Threats and Vulnerabilities - Security+
An IDS alerts on increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, what is the MOST likely explanation?
A DDoS attack. A distributed denial-of-service attack causes spikes in network traffic as multiple systems attempt to connect to a server and deplete the target's resources.
A user complains that his system is no longer able to access the blogs.getcertifiedgetahead.com site. Instead, his browser goes to a different site. What is the BEST explanation for this?
A pharming attack. A pharming attack attempts to redirect users from one web site to another web site. Although this is often done using DNS poisoning, it can also be done by rewriting the hosts file in a user's system.
Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What BEST describes this activity?
Advanced persistent threat.
What type of malware uses marketing pop-ups and does not attempt to hide itself?
Adware. Adware commonly causes pop-up windows to appear with marketing advertisements and adware doesn't try to hide itself.
Lisa recently completed an application used by the Personnel department to store PII and other employee information. She programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance on the application if necessary. What does this describe?
Backdoor. A backdoor provides someone an alternative way of accessing the system, which is exactly what Lisa created in this scenario.
A recent antivirus scan on a server detected a Trojan. A technician removed the Trojan, but a security administrator expressed concern that unauthorized personnel might be able to access data on the server. The security administrator decided to check the server further. Of the following choices, what is the admin MOST likely looking for on this server?
Backdoor. The security administrator is most likely looking for a backdoor because Trojans commonly create backdoors, and a backdoor allows unauthorized personnel to access data on the system.
Which of the following is an attack against a mobile device?
Bluejacking.
An attacker is able to access email contact lists on your smartphone. What type of attack is this?
Bluesnarfing. Attackers are able to access data on a smartphone in a bluesnarfing attack.
While reviewing logs for a web application, a developer notices that it has crashed several times reporting a memory error. Shortly after it crashes, the logs show malicious code that isn't part of a known application. What is MOST likely occurring?
Buffer overflow.
An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of x90 characters. What is MOST likely occurring?
Buffer overflow. Buffer overflow attacks include a series of no operation (NOP) commands, such as hexadecimal 90 (x90). When successful, they can crash applications and expose memory, allowing attackers to run malicious code on the system.
Recently, malware on a company computer destroyed several important files after it detected that Homer was no longer employed at the company. Which of the following BEST identifies this malware?
Logic bomb. A logic bomb executes in response to an event. In this scenario, the logic bomb is delivering its payload when it detects that Homer is no longer employed at the company.
Bart installed code designed to enable his account automatically, three days after anyone disables it. What does this describe?
Logic bomb. A logic bomb is code that executes in response to an event.
Which of the following is an attack against servers hosting a directory service?
LDAP. A lightweight Directory Application Protocol (LDAP) injection attack attempts to access data on servers hosting a directory service, such as a Microsoft domain controller hosting Active Directory.
Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe?
Tailgating.
Attackers have attacked an online web server using a SQL injection attack. Which of the following BEST describes this?
The attacker is attempting to pass commands to a back-end database server to access data. In a SQL injection attack, an attacker attempts to inject SQL commands into a query to access or manipulate data on a back-end database.
Which of the following types of malware is the MOST difficult to reverse engineer?
Armored virus. An armored virus uses one or more techniques to make it difficult for antivirus researchers to reverse engineer it.
After Maggie turned on her computer, she saw a message indicating that unless she made a payment, her hard drive would be formatted. What does this indicate?
Ransomware. Ransomware attempts to take control of a user's system or data and then demands ransom to return control.
An organization's security policy requires employees to incinerate paper documents. Of the following choices, which type of attack is this MOST likely to prevent?
Dumpster diving.
While cleaning out his desk, Bart threw several papers containing PII into the recycle bin. Which type of attack can exploit this action?
Dumpster diving.
You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring?
DDoS attack.
A recent spear phishing attack that appeared to come from your organization's CEO resulted in several employees revealing their passwords to attackers. Management wants to implement a security control to provide assurances to employees that email that appears to come from the CEO actually came from the CEO. Which of the following should be implemented?
Digital signatures. A digital signature provides assurances of who sent an email and meets the goal of this scenario.
An attacker is bypassing client-side input validation by intercepting and modifying data within the HTTP POST command. Which of the following does the attacker use in this attack?
Proxy.
A recent change in an organization's security policy states that monitors need to be positioned so that they cannot be viewed from outside any windows. What is the purpose of this policy?
Reduce success of shoulder surfing.
Some protocols include timestamps and sequence numbers. These components help protect against what type of attacks?
Replay. Timestamps and sequence numbers act as countermeasures against replay attacks.
A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the organization's internal network, using uncommon ports. Using a security toolkit, the administrator discovered the computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator has found?
Rootkit. A rootkit typically runs processes that are hidden and it also attempts to connect to computers via the Internet.
Your organization hosts a website within a DMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server?
SQL injection. A SQL injection attack allows an attacker to send commands to the database server to access data. Encryption protects it on the server and in transit, but the web server can decrypt it.
An application stores user passwords in a hashed format. Which of the following can decrease the likelihood that attackers can discover these passwords?
Salt. A password salt is additional random characters added to a password before hashing the password, and it decreases the success of password attacks.
Homer received an email advertising the newest version of a popular smartphone, which is not available elsewhere. It includes a malicious link. Which of the following principles is the email author using?
Scarcity. The attacker is using scarcity to entice the user to click the link.
A security administrator at a shopping mall discovered two wireless cameras pointing at an automatic teller machine. These cameras were not installed by mall personnel and are not authorized. What is the MOST likely goal of these cameras?
Shoulder surfing. Shoulder surfing is the practice of peering over a person's shoulder to discover information.
Marge reports that she keeps receiving unwanted emails about personal loans. What does this describe?
Spam. Spam is unwanted emails from any source.
Of the following malware types, which one is MOST likely to monitor a user's computer?
Spyware. Spyware monitors a user's computer and activity.
Security analysts recently discovered that users in your organization are inadvertently installing malware on their systems after visiting the comptai.org web site. Users have a legitimate requirement to visit the comptia.org web site. What is the MOST likely explanation for this activity?
Typo squatting. Typo squatting (or URL hijacking) uses a similar domain name to redirect traffic.
A network administrator needs to ensure the company's network is protected against smurf attacks. What should the network administrator do?
Verify border routers block directed broadcasts. Smurf attacks are blocked by preventing routers from passing directed broadcasts, especially border routers with direct access to the Internet.
A war driver is capturing traffic from a wireless network. When an authorized client connects, the attacker is able to implement a brute force attack to discover the encryption key. What type of attack did this war driver use?
WPA cracking. WPA cracking attack captures traffic and then performs an offline brute force attack to discover the encryption key.
A web developer is using methods to validate user input in a web site application. This ensures the application isn't vulnerable to all of the following attacks except one. Which of the following attacks are NOT prevented by validating user input?
Whaling.
Attackers are targeting C-level executives in your organization. Which type of attack is this?
Whaling. Whaling is a type of phishing that targets high-level executives, such as CEOs, CIOs, and CFOs.
While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent?
XSS. A cross-site scripting (XSS) attack can be blocked by using input validation techniques to filter special characters such as the < and > characters used in HTML code.
