CSS 200 chapter 1
Which of the following describes state actors using advanced tools to infect a system to silently and slowly extract data?
Advanced persistent threat (APT)
Which of the following is a social engineering attack that uses social media and other sources to achieve its goal?
Hybrid warfare influence campaign
Over the last few years, an organization has brought up the need to replace old systems. While the organization has made these old systems function with various workarounds, custom middleware applications, and other methods to make up for their shortcomings, it has become increasingly apparent that they need to be replaced soon. Which of the following security concerns does the company face if they continue to use the outdated systems? The age of the systems means they run on outdated OSs that are no longer supported, making security updates impossible to install. The age of the systems means they use insufficient hardware, making it impossible to secure communications between them and more modern devices. The age of the systems means they are accessible from virtually anywhere, making them vulnerable to security breaches from outside actors. The age of the systems means they need numerous entry points from the outside, making the platforms' security impossible to configure.
The age of the systems means they run on outdated OSs that are no longer supported, making security updates impossible to install.
A weakest link vulnerability can be caused by mismanagement of which of the following?
Vendor management
Unsecure protocols are classified as which type of vulnerability?
configuration vulnerability
Recently, a computerized electrical power supply unit failed due to a cyberattack. This resulted in a power grid disruption for an entire region of the country. In your study on the attack, how should you categorize the threat actor(s)?
cyberterrorist
What is it called when a threat actor takes information for the purpose of impersonating someone?
identity theft
MegaCorp is a multinational enterprise. Their customer payment files were recently stolen and sold on the black market. Customers have reported that their credit cards are being charged for fraudulent purchases made in countries where they do not live and have never been. What is the most likely impact on MegaCorp from this attack?
reputation loss
A threat actor employed by the victimized organization is referred to as which of the following? Competitor Broker Shadow IT Cyberterrorist
shadow IT
Your company's Accounts Payable department reports that an invoice was marked as paid, but the vendor has shown proof they never received any of the $783,296 payment. Accounts Payable confirms that the amount was deducted from the company's accounts, but the recipient account number does not match the vendor's. After an investigation, you discover that the invoice was paid by the Chief Financial Officer. He says he paid the invoice after receiving an after-hours, past-due invoice from the vendor claiming that they would be filing a civil action in court the next morning. Rather than wait for Accounts Payable to come in the next day and verify the invoice date, the CFO immediately paid the full amount. Which type of social engineering attack was your company most likely the victim of?
whaling
