30 - Questions - Security Threats
Match the example of threat vectors with its description.
Attackers create false identities on social networks, building and exploiting friend relationships with others on the social network. cognitive threats via social networks Attackers target operating systems on consumer devices, such as smartphones, tablets, and so on. consumer electronics exploits Attackers targeting virtual servers, virtual switches, and trust relationships at the hypervisor level. virtualization exploits Attackers try to exploit operating systems and applications that leave traces of data in memory, to fetch information directly from the volatile memory. memory scraping Attackers perform bus sniffing, altering firmware, memory dumping to find crypto keys, utilize hardware-based keyloggers, etc. hardware hacking
Which two options represent man-in-the-middle attacks? (Choose two.)
DHCP spoofing impersonating public WiFi network, while redirecting connected users to internet
You are working as IT security engineer and you are browsing through the sectools.org website to see the top network security tools, as well as find more details on each particular tool and read reviews for it. What is the initiative that runs this website?
Nmap Project
You plan to implement security measures that influence the feasibility of password brute force attacks. Which three options are most beneficial for this purpose? (Choose three.)
Specify a minimum length of a password, such as 8 to 12 characters. Implement account lock-out after a number of bad guesses. Implement password complexity, such as mandatory upper case, lower case, numeric, and special characters in the password.
What is a vulnerability that is susceptible to a buffer overflow attack?
The correct answer is "An application that expects the input to be within a certain size, but does not verify the size of input upon reception." When an application accepts input and expects the input to be within a certain size, but does not verify the size of input upon reception, it may be vulnerable to a buffer overflow attack. However, when a DHCP client can accept replies from any DHCP in the network, it is vulnerable to DHCP spoofing attack. A phishing attack includes sending an email to a user enticing him to click a link to malicious website. When a host's ports are detectable with port scan, the host can be susceptible to reconnaissance attack, but not to buffer overflow attack.
What is the most common type of spoofing?
The correct answer is "IP address spoofing." IP address spoofing is the most common type of spoofing in which attackers use source IP addresses that are different than their real IP addresses. Application spoofing, service spoofing, DHCP spoofing, or MAC address spoofing are less common spoofing attacks, because IP connectivity is widely available.
Which type of threat vector aims to attack power grids or nuclear plants?
The correct answer is "Infrastructure exploits." The disruption of critical infrastructure is a treat vector that encompasses targeted attacks that are aimed at the power grid, nuclear plants, and other critical infrastructure. However, virtualization exploits, consumer electronics exploits, and cognitive threats via social networks do not aim to attack power grids or nuclear plants.
Which option lowered the threshold of experience that is required for a novice attacker to perform sophisticated attacks?
The correct answer is "Metasploit." Metasploit provided a framework for advanced security engineers to develop and test exploit code, but it also lowered the threshold for experience required for a novice attacker to perform sophisticated attacks. On the other hand, the Nmap Project, Kali Linux, and Knoppix Security Tools Distribution assume that a person has basic knowledge and some experience, which is usually higher than the experience required for a novice attacker to perform sophisticated attacks with Metasploit.
How is spoofing used in a reflection attack?
The correct answer is "The attacker uses the IP address of the intended target as the source address of the packets it transmits." In a reflection attack, the attacker spoofs the source IP address such that each packet has the IP address of the intended target as the source address, rather than the IP address of the attacker. Therefore, the attacker does not modify the MAC address of the intended target or reflector, and it does not use the IP address of the reflector as the source address of the packets it transmits.
Which option regarding man-in-the-middle attacks is true?
The correct answer is "They can be implemented in many different scenarios." A man-in-the-middle attack is more of a generalized concept that can be implemented in many different scenarios than a specific attack. However, man-in-the-middle attacks are complex attacks, with the intent is to intercept and view the information being passed between the two victim devices and potentially introduce sessions and traffic between the two victim devices. Hence, these attacks do not always intend to modify data in transit, or to completely replace the destination device.
Which type of malware is known to create back doors to give malicious users access to a system?
The correct answer is "Trojan horse." Trojan horses create back doors to give malicious users access to a system. On the other hand, worms, viruses, and APTs are malware that does not have this functionality.
What does the no ip directed-broadcast command configured for an interface accomplish?
The correct answer is "broadcasts destined for the subnet to which that interface is attached will be dropped." With the no ip directed-broadcast command configured for an interface, broadcasts destined for the subnet to which that interface is attached will be dropped, rather than being broadcast. Therefore, this command does not drop unicasts destined to that interface, as well as multicasts in the subnet to which that interface is attached. Similarly, it does not drop multicasts and broadcasts in the subnet to which that interface is attached.
Which type of password attack is performed by computer programs called "password crackers" that systematically try every possible password until they succeed?
The correct answer is "brute force attack." Brute force password attacks are performed by computer programs called "password crackers," which systematically try every possible password until they succeeds. On the other hand, in an online password attack, an attacker makes repeated attempts to log in online in the system, while dictionary attacks use word lists to structure login attempts. During a guessing attack, an attacker can either manually enter passwords or use a software tool to automate the process.
In a reconnaissance attack, which type of activity typically follows a ping sweep?
The correct answer is "port scan." After ping sweeps discovers live hosts in a particular environment, the attacker can probe further by running port scans on the live hosts, to provide a complete list of all services running on the hosts. Therefore, internal reconnaissance, escalation of privileges, password attack, and DNS query are not typically performed after a ping sweep.
What is the primary difference between a DoS attack and a DDoS attack?
The correct answer is "the number of hosts from which they emanate." DoS and DDoS attack differ in the number of hosts from which they emanate. Thus, the manner in which they use botnets, the ability to crash a group of systems, and the types of systems that are vulnerable to them are similar in both attacks.
Which statement regarding a buffer overflow attack is correct?
When a buffer overflows due to buffer overflow attack, it overwrites adjacent memory.
You are reading an article in the news regarding a DNS amplification attack to a specific organization. The attack caused DDoS that made it impossible for anyone to resolve the organization's website IP address and access the website. Which statement regarding an amplification attack is correct?
a small forged packet elicits a large reply from reflectors
Match the key security concept with its description.
any circumstance or event with the potential to cause harm to an asset threat weakness that compromises either the security or the functionality of a system vulnerability mechanism that is used to leverage a vulnerability to compromise the security or functionality of a system exploit likelihood that a particular threat using a specific attack will exploit particular vulnerability risk methods and corrective actions that you can take to protect against threats, specific exploits, etc. mitigation techniques
Match the type of attack with its description.
emails sent to smaller, more targeted groups, even a single individual spear phishing emails sent to targeted groups of high profile individuals, such as top executives whaling Victims are lured by compromising name services. pharming leverages a compromised web server to target select group that visits this website regularly watering hole uses voice and the phone system as its medium vishing uses SMS texting as its medium smishing
Which two options are examples of a DDoS attack? (Choose two.)
large amounts of traffic sent to a website from different hosts large number of TCP connections to an email service from different hosts
You are asked to conduct a training session in your company to educate employees about social engineering attacks. Which is a common social engineering technique?
phishing
Which three represent common vectors that can inflict data loss and exfiltration regarding unauthorized transfer of company data? (Choose three.)
removable storage devices cloud storage devices email attachments
You want to display public information regarding your company's domain from the public DNS registries so you can see what information can be gathered by a reconnaissance attack on the DNS. Which two command-line tools can you use on a Microsoft Windows computer? (Choose two.)
whois nslookup
The anti-malware software in your company has discovered malicious software that replicated itself on several computers with functional copies that can cause the same type of damage. Which two malware types can compromise other systems? (Choose two.)
worm virus
You have detected that there is a rogue DHCP server in the local area network that replies to client DHCP requests before they reach the authentic DHCP server in the company. Which two options describe this type of attack? (Choose two.)
DHCP spoofing attack application/service spoofing
Which is a classic example of a DoS attack?
The correct answer is "TCP SYN flood." TCP SYN flood is a classic example of a DoS attack that exploits the TCP three-way handshake design by sending multiple TCP SYN packets with random source addresses to a victim host. However, CDP, ICMP, and UDP do not use three-way handshake and thus there is no SYNC attack using these protocols.
Which type of attack uses directed phone calls to employees to obtain relevant information?
The correct answer is "vishing." Vishing uses voice and the phone system as its medium to obtain relevant information from employees. On the other hand, spear phishing and whaling use emails to smaller, more targeted groups, or top executives of an organization respectively, while pharming lures victims by compromising name services.
You received an email from a vendor that you use in your company's IT system, stating that there is a discovered weakness in their software that compromises its functionality, and you must install a patch to resolve these issues. Which term defines this weakness?
The correct answer is "vulnerability." A vulnerability represents a weakness that compromises either the security or the functionality of a system, such as weakness in the software. A threat is any circumstance or event with the potential to cause harm to an asset, exploit is the mechanism used to use a vulnerability, while mitigation technique represents a method and corrective action you can take to protect against threats, different exploits, and so on.
Which three actions are examples of a social engineering attack? (Choose three.)
The correct answers are "leaving a USB key infected with auto-run malware in a public area," "developing fictitious personalities on social networking sites to obtain information from employees," and "visual hacking, where the attacker physically observes the victim entering credentials." Social engineering is manipulating people and capitalizing on expected behaviors, such as leaving a USB key infected with auto-run malware in a public area, expecting an employee to use it and infect its computer, developing fictitious personalities on social networking sites to obtain information from employees, and visual hacking, where the attacker physically observes the victim entering credentials. On the other hand, attacks that do not exploit human behavior, such as TCP SYN flood attack against company's website, employing password crackers techniques to guess employees' username and password, and DHCP spoofing attack where false DHCP server configures employees IP address, are not social engineering attacks.
Which two actions represent common vectors of data loss and exfiltration in a company? (Choose two.)
The correct answers are "using an unauthorized cloud storage service as a file storage and synchronization service of company data" and "using an unencrypted USB drive to transfer company data to work at home." Common vectors of data loss and exfiltration regarding data transfer from the organization without authorization include using an unauthorized cloud storage service as a file storage and synchronization service and using an unencrypted USB drive to transfer company data to work at home. However, browsing a website of partner company to locate relevant information does not perform an unauthorized transfer of company data, and using an encrypted USB drive with your own certificate to transfer company data to work at home and sending email with encrypted attachment using a certificate of the indented receiver, since only the certificate holders can access the data.
Even though the structure of an APT attack does not follow a blueprint and scenarios vary with circumstance, order each action in a sequence according to the APT common methodology.
The correct answers are: Step 1: initial compromise; Step 2: escalation of privileges; Step 3: internal reconnaissance; Step 4: lateral propagation, compromising other systems on track towards goal; and Step 5: mission completion. According to a common methodology, the APT attack starts with initial compromise of a system, followed by an escalation of privileges. Then, the malware performs internal reconnaissance, trying to find vulnerabilities in other systems in the network for lateral propagation. Finally, it compromises other systems on track towards its goal to complete its mission.