Exam 2 - CYS 285
The application that Scott is writing has a flaw that occurs when two operations are attempted at the same time, resulting in unexpected results when the two actions do not occur in the expected order. What type of flaw does the application have?
A race condition
Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs? A. Inline CASB B. Outsider CASB C. Comprehensive CASB D. API-based CASB
API-Based CASB
Which one of the following software development models focuses on early and continuous delivery of software?
Agile One of the core principles of the Agile approach to software development is to ensure customer satisfaction via early and continuous delivery of software.
Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?
All should have equal weight
Frank is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place? A. Cross-site request forgery B. Server-side request forgery C. Command injection D. Buffer overflow
Buffer Overflow
Which one of the following assessment techniques is designed to solicit participation from external security experts and reward them for discovering vulnerabilities?
Bug Bounty
Which one of the following would not commonly be available as an IaaS service offering?
CRM
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
CSA CCM
Which element of the SCAP framework can be used to consistently describe vulnerabilities
CVE
Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs?
Cloud access security brokers (CASBs) are designed specifically for this situation: enforcing security controls across cloud providers
Which one of the following statements about cloud computing is incorrect?
Cloud computing customers provision resources through the service provider's sales team
Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance?
Code signing
Every time Susan checks code into her organization's code repository, it is tested and validated, and then if accepted, it is immediately put into production. What is the term for this?
Continuous Delivery One of the core principles of the Agile approach to software development is to ensure customer satisfaction via early and continuous delivery of software.
Tim is working on a change to a web application used by his organization to fix a known bug. What environment should he be working in?
Development
Joe's adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request http://www.mycompany.com/../../../etc/passwd What type of attack was most likely attempted?
Directory Traversal
Wanda is responsible for a series of seismic sensors placed at remote locations. These sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this approach?
Edge Computing
Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change? Which one of the following terms best describes his goals?
Elasticity
Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred?
False Positive
Grace would like to determine the OS running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this info?
Footprinting
Which cloud computing deployment model requires the use of a unifying technolofy platform to tie together components from different providers?
Hybrid cloud
What component of a virtualization platform is primarily responsible for preventing VM escape attacks
Hypervisor
In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use?
IaaS, and PaaS
During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report? A. Improper error handling B. Code exposure C. SQL injection D. A default configuration issue
Improper Error Handling
Upon further inspection, Joe finds a series of thousands of requests to the same URL coming from a single IP address. Here are a few examples: http://www.mycompany.com/servicestatus.php?serviceID=1 http://www.mycompany.com/servicestatus.php?serviceID=2 http://www.mycompany.com/servicestatus.php?serviceID=3 http://www.mycompany.com/servicestatus.php?serviceID=4 http://www.mycompany.com/servicestatus.php?serviceID=5 http://www.mycompany.com/servicestatus.php?serviceID=6 What type of vulnerability was the attacker likely trying to exploit?
Insecure direct object reference vulnerability
Brian ran a penetration test against a school's grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school's cybersecurity team to prevent students from engaging in this type of activity? A. Confidentiality B. Integrity C. Alteration D. Availability
Integrity
During a penetration test, Patrict deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity?
Lateral Movement
Which one of the following values for CVSS attack complexity metric would indicate that the specified attack is simplest to exploit?
Low
Brenda's company provides a managed incident response service to its customers. What term best describes this type of service offering?
MSSP
What type of attack places an attacker in the position to eavesdrop on communications between a user and a web server?
Man-in-the-middle
Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into? A. Low B. Medium C. High D. Critical
Medium
Which one of the following security assessment tools is least likely to be used during the reconnaissance phase of a penetration test
Metasploit Nmap is a port scanning tool used to enumerate open network ports on a system. Nessus is a vulnerability scanner designed to detect security issues on a system. Nslookup is a DNS information gathering utility. All three of these tools may be used to gather information and detect vulnerabilities. Metasploit is an exploitation framework used to execute and attack and would be better suited for the Attacking and Exploiting phase of a penetration test
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack?
PR
Joe checks his web server logs and sees that someone sent the following query string to an application running on the server: http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892' ; DROP TABLE Services;-- What type of attack was most likely attempted? A. Cross-site scripting B. Session hijacking C. Parameter pollution D. Man-in-the-middle
Parameter Pollution
Precompiled SQL statements that only require variables to be input are an example of what type of application security control?
Parameterized queries
During a vulnerability scan, Brain discovered that a system on his network contained a SMB protocol vulnerability
Patch Management
Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?
Performing user input validation
Kyle is conducting a penetration test. After gaining access to an organization's database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action? A. Privilege escalation B. Lateral movement C. Maneuver D. Persistence
Persistence
Which one of the following is not an advantage of database normalization?
Preventing injection attacks Database normalization has four main benefits. Normalized designs prevent data inconsistencies, prevent update anomalies, reduce the need for restructuring existing databases, and make the database schema more informative. They do not prevent web application attacks, such as SQL injection.
Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this?
Public Cloud
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanners?
Read-Only
Kevin is participating in a security exercise for his org. His role in the exercise is to use hacking techniques to attempt to gain access to the orgs systems. What role is kevin playing in this exercise?
Red team
what type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser?
Reflected XSS DOM-based XSS attacks hide the attack code within the Document Object Model. This code would not be visible to someone viewing the HTML source of the page. Other XSS attacks would leave visible traces in the browse
Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?
Resource Policy
Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information? A. Contract B. Statement of work C. Rules of engagement D. Lessons learned report
Rules of Engagement
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan? A. Run the scan against production systems to achieve the most realistic results possible. B. Run the scan during business hours. C. Run the scan in a test environment. D. Do not run the scan to avoid disrupting the business.
Run the scan in a test environment
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?
SaaS
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls
SaaS
Wendy is a penetration tester who wishes to engage in a session hijacking attack. What information is crucial for Wendy to obtain if her attack will be successful? A. Session ticket B. Session cookie C. Username D. User password
Session cookie
Adam is conducting software testing by reviewing the source code of the application. What type of cost testing is Adam conducting?
Static Code Analysis
Fran's organization uses a Type I hypervisor to implement an IaaS offering that it sells to customers. Which one of the following security controls is least applicable to this environment?
The provider must maintain security patches on the host operating system Type I hypervisors, also known as bare-metal hypervisors, run directly on top of the physical hardware and, therefore, do not require a host operating system.
Ryan is selecting a new security control to meet his organization's objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?
Third-Party control
Which one of the following security assessment techniques assumes that an organization has already been compromised and searches for evidence of that compromise?
Threat hunting
Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting?
Timing-based SQL injection
What data minimization technique replaces personal identifiers with unique identifiers that may be cross-referenced with a lookup table?
Tokenization
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal?
Transit gateway Cloud providers offer VPC endpoints that allow the connection of VPCs to each other using the cloud provider's secure network backbone. Cloud transit gateways extend this model even further, allowing the direct interconnection of cloud VPCs with on-premises VLANs for hybrid cloud operations. Secure web gateways (SWGs) provide a layer of application security for cloud-dependent organizations. Hardware security modules (HSMs) are special purpose computing devices that manage encryption keys and also perform cryptographic operations in a highly efficient manner.
Which one of the following is not an example of infrastructure as code?
Using a cloud provider's web interface to provision resources
Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin's action?
Vertical Scaling
Which one of the following techniques would be considered passive reconnaissance?
WHOIS lookups
Which one of the following tools is most likely to detect an XSS vulnerability?
Web Application Vulnerability Scanner
Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advance. What type of test is Bruce conducting? A. Gray-box test B. Blue-box test C. White-box test D. Black-box test
White-box test
