Chapter 1 Threats, Attacks, & Vulnerabilities
Willie is responsible for the security of his organization's digital certificates and their associated keys. Which one of the following file types is normally shared publicly?
.CRT file
Which one of the following characters is most important to restrict when performing input validation to protect again XSS attacks?
<
Aaliyah is implementing TLS encryption to protect transactions run against her company's web services infrastructure. Which one of the following cipher suites would not be an appropriate choice?
ADH-RC4-MD5
Which one of the following sources is likely to have the highest level of sophistication?
APT
Which one of the following security controls would be MOST effective in combatting buffer overflow attacks?
ASLR
What type of access must an attacker have to successfully carry out an ARP poisoning attack against a target?
Access to the Target's LAN
Darryl is charged with protecting the service shown below from the attack being waged by Mal. What control would best protect against this threat?
Adding TLS Encryption
Trinity is beginning a penetration test against a client and would like to begin with passive reconnaissance. Which of the following tools may be used for passive reconnaissance?
Aircrack-ng
Which one of the following security controls is the most effective against zero-day attacks?
Application Control
What is the most dangerous consequence that commonly occurs as the result of a buffer overflow attack?
Arbitrary Command Execution
After conducting a vulnerability scan of her network, Deborah discovered the issue shown below on several servers. What is the most significant direct impact of this vulnerability?
Automated attacks are most likely to succeed
Which one of the following cryptographic attacks may be used to find collisions in a hash function?
Birthday Attack
In which one of the following types of penetration test does the attacker not have any access to any information about the target environment prior to beginning attack?
Black Box
In which one of the following attacks against Bluetooth technology is the attacker able to steal information from the device?
Bluesnarfing
Which one of the following security controls is most effective against zero-day attacks?
Brute Force
Which one of the following security testing programs is designed to attract the participation of external testers and incentivize them to uncover security flaws?
Bug Bounty
Krystal is investigating wireless signal interference in her building and suspects that jamming might be taking place. Which one of the following actions can help her rule out intentional jamming of her wireless signal?
Changing the WiFi Channel
Ziva is trying to break a cryptographic algorithm where she has the encryption key but does not have the decryption key. She is generating a series of encrypted message and using them in her cryptanalysis. Which term best describes Ziva's attack?
Chosen Plaintext
Daja runs a vulnerability scan of her network and finds issues similar to the one shown below on many systems. What action should Daja take?
Conduct a Risk Assessment
Xavier is investigating a security incident at his organization where an attacker entered the building wearing a company uniform and demanded that the receptionist provide his access to a network closet. he told receptionist that he needed to access the closet immediately to prevent a major network disaster. Which one of the following principles of social engineering did the attacker NOT exploit?
Consensus
Joshua recently developed a system on his network that occasionally begins sending streams of TCP SYN packets to port 80 at a single IP address for several hours and then stops. It later resumes, but directs the packets at a different address. What type of attack is taking place?
DDoS
Vivica is investigating a website outage that brought down her company's ecommerce platform for several hours. During her investigation, she noticed that the logs are full of millions of connection attempts from systems around the world, but those attempts were never completed. What type of attack likely took place?
DDoS
Andre is reviewing a list of cryptographic cipher suites supported b his organization's website. Which one of the following algorithms i snot secure and may expose traffic to eavesdropping attacks?
DES
Shanice is investigating a piece of malware found on a Windows system in her organization. She determines that the malware forced a running program to load code stored in a library. What term best describes this attack?
DLL Injection
Juan is investigating an attack that took place on his network. When he visits the victim's machine and types "www.mybank.com" into the address bar, he is directed to a phishing site designed to look like a legitimate banking site. He then tries entering the IP address of the back directly into the address bar and the legitimate site loads. What type of attack is likely taking place?
DNS Poisoning
Shonda is concerned that uses in her organization may fall victim to DNS poisoning attacks. Which one of the following controls would be most helpful in protecting against these attacks?
DNSSEC
After conducting security testing, Jabari identifies memory leak issue on one of his servers that runs an internally developed application. Which one of the following team members is most likely able to correct this issue?
Developer
Treyvon is concerned that his organization's public DNS servers may be used in an amplification attack against a third party. What is the most effective way for Treyvon to prevent these servers from being used in an amplification attack?
Disable Open Resolution
Jamal is securing a set of terminals used to access a highly sensitive web application. He would like to protect against a man-in-the-browser attack. Which one of the following actions would be the most effective in meeting Jamal's goal?
Disabling Browser Extensions
Destiny believes that her network was the target of a wireless networking attack. Based upon Wireshark traffic capture shown below, what type of attack likely took place?
Disassociation
Terrance is conducting a penetration test against a wireless network and would like to gather network traffic containing successful authentication attempts but the network is not heavily trafficked and he wants to speed up the information gathering process. What technique can he use?
Disassociation
What type of scan can best help identify cases of system sprawl in an organization?
Discovery Scan
Which one of the following security vulnerabilities is NOT a common result of improper input handling?
Distributed Denial of Service
Darius is responsible for administering his organization's domain names. He recently received a message from their registrar indicating that a transfer request was underway for one of their domains, but Darius was not aware of any request taking place. what type of attack may be occurring?
Domain Hijacking
Twyla recently completed an assessment of her organization's call center and found that call center representatives discard paper notes from their telephone calls with customers without shredding them. What type of social engineering attack does this practice make her organization vulnerable to?
Dumpster Diving
Kevon is configuring a vulnerability scan of his network. He would like the scan to be a non-intrusive scan and is using the configuration settings shown below. Which setting should he modify?
Enable Safe Checks
Warren is conducting a penetration test and has gained access to a critical file server containing sensitive information. He is now installing a rootkit on that server. What phase of the penetration test is Warren conducting?
Escalation of Privilege
Tiana detected an attack o her network where the attacker used aircrack-ng to create a wireless network bearing her company's SSID. The attacker then boosted the power of that access point so that it was the strongest signal in an executive office area, prompting executive devices to connect to it. What type of attack took place?
Evil Twin
Which one of the following controls would be LEAST effective against a privilege escalation attack?
Firewall Rule
Jayda found the following page on her web server. What type of attacker waged this attack?
Hacktivist
Which one of the following is not a likely consequence of system sprawl?
Improper Input Validation
Which one of the following attackers is most likely to understand the design of an organization's business processes?
Insider
Laila works for an organization that recently opted to discontinue support service on their network devices to control costs. They realized that it would be less expensive to replace devices when they fail than to use the costly replacement plan that was included in their support contract. What should be Laila's primary concern from a security perspective?
Lack of Access to Vendor Patches
Which one of the following malware tolls is commonly used by attackers to escalate their access to administrative privileges once they have already compromised a normal user account on a system?
Logic Bomb
In which one of the following types of spoofing attack is the attacker often able to establish two-way communication with another device?
MAC Spoofing
DeAndre would like to identify the mail server used by an organization. Which one of the following DNS record types identifies a mail server?
MX
Ebony is approached by an end user who is trying to visit a banking website and sees the error message below. What type of attack is most likely taking place?
Man-in-the-Middle
During a security assessment, Deshawn learns that the Accounts Receivable department prints out records containing customer credit card numbers and files them in unlocked filing cabinets. Which one of the following approaches is most appropriate for resolving the security issues this situation raises?
Modify Business Process
After running a vulnerability scan. Cornell identified 10 Windows XP systems running on the network. Those systems support critical business hardware that is over 10 years old and it is not possible to replace the hardware. What is the primary issue that Cornell needs to address?
Obsolete Operating System
Jalen recently gained access to a salted and hashed password file from a popular website and he would like to exploit it in an attack. Which one of the following attacks would be most productive if the website has a password policy requiring complex passwords?
Offline Brute Force
Demetrius is assessment the results of a penetration test and discovered that the attackers managed to install a back door on one of this systems. What activity were the attackers most likely engaged in when they installed the back door?
Persistence
Antoine is a help desk technician and received a call from an executive who received a suspicious email message. The content of the email appears below. What type of attack most likely took place?
Phishing
During a security review, Damien identified a system that is using the RC4 cipher with a 40-bit key to protect communications between systems using the Remote Desktop Protocol. Which one of the following findings would it be appropriate for Damien to include in his report on the risk of this service?
RC4 is an insecure cipher and should not be used
Aniyah is a web developer responsible for implementing an authentication system. She knows that she should store hashed versions of passwords rather than the passwords themselves but chooses to use unsalted passwords. What type of attack does this make the application more susceptible to?
Rainbow Table
During a security exercise which team is responsible for conducting offensive operations against the target?
Red Team
During forensic analysis, Dante discovered that an attacker intercepted traffic headed to networked printers by modifying the printer drivers. His analysis revealed that the attacker modified the code of the driver to transmit copies of printed documents to a secure repository. What type of attack took place?
Refactoring
Diamond is developing a web application and is embedding a session ID in the application that is exchanged with each network communication. What type of attack is Diamond most likely trying to prevent?
Replay
What is the purpose of DNS amplification attack?
Resource Exhaustion
Roscoe is a cybersecurity analyst. Each day he retrieves log files from a wide variety of security devices and correlates the information they contain, searching for unusual patterns of activity. What security control is likely lacking in Roscoe's environment?
SIEM
Reginald is looking for a security solution that is capable of reacting automatically to security information and performing a variety of tasks across other security solutions. Which one of the following technologies would best meet his needs?
SOAR
Tyrone considers himself a hacker but generally does not develop his own exploits or customize exploits developed by others. Instead, he downloads exploits from hacker sites and attempts to apply them to large numbers of servers around the Internet until he finds one that is vulnerable. What type of hacker is Tyrone?
Script Kiddie
Brenda is selecting the tools that she will use in a penetration test and would like to begin with passive techniques. Which one of the following is not normally considered a passive reconnaissance technique?
Social Engineering
Devante is the new CISO at the the mid-sized business. Upon entering his role, he learns that the organization has not conducted any security training for their sales team. Which one of the following attacks is most likely to be enabled by this control gap?
Social Engineering
Elijah is investigating a domain hijacking attack against his company that successfully redirected web traffic to a third-party website. Which one of the following techniques is the most effective way to carry out a domain hijacking attack?
Social Engineering
Joey is a security administrator for a federal government agency. He recently learned of a website that advertises job for former government employees. When he accessed the site, the site launched code in his browser that attempted to install malicious software on his system. What type of attack took place?
Spyware
Krystal conducts a vulnerability scan against her organization's network and discovers a file servers with the vulnerability shown below. Which one of the following actions is the best way to remediate this vulnerability?
Switch to SFTP
Maurice detected the vulnerability shown below in one of his systems. He has several other high priority projects waiting for his attention and needs to prioritize this issue. What should he do?
Take No Action
Imani is reviewing the logs from security incident and discovers many entries in her database query logs that appear similar to the ones shown below. What types of attack was attempted against her?
Timing-Based SQL injection
Jeremiah received an email warning hi that a new virus is circulating on the Internet and that he needs to apply a patch to correct the problem. The message is actually a hoax and the patch contains malicious code. What principle of social engineering best describes what the attacker was trying to exploit by including the Microsoft header?
Trust
Nevaeh runs a vulnerability scan of a server in her organization and receives the results shown below. What corrective action could Nevaeh take to resolve these issues without disrupting service?
Update RDP Encryption
Jayden is concerned about the susceptibility of his organization to phishing attacks. Which one of the following controls will best defend against this type of attack?
User Training
Which one of the following would not be considered an OSINT tool?
Vulnerability Scans
Malik runs a vulnerability scan on a system on his network and identifies a SQL injection vulnerability. Which one of the following security controls is likely not to present on the network?
WAF
Which one of the following technologies must be enabled on a wireless network for a Pixie Dust attack to succeed?
WPS
Asia is an independent security researcher who often tests the security belonging to large corporations. She recently entered into a contract with a large automotive supplier to test the security of their systems. What term best describes Asia's work on this engagement?
White Hat