Midterm Review--Ch 1 and Ch 2
Which penetration testing consultants are not given any knowledge of the network nor any elevated privileges?
Black box
Threat actors focused on financial gain often attack which of the following main target categories?
Individual users
Which of the following tools can be used to scan 16 IP addresses for vulnerabilities?
Nessus Essentials
Which attack embeds malware-distributing links in instant messages?
Spim
Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company's IM account. Even though no one has clicked on the messages, they are spreading throughout the network. Which type of malicious activity is this?
Spimming
Which of the following is a primary difference between a red team and a white team?
The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing.
Which of the following is the most efficient means of discovering wireless signals?
War flying
Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test?
A vulnerability scan is usually automated.
Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability?
A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software.
Which threat actors sell their knowledge to other attackers or governments?
Brokers
Which of the following is a catalog used by vulnerability scanning software to identify vulnerabilities?
CVE
Which type of threat actor would benefit the most from accessing your enterprise's new machine learning algorithm research and development program?
Competitors
In an interview, the interviewer introduced the following scenario: An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur. Which of the following should you choose?
Configuration vulnerability
Your company recently purchased routers with new and updated features and deployed them in the highly secure enterprise network without changing the default settings. A few days later, the enterprise network suffered a data breach, and you are assigned to prepare a report on the data breach. Which of the following vulnerabilities should you identify as the source of the breach?
Configuration vulnerability
What is the primary difference between credentialed and non-credentialed scans?
Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials.
Which issue can arise from security updates and patches?
Difficulty patching firmware
Which of the following is a physical social engineering technique?
Dumpster diving
Which of the following is the most common method for delivering malware?
Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges?
Gray box
A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court's website was hacked, and the content was replaced with the text "Equal justice for all." Which of the following type of threat actors attacked the court's site?
Hacktivist
Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs. Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols?
Hacktivist
Hacktivists and state actors are huge threats to government systems. What is the main difference between hacktivists and state actors?
Hacktivists misuse a computer system or network for socially or politically motivated reasons, whereas state actors are covertly sponsored by a government to attack its foes.
Which of the following is considered an industry-specific cybersecurity regulation?
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker's instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials. Which of the following social engineering techniques was used here?
Impersonation and phishing
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance?
It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.
Which of the following computing platforms is highly vulnerable to attacks?
Legacy
Which of the following types of platforms is known for its vulnerabilities due to age?
Legacy platform
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed?
Look at the priority and the accuracy of the vulnerability
Keily is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase?
Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations
What is the fastest-running vulnerability scan, and why does this type of scan run so fast?
Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests.
Which of the following techniques is a method of passive reconnaissance?
Open Source Intelligence (OSINT)
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?
PCIDSS
An organization has decided to switch security responsibilities from a third party to internal security personnel due to the recent hike in demand for a provided service. As a result, you have been hired by the organization as a cybersecurity specialist. Which of the following will be your initial action for achieving enhanced security in the organization?
Perform an automated scan on the entire network.
Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming?
Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP.
While examining the results of a vulnerability scan, you are asked to tackle false positives and false negatives to ensure the accuracy of the result. Which of the following actions will you take?
Review logs
Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system. Which task should he perform next?
Robert should perform privilege escalation using a high-privileged account next.
Which of the following technologies can be used together for data management in security infrastructure and collecting and analyzing data.
SIEM and SOAR
In cybersecurity, a threat actor is an individual or an entity responsible for cyber incidents against the technical equipment of enterprises and users. How should you differentiate an attack by a script kiddie from that of a gray hat hacker?
Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world
Which operation is carried out by proactively searching security logs for cyber threats that have thus far gone undetected.
Threat hunting
What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation?
Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data
Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake. What type of malicious activity will this be considered?
Vishing
Your company is considering updating several electronic devices used in the enterprise network. The third-party service provider that your company approached says that they require access to the enterprise network in order to implement the updates. As the chief information security officer, you are asked to analyze the requirement and submit a report on potential vulnerabilities when giving a third-party access to the network. Which of the following vulnerabilities should you list as the most likely to affect the enterprise network?
Weakest link
