Security P1
An attacker is trying to crack a password. When the list of common words and phrases fails, the attacker switches gears and begins to use a password attack that generates guesses for every potential password combination. What password attack is being used?
Brute force
Which of the following types of password attacks is guaranteed to succeed eventually?
Brute force
Which of the following is the simplest form of password cracking, which Urgencytypically does not require many resources and is usually performed after becoming familiar with a target?
Guessing
An attacker is carrying out a birthday attack on a weak hash algorithm they discovered on a victim's network in order to decrypt the password. Which of the following does the birthday attack exploit?
Hash collision
An attacker has created a fake account on social media to use in their attack. Which of the following are they MOST likely performing?
Influence campaign
How should a vulnerability scanner be configured to identify vulnerabilities exploitable by an outside attacker while minimizing false positive results?
Intrusive, non-credentialed
A vulnerability in a web page has enabled an attacker to exploit the website to construct a statement that is run against the directory services database. Which type of attack gives a hacker access to directory services information from a web page?
LDAP injection
Which of the following types of injection attacks is BEST suited to collecting information about the users of an organization's systems?
LDAP injection
What type of attack waits until a specific date or system event and then executes?
Logic bomb
Which of the following types of malware is MOST likely to be used for a destructive cyberattack?
Logic bomb
Which of the following attacks might be used to bypass access control lists?
MAC cloning
An attacker has obtained access to a victim's network and is seeking information from the network traffic. They have determined the switching device they want to eavesdrop on. Which attack sends a glut of packets to a switch to change its state?
MAC flood
Penetration testing has commenced at Acme Inc. by third-party contractors. They are investigating the networking components, performing a network scan, and documenting any devices connected to the network. What are they doing?
Network mapping
An organization is testing production systems for vulnerabilities that could be exploited by a malicious insider. How should they configure their vulnerability scanner?
Nonintrusive, credentialed
A web server running on a user's workstation may be an example of which of the following configuration issues?
Open ports and services
An administrator has been asked to use a sniffer program. What are they attempting to do?
Packet capture
Which of the following types of attacks is BEST designed to take advantage of the fact that many people use the password 123456?
Password spraying
An attacker has gained access to a user's workstation with a social engineering attempt that used an executable sent through email. The attacker now has the capability to access the user's computer and make changes. Which type of attack allows a hacker to run arbitrary code on a remote machine?
Remote code execution (RCE)
Users at Smith Industries are reporting an unusual wireless access point that is showing up on their laptops. A few users have reportedly connected to it and have been receiving warnings while accessing local intranet sites. What is the name for an unauthorized wireless access point that is able to access the network?
Rogue access point
An administrator is examining a server after a suspected attack. They are examining the logs and notice that there are a lot of requests that apparently stayed open through an incomplete three-way handshake, leading to the server being unable to accept new requests. Which attack takes advantage of the three-way handshake in this way to crash a server?
SYN flood
Which of the following is used to enable security solutions and threat hunting?
Threat feeds
A user wants to download a popular piece of music software to play music at work. They unknowingly misspell the domain name of the site and are sent to a malicious site that provides infected software for download. What type of attack is used to trick users into thinking that they are downloading from an official site when they misspell a domain name?
Typosquatting
Which feature of an all-in-one security appliance can limit which websites users can visit?
URL filter
Which of the following attacks is MOST related to a phishing attack?
URL redirection
A user receives a phishing email claiming that a transaction has been made on one of their online accounts. Which of the following principles of effectiveness is MOST likely being used?
Urgency
An attacker tries to convince a target to do something because "everyone is doing it." Which principle of effectiveness are they appealing to?
Consensus
A new web application is being developed by Smith Industries. Malicious code was recently found in the application stack that would run anytime an end user visited the web application. Which type of attack injects malicious scripts into a website or web application?
Cross-site scripting (XSS)
A user at Acme Inc. received an email purporting to be from UPS. The user was told to open the attachment to receive a lost package. The user opened the attachment and almost immediately a prompt popped up on the screen declaring that the system had been encrypted with a secret password and that a sum of digital currency was to be sent to the listed address. Which of the following is this an example of?
Cryptomalware
Several protocols that govern the operation of the internet and local networks are susceptible to a variety of attacks. One of those attacks attempts to modify or corrupt specific records and force the victim to lose access or be redirected to a potentially malicious site. Which of the following BEST fits this description?
DNS poisoning
Logs indicate that a router is not responding to any requests. The administrator investigates and discovers that the router is being overwhelmed with requests from a workstation. This is effectively making it nonfunctional in its attempts to respond to all the requests. This is an example of which of the following?
Denial-of-service
An attacker has gained access to the file system back end of a web server through a vulnerability in the web portal. They now have access to all the files and folders on the web server. Which type of attack was used?
Directory traversal
A whaling or invoice scam attack is MOST likely to use which of the following attack vectors?
An attacker discovers that when they log in to a certain online bank and enter some URL variables, they are able to access other users' accounts to see their information, as well as transfer money. Which type of privilege escalation is this, when one user gains access to another user's data at the same privilege level?
Horizontal
Understanding threat actors and what motivates them provides a greater ability to counteract and mitigate any attacks. While some threat actors obviously present less risk than others, there is one that is virtually guaranteed to cause a breach if an organization is targeted by it. Which of the following threat actors is considered to be the MOST dangerous?
APT
An attacker has gained access to a victim's network and is looking to further their access. They craft protocol reply packets that designate their spoofed MAC address as the switch for the network and instruct them to send all communications through there. Which of the following is being perpetrated in this scenario?
ARP poisoning
After gaining access to a victim's network, an attacker crafts an ICMP packet that is destined for all other hosts on the network. They spoof the IP address of a resident web server and attach it to the packet, then send it off. Shortly thereafter, the web server is rendered unavailable because of the flood of responses. Which of the following is this an example of?
Amplification attack
Which principle of effectiveness is MOST likely to be used in a spear phishing attack in which the attacker is impersonating the CEO?
Authority
While completing some transfers via his e-banking site, a user gets a call from an individual that identifies herself as working at Microsoft. She states that the user's machine is infected and that a Microsoft technician can help remove the infection. They need access to the machine, which the user provides. Which of the following did the social engineer use to convince the user to provide access?
Authority
An organization is looking for consultation on security vulnerabilities that are present within their environment. They are seeking an individual who works with companies to test and report on the security posture and vulnerabilities that may be present. Which of the following would the organization likely hire?
Authorized hacker
Which of the following impacts does ransomware try to create BEFORE demanding a ransom?
Availability
Which of the following is NOT a common impact of a data breach?
Availability
Understanding the potential threats facing an organization, and the software or hardware involved, can provide additional insight into improving security and the methods used to prevent or mitigate an attack. For example, knowing how a password cracking tool performs its analysis could help in implementing better passwords that cannot be so easily cracked. Which of the following is a common password cracking tool?
Cain and Abel
A user is browsing a social media site and sees a post by their friend about an interesting game, along with the link. The user clicks on the link and is presented with a game that is focused on discovering hidden items on the web page and clicking on them. The user plays the game, eventually leaves the page, and later discovers that their social media account has been hacked and is now sending spam messages to their friends. Which of the following MOST LIKELY occurred in this scenario?
Clickjacking
What list is provided by the MITRE Corporation to give security administrators up-to-date information on vulnerabilities?
Common Vulnerabilities and Exposures
An attacker has impersonated a technical support agent and managed to gain access to a user's computer. They proceed to update the HOSTS file to redirect websites such as those used for e-banking or cryptocurrencies to an illegitimate site that attempts to collect credentials. What attack changes HOSTS files and redirects users to a malicious website?
Pharming
What type of attack aims to trick individuals into sharing their sensitive data by posing as a trusted source?
Phishing
Which of the following vulnerabilities can cause a segmentation fault if a variable has a value of 0?
Pointer dereference
An external group of consultants that provides help on both the offensive and defensive side during a pen test could be described as which of the following?
Purple team
During the course of browsing the web, a home user ends up on a malicious web page that delivers malware. The malware enables the attacker to log in to the victim's system at any time and collect sensitive information such as keystrokes, usernames, and passwords. Which of the following BEST describes the method of attack here?
RAT
Which type of attack opens a backdoor into a system which an attacker can use to connect to the system at a later time?
RAT
Which of the following vectors is MOST likely to be used during the reconnaissance phase of a cyberattack?
Social media
A security auditor is reviewing Acme Inc. for their security posture and potential vulnerabilities. They are reviewing the lack of security controls in servers. Which of the following tools would they be MOST LIKELY to use to minimize impact on the systems being tested?
Vulnerability scanner
Out of curiosity, an administrator at a small business runs a vulnerability scanner on one of their servers and does not like the result. Their concern is that, without any appropriate discovery and documentation, the rest of the organization might be at risk.
Vulnerability scanning
Which type of attack takes advantage of a technology that allows inexperienced home users to easily connect to their wireless networks?
WPS attack
After performing a successful war driving effort, the attackers leave behind markings indicating their findings. Which of the following is used to tell attackers that there are open wireless connections at a particular location?
War chalking
An attacker determines which sites their victim likes to visit, and then plants malicious code in the site to infect the victim's computer. What type of attack is being executed?
Watering hole
A user recently reported an active infection and the system was quarantined. The administrator is explaining to a junior admin why they need to reinstall the operating system despite clearing the infection. Which malware does an attacker use to gain access to a system without alerting the administrator?
Backdoor
Which team may not be aware that a pen test is occurring?
Blue
While sitting in a coffee shop, an individual decides to play a prank. They send maintenance messages and other carrier codes to users in the shop to make their devices act strangely. Which attack is this person performing that sends messages to mobile devices to make it appear that they are malfunctioning?
Bluejacking
An attacker sends a command with characters to a web application that was not anticipating it. The application starts to exhibit unusual behavior and is becoming unresponsive. With a successful result, the attacker continues to send commands with unexpected data with malicious code attached in an attempt to get it to run. Which of the following BEST describes this scenario?
Buffer overflow
An administrator is interested in running a vulnerability scan on several of their systems. They want it to provide a much deeper picture of the security posture along with the most accurate result, with fewer false positives. Which of the following should they use?
Credentialed vulnerability scan
A user receives an email from a social media site indicating that they need to reset their password for security and to follow the link provided. The user clicks on the link, follows the prompts, and hits send. However, instead of the user's request command, the website sends its own command. It sends After clicking the link, the user is alerted that their account password has been changed and they are now locked out.
Cross-site request forgery (XSRF)
Of the following, which is a web application vulnerability that can be perpetrated when an attacker embeds malicious HTML or JavaScript into a website for it to execute when the victim visits the web page?
Cross-site scripting
Smith Industries provides a web store for their customers so that they can self-browse and order their various parts. Recently, they experienced an overwhelming load of traffic to their site that rendered it inoperable for a few days. During their investigation, a group of internet incident trackers tells Smith Industries that their site was the target of a group of infected computers that sent out millions of requests to cripple websites.
DDoS
Which type of attack involves directing a number of zombie systems to send requests to a server in order to take it offline?
DDoS
A developer is creating a new web application for Smith Design. They are working on the appropriate input handling to ensure that the application is secure. Which of the following is a proper form of error handling?
Display general errors to the users
A small business owner is configuring a domain for their website. They use their Gmail account as the registrant for the website; however, they do not check that account frequently. An attacker has been watching the small business owner, and through footprinting the owner's social media, they brute-force their way into the Gmail account. The attacker then resets the password on the registrant account, changes the domain ownership, and removes all email records.
Domain hijacking
An organization's server was compromised and subsequently used to send out large amounts of spam emails. As a result, normal emails from the organization are routinely blocked by their intended recipients. What could be responsible for legitimate emails not getting through?
Domain reputation
An attacker is targeting a victim with an older server running a critical business function. The attacker has programmed code that overtakes a piece of software that's meant to handle older protocols and redirect it to code that fills the gap. The attacker's code intercepts the system call and redirects it to the updated code as the original, but also sends the sensitive information to an address they control and monitor. Which of the following describes this attack?
Driver manipulation
An attacker is sifting through the trash bins outside of Acme Inc. in an effort to uncover some employee information that can be leveraged for a targeted phishing attempt. What type of attack is this?
Dumpster diving
You are a security administrator at Acme Inc. and are concerned with the threats that rely on the user, the human element, to succeed. Which of the following is the MOST effective method of preventing viruses and other attacks that involve computer operators?
Educating users about the risks
Which of the following principles works most effectively with shoulder surfing and tailgating?
Familiarity
Which of the following is NOT a common target of vulnerability scanning?
Firmware
After several scans, an attacker discovers a vulnerability that provides administrator access to a web server they've just attacked. They begin the process of gaining full access to the system to install additional software to prevent being locked out. Which of the following phases did the attacker just enter?
Initial exploitation
All threats to a business are important, but it is critical to understand which threats are more likely to occur, and to be severe when they do occur. Which of the following is the biggest threat to an organization's security?
Insider
Which of the following might pose a threat to an organization but without malice or intending to?
Insider threats
Which of the following types of vulnerabilities may be caused by choosing the wrong variable type for a value?
Integer overflow
Which of the following memory issues can cause a computer to run out of available memory?
Memory leak
Which of the following attacks takes advantage of weaknesses in how passwords are stored?
Rainbow table
A successful server attack has exfiltrated a username and password database, but the passwords are hashed for security so they are not readily decipherable. The attacker then attempts to use a password attack that has a large set of previously computed hash values. Which attack uses precalculated encrypted passwords in a lookup table?
Rainbow table attack
A user has reported that their system suddenly flashed a warning that their files have been locked, and they must send a Bitcoin payment to an address displayed on the screen. What type of malware restricts access to files until the victim sends a payment to the hacker?
Ransomware
Which of the following types of malware uses cryptography?
Ransomware
Which team color is assigned to the group simulating the attackers?
Red
Which of the following vectors can be used to attack systems protected by an air gap?
Removable media
An attacker is waiting near the car of Acme Inc.'s CEO. The CEO presses the remote unlock button for their car, but the attacker intercepts and captures the signal while blocking it from being sent to the car. The CEO finds it odd that it did not work, but presses the button again and the car unlocks. Later that night, the attacker appears at the CEO's home and uses the captured code to open the car and steal it. Which of the following is this an example of?
Replay attack
Which of the following impacts of a cyberattack is HARDEST to quantify?
Reputational
Which of the following threats is MOST likely to use off-the-shelf tools, like a booster or exploitation kit?
Script kiddies
Secure DevOps is becoming more prominent in organizations due to its flexibility and security-focused methodology. Being familiar with the concepts in Secure DevOps will help an administrator apply a better standard overall. One of the concepts in Secure DevOps is the use of tests programmed to run with minimal interaction in order to check code and ensure it does not introduce additional bugs or security flaws. Which of the following is the name applied to this concept?
Security automation
An attacker is sending links to users that use a browser exploit to capture session IDs stored in the user's cookies. The attacker then uses the session IDs to log in to users' e-banking sites and transfer money into the attacker's account. Which of the following BEST describes the attack in this scenario?
Session hijacking
An attacker has managed to extract a cookie from an organization's user and proceeds to use that cookie to impersonate the user and log in to a CRM that the organization uses. What type of attack is performed after stealing cookie data?
Session replay
The HR employees at Smith Consulting are often looking at sensitive information about employees, and the manager is concerned that individuals visiting the HR department may be able to obtain some of this confidential information directly from an HR person's computer screen.
Shoulder surfing
A user receives a call from an individual claiming to be a manager. They state that they urgently need information in order to close a business deal. The user trusts the caller and provides them with the information, only to learn it was used in an attack just a few days later. What do we call the act of manipulating users into revealing confidential information?
Social engineering
An attacker is trying to access a victim's network and discovers that there is MAC filtering and that static IP addresses are configured. In an effort to gain access, they manage to get a workstation removed from the network and then use that workstation's IP and MAC to falsify their identity on the network. What is the term given to an attack such as this that falsifies information, such as IP address, email, MAC address, or host name?
Spoofing
Which of the following vectors exploits trust relationships with third parties?
Supply chain
Danielle is walking to work and uses her badge to open the front door. As she walks in, an individual who is following close behind grabs the door so that they can gain access. What type of piggybacking is used without the employee's consent?
Tailgating
While using their computer, a user encounters a prompt that takes over their screen and displays a message which says that a virus has taken control of the system and encrypted all the user's files. After a few moments, a time clock appears on the screen displaying 72 hours, and the message changes to say that all files will be irreparably lost if the attacker is not paid in time. Which of the following principles is exploited in this scenario?
Urgency
Anders Insurance Agency has discovered that malware on one of their internal computers has been exfiltrating user information. But the malware is unfamiliar and not registering with their antivirus/anti-malware programs. They alert a cybersecurity agency, which investigates and discovers that the malware is originating from an infected government site for an insurance regulatory authority that Anders Insurance visits regularly. Which of the following is the BEST description of what has occurred?
Watering hole attack
Which of the following attacks does NOT involve sending an email or other message to a target?
Watering hole attack
A vulnerability scanner is testing for cross-site scripting (XSS) vulnerabilities. Which of the following is the scanner targeting?
Web application
A disgruntled administrator has just learned that they are going to be fired and has decided to try to take down the network before they storm out. They craft a packet with a spoofed IP address along with all the flags set and send it to the router, causing it to reboot. Which attack causes routers to reboot?
Xmas tree attack