OpSec Test 2 Chapter 3-4 1
What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user?
Replay
1. Which of the following is an example of a request forgery malware?
CSRF
1. What is another term commonly used to define cross-site request forgery (CSRF):
Client-side request forgery
1. Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system:On booting the computer, the following message was flashing on the computer screen with the IRS logo:"This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of t
Smitha's computer is compromised by ransomware. (couldn't fit the entire question so that's all you get) lol
1. Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators' solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications. What type of attack is this?
This is an API attack.
1. Juan, a cybersecurity expert, has been hired by an organization whose networks have been compromised by a malware attack. After analyzing the network systems, Juan submits a report to the company mentioning that the devices are infected with malware that uses a split infection technique on files. Which malware attack is Juan reporting?
Virus
1. Which of the following is a characteristic of a potentially unwanted program (PUP)?
a. A PUP interferes and obstructs the user with web browsing and pop-up windows.
1. Ian, a systems administrator, was checking systems on Monday morning when he noticed several alarms on his screen. He found many of the normal settings in his computer and programs changed, but he was sure no one had physically entered his room since Friday. If Ian did not make these changes, which of the events below is the most likely reason for the anomalies?
a. A backdoor was installed previously and utilized over the weekend to access the computer and the programs.
1. Which of the following statements correctly describes the disadvantage of a hardware-based keylogger?
a. A hardware-based keylogger must be physically installed and removed without detection.
1. A machine where the operating system runs an application on top of an operating system is called _.
a. A virtual machine
1. Which of the following can be used to mitigate a limitation of public sharing centers in OSINT?
a. AIS
1. You have been assigned to decide the process used for software application development at your company. Since the products need to be developed and deployed as each module is completed, you chose to go with agile application development. Your manager has requested you consider SecDevOps. Which of the following is a significant and key feature of using SecDevOps that can be considered for selecting this project's development model?
a. Automation
Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as?
a. Bot herder
1. Shanise is an IT security professional for a large private bank. She got an alert that the bank website received a funds transfer request that was correctly credentialed but flagged as being out of the account owner's usual pattern. If the alert is correct, what type of attack has likely occurred?
a. CSRF attack
1. A Company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred. Which of the following actions would help achieve this objective?
a. Checking the dark web
1. A learning management system application has been written in Python. While running the application code, the specific program or application that converts the program into machine language is called what?
a. Compiler
1. Which of the following is part of the OS security configuration?
a. Disabling default passwords and unnecessary ports
1. What is meant by the chain of trust in boot security?
a. Each step in the boot sequence relies on the confirmation from the previous boot sequence step.
1. Which of the following is a feature of a fileless virus?
a. Fileless viruses are persistent
1. Why was the BIOS framework relocated to flash memory from a complementary metal-oxide-semiconductor (CMOS) in later development?
a. Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS.
1. What is NOT a principle of agile development?
a. Follow rigid sequential processes
1. Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the application. What process did Mary use?
a. Fuzzing
1. Which endpoint application runs on an endpoint device that only detects an attack in an endpoint device?
a. HIDS
1. What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware and intrusion detection systems are implemented in all the computers on the network?
a. Implement hardening at endpoints with patch management and operating system safeguards.
1. An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks. As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network?
a. Implement measured boot with UEFI
1. Which of the following describes a memory leak attack?
a. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.
1. Which of the following is a disadvantage of the secure boot process?
a. It makes third party non-vendor-approved software difficult to implement.
1. A company monitors the network activity of the organization and stores the logs in a database. You have been asked to identify whether there are any malicious activities in the network. Which of the following can denote the upper and lower bounds of their various network activities?
a. KRI
1. Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here?
a. Kate has installed a potentially unwanted program (PUP).
1. Kia recently noticed that when she browses her favorite online shopping site, she is immediately redirected to a competitor's site. What is happening here, and what is the best option for Kia to fix this situation?
a. Kia must uninstall the toolbar software and the accompanying components she has recently installed on her browser.
1. Which of the following is a subset of artificial intelligence?
a. Machine learning
1. What is the secure coding technique that organizes data within the database for minimum redundancy?
a. Normalization
1. Sheena wants to make sure that her browser activity is safe and prevent others from intercepting her data as it is transmitted over the browser. What should Sheena do to achieve this objective?
a. Only visit websites that are hosted over HTTPS or HSTS
1. John is a project manager with an IT firm, and his current project of developing an ERP application is in the development stage. Currently, the application is not yet mature or stable enough to be placed in a test environment. Which of the following secure coding review techniques is applicable for project?
a. Perform static code analysis
1. Which of the following is a form of malware attack that uses specialized communication protocols?
a. RAT
1. What does ransomware do to an endpoint device?
a. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
1. Ronald is a software architect at MindSpace Software. He has been approached to develop a critical application for a finance company. The company has asked him to ensure that the employed coding process is secure. They have also requested that the project be completed in a few months, with a minimum version of the identified functionalities provided. The other functionalities can develop later and added to the software while the application is live. Which development process would be ideal for Ronald to employ to achieve this objective?
a. Ronald can employ the SecDevOps model to meet the requirements of the client.
1. Which type of malware can hide its agenda inside other processes, making it undetectable, and what is it usually used for?
a. Rootkit, a malware that uses the lower layers of the operating system or undocumented functions to make alterations to the operating system's processes.
1. A web application with an SQL server database is found to be compromised by an attacker. On examination, the email IDs of the database have been found modified. This was due to improper validation in the input fields exploited by the attacker.What is the probable attack in the above scenario?
a. SQL Injection
1. What is the name of the process where a website validates user input before the application uses the input?
a. Sanitizing
1. What is meant by "infrastructure as code" in SecDevOps?
a. SecDevOps method of managing software and hardware using principles of developing code
1. Daniel accidentally installed a vulnerable application. Which of the following system exploitations would NOT be caused by the vulnerable application?
a. Social engineering and phishing attacks
1. Which of the following uses vulnerable applications to modify Microsoft registry keys?
a. System tampering
1. Which of the following describes the action of an SQL injection into a database server?
a. The SQL injection inserts specially created structured query language statements to manipulate the database server, giving control of the database to the attacker, who can then manipulate the database.
1. Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database: whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection?
a. The attacker has determined the names of different types of fields in the database.
1. An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack?
a. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine.
1. A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation?
a. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.
1. The files in James's computer were found spreading within the device without any human action. As an engineer, you were requested to identify the problem and help James resolve it. During file code inspection, you noticed that certain types of files in the computer have similar codes.You found that the problem is coming from a set of codes that are not part of the actual files, appended at the bottom of the file. You also noticed a transfer control code written at the beginning of the files giving control to the code at the bottom of the file.Which type of infection is this a characteristic of?
a. This is a typical characteristic of an endpoint device infected with a file-based virus attack.
1. In an application development model, which of the following uses a sequential development process?
a. Waterfall development
1. William downloaded some free software to help him with photo editing. A few days later, William noticed several personal photographs were modified and posted to various social media pages with obscene comments. He also noticed that there were videos of him that were morphed and circulated on adult websites. The videos were obviously taken using his webcam. What should William do to fix his problem and prevent it from happening again in the future?
a. William should run an antimalware program and scan for all known RATs, then quarantine and remove the infected file(s). To prevent this in the future, he should only download software from trusted websites.
1. What is the inbuild application available to prevent threat actors from modifying the registry in a Windows 10 operating system?
a. Windows 10 tamper protection
1. A cybercriminal attempts to trick a computer's user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage. What should the user implement to avoid this situation?
a. X-Frame
1. Which HTTP response header should be used to prevent attackers from displaying their content on a website?
a. X-Frame-Option