1_5_2 Section 1 – Attacks, Threats, and Vulnerabilities - 1.5 – Threat Actors and Vectors - Attack Vectors
64 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary goal of an attacker when identifying attack vectors?

  • To close existing vulnerabilities
  • To watch for undiscovered attack vectors
  • To patch a lot of systems
  • To gain access to the target network or system (correct)
  • What is the significance of an attacker having physical access to hardware?

  • They can easily find a way into the operating system (correct)
  • They have limited attack vectors available
  • They cannot make changes to the administrative password
  • They can reboot the system into a particular administrative mode
  • Why are data centers usually highly secured?

  • To prevent unauthorized access to the operating system
  • To prevent physical access to the hardware (correct)
  • To watch for undiscovered attack vectors
  • To patch a lot of systems
  • What is the outcome if an attacker finds a single vulnerability?

    <p>They will have gained access to the target</p> Signup and view all the answers

    What is the role of a security professional in regards to attack vectors?

    <p>To watch for undiscovered attack vectors and patch existing vulnerabilities</p> Signup and view all the answers

    What can be done to an operating system if an attacker has physical access to the hardware?

    <p>The operating system can be accessed and changes can be made</p> Signup and view all the answers

    What is a common attack vector when administrators have direct access to a server?

    <p>Attaching a keylogger to a keyboard</p> Signup and view all the answers

    What is a type of attack where an attacker connects a flash drive to a server and copies files?

    <p>Direct access attack</p> Signup and view all the answers

    What is the potential threat in the supply chain of an organization?

    <p>Each step in the supply chain being an attack vector</p> Signup and view all the answers

    What is the purpose of an evil twin access point?

    <p>To emulate a legitimate access point and fool users</p> Signup and view all the answers

    How did the attackers gain access to Target's internal network in the 2013 credit card breach?

    <p>Using a third-party vendor that had access to the internal network</p> Signup and view all the answers

    What is a vulnerability that was found in many clients that used WPA2?

    <p>KRACK</p> Signup and view all the answers

    What was the purpose of the Stuxnet worm in 2010?

    <p>To disrupt a manufacturing process in Iran</p> Signup and view all the answers

    What is a common way for attackers to gather personal information through email?

    <p>By sending phishing links</p> Signup and view all the answers

    What was the issue with some Cisco switches in 2020?

    <p>They were not originating from Cisco</p> Signup and view all the answers

    What is a type of attack that involves physically accessing a server to steal data or cause harm?

    <p>Direct access attack</p> Signup and view all the answers

    What can attackers gather from social media?

    <p>A lot of information, including location and personal details</p> Signup and view all the answers

    What is a type of malware that is often attached to emails?

    <p>Malicious software</p> Signup and view all the answers

    How can attackers use social media information to attack multifactor authentication?

    <p>By using the information to reset passwords</p> Signup and view all the answers

    What is a way to prevent direct access attacks on a server?

    <p>Physically securing the server</p> Signup and view all the answers

    What is a way to gain access to data that may not normally be accessible?

    <p>Finding ways around existing security technologies</p> Signup and view all the answers

    What is a security risk of using default credentials on an access point?

    <p>It makes it easier for attackers to use</p> Signup and view all the answers

    What is a type of attack that can be used to circumvent existing security controls?

    <p>USB connection attack</p> Signup and view all the answers

    Why is email a successful attack vector for threat actors?

    <p>Because many people have an email account</p> Signup and view all the answers

    What is a feature of some USB devices that can be used to attack an organization?

    <p>They can act as a keyboard</p> Signup and view all the answers

    Why is it important to be careful about who you allow access to your data and social media accounts?

    <p>To avoid being attacked by someone pretending to be a friend</p> Signup and view all the answers

    What is the main concern when putting data in the cloud?

    <p>That the data is protected from unauthorized access</p> Signup and view all the answers

    How do attackers often gain access to cloud-based applications?

    <p>By using all of the above</p> Signup and view all the answers

    What is the purpose of a denial-of-service attack?

    <p>To disrupt the functionality of a cloud-based service</p> Signup and view all the answers

    Why are cloud-based applications more vulnerable to attacks?

    <p>Because they are publicly-facing</p> Signup and view all the answers

    What can happen if a cloud-based application is misconfigured?

    <p>Certain areas of data may be opened up for anyone to access</p> Signup and view all the answers

    What can an attacker do to a cloud-based service?

    <p>Increase the load on the service</p> Signup and view all the answers

    What is the primary goal of an attacker when identifying attack vectors?

    <p>To gain access to the target through a single vulnerability</p> Signup and view all the answers

    What is the main advantage of an attacker having physical access to the hardware?

    <p>They can reboot the system into a particular administrative mode</p> Signup and view all the answers

    What is the role of a security professional in regards to attack vectors?

    <p>To patch existing vulnerabilities and watch for new attack vectors</p> Signup and view all the answers

    What is the outcome if an attacker finds a single vulnerability?

    <p>The attacker can gain full access to the target</p> Signup and view all the answers

    Why are data centers usually highly secured?

    <p>To prevent unauthorized physical access to the hardware</p> Signup and view all the answers

    What do attackers spend a lot of time trying to find?

    <p>Vulnerabilities in the system</p> Signup and view all the answers

    What is a common attack vector that involves attaching a device to a keyboard?

    <p>Keylogger</p> Signup and view all the answers

    What is the main concern when it comes to wireless access points?

    <p>Preventing rogue access points</p> Signup and view all the answers

    What is an 'evil twin' access point?

    <p>A hacking tool designed to emulate a legitimate access point</p> Signup and view all the answers

    What is a type of attack that involves sending malicious emails to gather personal information?

    <p>Phishing</p> Signup and view all the answers

    What is the purpose of a keylogger?

    <p>To capture usernames and passwords</p> Signup and view all the answers

    What is a vulnerability that was found in many clients that used WPA2?

    <p>KRACK</p> Signup and view all the answers

    What is a type of attack that involves physically accessing a server to steal data or cause harm?

    <p>Direct access attack</p> Signup and view all the answers

    What is a common way for attackers to gain access to data?

    <p>All of the above</p> Signup and view all the answers

    What is a type of attack that involves sending a fake invoice to convince users to pay a bill?

    <p>Social engineering</p> Signup and view all the answers

    What is a way to prevent direct access attacks on a server?

    <p>Limiting physical access to the server</p> Signup and view all the answers

    What is a key consideration when using cloud-based applications?

    <p>The security of the application's configuration</p> Signup and view all the answers

    What is a common method used by attackers to gain access to cloud-based applications?

    <p>Using phishing techniques to obtain user credentials</p> Signup and view all the answers

    What is a potential consequence of a misconfigured cloud-based application?

    <p>Exposure of sensitive data to unauthorized users</p> Signup and view all the answers

    What is a type of attack that can be used to exhaust the resources of a cloud-based service?

    <p>Denial-of-Service (DoS) attack</p> Signup and view all the answers

    Why is it important to plan for denial-of-service attacks when using cloud-based applications?

    <p>To ensure availability of the application to users</p> Signup and view all the answers

    What is a key benefit of securing cloud-based applications?

    <p>Protecting sensitive data from unauthorized access</p> Signup and view all the answers

    What is the potential entry point for attackers in the supply chain of an organization?

    <p>Each step along the way in the supply chain</p> Signup and view all the answers

    What is an example of using the supply chain to disrupt a manufacturing process?

    <p>The Stuxnet worm in 2010</p> Signup and view all the answers

    What is a common way for attackers to gather information from social media?

    <p>By watching someone's timeline</p> Signup and view all the answers

    What is a potential consequence of an attacker gaining access to a network through a supply chain attack?

    <p>They can access all the devices on the network</p> Signup and view all the answers

    What is a feature of some USB devices that can be used to attack an organization?

    <p>Their ability to act as a keyboard</p> Signup and view all the answers

    What is a type of attack that involves using a fake device to gain access to a system?

    <p>USB drive attack</p> Signup and view all the answers

    What is a potential risk of using social media?

    <p>An attacker can gather information about you</p> Signup and view all the answers

    What is a way to circumvent existing security controls?

    <p>By finding ways around security technologies</p> Signup and view all the answers

    What is a potential consequence of an attacker gaining access to a system through a USB drive?

    <p>They can access and communicate with the system</p> Signup and view all the answers

    What is the main concern when it comes to the supply chain of an organization?

    <p>The security of the supply chain</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser