A user receives an email with an attachment named 'Invoice.pdf.exe'. When they open the attachment, their files become encrypted, and a message appears demanding payment for their release. The device has been infected with what type of malware?
An adversary gains physical access to a computer and is able to boot it from a USB drive into a special operating system. From there, they are able to reset the administrator password. This was possible because the device lacked:
Malware that spreads from one computer to another across a network without any human interaction is known as a:
A company's email server is compromised because the administrators had not yet installed a critical security update that was released by the vendor two weeks prior. This is an example of an adversary exploiting a(n):
A user downloads a free game online. The game works as expected, but in the background, it also installs software that logs the user's keystrokes and sends them to an adversary. The game is acting as what type of malware?
An embedded computer in a medical insulin pump is an example of an Internet of Things (IoT) device. Which of the following is a primary security concern for such devices?
Malware that is designed to execute its malicious payload only when a specific condition is met, such as on a particular date or when a specific file is deleted, is called a:
Fileless malware is particularly dangerous and difficult to detect because it:
A website stores its user passwords in a database. To enhance security, it adds a unique, random string of characters to each user's password before hashing it. This random string is called:
A user authenticates to a system by providing a password (something they know) and a fingerprint scan (something they are). This is an example of:
An adversary attempts to log in to hundreds of different user accounts using a single, common password like 'Password123'. This type of online password attack is known as:
Which property of a cryptographic hash function makes it infeasible to determine the original input (e.g., a password) from its output (the hash)?
After a data breach at another company, an adversary takes a list of leaked usernames and passwords and tries them on your company's login portal. This attack, which relies on users reusing passwords, is called:
A policy that requires a user's account to be locked out for 30 minutes after five incorrect password attempts is designed to thwart:
Why are offline password attacks often more effective than online attacks?
Facial recognition, used to unlock a smartphone, is an example of which authentication factor?
A company's acceptable use policy prohibits installing unauthorized software. An employee installs a 'free' video editing tool from the internet, which contains malware. This is a violation of which type of security control?
A system administrator is hardening a new server. One of the first steps they take is to change the default 'admin' password to a long, complex one. What is the purpose of this action?
A user's anti-malware software scans an attachment, finds that its hash matches a known virus, and quarantines the file. This is an example of _________ detection.
A company stores its customer database on a server. To protect the confidentiality of the data if the physical server is stolen, which control would be most effective?
A company's policy requires all employees to attend a yearly security training session. This is an example of a:
A company discovers that a former employee, who was fired last month, still has access to the company's cloud services. This is a failure of which managerial process?
A company's security policy requires that all laptops be secured to desks with a cable lock when unattended. This is a:
A security administrator is configuring a new server. To reduce its attack surface, the administrator uninstalls all non-essential software, disables unnecessary services, and closes unused ports. What is this process called?
A security analyst finds a file on a server with a hash that matches a known piece of malware in a threat intelligence database. This hash is an example of a(n):
A security analyst is reviewing logs and sees that a user account attempted to log in unsuccessfully 4 times, followed by a successful login at 3:00 AM from an IP address in a foreign country. The user normally works locally during business hours. This is an example of a:
A security analyst is examining a log file from a web server. Which of the following entries would be an indicator of a potential directory traversal attack?
A security team is alerted by their SIEM that a user account is attempting to access a large number of files it does not normally access. This alert was most likely generated by which type of detection?
An analyst is reviewing web server logs and finds an entry where a user's input contains the string `<script>alert('XSS')</script>`. This is an indicator of what type of attempted attack?
Reviewing user input logs for SQL control words like `SELECT`, `UNION`, and `DROP` is a method for detecting attempted:
A Data Loss Prevention (DLP) system is monitoring outbound email. It detects an employee attempting to email a spreadsheet containing 500 customer credit card numbers to a personal email address and blocks the email. This is an example of detecting a potential:
After identifying malware on a system, a security analyst removes the system from the network to ensure that it cannot impact other systems. What technique has been used?