Domain 2.0 Threats, Vulnerabilities, and Mitigations Assessment

A recent cyberattack led to massive disruptions in a country's power grid, causing widespread blackouts and significant economic and social damage. The country's cyber team traced the attack to a hostile nation-state's cyber warfare division. In this case, what is the primary motivation of the perpetrators?

A. War

A software technician presents a forum on sideloading and jailbreaking to a group of new mobile users. Which of the following points will the technician include in their discussion of the use of jailbreaking? (Select the two best options.)

A.It is a method used to gain elevated privileges and access to system files on mobile devices. B.It allows users to install unauthorized applications and customize device appearance and behavior.

A healthcare provider suddenly receives a threat from an unknown source claiming to have obtained sensitive patient data. The anonymous actor demands a significant sum of Bitcoin, threatening to release the information publicly if the provider does not make payment. This kind of scenario BEST exemplifies which threat motivation?

Blackmail

An organization is experiencing an attack where the attackers break into the premises and cabinets by forcibly breaking locks. What BEST describes the observed attack?

Brute force

The server manager of a tech company observes an increase in server resource consumption, unusual system behavior, and increased network traffic, which is not proportional to the workload on the server. Which of the following is the MOST plausible cause for these observations? Radio-frequency ID cloning Malware infection Concurrent session usage Resource consumption

C.Concurrent session usage ( WRONG ANSWER)

Which of the following is an example of a watering hole attack?

Compromising a site often visited by a target group to breach their devices.

An IT team diligently works to ensure their systems and networks remain secure. The primary focus is relationships with external entities such as the service provider who hosts their web-based applications, the hardware provider that furnishes their server equipment, and the software provider supplying them with operating system licenses. When an enterprise's IT security posture depends on external entities, what should the IT team prioritize to ensure continued security?

Conduct thorough audits of service, hardware, and software providers regularly.

The cybersecurity team at a large company has recently uncovered evidence of a successful malicious cryptographic attack on their data servers facilitated by a misconfiguration in the cryptographic systems. What is the MOST appropriate initial response that the team should employ to address this critical security issue?

Correct the misconfiguration, implementing secure cryptographic controls.

What type of attack takes content from a local system, encrypts it, and sends it to the attacker's server via HTTP over port 80?

Data exfiltration

A global technology firm detected unauthorized access to its proprietary designs for an upcoming product. The intruders remained undetected for an extended period and extracted a large volume of confidential data without disrupting the company's operations. This stealthy, long-term breach aimed at acquiring secret information aligns BEST with which type of threat motivation?

Espionage

What technique does the threat actor use in a Bluetooth network attack to transmit malicious files to a user's device?

Exploiting vulnerabilities or misconfigurations in the Bluetooth protocol

In a recent incident, a hacker group infiltrated a global financial institution's systems and stole the credit card information of millions of customers. The valuable information was soon available on the dark web. Based on the scenario, what is the MOST likely motivation of the hacker group?

Financial gain

The security team in a financial organization identified a zero-day vulnerability that enables cross-site scripting (XSS) attacks on its internal web portal. The chief information security officer (CISO) instructs the team to take immediate action. Which action most effectively minimizes the threat from the zero-day vulnerability and the potential XSS attacks?

Implement a web application firewall (WAF).

An e-commerce company recently identified suspicious activity on its web-based application, suggesting a zero-day exploit. The security team suspects that a vulnerability in the application might be under active exploitation by malicious actors before the company identified and patched it. With no known fixes available for a zero-day exploit, what should be the initial course of action for the security team to minimize potential damage and safeguard the application and its users?

Implement intrusion detection systems and application firewalls.

An organization's IT security team has discovered that a recent software update, unknowingly deployed, contained a zero-day exploit. This vulnerability has now made the company's systems susceptible to potential unauthorized access. Which of the following immediate actions should the security team execute to manage this zero-day exploit situation?

Isolate the impacted systems and apply a patch or remediation strategy.

A cloud security firm is facing a cybersecurity challenge where some of its critical software applications are no longer supported by vendors, making them vulnerable to potential exploits. The IT team is exploring various strategies to mitigate the risk posed by these unsupported apps. What is the MOST effective approach to enhance the security posture?

Isolating unsupported apps from other systems to reduce the attack surface.

A systems administrator notices that several user accounts are frequently getting locked out. Simultaneously, during these lockout instances, the system did not record any logs. Which of the following is the MOST likely explanation for the lack of logs during these events?

Log tampering or deletion

An organization observes several computer systems in a secured area showing signs of damage, having various cables disconnected, or hardware component tampering. Which type of attack is likely responsible for these issues?

Physical attacks

A multinational corporation recently fell victim to a series of cyberattacks, disrupting services and leading to significant financial losses. After an investigation, the corporation found that these attacks were part of a systematic campaign to undermine the corporation's market position. The highly sophisticated attacks suggest the involvement of a well-resourced entity with specific strategic objectives. Which of the following motivations BEST describes this scenario?

Political

A cybersecurity analyst for a large organization permits employees to use Instant Messaging (IM) services on their devices. Despite using encryption, the analyst's concern is the potential software vulnerabilities and difficulty scanning messages and attachments for threats. Which actions should the cybersecurity analyst use to address this concern?

Regularly update and patch the Instant Messaging apps to address any known software vulnerabilities.

A large corporation is assessing its cybersecurity practices by focusing on potential security risks linked to hardware and firmware within the company's extensive network of computer systems. For the IT department, which of the following strategies MOST effectively mitigates the risks related to hardware and firmware security vulnerabilities?

Regularly update firmware to the latest, most secure versions.

What social engineering attack relies on targeting individuals who frequent an unsecured third-party website to compromise their computers and gain access to a specific organization's systems?

Watering hole