64 Questions
What is the primary goal of an attacker when identifying attack vectors?
To gain access to the target network or system
What is the significance of an attacker having physical access to hardware?
They can easily find a way into the operating system
Why are data centers usually highly secured?
To prevent physical access to the hardware
What is the outcome if an attacker finds a single vulnerability?
They will have gained access to the target
What is the role of a security professional in regards to attack vectors?
To watch for undiscovered attack vectors and patch existing vulnerabilities
What can be done to an operating system if an attacker has physical access to the hardware?
The operating system can be accessed and changes can be made
What is a common attack vector when administrators have direct access to a server?
Attaching a keylogger to a keyboard
What is a type of attack where an attacker connects a flash drive to a server and copies files?
Direct access attack
What is the potential threat in the supply chain of an organization?
Each step in the supply chain being an attack vector
What is the purpose of an evil twin access point?
To emulate a legitimate access point and fool users
How did the attackers gain access to Target's internal network in the 2013 credit card breach?
Using a third-party vendor that had access to the internal network
What is a vulnerability that was found in many clients that used WPA2?
KRACK
What was the purpose of the Stuxnet worm in 2010?
To disrupt a manufacturing process in Iran
What is a common way for attackers to gather personal information through email?
By sending phishing links
What was the issue with some Cisco switches in 2020?
They were not originating from Cisco
What is a type of attack that involves physically accessing a server to steal data or cause harm?
Direct access attack
What can attackers gather from social media?
A lot of information, including location and personal details
What is a type of malware that is often attached to emails?
Malicious software
How can attackers use social media information to attack multifactor authentication?
By using the information to reset passwords
What is a way to prevent direct access attacks on a server?
Physically securing the server
What is a way to gain access to data that may not normally be accessible?
Finding ways around existing security technologies
What is a security risk of using default credentials on an access point?
It makes it easier for attackers to use
What is a type of attack that can be used to circumvent existing security controls?
USB connection attack
Why is email a successful attack vector for threat actors?
Because many people have an email account
What is a feature of some USB devices that can be used to attack an organization?
They can act as a keyboard
Why is it important to be careful about who you allow access to your data and social media accounts?
To avoid being attacked by someone pretending to be a friend
What is the main concern when putting data in the cloud?
That the data is protected from unauthorized access
How do attackers often gain access to cloud-based applications?
By using all of the above
What is the purpose of a denial-of-service attack?
To disrupt the functionality of a cloud-based service
Why are cloud-based applications more vulnerable to attacks?
Because they are publicly-facing
What can happen if a cloud-based application is misconfigured?
Certain areas of data may be opened up for anyone to access
What can an attacker do to a cloud-based service?
Increase the load on the service
What is the primary goal of an attacker when identifying attack vectors?
To gain access to the target through a single vulnerability
What is the main advantage of an attacker having physical access to the hardware?
They can reboot the system into a particular administrative mode
What is the role of a security professional in regards to attack vectors?
To patch existing vulnerabilities and watch for new attack vectors
What is the outcome if an attacker finds a single vulnerability?
The attacker can gain full access to the target
Why are data centers usually highly secured?
To prevent unauthorized physical access to the hardware
What do attackers spend a lot of time trying to find?
Vulnerabilities in the system
What is a common attack vector that involves attaching a device to a keyboard?
Keylogger
What is the main concern when it comes to wireless access points?
Preventing rogue access points
What is an 'evil twin' access point?
A hacking tool designed to emulate a legitimate access point
What is a type of attack that involves sending malicious emails to gather personal information?
Phishing
What is the purpose of a keylogger?
To capture usernames and passwords
What is a vulnerability that was found in many clients that used WPA2?
KRACK
What is a type of attack that involves physically accessing a server to steal data or cause harm?
Direct access attack
What is a common way for attackers to gain access to data?
All of the above
What is a type of attack that involves sending a fake invoice to convince users to pay a bill?
Social engineering
What is a way to prevent direct access attacks on a server?
Limiting physical access to the server
What is a key consideration when using cloud-based applications?
The security of the application's configuration
What is a common method used by attackers to gain access to cloud-based applications?
Using phishing techniques to obtain user credentials
What is a potential consequence of a misconfigured cloud-based application?
Exposure of sensitive data to unauthorized users
What is a type of attack that can be used to exhaust the resources of a cloud-based service?
Denial-of-Service (DoS) attack
Why is it important to plan for denial-of-service attacks when using cloud-based applications?
To ensure availability of the application to users
What is a key benefit of securing cloud-based applications?
Protecting sensitive data from unauthorized access
What is the potential entry point for attackers in the supply chain of an organization?
Each step along the way in the supply chain
What is an example of using the supply chain to disrupt a manufacturing process?
The Stuxnet worm in 2010
What is a common way for attackers to gather information from social media?
By watching someone's timeline
What is a potential consequence of an attacker gaining access to a network through a supply chain attack?
They can access all the devices on the network
What is a feature of some USB devices that can be used to attack an organization?
Their ability to act as a keyboard
What is a type of attack that involves using a fake device to gain access to a system?
USB drive attack
What is a potential risk of using social media?
An attacker can gather information about you
What is a way to circumvent existing security controls?
By finding ways around security technologies
What is a potential consequence of an attacker gaining access to a system through a USB drive?
They can access and communicate with the system
What is the main concern when it comes to the supply chain of an organization?
The security of the supply chain
Learn about the methods attackers use to gain access to your computer or network. This quiz covers the techniques used to find vulnerabilities and exploit them to breach security. Test your knowledge of attack vectors and how to defend against them.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free