Quizzes: Analyzing Attacks on Computing and Network Environments
Which ISO standard provides best practices and guidance for applying security controls to information systems?
27000 series
_____ _____ is a type of attack in which the attacker redirects an IP address to a MAC address that was not the IP address' intended destination.
ARP poisoning
As a security administrator, you are explaining to management the importance of performing routine vulnerability assessments on systems, applications, and other devices. The assessment would include current operational readiness and configuration state to measure the organization's adherence and compliance to security requirements. What is the primary purpose of a vulnerability assessment?
Assists in communicating details of an incident if that incident is deemed criminal in nature.
Upon arriving to the main office, an employee finds a discarded USB stick labelled "Best HipHop Hits of 2016" in the parking lot. The employee shows her ID to the security guard and then plugs the USB stick into her company desktop. But when she explores the USB storage, she finds no music files and her computer begins to behave strangely. Which social engineering technique was used to compromise the employee's machine?
Baiting
Rootkit
Code that is intended to take full or partial control of a system at the lowest levels
Logic Bomb
Code that sits dormant on a target computer until it is triggered by a specific event
You are running a basic network vulnerability scan using the Nessus tool. The report is summarized as follows: Based on this output, what should be your remediation strategy for the system?
Consider the three higher-level host vulnerabilities for possible remediation.
A company failed to safeguard customer information against a known, preventable vulnerability. This data breach was then reported in major media outlets. What is the greatest long-term risk to the company?
Consumers will lack trust in the company's ability to safeguard their data going forward.
Which of these vulnerability tools is used to discover application-specific vulnerabilities that may expose sensitive data?
Fuzzer
Virtualization can centralize and simplify machine-level security because of the ease in configuration and maintenance. There are, however, some attacks that specifically target virtualized environments. One particularly dangerous threat is known as hyperjacking. Which aspect of virtualization is vulnerable this type of attack?
Hypervisor
Users of websites have a right and reasonable expectation of privacy when submitting personal information to companies that require it for access. This is common among medical, educational, or financial services, to name a few. Which types of information must you, as a security professional, take extra measures to protect from theft, fraud, and sale? (Choose all that apply.)
Last name and city of residence Driver's license number Social Security Number Credit card number
You are a network security analyst for your company. You perform the following scan from a remote machine: nmap -sX 141.8.225.72 You use Wireshark to capture the response packets. How do you determine which ports are open?
On Linux/Unix machines, there is no response.
Your organization will be launching a retail website that will handle cardholder data. Which regulation should you recommend following to avoid any potential fines due to a data breach?
PCI-DSS
_____ _____ are leftover pieces of information on a storage medium even after basic attempts have been made to remove that data.
Data remnants
A hacker searches a web server to find an executable file that he will use to compromise the underlying operating system. To ensure the attack was effective, the attacker gained access to the root to make virtually any file available. Which type of attack did the hacker use?
Direct traversal
_____ _____ is the practice of accessing a file from a location that the user is not authorized to access.
Directory traversal
Assume that your company's network has been attacked in such a way that the network is running extremely slow and users are unable to access any website. Given this scenario, what type of network attack has your company most likely experienced?
DoS attack
Traditional phishing techniques are still effective in tricking users to provide their valuable financial, personal, and medical data. But pharming is a more sophisticated and devious social engineering attack. How does pharming differ from traditional phishing?
The target URL is legitimate and authentic.
Security administrators must keep current with the attack strategies. One such strategy is the watering hole attack, where an attacker infects an organization's frequently used sites with malware. What is the purpose of the watering hole attack?
To compromise the security of computers within the organization
Over the past few weeks, several employees in your company received email messages threatening to post embarrassing pictures on their social media channels. In these messages, the sender provided copies of social security numbers and other sensitive PII. The hacker stated he has stolen company data and compromised company systems. Based on this evidence, which hacker motivation is the most likely?
To identify possible service misconfigurations and missing patches or critical updates on systems
Many hackers use malicious links to lure their victims to a site that, at a casual glance, looks legitimate. However, if users used a bit of extra precaution before clicking a malicious link, they could drastically reduce the chance of launching malware. Which simple precautionary action should a user take?
Verify the source URL behind the link.
From the standpoint of business continuity, which of the following questions is critical to ask during a vulnerability assessment?
What is the operational impact to target systems?
A corporate office has the following assets and safeguards: Entrances restricted to employees with RF-enabled ID badges Local Wi-Fi network with wireless access points configured with access control lists Workstation computers protected by strong password and lockout policies Endpoint protection software to detect anomalous or malicious software activity You need to identify potential vulnerabilities in the office. Which of the following attacks exploit a user vulnerability? (Choose all that apply.)
Phishing/vishing Tailgating/piggybacking
Over the past few weeks, several employees in your company received email messages threatening to post embarrassing pictures on their social media channels. In these messages, the sender provided copies of social security numbers and other sensitive PII. The hacker stated he has stolen company data and compromised company systems. Based on this evidence, which hacker motivation is the most likely?
Power
You have a web application that is vulnerable to SQL injection attacks. Which of the following exploits could an attacker perform against this vulnerability? (Choose all that apply.)
Read and write system files Delete and modify customer records Harvest and crack password hashes
A hacktivist group has targeted government servers to bring down a public-facing website. The group operates a botnet through a Trojan command and control center. Which of the following techniques could they use? (Choose all that apply.)
Resource exhaustion Buffer overflow SYN flood
You are performing forensic analysis on a compromised system. You find significant evidence left behind that will enable you to trace the attack back to its origin and identify the hacker. Which type of hacker most likely compromised the system?
Script kiddie
A(n) _____ attack is one in which an attacker takes advantage of the trust established between an authorized user of a website and the website itself.
XSRF
A(n) _____ _____ is all of the various vulnerable points in a system through which an attacker can launch an attack.
attack surface
In which of the following attacks does the attacker add a file to the running process of a web app or website?
file inclusion attack
A(n) _____ _____ is a type of brute force attack in which an attacker attempts to crack a password by using placeholders for predictable values based on typical user behavior when it comes to designing passwords.
masked attack
A _____ attack is one ion which an attacker injects malicious code or links into a website's forums, databases, or other data.
stored
As a security analyst, you work for a government contractor. Your company conducts large-scale real estate development projects across the world. Which group of hackers is the most likely to damage your company's IT assets?
State-sponsored hackers
Which of the following are possible goals for a professional hacker performing an attack against a company or an individual? (Choose all that apply.)
Stealing IP to sell information to competitors Posting private information, such as PII, in order to harm the victims
Trojan horse
Hidden malware that causes system damage or gives an attacker a platform for monitoring and/or controlling a system
A corporate network requires remote Windows clients to use a secured virtual private network (VPN) to access internal resources. Which of the following configurations is most vulnerable to man-in-the-middle (MiTM) attacks?
EAP-MSCHAPv2
The DDoS attack that targeted the Internet performance company Dyn in October of 2016 incurred significant costs. High-profile customers like Amazon, BBC, HBO, and Netflix are estimated to have lost tens of millions of dollars. Subsequently, Dyn lost approximately 14,500 accounts or 8% of their customers due to the attack. The botnet network responsible for the attack leveraged a malware known as Mirai, which is known to be installed on DSL modems. Which of the following vulnerabilities does it exploit? (Choose all that apply.)
Insecure command output NTP server configuration
Worm
Malware that requires no human intervention to replicate across a system
An attacker is gathering information on a targeted company. The gathered information includes the HTML code behind the company's public website, IP addresses found in Whois records, SEC filings, and LinkedIn profiles of top-level executives. The attacker is also employing tools like Netcraft and Maltego. For which purpose is the attacker performing these activities?
The attacker is footprinting the company.
