Uncover the World of Cyber Threats

Questions and Answers

Which of the following best describes the concept of confidentiality in information security?

Protecting against attacks on computer storage systems

Ensuring that data is stored and transferred as intended

Controlling access to data based on certain criteria (correct)

Assessing vulnerabilities, threats, and risks in a network

What is the main focus of cybersecurity?

Ensuring data is stored and processed with CIA attributes

Protecting against attacks on computer storage and processing systems (correct)

Performing assessments to determine network security

Developing security policies and controls

What does the term 'hardening' refer to in the context of information security?

Developing security policies and controls

Controlling access to data based on certain criteria

Making a system more secure (correct)

Ensuring data is stored and transferred as intended

Which one of the following best describes a vulnerability?

A fault or weakness in a system that could be exploited by a threat actor

What is the relationship between threat, vulnerability, and risk?

Risk is the likelihood and impact of a threat actor exercising a vulnerability

What is the purpose of a configuration baseline?

To reduce the system's attack surface

What is an exploit?

Malicious code that can use a vulnerability to compromise a host

Which of the following techniques involves searching through an organization's garbage to find useful documents?

Dumpster Diving

What type of attack involves observing someone entering a password or PIN by watching them?

Shoulder Surfing

Which technique involves entering a secure area without authorization by closely following behind someone who has been allowed access?

Tailgating

What social engineering technique uses spoofed electronic communications to make them seem authentic to the victim?

Phishing

Which type of phishing attack is specifically targeted towards upper levels of management in an organization?

Whaling

What type of phishing attack is conducted through a voice channel, such as telephone or VoIP?

Vishing

In which type of phishing attack does the attacker use a rogue wireless access point to try to harvest credentials?

Evil twin attack

Why is it important to be able to describe and analyze behaviors in modern cybersecurity threats?

To identify the attributes of threat actors

Which of the following is true about zero-day vulnerabilities?

Zero-day vulnerabilities are exploited before the developer knows about them

What is an unpatched system?

A system that has not been updated with OS and application patches

What is a legacy or end of life (EOL) system?

A system that is no longer supported by the software vendor

What is social engineering?

A technique used by threat actors to compromise a security system

Which of the following is NOT a method used in DoS attacks?

Flooding the server with bogus requests

What is the purpose of a DoS attack?

To cause trouble

What is the difference between DoS and DDoS attacks?

DoS attacks rely on the attacker having access to greater bandwidth than the target, while DDoS attacks require the target to devote more resources to each connection than the attacker

Which of the following best describes an insider threat actor?

An employee who has been granted permissions on the system

What is the main goal of footprinting threats?

To perform reconnaissance and gather publicly available information about the target

What is a spoofing threat?

An attack where the threat actor masquerades as a trusted user or computer

What is an on-path attack?

An attack where the threat actor intercepts traffic between two hosts or networks

Which of the following is a common method for threat actors to gain access to a network?

Obtaining credentials

What can threat actors do if they gain access to a network via an on-path or malware attack?

All of the above

How is a password typically stored and transmitted securely?

Using cryptographic hashing

Which of the following best describes the purpose of a digital signature?

To confirm the integrity of a message

What is the role of key exchange in secure communication?

To encrypt the actual data exchange

What is the purpose of an ephemeral key in key exchange?

To encrypt the secret key

Which cryptographic technology uses a single secret key for both encryption and decryption?

Symmetric encryption

Which cryptographic technology uses a key pair consisting of a private key and a public key?

Asymmetric encryption

Which cryptographic technology is used for secure storage of data where the original value does not need to be recovered?

Cryptographic hashing

Which cryptographic hash algorithm is being phased out of use?

Message Digest

Which of the following best describes a nonpersistent XSS attack?

The attacker defaces the trusted site.

What is the main goal of a stored/persistent XSS attack?

To insert code into a back-end database or content management system.

In a SQL injection attack, how does the threat actor modify the SQL statements?

By adding code to some input accepted by the application.

What is the purpose of encryption in information security?

To allow sensitive data to remain private.

Which of the following is NOT a common password hash file or database that a threat actor might obtain from a local system?

/var/log/auth.log

Which technique does a password cracker use to try to identify a password from a cryptographic hash?

Brute force

Which method of running code in a web application modifies the web page before it is displayed to the user?

Client-side code

What type of vulnerability in web apps is commonly exploited by a cross-site scripting (XSS) attack?

Input validation vulnerability