Security+ Exam 1 Chapters 1-6
Which of the following is true for KRI?
A KRI exceeding its normal bounds is not always an indicator of compromise.
Which of the following requires a carrier to be infected with a file-based virus?
A human to transfer these files from an infected computer
Which of the following correctly describes the action of a logic bomb?
A logic bomb is a malicious code added to a legitimate program that evades detection until a specific event activates it
Which of the following describes state actors using advanced tools to infect a system to silently and slowly extract data?
Advanced persistent threat (APT)
Which of the following is a broad term used for cybersecurity risks in artificial intelligence (AI) and machine learning (ML)?
Adversarial AI
Your organization is planning to be a part of the CISCP program as a partner. As an information security expert in your company, you are approached by your CEO, who wants to understand how the speed limit of public information centers like CISCP is handled. How should you explain how this speed limit is handled to him?
CISCP implements AIS, which resolves the speed limit issue of public information centers.
Jack is appointed on a security farm as an information security officer. The network of the company comprises many varieties of operating systems and application software. During an external security audit, a gap was discovered: The company does not have any framework or governing guidelines to define security defenses for protecting the operating systems, underlying services, and application software. Which framework or set of guidelines should Jack adopt to cover this gap?
Center of Internet Security (CIS) Benchmarks
Which organization's goal is to define and raise awareness of best practices that help secure cloud computing environments?
Cloud Security Alliance (CSA)
Alice is a vulnerability assessment consultant. She was assigned to scan all database servers for vulnerabilities, during which she found a bunch of vulnerabilities. What are the most appropriate parameters that she should consider while prioritizing the top vulnerabilities that need to be fixed?
Common vulnerability scoring system (CVSS) score and true positivity
Unsecure protocols are classified as which type of vulnerability?
Configuration vulnerability
Which of the following HTTP response headers provides protection against injection attacks?
Content security policy
Which of the following vulnerability scans are slower but can provide a deeper insight into the system by accessing a wider range of the installed software and examine the software's configuration settings and current security posture?
Credentialed vulnerability Scans
Smith installed new meeting-scheduling software that automatically sends emails and reminders to the recipient's computer. Smith noticed that after installation, the software was also tracking other applications he accessed on his computer. What is this attack called?
Cryptomalware
Recently, a computerized electrical power supply unit failed due to a cyberattack. This resulted in a power grid disruption for an entire region of the country. In your study on the attack, how should you categorize the threat actor(s)?
Cyberterrorist
Which feature of a security information and event management (SIEM) tool can help filter multiple alerts detected by different devices for the same event into a single alarm?
Event duplication
Pooja wants to make a list of confinement tools to ensure her operating system is protected from unknown file and application hazards. Which of the following should NOT be used as a confinement tool?
Honeypots
Which of the following is a social engineering attack that uses social media and other sources to achieve its goal?
Hybrid warfare influence campaign
What is it called when a threat actor takes information for the purpose of impersonating someone?
Identity theft
Johann is heading a project team creating a hospital accounting application using an RDBMS. When the application is tested by the company's software testing team, it is noticed that the application shows vulnerabilities when incorrect values are entered. What should Johann implement to ensure that the incorrect input vulnerabilities are removed, and values are verified before the application sends data to the database?
Implement input validation
How can a threat actor tunnel through a network, using advanced privileges they've accessed, and look for additional systems that can be accessed from elevated positions?
Lateral movement
Which of the following boot security modes provides the highest degree of security?
Measured boot
Which of the following frameworks is used by most companies as a measuring stick to compare their cybersecurity practices to the threats that they face?
NIST Cybersecurity Framework
What is another term for a worm?
Network virus
Which of the following is a coding technique wherein an application is written so that its functionality is difficult for an outsider to understand?
Obfuscation code
Seo-jun is a bug bounty hunter. He was hired by an industrial organization to damage the network's security defenses as much as possible. Seo-jun gained initial access to a system in the network by sending a spear-phishing email into the network that installed a virus. What sequence of actions should he perform to achieve repeated and long-term access to multiple systems in the network with a highly privileged account?
Perform privilege escalation, then lateral movement, and then perform backdoor installation
You download a Word file sent to you through email. When you open the file, the file is in a protected view with the option "Enable Editing" visible on top. This happens due to which of the following confinement tools?
Quarantine
Which of the following malware types attacks the endpoint device; encrypts files, making them unreadable; and demands the user make payments to retrieve the files?
Ransomware
Jane sent an encrypted funds transfer message to her bank with her account details. A few days later, she noticed other transactions in her account that she did not authorize. What kind of an attack has Jane likely been subjected to?
Replay attack
MegaCorp is a multinational enterprise. Their customer payment files were recently stolen and sold on the black market. Customers have reported that their credit cards are being charged for fraudulent purchases made in countries where they do not live and have never been. What is the most likely impact on MegaCorp from this attack?
Reputation loss
A threat actor employed by the victimized organization is referred to as which of the following?
Shadow IT
Carol installed a new application from a free software website that converts avi-formatted files into mpeg format. After installing the application, she noticed that new applications are automatically getting downloaded and installed on the computer. What kind of attack is Carol's computer subjected to?
Spyware
Which protocol is used in AIS?
TAXII
Over the last few years, an organization has brought up the need to replace old systems. While the organization has made these old systems function with various workarounds, custom middleware applications, and other methods to make up for their shortcomings, it has become increasingly apparent that they need to be replaced soon. Which of the following security concerns does the company face if they continue to use the outdated systems?
The age of the systems means they run on outdated OSs that are no longer supported, making security updates impossible to install.
What is the sequence of the rules of engagement during a penetration testing attack?
Timing, scope, authorization, exploitation, communication, clean up, reporting
What is the primary difference in the goals of vulnerability scanning and penetration testing, respectively?
To identify risks by scanning systems and networks; to gain unauthorized access and exploit vulnerabilities
A weakest link vulnerability can be caused by mismanagement of which of the following?
Vendor management
XYZ Company is developing an application. After a few months of initial development, they decide to go through quality assurance testing. The tests show poor results. The developers realize that they have to make changes to their application but to do so, they will have to start their development process all over again. What kind of model are they using?
Waterfall model
Which of the following is the target of an attacker in a server-side request forgery (SSRF)?
Web server
Your company's Accounts Payable department reports that an invoice was marked as paid, but the vendor has shown proof they never received any of the $783,296 payment. Accounts Payable confirms that the amount was deducted from the company's accounts, but the recipient account number does not match the vendor's. After an investigation, you discover that the invoice was paid by the Chief Financial Officer. He says he paid the invoice after receiving an after-hours, past-due invoice from the vendor claiming that they would be filing a civil action in court the next morning. Rather than wait for Accounts Payable to come in the next day and verify the invoice date, the CFO immediately paid the full amount. Which type of social engineering attack was your company most likely the victim of?
Whaling
What is an attack on a NoSQL database compromised by data manipulation when the input is not sanitized by the application?
XML injection
