CompTIA Certmaster CE Security+ Domain 2.0 Threats, Vulnerabilities, and Mitigations Assessment
During a cybersecurity attack, how would a threat actor use image files as a lure to target a vulnerability in a browser or document editing software?
A .The threat actor conceals exploit code within an image file that targets a vulnerability in the browser or document editing software.
A threat actor exploits the vulnerabilities or misconfigurations in a device's wireless networking protocol to transmit a malicious file to a user's device. This scenario is an example of what type of networking vector?
A. Bluetooth Network
An employee of a tech firm decides to leak confidential information to the public, revealing that the firm has been engaging in questionable privacy practices. The employee does not seek to profit from this action but believes the public has a right to know. What primarily motivates this type of threat actor?
A. Ethical concerns
The security team in a financial organization identified a zero-day vulnerability that enables cross-site scripting (XSS) attacks on its internal web portal. The chief information security officer (CISO) instructs the team to take immediate action. Which action most effectively minimizes the threat from the zero-day vulnerability and the potential XSS attacks?
A. Implement a web application firewall (WAF).
A cybersecurity analyst at a large corporation notices suspicious activity from one of the employee accounts. Log entries indicate that the same account is accessing the company's intranet from two countries just an hour apart. However, the employee is currently on a business trip and is only using wireless connections. Which security anomaly is occurring in this situation?
A. Impossible travel
A company's IT team has detected an anomaly in a cloud-based environment after a recent software update. There are suspicions that the update could contain malicious code, potentially leading to unauthorized access to sensitive data. Which of the following actions should the IT team take as a first step to address the threat posed by the potential malicious update?
A. Isolate the affected systems and perform a rollback to the previous update.
A software technician presents a forum on sideloading and jailbreaking to a group of new mobile users. Which of the following points will the technician include in their discussion of the use of jailbreaking? (Select the two best options.)
A. It is a method used to gain elevated privileges and access to system files on mobile devices. B. It allows users to install unauthorized applications and customize device appearance and behavior.
A cyber technician works on a corporate laptop where an employee complains the software is outdated. What type of vulnerability describes the continued use of outdated software methods, technology, computer systems, or application programs despite known shortcomings?
A. Legacy
A multinational corporation recently fell victim to a series of cyberattacks, disrupting services and leading to significant financial losses. After an investigation, the corporation found that these attacks were part of a systematic campaign to undermine the corporation's market position. The highly sophisticated attacks suggest the involvement of a well-resourced entity with specific strategic objectives. Which of the following motivations BEST describes this scenario?
A. Political
The server manager of a tech company observes a significant increase in server resource consumption, which is not proportional to the workload on the server. Which of the following is the MOST plausible cause for these observations?
A. Radio-frequency ID cloning (incorrect) C. Malware infection (incorrect)
A cybersecurity analyst for a large organization permits employees to use Instant Messaging (IM) services on their devices. Despite using encryption, the analyst's concern is the potential software vulnerabilities and difficulty scanning messages and attachments for threats. Which actions should the cybersecurity analyst use to address this concern?
A. Regularly update and patch the Instant Messaging apps to address any known software vulnerabilities.
In a rapidly evolving IT environment, a cloud service provider offers various services to businesses, enabling them to store and process data securely. To enhance security, the provider regularly updates its systems and software. Despite these efforts, a security researcher discovers a previously unknown vulnerability in one of the cloud-specific applications, leaving customer data exposed to potential threats. In this scenario, which vulnerability is the security researcher likely to have found in the cloud-specific application?
A. SQL injection vulnerability (incorrect)
An organization's system alerting tool detects a series of unsuccessful attempts by someone trying to gain unauthorized access to its servers. These attempts lack sophistication and appear to be using publicly available hacking tools. Which type of threat actor is MOST likely responsible for these attempts?
A. Unskilled attacker
A recent cyberattack led to massive disruptions in a country's power grid, causing widespread blackouts and significant economic and social damage. The country's cyber team traced the attack to a hostile nation-state's cyber warfare division. In this case, what is the primary motivation of the perpetrators?
A. War
An organization is experiencing an attack where the attackers break into the premises or cabinets by forcing a gateway or locks. What BEST describes the observed attack?
B. Brute force
The cybersecurity team at a large company has recently uncovered evidence of a successful malicious cryptographic attack on their data servers facilitated by a misconfiguration in the cryptographic systems. What is the MOST appropriate initial response that the team should employ to address this critical security issue?
B. Correct the misconfiguration, implementing secure cryptographic controls.
A threat actor can infiltrate an organization's network and silently extract sensitive proprietary data without detection. The data has a high value on the black market. Which motivations BEST align with this threat actor's likely objective?
B. Data exfiltration
A threat actor gains physical access to an organization's premises and attempts to perpetrate an attack on the wired network. What specific threat vectors associated with unsecured networks are likely used by the threat actor in this scenario?
B. Direct access
A global technology firm detected unauthorized access to its proprietary designs for an upcoming product. The intruders remained undetected for an extended period and extracted a large volume of confidential data without disrupting the company's operations. This stealthy, long-term breach aimed at acquiring secret information aligns BEST with which type of threat motivation?
B. Espionage
In a recent incident, a hacker group infiltrated a global financial institution's systems and stole the credit card information of millions of customers. The valuable information was soon available on the dark web. Based on the scenario, what is the MOST likely motivation of the hacker group?
B. Financial gain
What term refers to the collective group of people (employees, contractors, suppliers, and customers) who represent a potential attack surface for an organization?
B. Human vector
An e-commerce company recently identified suspicious activity on its web-based application, suggesting a zero-day exploit. The security team suspects that a vulnerability in the application might be under active exploitation by malicious actors before the company identified and patched it. With no known fixes available for a zero-day exploit, what should be the initial course of action for the security team to minimize potential damage and safeguard the application and its users?
B. Implement intrusion detection systems and application firewalls.
An IT security specialist at a mid-size corporation observes a trend of unauthorized apps appearing on company-provided mobile devices. The specialist suspects the employees are either sideloading apps or have jailbroken their devices. What steps should the security specialist take to verify the cause of the unauthorized applications and to re-establish proper security protocols? (Select the two best options.)
B. Implement mobile device management (MDM) policies to restrict unauthorized application installation. C. Conduct device audits to identify and detect unauthorized applications and signs of jailbreaking or sideloading.
An organization's IT security team has discovered that a recent software update, unknowingly deployed, contained a zero-day exploit. This vulnerability has now made the company's systems susceptible to potential unauthorized access. Which of the following immediate actions should the security team execute to manage this zero-day exploit situation?
B. Isolate the impacted systems and apply a patch or remediation strategy.
A cloud security firm is facing a cybersecurity challenge where some of its critical software applications are no longer supported by vendors, making them vulnerable to potential exploits. The IT team is exploring various strategies to mitigate the risk posed by these unsupported apps. What is the MOST effective approach to enhance the security posture?
B. Isolating unsupported apps from other systems to reduce the attack surface.
During a regular workday, a network administrator notices multiple users report their inability to access certain resources within the network. The affected resources are either websites or documents that were previously accessible. What could be causing this unusual behavior?
B. Network congestion (incorrect) C. Blocked content D. Server downtime (incorrect)
The security team at a tech company receives a notification regarding a sudden increase in the number of system logs generated. The system is generating logs at unusual times outside regular business hours. The company follows a well-documented security protocol. What does the sudden increase in the logging activity indicate?
B. Out-of-cycle logging
A large corporation is assessing its cybersecurity practices by focusing on potential security risks linked to hardware and firmware within the company's extensive network of computer systems. For the IT department, which of the following strategies MOST effectively mitigates the risks related to hardware and firmware security vulnerabilities?
B. Regularly update firmware to the latest, most secure versions.
A major online retailer experiences a sudden halt in its services during the peak holiday shopping season. It traces the cause back to an orchestrated distributed denial of service (DDoS) attack, which overwhelmed the retailer's servers with traffic, making it impossible for legitimate users to access the site. This attack BEST aligns with which type of threat motivation?
B. Service disruption
Which of the following is an example of a watering hole attack?
C. Compromising a site often visited by a target group to breach their devices.
A hacker targets a cloud security firm's network devices, including routers and switches. The hacker knows that companies often neglect changing vendor default login credentials for these devices. Using this knowledge, the hacker gains unauthorized access to the network by simply entering the default vendor username and password. Which of the following describes the type of attack in this scenario?
C. Default credentials
An environmental advocacy group uses cyber weapons to put companies at risk and promote its agenda. This scenario illustrates what type of threat actor?
C. Hacktivists
A system administrator is upgrading a company's network security infrastructure and notices several legacy machines running end-of-life operating systems (OS). These machines are no longer upgradeable as the developer has stopped issuing security patches and updates. However, the machines are still necessary for certain critical tasks. What is the system administrator's MOST effective course of action to reduce potential security vulnerabilities caused by these legacy machines running end-of-life operating systems?
C. Isolate the legacy machines on a separate network segment.
A cyber team presents a discussion on the use of sideloading and jailbreaking to a group of board members. Which of the following best describe sideloading? (Select the two best options.)
C. It refers to the installation of applications from sources other than the official application store of the platform. D. It does not undergo the same scrutiny and vetting process as those on official application stores.
A systems administrator notices that several user accounts are frequently getting locked out. Simultaneously, during these lockout instances, the system did not record any logs. Which of the following is the MOST likely explanation for the lack of logs during these events?
C. Log tampering or deletion
An organization observes several computer systems in a secured area showing signs of damage, having various cables disconnected, or hardware component tampering. Which type of attack is likely responsible for these issues?
C. Physical attacks
A system administrator at a software company is reviewing the company's security procedures. The company uses various cryptographic techniques for data security and is currently concerned about potential misconfigurations that could compromise data integrity and confidentiality. The system administrator aims to mitigate the risk of misconfigurations in the company's cryptographic settings that could lead to potential security vulnerabilities. Which of the following actions should the system administrator prioritize to ensure the cryptographic systems are well-configured and avoid possible security gaps? (Select the two best options.)
C. Regularly update and patch cryptographic software. D. Conduct periodic penetration testing.
A software engineer trains new employees on the impacts of hardware and software vulnerabilities. The trainees must analyze and identify the vulnerability in their training session. During the session, the trainees experience a vulnerability where an attacker with access to a virtual machine (VM) breaks out of this isolated environment and gains access to the host system or other VMs running on the same host. What type of vulnerability did the trainees experience in this situation?
C. Virtualization
A web designer at a cybersecurity corporation receives an email from what appears to be a trusted colleague within the company. The email requests sensitive financial information to complete an urgent transaction and looks legitimate, displaying the colleague's name, company logo, and formatting. What type of sophisticated phishing attack occurs in this scenario?
D. Business email compromise
An IT team diligently works to ensure their systems and networks remain secure. The primary focus is relationships with external entities such as the service provider who hosts their web-based applications, the hardware provider that furnishes their server equipment, and the software provider supplying them with operating system licenses. When an enterprise's IT security posture depends on external entities, what should the IT team prioritize to ensure continued security?
D. Conduct thorough audits of service, hardware, and software providers regularly.
A security analyst is investigating a security breach in a network system that involves unauthorized access to user credentials and reusing them multiple times. What is the MOST likely type of attack that has occurred?
D. Credential replay
What technique does the threat actor use in a Bluetooth network attack to transmit malicious files to a user's device?
D. Exploiting vulnerabilities or misconfigurations in the Bluetooth protocol
A prominent multinational corporation has experienced an unexpected spike in unauthorized network traffic aimed at its web servers. Upon investigation, the corporation discovered that the goal of this traffic was to disrupt its online services rather than gain unauthorized access or steal data. The attack started shortly after the corporation made a controversial policy decision that sparked a public backlash. Which type of attacker is MOST likely responsible?
D. Hacktivist
A company's cybersecurity team evaluates threats that could exploit vulnerabilities in its physical infrastructure. The team is specifically considering threats that can directly harm the company's systems and potentially damage data or services. What type of threat does this scenario BEST describe?
D. Network attacks
What social engineering attack relies on targeting individuals who frequent an unsecured third-party website to compromise their computers and gain access to a specific organization's systems?
D. Watering hole
