System Security Management Quiz 7

Which of the following functionalities can an attacker abuse to try to elevate privileges if the service is running under SYSTEM privileges? A. Unquoted PowerShell scripts B. Writable SYSTEM services using the GetSystemDirectory function C. Cross-site scripting (XSS) D. Unquoted service paths

Unquoted service paths

Which of the following is not an insecure service or protocol? A. Telnet B. Cisco Smart Install C. Windows PowerSploit D. Finger

Windows PowerSploit

Which of the following is not a place where Windows stores password hashes? A. LSASS B. Powershell hash store C. AD database D. SAM database

Powershell hash store

Consider the following example: omar@ares:~$ ls -l topsecret.txt -rwxrwxr-- 1 omar omar 15 May 26 21:15 topsecret.txt What permissions does the user omar have in the topsecret.txt file? A. Write only B. Read, write, execute C. Write, execute D. Read only

Read, write, execute

Which of the following is a type of attack in which a subroutine return address on a call stack is replaced by an address of a subroutine that is already present in the executable memory of the process? A. CPassword B. ASLR bypass C. Ret2libc D. Sticky-bit attack

Ret2libc

The SELinux and AppArmor security frameworks include enforcement rules that attempt to prevent which of the following attacks? A. Cross-site request forgery (CSRF) B. Cross-site scripting (XSS) C. Lateral movement D. Sandbox escape

Sandbox escape

Which of the following is a sandbox built in the Linux kernel to only allow the write(), read(), exit(), and sigreturn() system calls? A. Linux-jail B. SELinux C. Seccomp D. SUDI

Seccomp

Which of the following is a technique that is executed using disassemblers and decompilers to translate an app's binary code or bytecode back into a more or less understandable format? A. Static and dynamic binary analysis B. Static and dynamic source code analysis C. Binary patching, or modding D. Binary code injection

Static and dynamic binary analysis

Which of the following tools allows an attacker to dump the LSASS process from memory to disk? A. Windows Powershell B. John the Ripper C. SAMsploit D. Sysinternals ProcDump

Sysinternals ProcDump

Which of the following is a component of Active Directory's Group Policy Preferences that allows administrators to set passwords via Group Policy? A. Sticky-bit B. CPassword C. Ret2libc D. GPO crack

CPassword

Which of the following is an attack in which the attacker tries to retrieve encryption keys from a running operating system after using a system reload? A. Hot-boot B. ASLR bypass C. Cold boot D. Rowhammer

Cold boot

Which of the following is not one of the top mobile security threats and vulnerabilities? A. Insecure data storage B. Insecure communication C. Insecure authentication D. Cross-site request forgery (CSRF)

Cross-site request forgery (CSRF)

Which of the following involves an unauthorized individual searching and attempting to collect sensitive information from the trash? A. Piggybacking B. Lockpicking C. Dumpster diving D. Fence jumping

Dumpster diving

Which of the following is not true about sticky bits? A. If the sticky bit is set on a directory, files inside the directory cannot be renamed or removed by the owner of the file, the owner of the directory, or the superuser (even though the modes of the directory might allow such an operation). B. For regular files on some older systems, the sticky bit saves the program's text image on the swap device so it will load more quickly when run. C. A restricted deletion flag, or sticky bit, is a single bit whose interpretation depends on the file type. D. For directories, the sticky bit prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory; this is called the restricted deletion flag for the directory, and is commonly found on world-writable directories such as /tmp.

If the sticky bit is set on a directory, files inside the directory cannot be renamed or removed by the owner of the file, the owner of the directory, or the superuser (even though the modes of the directory might allow such an operation).

Which of the following can attackers use to capture every keystroke of a user in a system and steal sensitive data (including credentials)? A. RATs B. Keybinders C. Keyloggers D. Ransomware

Keyloggers

Which of the following statements is not true? A. Java virtual machines include a sandbox to restrict the actions of untrusted code, such as a Java applet. B. Microsoft s .NET Common Language Runtime cannot enforce restrictions on untrusted code. C. Modern web browsers provide sandboxing capabilities to isolate extensions and plugins. D. HTML5 has a sandbox attribute for use with iframes.

Microsoft s .NET Common Language Runtime cannot enforce restrictions on untrusted code.

Which of the following is an open source tool that allows an attacker to retrieve user credential information from the targeted system and potentially perform pass-the-hash and pass-the-ticket attacks? A. SAM Stealer B. Hashcrack C. Kerberoast D. Mimikatz

Mimikatz

Which of the following is the term for an unauthorized individual following an authorized individual to enter a restricted building or facility? A. Tailgating B. Lockpicking C. Dumpster diving D. Badge cloning

Tailgating