Chapter 1: Cybersecurity Fundamentals

Vulnerability

A ___________ is a weakness in the system design, implementation, software, or code, or the lack of a mechanism. Vulnerability Threat Exploit None of these answers are correct.

Availability

A denial-of-service attack impacts which of the following? Integrity Availability Confidentiality None of these answers is correct.

Integrity

An attacker is able to manipulate the configuration of a router by stealing the administrator credential. This attack impacts which of the following? Integrity Session keys Encryption None of these answers is correct.

All of these answers are correct.

SQL injection attacks can be divided into which of the following categories? Blind SQL injection Out-of-band SQL injection In-band SQL injection None of these answers is correct. All of these answers are correct.

PSIRT (Product Security Incident Response Teams)

Software and hardware vendors may have separate teams that handle the investigation, resolution, and disclosure of security vulnerabilities in their products and services. Typically, these teams are called ________. CSIRT Coordination Center PSIRT MSSP

CVE (Common Vulnerabilities and Exposures) identifer.

Vulnerabilities are typically identified by a ___________.? CVE CVSS PSIRT None of these answers is correct.

A, B, and C

Which of the following are IoT technologies? Z-Wave INSTEON LoRaWAN A and B A, B, and C None of these answers is correct.

All of these answers are correct.

Which of the following are examples of malware attack and propagation mechanisms? Master boot record infection File infector Macro infector All of these answers are correct.

All of these answers are correct.

Which of the following are examples of security mechanisms designed to preserve confidentiality? Logical and physical access controls Encryption Controlled traffic routing All of these answers are correct.

All of these answers are correct. STIX (Structured Threat Information eXpression) TAXII (Trusted Automated eXchange of Indicator Information) CybOX (Cyber Observable eXpression) OpenIOC (Open Indicators of Compromise) OpenC2 (Open Command & Control)

Which of the following are standards being developed for disseminating threat intelligence information? STIX TAXII CybOX All of these answers are correct.

Base, temporal, and environmental groups

Which of the following are the three components in CVSS? Base, temporal, and environmental groups Base, temporary, and environmental groups Basic, temporal, and environmental groups Basic, temporary, and environmental groups

PaaS (Platform as a Service)

Which of the following cloud models include all phases of the system development life cycle (SDLC) and can use application programming interfaces (APIs), website portals, or gateway software? SaaS PaaS SDLC containers None of these answers is correct.

All of these answers are correct.

Which of the following is a cloud deployment model? Public cloud Community cloud Private cloud All of these answers are correct.

NIST Cybersecurity Framework

Which of the following is a collection of industry standards and best practices to help organizations manage cybersecurity risks? MITRE NIST Cybersecurity Framework ISO Cybersecurity Framework CERT/cc

OWASP (Open Web Application Security Project)

Which of the following is a nonprofit organization that leads several industry-wide initiatives to promote the security of applications and software? CERT/cc OWASP AppSec FIRST

Exploit

Which of the following is a piece of software, a tool, a technique, or a process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system? Exploit Reverse shell Searchsploit None of these answers is correct.

Community cloud

Which of the following is a type of cloud deployment model where the cloud environment is shared among different organizations? Community cloud IaaS PaaS None of these answers is correct.

HTML injection

Which of the following is a type of vulnerability where the flaw is in a web application but the attack is against an end user (client)? XXE HTML injection SQL injection XSS

All of these answers are correct.

Which of the following is a way for an attacker to perform a session hijack attack? Predicting session tokens Session sniffing Man-in-the-middle attack Man-in-the-browser attack All of these answers are correct.

An incident

Which of the following is an adverse event that threatens business security and/or disrupts service? An incident An IPS alert A DLP alert A SIEM alert

All of these answers are correct.

Which of the following is an example of tools and methods to hack IoT devices? UART debuggers JTAG analyzers IDA Ghidra All of these answers are correct.

802.1X

Which of the following is not a communications protocol used in IoT environments? Zigbee INSTEON LoRaWAN 802.1X

Ret2Libc

Which of the following is not an example of ransomware? WannaCry Pyeta Nyeta Bad Rabbit Ret2Libc

Threat intelligence

Which of the following is referred to as the knowledge about an existing or emerging threat to assets, including networks and systems? Exploits Vulnerabilities Threat assessment Threat intelligence

Chain of custody

Which of the following is the way you document and preserve evidence from the time that you started the cyber-forensics investigation to the time the evidence is presented in court? Chain of custody Best evidence Faraday None of these answers is correct.

White hat

Which type of hacker is considered a good guy? White hat Black hat Gray hat All of these answers are correct.

Threat

_________ is any potential danger to an asset. Vulnerability Threat Exploit None of these answers is correct.

Reflected DDoS

____________ attacks occur when the sources of the attack are sent spoofed packets that appear to be from the victim, and then the sources become unwitting participants in the DDoS attacks by sending the response traffic back to the intended victim. Reflected DDoS Direct DoS Backtrack DoS SYN flood