1. Threats, Attacks, and Vulnerabilities

Domain 1 Questions

1. After conducting a vulnerability scan of her network, Wendy discovered the issue shown here on several servers. What is the most significant direct impact of this vulnerability?
   
   Figure 1.1
   A. Attackers may eavesdrop on network communications.
   B. Attackers may use this information to gain administrative privileges.
   C. Encryption will not protect credentials for this account.
   D. Automated attacks are more likely to succeed.
2. Pete is investigating a domain hijacking attack against his company that successfully redirected web traffic to a third-party website. Which one of the following techniques is the most effective way to carry out a domain hijacking attack?
   A. ARP poisoning
   B. Network eavesdropping
   C. DNS poisoning
   D. Social engineering
3. Which one of the following characters is the most important to restrict when performing input validation to protect against XSS attacks?
   A. <
   B. !
   C. $
   D. '
4. Darren is investigating an attack that took place on his network. When he visits the victim's machine and types www.mybank.com into the address bar, he is directed to a phishing site designed to look like a legitimate banking site. He then tries entering the IP address of the bank directly into the address bar and the legitimate site loads. What type of attack is likely taking place?
   A. IP spoofing
   B. DNS poisoning
   C. ARP spoofing
   D. Typosquatting
5. Which one of the following technologies must be enabled on a wireless network for a Pixie Dust attack to succeed?
   A. SSID broadcasting
   B. WPS
   C. WPA
   D. WEP
6. During forensic analysis, Drew discovered that an attacker intercepted traffic headed to networked printers by modifying the printer drivers. His analysis revealed that the attacker modified the code of the driver to transmit copies of printed documents to a secure repository. What type of attack took place?
   A. Refactoring
   B. Shimming
   C. Swapping
   D. Recoding
7. What type of scan can best help identify cases of system sprawl in an organization?
   A. Database scan
   B. Web application scan
   C. Detailed scan
   D. Discovery scan
8. Scott is reviewing a list of cryptographic cipher suites supported by his organization's website. Which one of the following algorithms is not secure and may expose traffic to eavesdropping attacks?
   A. ECC
   B. 3DES
   C. AES
   D. DES
9. Brenda is selecting the tools that she will use in a penetration test and would like to begin with passive techniques. Which one of the following is not normally considered a passive reconnaissance technique?
   A. Social engineering
   B. Wireless network eavesdropping
   C. Open source intelligence
   D. Domain name searches
10. Scott is a security administrator for a federal government agency. He recently learned of a website that advertises jobs for former government employees. When he accessed the site, the site launched code in his browser that attempted to install malicious software on his system. What type of attack took place?
    A. Denial of service
    B. Watering hole
    C. Spyware
    D. Trojan horse
11. Paul received an email warning him that a new virus is circulating on the internet and that he needs to apply a patch to correct the problem. The message is branded with a Microsoft header. The virus message is actually a hoax and the patch contains malicious code. What principle of social engineering best describes what the attacker is trying to exploit by including the Microsoft header?
    A. Consensus
    B. Scarcity
    C. Trust
    D. Intimidation
12. Kristen conducts a vulnerability scan against her organization's network and discovers a file server with the vulnerability shown here. Which one of the following actions is the best way to remediate this vulnerability?
    
    Figure 1.2
    A. Discontinue the file transfer service
    B. Require strong passwords
    C. Switch to SFTP
    D. Require multifactor authentication
13. Frank is the new CISO at a mid-sized business. Upon entering his role, he learns that the organization has not conducted any security training for their sales team. Which one of the following attacks is most likely to be enabled by this control gap?
    A. Buffer overflow
    B. Social engineering
    C. Denial of service
    D. ARP poisoning
14. After conducting security testing, Bruce identifies a memory leak issue on one of his servers that runs an internally developed application. Which one of the following team members is most likely able to correct this issue?
    A. Developer
    B. System administrator
    C. Storage administrator
    D. Security analyst
15. Greg recently detected a system on his network that occasionally begins sending streams of TCP SYN packets to port 80 at a single IP address for several hours and then stops. It later resumes, but directs the packets to a different address. What type of attack is taking place?
    A. Port scanning
    B. DDoS
    C. IP scanning
    D. SQL injection
16. During a security assessment, Ryan learns that the Accounts Receivable department prints out records containing customer credit card numbers and files them in unlocked filing cabinets. Which one of the following approaches is most appropriate for resolving the security issues this situation raises?
    A. Physically secure paper records
    B. Encrypt sensitive information
    C. Modify business process
    D. Monitor areas containing sensitive records
17. Jaime is concerned that users in her organization may fall victim to DNS poisoning attacks. Which one of the following controls would be most helpful in protecting against these attacks?
    A. DNSSEC
    B. Redundant DNS servers
    C. Off-site DNS servers
    D. Firewall rules
18. Irene is reviewing the logs from a security incident and discovers many entries in her database query logs that appear similar to the ones shown here. What type of attack was attempted against her server?
    
    Figure 1.3
    A. Error-based SQL injection
    B. Timing-based SQL injection
    C. TOC/TOU
    D. LDAP injection
19. Carl is concerned that his organization's public DNS servers may be used in an amplification attack against a third party. What is the most effective way for Carl to prevent these servers from being used in an amplification attack?
    A. Disable open resolution
    B. Block external DNS requests
    C. Block internal DNS requests
    D. Block port 53 at the firewall
20. What is the purpose of a DNS amplification attack?
    A. Resource exhaustion
    B. Host redirection
    C. Record poisoning
    D. Man-in-the-middle attack
21. Angie is investigating a piece of malware found on a Windows system in her organization. She determines that the malware forced a running program to load code stored in a library. What term best describes this attack?
    A. DLL injection
    B. SQL injection
    C. Pointer dereference
    D. Buffer overflow
22. Which one of the following threat sources is likely to have the highest level of sophistication?
    A. Organized crime
    B. Hacktivist
    C. APT
    D. Script kiddie
23. In which of the following types of penetration test does the attacker not have any access to any information about the target environment prior to beginning the attack?
    A. Grey box
    B. White box
    C. Red box
    D. Black box
24. Bill is securing a set of terminals that are being used to access a highly sensitive web application. He would like to protect against a man-in-the-browser attack. Which one of the following actions would be most effective in meeting Bill's goal?
    A. Disabling browser extensions
    B. Requiring multifactor authentication
    C. Requiring TLS encryption
    D. Disabling certificate pinning
25. Kevin runs a vulnerability scan on a system on his network and identifies a SQL injection vulnerability. Which one of the following security controls is likely not present on the network?
    A. TLS
    B. DLP
    C. IDS
    D. WAF
26. Maureen is implementing TLS encryption to protect transactions that are being run against her company's web services infrastructure. Which one of the following cipher suites would not be an appropriate choice?
    A. AES256-CCM
    B. ADH-RC4-MD5
    C. ECDHE-RSA-AES256-SHA384
    D. DH-RSA-AES256-GCM-SHA384
27. Val runs a vulnerability scan of her network and finds issues similar to the one shown here on many systems. What action should Val take?
    
    Figure 1.4
    A. Immediately replace all certificates
    B. Conduct a risk assessment
    C. No action is necessary
    D. Replace certificates as they expire
28. Barry would like to identify the mail server being used by an organization. Which one of the following DNS record types identifies a mail server?
    A. MX
    B. A
    C. CNAME
    D. SOA
29. Gina runs a vulnerability scan of a server in her organization and receives the results shown here. What corrective action could Gina take to resolve these issues without disrupting the service?
    
    Figure 1.5
    A. Update RDP encryption
    B. Update HTTPS encryption
    C. Disable the network port
    D. No action is necessary
30. Carl is a help desk technician and received a call from an executive who received a suspicious email message. The content of the email appears as follows. What type of attack most likely took place?
    
    Figure 1.6
    A. Whaling
    B. Spear phishing
    C. Vishing
    D. Phishing
31. Dan is a cybersecurity analyst. Each day, he retrieves log files from a wide variety of security devices and correlates the information they contain, searching for unusual patterns of activity. What security control is likely lacking in Dan's environment?
    A. Firewall management tools
    B. IPS
    C. SIEM
    D. NAC
32. Which one of the following security controls would be MOST effective in combatting buffer overflow attacks?
    A. IDS
    B. VPN
    C. DLP
    D. ASLR
33. Mary believes that her network was the target of a wireless networking attack. Based upon the Wireshark traffic capture shown here, what type of attack likely took place?
    
    Figure 1.7
    A. Disassociation
    B. IV accumulation
    C. Replay
    D. Bluesnarfing
34. Gary is concerned about the susceptibility of his organization to phishing attacks. Which one of the following controls will best defend against this type of attack?
    A. Encryption
    B. User training
    C. Firewall
    D. Background checks
35. In which one of the following types of spoofing attack is the attacker often able to establish two-way communication with another device?
    A. Email spoofing
    B. MAC spoofing
    C. IP spoofing
    D. RFID spoofing
36. Rob is conducting a penetration test against a wireless network and would like to gather network traffic containing successful authentication attempts, but the network is not heavily trafficked and he wants to speed up the information gathering process. What technique can he use?
    A. Replay
    B. Brute force
    C. Rainbow table
    D. Disassociation
37. Joe considers himself a hacker but generally does not develop his own exploits or customize exploits that have been developed by others. Instead, he downloads exploits from hacker sites and attempts to apply them to large numbers of servers around the internet until he finds one that is vulnerable. What type of hacker is Joe?
    A. 31337 h4x0r
    B. APT
    C. Script kiddie
    D. Penetration tester
38. Julie is beginning a penetration test against a client and would like to begin with passive reconnaissance. Which one of the following tools may be used for pas...