malware. b. Rootkits continue to be used extensively and their usage has not diminished. c. Rootkits can be used to hide its own presence. d. Rootkits cannot be detected by either an OS or common antimalware scanning software.

Rootkits continue to be used extensively and their usage has not diminished.

What is the goal of a buffer overflow attack? a. To change the address in the buffer to the attacker's malware code b. To cause the computer to function erratically c. To steal data stored in RAM d. To link to an existing rootkit

To change the address in the buffer to the attacker's malware code

What is the goal of a SQL injection attack? a. To corrupt data in the database b. To manipulate a NoSQL database c. To extract data from a database d. To inject malware that will infect the web browsers of subsequent users

To extract data from a database

Aiya wants a new notebook computer. She has asked a technician about a model that has USB OTG. Which of the following would the technician NOT tell Aiya about USB OTG? a. A device connected via USB OTG can function as a peripheral for external media access. b. A device connected via USB OTG can function as a host. c. Connecting a mobile device to an infected computer using USB OTG could allow malware to be sent to that device. d. USB OTG is only available for connecting Android devices to a subnotebook.

USB OTG is only available for connecting Android devices to a subnotebook.


Kaugnay na mga set ng pag-aaral

MKT Research and Analysis Test 3

View Set

MFT Clinical Exam: Top 50 Topics - 4) Suicide and Self Harm

View Set