Chapter 2 Quiz prep
You have just discovered that a hacker is trying to penetrate your network using MAC spoofing. Which of the following BEST describes MAC spoofing?
Changing a hacker's network card to match a legitimate address being used on a network.
There are five phases in the security intelligence life cycle. During which phase do you gather and process information from your internal sources, such as system and application logs?
Collection
Which type of security control identifies, logs, and reports incidents as they happen?
Detective
A list of actions and objectives taken to mitigate risk is known as a:
Framework
Which of the following motivates attackers to use DoS and DDoS attacks?
Hacktivism, profit, and damage reputation
Which items should be included in data retention standards?
How long to store data How data should be destroyed
Which security control category controls system oversight?
Managerial
Which enumeration process tries different combinations of usernames and passwords until it finds something that works?
Brute force
Restoring data from backup is an example of which type of security control?
Compensating
Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the BEST option for preventing this from happening?
Configure the device to remotely wipe as soon as it is reported lost.
Which of the following BEST describes the key difference between DoS and DDoS?
DDoS has attackers using numerous computers and connections.
During which phase of the Kill Chain framework is malware code encapsulated into commonly used file formats, such as PDF files, image files, or Word documents?
Weaponization
You are looking through your network usage logs and notice logins from a variety of geographic locations that are far from where your employees usually log in. Could this be a problem and why?
Yes. Logins from strange geographical locations can show that a hacker is trying to gain access from a remote location.
Which of the following operating systems is the most prevalent on the smartphone market?
Android
Which threat modeling measurement is used to describe how an attack can exploit a vulnerability?
Attack vector
Threat actors can be divided into different types based on their methods and motivations. Which type of hacker usually targets government agencies, corporations, or other entities they are protesting?
Hacktivist
What seven-phase framework did Lockheed Martin develop to identify an attacker's step-by-step attack process?
Kill Chain
Which framework includes the Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives phases?
Kill Chain
Which type of testing is typically done by an internal tester who has full knowledge of the network, computer system, and infrastructure?
Known
Which of the following Bring Your Own Device (BYOD) risks is both a security issue for an organization and a privacy issue for a BYOD user?
Mixing personal and corporate data
Which type of test simulates an insider threat by giving the tester partial information about the network and computer systems?
Partially known
Threats that do not have an existing fix, do not have any security fixes, and do not have available patches are called what?
Zero-day threats
Which security function identifies and evaluates threats in hopes of reducing their impact?
Risk management
Which of the following can void a mobile device's warranty, cause poor performance, or brick a mobile device (making it impossible to turn on or repair)?
Rooting or jailbreaking
Mary has been receiving text messages that contain links to malicious websites. Which type of attack is Mary a victim of?
SMiShing