Uncover the World of Cyber Threats

Questions and Answers

Which of the following best describes the concept of confidentiality in information security?

• Protecting against attacks on computer storage systems
• Ensuring that data is stored and transferred as intended
• Controlling access to data based on certain criteria (correct)
• Assessing vulnerabilities, threats, and risks in a network

What is the main focus of cybersecurity?

• Ensuring data is stored and processed with CIA attributes
• Protecting against attacks on computer storage and processing systems (correct)
• Performing assessments to determine network security
• Developing security policies and controls

What does the term 'hardening' refer to in the context of information security?

• Developing security policies and controls
• Controlling access to data based on certain criteria
• Making a system more secure (correct)
• Ensuring data is stored and transferred as intended

Which one of the following best describes a vulnerability?

A fault or weakness in a system that could be exploited by a threat actor (A)

What is the relationship between threat, vulnerability, and risk?

Risk is the likelihood and impact of a threat actor exercising a vulnerability (C)

What is the purpose of a configuration baseline?

To reduce the system's attack surface (C)

What is an exploit?

Malicious code that can use a vulnerability to compromise a host (C)

Which of the following techniques involves searching through an organization's garbage to find useful documents?

Dumpster Diving (C)

What type of attack involves observing someone entering a password or PIN by watching them?

Shoulder Surfing (D)

Which technique involves entering a secure area without authorization by closely following behind someone who has been allowed access?

Tailgating (C)

What social engineering technique uses spoofed electronic communications to make them seem authentic to the victim?

Phishing (D)

Which type of phishing attack is specifically targeted towards upper levels of management in an organization?

Whaling (D)

What type of phishing attack is conducted through a voice channel, such as telephone or VoIP?

Vishing (C)

In which type of phishing attack does the attacker use a rogue wireless access point to try to harvest credentials?

Evil twin attack (C)

Why is it important to be able to describe and analyze behaviors in modern cybersecurity threats?

To identify the attributes of threat actors (B)

Which of the following is true about zero-day vulnerabilities?

Zero-day vulnerabilities are exploited before the developer knows about them (B)

What is an unpatched system?

A system that has not been updated with OS and application patches (A)

What is a legacy or end of life (EOL) system?

A system that is no longer supported by the software vendor (C)

What is social engineering?

A technique used by threat actors to compromise a security system (B)

Which of the following is NOT a method used in DoS attacks?

Flooding the server with bogus requests (B)

What is the purpose of a DoS attack?

To cause trouble (A)

What is the difference between DoS and DDoS attacks?

DoS attacks rely on the attacker having access to greater bandwidth than the target, while DDoS attacks require the target to devote more resources to each connection than the attacker (A)

Which of the following best describes an insider threat actor?

An employee who has been granted permissions on the system (A)

What is the main goal of footprinting threats?

To perform reconnaissance and gather publicly available information about the target (D)

What is a spoofing threat?

An attack where the threat actor masquerades as a trusted user or computer (A)

What is an on-path attack?

An attack where the threat actor intercepts traffic between two hosts or networks (B)

Which of the following is a common method for threat actors to gain access to a network?

Obtaining credentials (A)

What can threat actors do if they gain access to a network via an on-path or malware attack?

All of the above (D)

How is a password typically stored and transmitted securely?

Using cryptographic hashing (C)

Which of the following best describes the purpose of a digital signature?

To confirm the integrity of a message (B)

What is the role of key exchange in secure communication?

To encrypt the actual data exchange (D)

What is the purpose of an ephemeral key in key exchange?

To encrypt the secret key (C)

Which cryptographic technology uses a single secret key for both encryption and decryption?

Symmetric encryption (A)

Which cryptographic technology uses a key pair consisting of a private key and a public key?

Asymmetric encryption (A)

Which cryptographic technology is used for secure storage of data where the original value does not need to be recovered?

Cryptographic hashing (B)

Which cryptographic hash algorithm is being phased out of use?

Message Digest (C)

Which of the following best describes a nonpersistent XSS attack?

The attacker defaces the trusted site. (B)

What is the main goal of a stored/persistent XSS attack?

To insert code into a back-end database or content management system. (C)

In a SQL injection attack, how does the threat actor modify the SQL statements?

By adding code to some input accepted by the application. (A)

What is the purpose of encryption in information security?

To allow sensitive data to remain private. (D)

Which of the following is NOT a common password hash file or database that a threat actor might obtain from a local system?

/var/log/auth.log (C)

Which technique does a password cracker use to try to identify a password from a cryptographic hash?

Brute force (B)

Which method of running code in a web application modifies the web page before it is displayed to the user?

Client-side code (A)

What type of vulnerability in web apps is commonly exploited by a cross-site scripting (XSS) attack?

Input validation vulnerability (B)