security+ (42)
Postings from Russian agents during the 2016 U.S. presidential campaign to Facebook and Twitter are an example of what type of effort?
A social media influence campaign
Which of the following types of attack aims at a specific group of users by infecting one or more websites that that group is specifically known to visit frequently?
A watering hole attack
What is the main difference between active and passive reconnaissance?
Active will actually connect to the network and could be detected; passive won't.
What is the primary difference between an intrusive and a nonintrusive vulnerability scan?
An intrusive scan could potentially disrupt operations.
Mary makes a vulnerability scan of a customer network and notices that a consumer wireless router on the network returns a result reporting default login credentials. What common configuration issue has she dealt with?
An unsecured administrator account
Elizabeth finds that a number of systems throughout her organization are connecting to a changing set of remote systems on TCP port 6667. Which of the following is the most likely cause of this, if she thinks the traffic is not legitimate?
Botnet command and control via IRC
Teresa is investigating a network breach at her company. She noticed a program that was able to execute code within the address space of another process by using the target process to load a specific library. Which of the following best describes this attack?
DLL injection
What browser feature is used to help prevent successful URL redirection attacks?
Displaying the full real URL
Amanda is worried about LDAP injection attacks against her directory server. What is not a common technique to prevent LDAP injection attacks?
LDAP query parameterization
Choose two techniques that are most commonly associated with a pharming attack.
Modifying the host's file on a PC or exploiting a DNS vulnerability on a trusted DNS server
Which of the following terms describes data that is collected from publicly available sources that can be used in an intelligence context?
OSINT
Chris is investigating a malware incident on one of the computers on his network. He has noticed unknown software that seems to be opening a port, allowing someone to remotely connect to the computer. This software seems to have been installed at the same time as a small shareware application. What is the best description for this malware?
RAT
Ahmed is responsible for incident response at a large financial institution. He finds that the company Wi-Fi has been breached. The attacker used the same login credentials that ship with the wireless access point (WAP). The attacker was able to use those credentials to access the WAP administrative console and make changes. Which of the following best describes what caused this vulnerability to exist?
Using default settings
Your wireless network has been breached. It appears the attacker modified a portion of data used with the stream cipher and used this to expose wirelessly encrypted data. What is this attack called?
WAP IV attack
Which of the following is the most significant difference between cloud service-based and on-premises vulnerabilities?
Your ability to remediate it yourself
Your company has employed an outside security firm to act on various tests of your network. During the vulnerability scan, you will provide that company with logins for various systems (i.e., database server, application server, web server, etc.) to aid in their scan. Which of the following best describes this?
a credentialed scan
Nathan operates a vulnerability scan using up-to-date definitions for a system that he knows has a vulnerability in the version of Apache that it is running. The vulnerability scan does not show that issue when he reviews the report. What has Nathan addressed?
a false negative
Selah scans a Red Hat Linux server that she believes is fully patched and noticed that the Apache version on the server is reported as vulnerable to an exploit from a few months ago. When she checks to see if she is missing patches, Apache is fully patched. What has happened?
a false positive
Rick works as a network administrator for a small financial services company. Users are complaining about odd behavior that appears to be caused by a virus on their machines. After isolating the machines that he believes are infected, Rick analyzes them. He discovers that all the infected machines received an email purporting to be from accounting, with an Excel spreadsheet, and the users opened the spreadsheet. What is the most likely problem with these machines?
a macro virus
Frank uses an on-path attack to cause a system to send HTTP traffic to his system and then forwards it to the actual server the traffic is intended for. What type of password attack can he conduct with the data he collects if he captures all the traffic from a login form?
a plain text password attack
A browser toolbar is an example of what type of malware?
a pup
Daryl finds a physical device attached to a gas pump's credit card reader. Which of the following types of attack has he likely noticed?
a skimmer
Where is an RFID attack most likely to happen as part of a penetration test?
access badges
Your company outsourced the development of an accounting application to a local programming firm. After three months of using the product, one of your administrators finds that the developers have inserted a way to log in and bypass all security and authentication. Which of the following best describes this?
backdoor
Which of the following is not a popular means of attacking RFID badges?
birthday attacks
You have discovered that when in a crowded area, you sometimes get a stream of unwanted text messages. The messages end when you leave the area. Which of the following is the best description of this attack?
bluejacking
When a program has variables, especially arrays, and does not check the boundary values before inputting data, what attack is the program vulnerable to?
buffer overflow
You are an IT consultant for a business located in a coastal area that is susceptible to storms and occasional flooding. Because of your company's location, there is an emphasis on continued business operation. Which of the following plans focus on ensuring that personnel, customers, and IT systems are minimally affected after a disaster?
business continuity
Teresa is worried that the software she wants to download may not be trustworthy, so she searches for it and discovers many postings claiming that the software is legitimate. If she installs the software and later finds it is malicious and that malicious actors have planted those reviews, what principle of social engineering have they performed?
consensus
What type of threat actors are most likely to have a profit motive for their malicious activities?
criminal syndicates
You have found that someone has been attempting to log on to your web server. The person has tried a wide range of likely passwords. Which of the following types of attack is this?
dictionary attack
Someone has been rummaging through your company's trash bins seeking to find documents, diagrams, or other sensitive information that has been thrown out. Which is the following term suited in this case?
dumpster diving
Your company has produced some new security directives. One of these new directives is that all documents must be shredded before being thrown out. Which of the following types of attack is this attempting to prevent?
dumpster diving
Which of the following terms describes using conversational tactics as part of a social engineering exercise to extract information from targets?
elicitation
Juanita performs a vulnerability scan of a small business network and noticed that the organization's consumer-grade wireless router has a vulnerability in its web server. What issue should she solve in her discovering?
firmware patch management
Which of the following term describes a military strategy for political warfare that merges conventional warfare, irregular warfare, and cyberwarfare with fake news, social media influence strategies, diplomatic efforts, and manipulation of legal activities?
hybrid warfare
Selah discovers that a member of her organization's staff has installed a remote access Trojan on their accounting software server and has been accessing it remotely. What type of threat has she discovered?
insider threat
A user calls and asks you to send sensitive documents immediately because their files are corrupted. Otherwise, their salesperson can not close a multimillion-dollar deal. What form of social engineering is this?
intimidation
What is the best description of malware that will execute some malicious activity when a particular condition is met (i.e., if the condition is met, then executed)?
logic bomb
One of your users cannot remember the password for their laptop. You want to recover that password for them. You intend to use a tool/technique that is popular with hackers, and it consists of searching tables of precomputed hashes to recover the password. What is the best descriptions for this?
rainbow table
During what phase of a penetration test is information such as employee names, phone numbers, and email addresses gathered?
reconnaissance
What is not a common part of a cleanup process after a penetration test?
restoring all rootkits to their original settings on the system
Which of the following types of phishing attacks happens via text messages?
smishing
What threat actors are most likely to be associated with an advanced persistent threat (APT)?
state actors
Louis is responsible for network security at his company. He has discovered behavior on one computer that certainly appears to be a virus. He has even identified a file he thinks might be the virus. However, using three separate antivirus programs, he discovers that none can detect the file. Which of the following is most likely to be happening?
the computer has a zero-day exploit
Jim uses a Tor proxy to browse for sites as part of his threat intelligence. Which of the following terms are frequently used to describe this part of the Internet?
the dark web
Why are memory leaks a potential security problem?
they can cause crashes
Telnet, RSH, and FTP are all examples of what?
unsecure protocols
Users in your company complain that someone has been calling their extension and claiming to be doing a survey for a large vendor. Based on the questions asked in the survey, you suspect that this is a scam to elicit information from your company's employees. Which of the following best describes this?
vishing
Mahmoud wants to determine where an organization's wireless network can be accessed from. What testing techniques are his most likely options?
war driving and war flying
Jared is analyzing a recent malware infection on his company network. He finds malware that can spread rapidly via vulnerable network services and does not require any interaction from the user. Which of the following best describes this malware?
worm