Cybersecurity Attacks and Vulnerability Testing Quiz

Questions and Answers

Which of the following is being described when a security professional develops and publishes a password policy specifically tailored to a company, and enforces the policy through technical means?

• Creating security benchmarks
• Applying vendor-specific configurations
• Developing regulatory frameworks
• Implementing security control diversity (correct)

University A wants to partner with University B to allow its students who are taking classes at University B to sign into both university's wireless network and VPN services with their home university credentials. Which of the following should be implemented to achieve the desired results?

• SAML (correct)
• Wildcard certificates
• RADIUS federation
• OAuth 2.0

A security analyst finished drafting an official response to a security assessment report, which must be sent to the head of the auditing department. The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message?

• Encrypt the message and upload it to a secure file-sharing service
• Compress the message and password-protect the file
• Redact sensitive information and password-protect the file
• Encrypt the message and digitally sign it (correct)

Which of the following is being described when a malicious host is performing a MITM attack?

Users are running port scans on the network (B)

Which of the following is being described when a worm is attacking the network?

An amplified DDoS attack is in progress (A)

Which of the following is being described when an amplified DDoS attack is in progress?

A malicious host is performing a MITM attack (A)

Which of the following is being described when a race condition is being leveraged?

A worm is attacking the network (B)

Which of the following is being described when users are running port scans on the network?

A malicious host is performing a MITM attack (A)

What is the immediate NEXT step the technician should take after discovering a crypto-virus infection on a workstation with access to sensitive remote resources?

Disable the network connections on the workstation (D)

What is the BEST method for Joe, the backup administrator, to use to reduce the restoration time of physical servers?

Snapshots (C)

Which of the following settings would BEST ensure the new wireless encryption requirements, which mandate the use of AES, are met?

Configure CCMP (D)

What differentiates ARP poisoning from a MAC spoofing attack?

ARP poisoning uses unsolicited ARP replies (D)

What is the purpose of the checksum values provided on the download page for the organization's core switch software?

To verify the integrity of the downloaded files (C)

What is the primary difference between SaaS, IaaS, and MaaS?

SaaS is software-based, IaaS is infrastructure-based, and MaaS is management-based (A)

What is the main difference between a private cloud and a hybrid cloud?

Private clouds are dedicated to a single organization, while hybrid clouds combine private and public cloud resources (B)

What is the primary purpose of using a differential backup strategy?

To ensure that all changes since the last full backup are captured (D)

Which type of penetration testing is best identified when the client does not share any information related to the environment to be tested?

Black box (B)

What is the GREATEST ongoing risk after a vulnerability is discovered in an IoT system?

Retinal scan (C)

Which of the following is a type of authentication factor?

All of the above (D)

Which of the following is a type of penetration testing approach?

All of the above (D)

Which of the following is a type of security incident response team?

CSIRT (D)

Which of the following is a type of authentication method?

All of the above (D)

Which of the following is a type of security testing approach?

All of the above (D)

What type of attack has most likely occurred when a Chief Executive Officer receives an email instructing to update account credentials?

Spear phishing (D)

In the scenario described, what type of malware could be responsible for locking files and demanding payment in Bitcoin?

Ransomware (B)

Which authentication protocol would be the BEST choice for mutual authentication, SSO, smart card logons, and high security in file-sharing?

Implement Kerberos (A)

What method would internal security teams use to assess the security of internally developed applications?

Credentialed vulnerability scan (D)

What is the likely reason for other users in the organization losing the ability to open files on the server after one user clicked on a malicious file?

Botnet propagation (B)

Which type of attack involves sending deceptive emails to trick individuals into revealing sensitive information like passwords or account details?

Spear phishing (D)

What type of malware is designed to disrupt normal network traffic or services by overwhelming a system with an excessive amount of traffic requests?

DDoS attack (D)

Which authentication method is typically used for secure wireless networks and is not suitable for mutual authentication?

WPA2-PSK (D)

Which architecture concept would BEST accomplish isolating resources for each department while allowing communication to central servers?

Network segmentation (C)

If a user was complying with the Acceptable Use Policy (AUP), what is the MOST likely cause for the proxy server log event indicating the user was repeatedly violating content standards?

The user's computer was infected with adware (A)

Which of the following controls BEST describes the policy of requiring all employees to have their badges rekeyed at least annually?

Administrative (D)

What information is the remote intruder looking for by exploiting the network to inventory software versions?

Vulnerabilities to exploit (B)

Which of the following architecture concepts would BEST accomplish isolating resources for each department while allowing communication to central servers?

Network segmentation (A)

If a user was complying with the Acceptable Use Policy (AUP), what is the MOST likely cause for the proxy server log event indicating the user was repeatedly violating content standards?

The user's computer was infected with adware (A)

Study Notes

Network Security

• A malicious host performing a MITM attack, an amplified DDoS attack, or a worm attacking the network can be identified through port scans.
• A security professional develops and publishes a password policy tailored to a company and enforces it through technical means, implementing security control diversity.

Single Sign-On (SSO) Services

• University A offers an AAA-based SSO service allowing students to access wireless and VPN services with standard university credentials.
• To partner with University B, RADIUS federation should be implemented to allow students to sign into both universities' wireless network and VPN services with their home university credentials.

Secure Communication

• To assure the authenticity and confidentiality of an official response to a security assessment report, digital signatures and encryption should be used.
• A security analyst should use digital signatures to authenticate the sender and ensure the contents remain confidential.

Incident Response

• Upon discovering a crypto-virus infection on a workstation with access to sensitive remote resources, the immediate next step is to disable the network connections on the workstation.
• In a security breach, lessons learned documentation should include details of communication challenges, man-hours, and costs associated with the breach, as well as suggestions for improved monitoring and auditing of system access.

Penetration Testing

• A black box penetration test involves no prior knowledge of the environment to be tested.
• In a black box penetration test, the tester has no information about the environment, similar to a real-world attack scenario.

IoT Systems

• After a vulnerability is discovered in an IoT system, the greatest ongoing risk is credentialed vulnerability scanning.

Email Attacks

• An email directing the CEO to click on a link to update account credentials is likely a spear phishing attack.

Ransomware and Malware

• A user unable to open a file with a grayed-out icon and a lock, with a pop-up message demanding payment in Bitcoin to unlock the file, has likely been affected by ransomware or crypto-malware.

Authentication Protocols

• Kerberos is a protocol that provides mutual authentication, SSO, and smart card logons, making it suitable for securely authenticating clients in a file-sharing protocol.

Network Architecture

• Network segmentation is an architecture concept that allows departments to isolate their resources while still communicating with central servers.

Security Assessments

• Internal security teams use penetration testing to assess the security of internally developed applications.
• Password cracking methods can be slowed down using PBKDF2, Bcrypt, and other algorithms.

Risk Assessment

• To determine the Annualized Loss Expectancy (ALE) of a particular risk, the Single Loss Expectancy (SLE) and Annualized Rate of Occurrence (ARO) must be calculated.

Access Control

• A policy requiring employees to rekey their badges at least annually is an administrative control.

Description

Test your knowledge on cybersecurity attacks and vulnerability testing with this quiz. Identify the types of attacks based on given scenarios, and understand different methods of vulnerability testing. From phishing attacks to penetration testing, this quiz covers a range of topics in cybersecurity.