Security +
Which of these states are the result of an erroneous action triggering from a benign event?
False positive
Spearfishing
Targets certain employees in certain departments, roles, and responsibilities
Smishing
A cyber attack that uses SMS texting as the vector
Which of these statements is true regarding zero-day attacks?
All malware and exploits were a zero-day at one time or another.
Which of these would commonly not be considered a benign usage of a man-in-the-middle?
Application Layer Gateway *ARP proxy* Web proxy server Network Address Translator
Pharming
Attacker poisons a DNS server to redirect users to unintentionally go to a fake site
A prank that takes advantage of sending contact information automatically without authentication
Bluejacking
Can steal data from a wireless device using a Bluetooth connection
Bluesnarfing
Attacker sends larger than expected input and a server accepts it and writes to memory areas
Buffer Overflow
In a distributed denial-of-service account what does the zombified system communicate with?
C2C Server
What component will typically store the instances of all organizational configuration items?
CMDB
In a Linux-based privilege escalation attack what is the typical first step?
Check the OS release of the vulnerable system
Removing all footprints and artifacts of the attack chain
Cleanup
Which of these scanning techniques would decide if a system is configured in agreement with a recognized governance or regulatory policy?
Compliance scan
Which variant of XSS attacks leverages an insecurely written HTML page on an end user's system or endpoint gadgets and widgets?
DOM-based
An overlay network that is not indexed by search engines
Darkweb
It is also known as a "dot slash" attack
Directory Traversal
Compromises various control and management frames when MPP is not used
Dissassociation
What cryptographic attack takes advantage of an application's ability to give up a more secure method of communication and revert to an older, less-optimal mode?
Downgrade attack
A timing-based side-channel attack against WPA3
Dragonblood
Replaces an existing wireless service set so that users will connect to a fake one
Evil twin
What penetration testing technique would involve having some level of limited knowledge of the internal workings of the target?
Gray Box
Which type of threat actor has some level of information about the target but often needs more?
Gray hat
What is most likely the first step in a scam or hoax attack?
IP Spoofing
Which of these represents a likely primary or secondary loss due to using unsecure and unpatched legacy platforms?
Identity Theft Data Exfiltration Loss of availability Loss of reputation
An error when the result of a math operation does not fit within the allocated memory space
Integer overflow
Network or host-based cyber observables or artifacts of an incursion
IoC
What are threat hunters attempting to quickly recognize to counter cyber criminals and mitigate threats?
IoCs
Which of these refers to malicious scripts as opposed to malicious code?
It is rarely sent through email attachments It is an unwanted and unsolicited malicious program *It affects only those applications for which it has been written* It is another generic term for malware
KeyGhost captures passwords, credit card numbers, and other personal information
Keylogger
Pivoting from one domain or VLAN to another
Lateral movement
Which of these represents passive reconnaissance instead of active reconnaissance?
Less intrusive process to daily operations Leaving no footprints Conducting packet tracing Using a network tap
Which of these attacks triggers a certain event occurs such as mouse movement or file access?
Logic bomb
Which of these attacks takes advantage of inadequate mechanisms to stop clients from automated attempts through credential stuffing?
Login Attacks
What technique can overwhelm the content addressable memory tables on Layer 2 switches?
MAC Flooding
What technologies with learning, reasoning, and decision-making abilities are rapidly being incorporated into security, analysis, defense, and military systems?
Machine learning Artificial Intelligence Robotic technologies
What is another term used to describe an influence campaign?
Misinformation Operation
Which of these is more related to an on-premise provider as opposed to a cloud-based provider?
More experience and familiarity with system
Which of these represents practical reasons for the effectiveness of social engineering?
No policy enforcement Lack of acceptable use policy Outdated antivirus tools and utilities No buy-in from management
Data or information that can be collected legally from free, public sources concerning an individual or organization
OSINT
Which of these are valid examples of weak configuration vulnerabilities?
Open ports and services Unhardened systems and protocol Weak cryptosystems Default passwords
Which of these third-party risks would most likely occur due to the use of unsecure coding practices and lack of testing?
Outsourced container development
Which attacks takes advantage of Windows Safe Mode?
Pass the hash
Forcing the exploit to remain even with a reboot or network disconnect
Persistence
Which of these are attributes of a structured attack?
Persistent Organized Planned Multi-phased
Attempting to get root or administrative credentials of a database
Privilege Escalation
Which role will offer initiatives and information sharing between teams to improve the organizational security posture?
Purple team
Infected PC serves a session back to C2C server acting as client
RAT
Which source of research would be published by the IEEE?
RFC
Client and server handshake before the server generates two cryptographic keys
Ransomware
Conducting planning, preparation, and information gathering
Reconnaissance
What process involves changing an application's source code without modifying the characteristics?
Refactoring
Agreeing to the target customers bug bounty program
Rule of engagement
What service allows organizations to aggregate threat management, incident response, and repeatable security operations?
SOAR
A structured language for cyber threat intelligence
STIX
Web application allows reusing old session credentials for authorization
Session Replay
Which of these attacks is most likely to be conducted with a cell phone camera?
Shoulder Surfing
What technique uses devices that overlay an ATM machine or point-of-sale scanner to steal the information from the victim?
Skimming
Which of these password attacks tries to access many accounts using a few commonly used passwords with a "low-and-slow" methodology?
Spraying
Malware that can show advertisements, track information, and make changes to endpoints without user knowledge
Spyware
What type of attack involves infiltrating a system through an outside partner, vendor, or provider with access to your systems and/or data?
Supply chain attack
BEC
Targets companies who outsource, conduct wire transfers, and have suppliers abroad
Whaling
Targets high-level employee or someone in senior management
What term describes the technique or method used to exploit a vulnerability or deliver a malware payload?
Threat Vector
Which is an advantage of on-premise database solution as opposed to a cloud service provider?
Threat actors are typically internal privileged users.
A condition when an attacker tries to gain privilege to a system by racing it to a resource
Time of Check
Which of these are terms that describe an attacker sitting on sites under someone else's brand and targeting Internet users who erroneously type into their browser address bar?
URL hijacking, typosquatting, fake URL, sting sites.
A collection and distribution of information about exposed computer security exposures
Vulnerability databases
Which of these SYSLOG messages would have the code number "4"?
Warning
A special form of self-replicating malware that typically spreads without user action
Worms
What type of attack is also known as SOAP injection?
XML Injection
