A caller claiming to be from a technical support service tells a user that their computer has been detected sending malicious traffic. The caller states that to fix the issue, the user must grant them remote access to the computer immediately, or the company will be forced to report the user for network misuse. This is an example of an adversary leveraging which two psychological principles?
An adversary obtains a company's password file. The file contains salted password hashes. The adversary uses a precomputed table of common passwords and their corresponding hashes to find matches. Why will this attack method be ineffective?
A high-skilled adversary discovers a previously unknown vulnerability in a popular Wi-Fi router's firmware that allows them to gain control of the device. This type of vulnerability is known as a(n):
An adversary repeatedly enters carefully crafted prompts into a public chatbot, eventually causing it to reveal proprietary source code that was part of its training data. This attack technique targets the chatbot's:
If an organization sets the alert threshold on its AI-powered threat detection system too low (e.g., alerting on any event with a 10% or greater likelihood of being malicious), what is the most probable negative consequence?
A security analyst determines that a specific server vulnerability has a high likelihood of being exploited, with a potential financial impact of over $1 million. The company decides to purchase a specialized insurance policy to cover any losses from such an attack. This risk management strategy is an example of:
A company protects its customer database by using a firewall, data encryption, and strict access control policies. This layered approach, which uses multiple types of controls to protect a single asset, is a direct application of which security strategy?
A company's main server room has an unlocked door and is located in a hallway with heavy foot traffic. A risk assessment of this situation would most likely rate the risk to the servers as:
To prevent unauthorized individuals from following employees into a highly secure area, a company installs an access control vestibule (a small room with two doors, where only one door can be open at a time). This is a direct mitigation for which types of attacks?
A log from a door access control system shows that a door to a secure lab was held open for 60 seconds after an authorized badge was used, which is much longer than the typical 5-second entry time. This data could indicate which type of physical attack?
A user's web browser is unexpectedly redirected to a malicious website even though they typed the correct URL for their bank. The malicious site, which looks identical to the real one, captures the user's login credentials. This attack was most likely caused by:
In an ARP poisoning attack, what is the adversary's primary goal?
A VPN policy prohibits 'split tunneling.' This means that when an employee is connected to the corporate VPN from home, they are prevented from:
A network administrator uses a managed switch to logically divide devices into two groups: 'Accounting' and 'Engineering.' Although the devices are all plugged into the same physical switch, devices in the Accounting group cannot communicate directly with devices in the Engineering group. This is an implementation of:
A firewall is configured with the following two rules in order: 1. DENY TCP traffic from ANY source to destination 10.0.1.10 on port 22. 2. ALLOW TCP traffic from ANY source to ANY destination. A user attempts to connect via SSH (port 22) to the server at 10.0.1.10. What will be the result?
A Network Intrusion Prevention System (NIPS) differs from a Network Intrusion Detection System (NIDS) because a NIPS can:
An adversary gains physical access to a computer and is able to boot it from a USB drive into a special operating system. From there, they are able to reset the administrator password. This was possible because the device lacked:
Fileless malware is particularly dangerous and difficult to detect because it:
Which property of a cryptographic hash function makes it infeasible to determine the original input (e.g., a password) from its output (the hash)?
Why are offline password attacks often more effective than online attacks?
An adversary enters the following text into a search field on a poorly designed e-commerce website: `'; DROP TABLE products; --`. The website then deletes its entire product database. This is an example of what type of attack?
A program expects a user to enter their 10-digit phone number. The memory buffer allocated for this input is 11 bytes long. An adversary intentionally provides 100 bytes of data, which overwrites adjacent memory locations and causes the program to crash. This is a(n):
The Bell-LaPadula model is a Mandatory Access Control (MAC) model that enforces the rule 'write up, read down.' What is the primary goal of this model?
A user runs the command `chmod 750 myfile.txt` on a Linux system. What permissions are set for the 'group' that owns the file?
Which of the following is a primary disadvantage of symmetric encryption compared to asymmetric encryption?
Why are key lengths for asymmetric algorithms (like RSA 2048-bit) typically much longer than for symmetric algorithms (like AES 256-bit) to achieve a similar level of security?
A security system is designed to deny access to a building between 10 PM and 6 AM, regardless of whether a person has a valid access card. This is an example of:
A system administrator calculates the SHA256 hash of a critical configuration file and records it. A week later, they recalculate the hash and find that it is different. What can they conclude?
A security analyst at a hospital determines that if a specific vulnerability in the patient record system is exploited, it would violate HIPAA regulations, leading to massive fines and reputational damage. However, the exploit requires a highly sophisticated, custom-built tool that very few adversaries possess. How is this risk best described?
After an employee clicks a malicious link in an email, an adversary gains access to their computer. The adversary then uses the employee's credentials to access a shared network drive containing sensitive financial data. This stage of the attack is known as:
A security analyst is working from a public coffee shop and needs to connect to their company's internal network to access sensitive data. Which of the following tools is specifically designed to encrypt all of the laptop's network traffic, creating a secure tunnel over the untrusted public network?
An adversary connects a device to a network switch and sends thousands of Ethernet frames, each with a different, fake source MAC address. This causes the switch's CAM table to overflow, forcing it to broadcast all incoming packets to every port. This is a result of which attack?
A piece of malware infects a computer and, without any user action, begins to scan the network for other computers with a specific unpatched vulnerability and transmits itself to them. This malware is best classified as a:
A web application has a comments section where users can post messages. An adversary posts a comment containing malicious JavaScript. The application stores this comment in its database. Now, every user who views that comment has their session cookie stolen by the script. This is a(n) ________ attack.
An administrator downloads a new software patch from a vendor's website. The website lists the file's SHA256 hash. After downloading, the administrator calculates the hash of the downloaded file and compares it to the one on the website. What is the purpose of this action?
A firewall is configured with a rule at the very end of its access control list that says `DENY IP ANY ANY`. What is the effect of this rule?
A security analyst is reviewing logs and sees a large number of ICMP echo requests sent to the network's broadcast address from a spoofed source IP, followed by a massive number of ICMP replies overwhelming that same source IP. This is evidence of a(n):
In an asymmetric key system used for confidentiality, what is the sender's role and what is the recipient's role?
A next-generation firewall (NGFW) can filter traffic based on the specific application (e.g., blocking Facebook traffic while allowing general web traffic), even if it uses standard ports like 443. This capability is known as:
An adversary uses a list of common passwords (e.g., 'Password123', '123456') and tries them against many different user accounts at a large company. This is a(n) ___________ attack.
A key property of a cryptographic hash is that it is computationally infeasible to find two different inputs that produce the same hash output. This property is known as:
An attacker injects malicious code into a website's comment section. When a user visits the page, the code executes in their browser. What type of attack is this?
An attacker sends a specially crafted packet to a server, causing a service to crash because it cannot handle the unexpected data. What type of vulnerability was likely exploited?
A security team is reviewing its risk management plan. They decide to purchase cybersecurity insurance to cover potential financial losses from a data breach. Which risk response strategy is this?
An adversary who is motivated by a political cause and defaces a government website to spread a message is best described as a(n):
A system in Elaine’s company has suddenly displayed a message demanding payment in Bitcoin and claiming that the data from the system has been encrypted. What type of malware has Elaine likely encountered?
A multinational company needs to restrict access to its financial system so that only employees in the headquarters can use it during office hours. Which method would best enforce this policy?
An organization's acceptable use policy (AUP) prohibits employees from using personal devices for work. This is a form of which risk management strategy?
In a corporate environment, what is a key security measure for securing industrial control systems (ICSs) and SCADA networks?
An organization aims to enhance its network security by implementing a system that can inspect and filter HTTP/HTTPS traffic to protect against web-based attacks. Which solution should the organization deploy?
A security audit reveals that a company's wireless network is using WEP for encryption. Why is this a significant security risk?
During a security audit, it was found that a department’s files are encrypted at the file level rather than using full-disk encryption. What is the primary advantage of switching to full-disk encryption in this scenario?
An organization needs to establish a method for detecting incidents. Which of the following controls should they implement?
An organization wants to protect its intellectual property, which includes a secret formula for a beverage. This formula is not patented but gives the company a significant market advantage. How would this data be best classified?
A coordinated attack takes an environmental organization’s website offline using a DDoS attack. The attackers are known for opposing the organization’s stance on climate change. What type of threat actor is likely responsible?
An organization implements a defense-in-depth strategy. Which of the following best describes this approach?
A security audit reveals that an organization's web application does not sanitize user input before using it in a database query. This represents a:
An organization discovers that its database server has been compromised through a SQL injection attack. What broader category of cybersecurity threats is this type of attack categorized under?
What are the two most commonly deployed biometric authentication solutions for mobile devices?
A security team wants to ensure that if one security control is bypassed by an attacker, another control is in place to stop or detect the attack. What is this strategic concept called?