Module 01 Enterprise Threats and Vulnerabilities
What is geo-tagging? a. Restricting where an app functions based on its location. b. Adding geographical identification data to media. c. Tracking a victim who is wearing a GPS-enabled wearable device. d. Using the GPS feature of a smartphone.
Adding geographical identification data to media.
Jan is explaining to his colleague the reasons why a web application infrastructure is a tempting target for attackers. Which of the following is NOT a reason Jan would give? a. A successful compromise could impact all web users who access the web server. b. An attack could provide a pathway into the enterprise's network infrastructure. c. An attack on a web application infrastructure is considered the easiest attack to create. d. The multiple elements in a web application infrastructure provide for a range of vulnerabilities that can be used as different attack vectors.
An attack on a web application infrastructure is considered the easiest attack to create.
Which of the following is FALSE about a cross-site scripting (XSS) attack? a. The underlying web application that accepts the malicious code becomes the vehicle to deliver the malicious script to every user's browser when he or she accesses that site. b. An attacker attempts to execute malicious scripts in the victim's web browser by directly injecting it into the user's web browser. c. XSS is essentially a client-side code injection attack using a web application. d. The term cross-site scripting refers to an attack using scripting that originates on one site (the web server) to impact another site (the user's computer).
An attacker attempts to execute malicious scripts in the victim's web browser by directly injecting it into the user's web browser.
Why is credential stuffing effective? a. Because users repeat their passwords on multiple accounts b. Because it can circumvent all known password security protections c. Because it is the fastest known password cracking attack d. Because it is the oldest and most reliable attack on passwords
Because users repeat their passwords on multiple accounts
What is the network used in vehicles for communications? a. CAN b. ECU c. EDU d. M-BUS
CAN
Which area of computer memory is dynamic memory for the programmer to allocate as necessary? a. Text b. Stack c. Heap d. Data
Heap
Which of the following is FALSE about a password spraying attack? a. It takes one or a small number of commonly used passwords in attempts to break into an account. b. Because it is spread across many different accounts, it is much less likely to raise any alarms. c. It is considered as the optimal means for breaking into accounts. d. It is a type of targeted guessing.
It is considered as the optimal means for breaking into accounts.
What is the goal of a directory traversal attack? a. It has no goal other than to silently look through files stored on a file server. b. Its goal is to move from the root directory to other restricted directories. c. Its goal is to identify a vulnerability in a server or endpoint so that access can be gained into a network. d. Its goal is to pivot to another server.
Its goal is to move from the root directory to other restricted directories.
Bette is researching how a session hijacking attack could occur. Which of the following would she NOT find as a means for the attack to occur? a. MITM b. XSS c. Guessing the session ID d. MVFL
MVFL
The organization for which Cho works has just purchased a manufacturing plant that has many machines using Modbus. Cho has been asked to research Modbus. Which of the following will Cho NOT find regarding Modbus? a. Many SCADA systems use Modbus. b. The original version of Modbus used serial ports. c. A later variation to Modbus incorporated the TCP/IP protocol. d. Modbus is robust security.
Modbus is robust security.
What is pretexting? a. Sending text messages to selected victims b. Obtaining private information c. Preparing to enter a network through a RCE vulnerability d. Moving laterally before entering a vulnerable endpoint
Obtaining private information
Which of the following is NOT a security constraint for embedded systems and specialized devices? a. Power b. Compute c. Cost d. Patches
Patches
Which of the following is the greatest asset but also a security vulnerability of a mobile device? a. Low cost b. Portability c. Cameras d. Small screen
Portability
Which type of OS is found on an embedded system? a. RSTS b. SoC c. RTOS d. XRXS
RTOS
Ricardo is reviewing the different types of XSS attacks. Which attack only impacts the user who entered the text on the website? a. Reflected XSS b. Persistent XSS c. Document Object Model XSS d. Universal XSS
Reflected XSS
Aiko has been asked by her friend if she should download and install an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called? a. Jailbreaking b. Side-caring c. Rooting d. Pivoting
Rooting
Which of the following is FALSE about rootkits? a. A rootkit is malware that can hide the presence of other malware. b. Rootkits continue to be used extensively and their usage has not diminished. c. Rootkits can be used to hide its own presence. d. Rootkits cannot be detected by either an OS or common antimalware scanning software.
Rootkits continue to be used extensively and their usage has not diminished.
What is the goal of a buffer overflow attack? a. To change the address in the buffer to the attacker's malware code b. To cause the computer to function erratically c. To steal data stored in RAM d. To link to an existing rootkit
To change the address in the buffer to the attacker's malware code
What is the goal of a SQL injection attack? a. To corrupt data in the database b. To manipulate a NoSQL database c. To extract data from a database d. To inject malware that will infect the web browsers of subsequent users
To extract data from a database
Aiya wants a new notebook computer. She has asked a technician about a model that has USB OTG. Which of the following would the technician NOT tell Aiya about USB OTG? a. A device connected via USB OTG can function as a peripheral for external media access. b. A device connected via USB OTG can function as a host. c. Connecting a mobile device to an infected computer using USB OTG could allow malware to be sent to that device. d. USB OTG is only available for connecting Android devices to a subnotebook.
USB OTG is only available for connecting Android devices to a subnotebook.