








































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A wide range of cybersecurity topics, including various types of malware, hacking techniques, network security, cloud security, and data privacy. It provides detailed explanations and examples of different cyber attacks, such as password spraying, rainbow table attacks, dll injection, ldap injection, syn flood attacks, and more. The document also discusses security solutions and best practices, including redundancy, encryption, access control, and code testing. Overall, this document offers a comprehensive overview of the cybersecurity landscape, making it a valuable resource for students, it professionals, and anyone interested in understanding the latest threats and countermeasures in the digital world.
Typology: Exams
1 / 48
This page cannot be seen from the preview
Don't miss anything!









































The user installed Trojan horse malware. - answer ✅✅A user used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user experienced frequent crashes, slow computer performance, and strange services running when turning on the computer. What most likely happened to cause these issues? A worm - answer ✅✅A security operations center (SOC) analyst investigates the propagation of a memory-resident virus across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service (DoS). What type of virus is this?
PUP (potentially unwanted program) - answer ✅✅A user purchased a laptop from a local computer shop. After powering on the laptop for the first time, the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT security specialist classify these programs? -Uses lightweight shellcode -Uses low observable characteristic attacks - answer ✅✅A fileless malicious software can replicate between processes in memory on a local host or over network shares. What other behaviors and techniques would classify malware as fileless rather than a normal virus? (Select all that apply.) -Computer Bots, -Command & Control - answer ✅✅An attacker is planning to set up a backdoor that will infect a set of specific computers at an organization, to inflict a set of other intrusion attacks remotely. Which of the following will support the attackers' plan? (Select all that apply.)
a file, they are being redirected to shopping websites they did not intend to navigate to, and built-in webcams turn on. The security team confirms the issue as malicious, and notes modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users' computers? A Remote Access Trojan (RAT) - answer ✅✅An attacker installs Trojan malware that can execute remote backdoor commands, such as the ability to upload files and install software to a victim PC. What type of Trojan malware is this? Password spraying attack - answer ✅✅A hacker is trying to gain remote access to a company computer by trying brute force password attacks using a few common passwords in conjunction with multiple usernames. What specific type of password attack is the hacker most likely performing? -A rainbow table
-A dictionary word - answer ✅✅An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select all that apply.) A rainbow table attack - answer ✅✅Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value? Clone it. - answer ✅✅How can an attacker make unauthorized use of acquired user and account details from a user's smart card? Skimming - answer ✅✅What type of attack is occurring when a counterfeit card reader is in use? Cross-site scripting (XSS) - answer ✅✅An attacker discovered an input validation vulnerability on a website, crafted a URL with additional HTML code, and emailed the link to a victim. The victim unknowingly defaced
lack of logic statement tests on memory location variables be detrimental to software in development? A buffer overflow - answer ✅✅An attacker gained remote access to a user's computer by exploiting a vulnerability in a piece of software on the device. The attacker sent data that was able to manipulate the memory size that the application reserved to store expected data. Which vulnerability exploit resulted from the attacker's actions? Race condition - answer ✅✅Developers found a "time of check to time of use" (TOCTTOU) vulnerability in their application. The vulnerability made it possible to change temporary data created within the app before the app uses the data later. This vulnerability is taking advantage of what process in the application? Revealing database server configuration - answer ✅✅A web application's code prevents the output of any type of information when an error occurs during a request. The
development team cited security reasons as to why they developed the application in this way. What sort of security issues did the team have concerns about in this case? Replay attack - answer ✅✅An intruder monitors an admin's unsecure connection to a server and finds some required data, like a cookie file, that legitimately establishes a session with a web server. Knowing the admin's logon credentials, what type of attack can the intruder perform with the cookie file? Server-side request forgery - answer ✅✅An attacker submitted a modified uniform resource locator (URL) link to a website that eventually established connections to back- end databases and exposed internal service configurations. The attacker did not hijack a user to perform this attack. This describes which of the following types of attacks? Cross-site Request Forgery (XSRF) - answer ✅✅An attacker modified the HTML code of a legitimate password-change web form, then
A shim - answer ✅✅By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware? Refactoring - answer ✅✅Through what method can malware evade antivirus software detection, so that the software no longer identifies the malware by its signature? -A pass-the-hash attack -A replay attack - answer ✅✅A security engineer implemented once-only tokens and timestamping sessions. What type of attacks can this type of security prevent? (Select all that apply.) A rogue access point (AP) - answer ✅✅A security analyst's scans and network logs show that unauthorized devices are
connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device? Bluesnarfing - answer ✅✅An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. The mobile device is vulnerable to which of the following attacks? -Locate the offending radio source and disable it. -Boost the signal of the legitimate equipment. - answer ✅✅An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would mitigate this type of network disruption? (Select all that apply.) IV attacks - answer ✅✅Wi-Fi Protected Access (WPA) fixes critical vulnerabilities in the earlier wired equivalent privacy (WEP)
the website. The Chief Information Officer (CIO) is now worried about the distribution of malware. The company should prepare for which of the following other issues or concerns? (Select all that apply.) Network - answer ✅✅A low level distributed denial of service (DDoS) attack that involves SYN or SYN/ACK flooding describes what type of attack? Application attack - answer ✅✅An attacker is preparing to perform what type of attack when the target vulnerabilities include headers and payloads of specific application protocols? PowerShell script - answer ✅✅A security engineer examined some suspicious error logs on a Windows server that showed attempts to run shellcode to a web application. The shellcode showed multiple lines beginning with Invoke-Command. What type of script is the suspicious code trying to run?
Python script - answer ✅✅A Linux systems admin reported a suspicious .py file that ran on a daily schedule after business hours. The file includes shellcode that would automate Application Programming Interface (API) calls to a web application to get information. What type of script is executing this shellcode? By using VBA code - answer ✅✅A malicious actor is preparing a script to run with an Excel spreadsheet as soon as the target opens the file. The script includes a few macros designed to secretly gather and send information to a remote server. How is the malicious actor accomplishing this task? Geographical dispersal - answer ✅✅An application requires continuity of operations within a 24 hour period due to the command and control capabilities it maintains. The failover site must be physically separated from the program office and be available within the required timeframe with live data. Which of the following redundancy solutions best meets the failover requirement?
little to no latency. Which of the following storage architectures would best meet the company's needs? Revert to known state - answer ✅✅A company has implemented a Virtual Desktop Infrastructure (VDI) where the user's desktop operates as a Virtual Machine (VM) on a centralized server. When users log off the machine, any changes made at the VM level are not saved. Which means for ensuring non-persistence has been implemented? Take a snapshot of the server before installing on the server. - answer ✅✅A system engineer has tested a new application in the lab, and wants to deploy the application on a production server. The server is a virtual machine that processes and stores live data for company employees. Which of the following is the BEST approach for deploying the new application on the server? Tape - answer ✅✅A system engineer is researching backup solutions that are inexpensive and can store large amounts of
data offline. The backup solution must be portable and maintainable for a certain length of time defined in the company's backup recovery plan. Which of the following is the best backup solution? NAS - answer ✅✅A network administrator is installing a device that uses Redundant Array of Independent Disks (RAID) technologies for redundancy and provides employees remote access so that files can be accessed anywhere. The device does not require licensing and stores data at the file level. Which device is the employee likely installing in the infrastructure? Offline - answer ✅✅An aviation tracking system maintains flight records for equipment and personnel. The system is a critical command and control system that must maintain an availability rate of 99% for key parameter performance. The cloud service provider (CSP) guarantees a failover to multiple zones if an outage occurs. In addition to the multi-zonal cloud failover, what backup solution would allow the system to maintain data locally?
Resource Records Set (RRSet) signed with a zone signing key. From the following Domain Name System (DNS) traits and functions, what does this scenario demonstrate? S/MIME - answer ✅✅The administrator in an exchange server needs to send digitally signed and encrypted messages. What should the administrator use? SRTP (Secure Real-Time Transport Protocol) - answer ✅✅An organization uses a Session Initiation Protocol (SIP) endpoint for establishing communications with remote branch offices. Which of the following protocols will provide encryption for streaming data during the call? LDAPS (Lightweight Directory Access Protocol Secure) - answer ✅✅A web server will utilize a directory protocol to enable users to authenticate with domain credentials. A certificate will be issued to the server to setup a secure tunnel. Which protocol is ideal for this situation?
-Tunnel -Transport - answer ✅✅A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode encrypts the whole IP packet (header and payload). These two modes describe which of the following? (Select all that apply.) -Establish a guest zone -Upload files using SSH -Use configuration templates - answer ✅✅Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new web server in a demilitarized zone (DMZ). FTPES - answer ✅✅Which of the following protocols would secure file transfer services for an internal network?