Security+ Lesson 2 Practice
True or false? Nation-state actors only pose a risk to other states.
False. Nation-state actors have targeted commercial interests for theft, espionage, and extortion.
An outside nongovernment-affiliated group posted a message online claiming responsibility for shutting down the pipeline of a large oil and gas company. The group claims to have performed this through a vulnerability in the company's supervisory control and data acquisition (SCADA) equipment that controls the flow through the pipes. What BEST describes this group of attackers?
Hacktivist
Which type of threat actor is primarily motivated by the desire for political change?
Hacktivist
The governmental organization in charge of managing the personnel records of the country's military service members reported that another country had accessed its database. Who BEST describes the adversary that breached the personnel records database?
Nation-State
A large multinational software company experienced a ransomware attack. After running a forensic audit and recovering data from backups, the company found that it was an organized, illicit, nonpolitical group that attempted to extort it. What describes the attack that occurred to the company?
Cybercrime
A purchasing manager is browsing a list of products on a vendor's website when a window opens claiming that antimalware software has detected several thousand files on their computer that are infected with viruses. Instructions in the official-looking window indicate the user should click a link to install software that will remove these infections. What type of social engineering attempt is this, or is it a false alarm?
This is a social engineering attempt utilizing a watering hole attack and brand impersonation.
A company's systems are disrupted by a ransomware attack launched via a vulnerability in a network monitoring tool used by the company's outsourced IT management. Aside from a software vulnerability, what part of the company's attack surface has been used as a threat vector?
This is a supply chain vulnerability, specifically arising from the company's managed service provider (MSP).
The help desk takes a call, and the caller states that she cannot connect to the e-commerce website to check her order status. She would also like a username and password. The user gives a valid customer company name but is not listed as a contact in the customer database. The user does not know the correct company code or customer ID. Is this likely to be a social engineering attempt, or is it a false alarm?
This is likely to be a social engineering attempt. The help desk should not give out any information or add an account without confirming the caller's identity
A large organization's security operations center (SOC) noticed in its Extended Detection and Response (XDR) antivirus software that a phished email gained access to the company ticketing system, then to the virtual private network (VPN) software, and lastly, to the company's file share. What did the SOC find?
Threat Vector
A large financial firm recently brought its information technology (IT) back in-house. It made this decision after facing issues with its third-party vendor not properly securing its systems from outside threats. What consideration did the financial firm deliberate regarding the managed service provider (MSP) and returning to IT in-house services?
To limit risks to supply-chain attacks.
A managed service provider (MSP) company decided to delay the implementation of new antivirus software for its clients after discovering that the vendor could not patch its software automatically. Why might a company NOT want software that is unable to update automatically?
It may not fix newly found vulnerabilities in a timely manner.
An employee unknowingly clicked on a malicious attachment but did not notice any issues right away and assumed nothing happened. A short while later, the security operations center received a notification of a virus attempting to access an IP address outside the company. What is the malicious attachment MOST likely doing?
Attempting to create a remote connection
A company policy states that any wire transfer above a certain value must be authorized by two employees, who must separately perform due diligence to verify invoice details. What specific type of social engineering is this policy designed to mitigate?
Business Email Compromise (Sophisticated campaign that targets specific individual within a company typically an exec or senior manager. Threat actor poses as colleague, business partner, or vendor Threat actor performs recon to obtain understanding of target and best psychological approach and pretexts to trick them)
A construction company that receives several emails with attachments from its vendors ran into an issue with one of the emails it received. A malicious actor created an email with an attachment that appeared to be from a known vendor. As a result, the malicious actor tricked an employee into clicking on that attachment. How did the malicious actor convince the employee to click on the attachment?
Email Lure
A company uses a popular password manager. It noticed unusual breaches in its systems and forced a password reset on all employees' accounts. What is a consideration when using third-party software for any computer function?
Every vendor is at risk of threats.
Your CEO calls to request market research data immediately be forwarded to their personal email address. You recognize their voice, but a proper request form has not been filled out and use of third-party email is prohibited. They state that normally they would fill out the form and should not be an exception, but they urgently need the data to prepare for a roundtable at a conference they are attending. What type of social engineering techniques could this use, or is it a false alarm?
If social engineering, this is a CEO fraud phishing attack over a voice channel (vishing). It is possible that it uses deep fake technology for voice mimicry. The use of a sophisticated attack for a relatively low-value data asset seems unlikely, however. A fairly safe approach would be to contact the CEO back on a known mobile number.
You receive an email with a screenshot showing a command prompt at one of your application servers. The email suggests you engage the hacker for a day's consultancy to patch the vulnerability. How should you categorize this threat?
If the consultancy is refused and the hacker takes no further action, it can be classed as for financial gain only. If the offer is declined and the hacker then threatens to sell the exploit or to publicize the vulnerability, then the motivation is criminal.
An accountant received a phone call from an individual requesting information for an ongoing project. The individual stated to be from a known vendor the company is working with. Before giving the information over, the accountant should protect against what?
Impersonation
A security engineer discovered that an active employee copied sensitive information from the company's shared drive and sold it online. What kind of actor describes this employee?
Insider Threat
A recently terminated employee copied sensitive information from the company's shared drive right before permanently leaving. This employee is what kind of threat to the company?
Internal An insider threat is someone within the company (internal) who intentionally or unintentionally increases risk or takes company data outside the organization's security controls.
An accounts payable clerk received an email requesting payment information for materials for an ongoing project. The email appears to be from a known vendor. Before giving the information over, what should the clerk protect against?
Phishing
A large multimedia company is experiencing a distributed denial of service (DDoS) attack that has led the company's platform to become unresponsive. Customers are submitting tickets complaining that they can no longer access the platform and cannot complete their work. What BEST describes what the company is going through?
Service Disruption
Which three types of threat actor are most likely to have high levels of funding?
State actors, organized crime, and competitors
A company uses stock photos from a site distributing copyright-free media to illustrate its websites and internal presentations. Subsequently, one of the company's computers is found infected with malware that was downloaded by code embedded in the headers of a photo file obtained from the site. What threat vector(s) does this attack use?
The transmission vector is image-based, and the use of a site known to be used by the organization makes this a supply chain vulnerability (even though the images are not paid for). The attack is also likely to depend on a vulnerability in the software used to download and/or view or edit the photo.
An information technology (IT) manager is trying to persuade the chief financial officer (CFO) to sign off on a new support and update contract for the company's virtualized environment. The CFO sees this as a waste of money since the company already has the environment up and running. The IT manager explained to the CFO that the company will no longer receive security updates to protect the environment. What describes the level of hazard posed by NOT keeping the systems up-to-date?
Risk. Risk is the level of hazard posed by vulnerabilities and threats. When a company identifies a vulnerability, it calculates the risk as the likelihood of exploitation by a threat actor and the impact of a successful exploitation.
Which of the following would be assessed by likelihood and impact: vulnerability, threat, or risk?
Risk. To assess likelihood and impact, you must identify both the vulnerability and the threat posed by a potential exploit.
An accountant received a phone call from an individual requesting information for an ongoing project. The call came from an unrecognized number, but the individual seemed believable and persuasive. Before giving the information over, what should the accountant protect against?
Social Engineering
A construction contractor received a phone call from a prospective client that the contractor's website looked off from what they expected. After an investigation, the construction company discovered that the prospect went to a similar-looking website but did not get to the real one. What caused the client to go to an incorrect website?
Typosquatting
A project manager's assistant received an email requesting information for an ongoing project. The email attempted to convince the assistant that the project would fail to complete on time if they did not receive the information. Before giving the information over, what should the assistant protect against?
Urgency
A company uses cell phones to provide IT support to its remote employees, but it does not maintain an authoritative directory of contact numbers for support staff. Risks from which specific threat vector are substantially increased by this oversight?
Voice Call: the risk that threat actors could impersonate IT support personnel to trick employees into revealing confidential information or installing malware
A local business received numerous complaints from frequent repeat customers about fraud occurring after they ordered delivery through the company's website. The company became a victim of what type of attack?
Watering Hole Attack
An employee reported seeing an individual outside the office drop a few thumb drives. The employee grabbed those devices and brought them to the information technology (IT) department. After conducting forensics on the devices using air-gapped machines, the IT team determined that the individual was trying to trick employees into plugging the devices into their computers to steal information. What was the malicious actor attempting on an unsuspecting employee?
A Physical Lure
A large multimedia company is in the process of creating a new marketing campaign for a soon-to-be-released movie. However, before releasing the campaign, the company noticed an increase in fake accounts mimicking it online with a similarly-looking campaign. What could the company do to mitigate this issue?
Check for brand impersonation
