Module 3: Vulnerabilities in Systems

Q: An application has broken access controls that fail to restrict any user from creating new accounts. This allows anyone to add new accounts with full admin privileges.

The application’s broken access controls are an example of what?

• A security control
• A threat
• An exploit
• A vulnerability 

Explanation: The term "vulnerability" refers to a weakness that exists inside a system, application, or process that has the potential to be exploited by malicious actors to undermine the system's security. The absence of suitable access controls is a vulnerability in this scenario because it makes it possible for unauthorized users to acquire administrative rights by enabling them to create new accounts without making the necessary limits.

Q: What security strategy uses a layered approach to prevent attackers from gaining access to sensitive data?

• Defense in depth 
• Kerchoff’s principle
• Caesar’s cipher
• Triple DES (3DES)

Explanation: To provide redundant security measures, this technique entails the implementation of many layers of security controls throughout an information technology system. These controls include firewalls, intrusion detection and prevention systems, access restrictions, encryption, and other components. Through the implementation of measures that make it more difficult for adversaries to penetrate all of the levels of defense, the objective is to safeguard the confidentiality, integrity, and availability of sensitive data and resources.

Q: What is the difference between the application and data layers of the defense in depth model?

• The data layer includes controls like encryption and hashing to secure data at rest. The application layer protects individual devices that are connected to a network.
• The data layer only allows employees to access information. The application layer secures information with controls that are programmed into the application itself.
• The application layer secures information with controls that are programmed into the application itself. The data layer maintains the integrity of information with controls like encryption and hashing.
• The application layer maintains the integrity of information with controls like encryption and hashing. The data layer blocks network traffic from untrusted websites.

Explanation: The application software itself is the primary target of this layer's protection efforts. To prevent vulnerabilities such as SQL injection, cross-site scripting (XSS), and other application-level assaults, it incorporates techniques such as input validation, session management, authentication systems, and secure coding standards.

Q: What is the main purpose of the CVE® list?

• To provide organizations with a framework for managing cybersecurity risk
• To share a standard way of identifying and categorizing known vulnerabilities and exposures 
• To create a dictionary of threats to organizational assets that must be addressed
• To keep a record of the coding mistakes of major software developers

Explanation: The CVE® list offers a one-of-a-kind identification, also known as a CVE ID, for vulnerabilities and exposures in cybersecurity that are known to the general public. This makes it possible for businesses and security experts all across the globe to reference certain vulnerabilities in a standardized way, which makes communication, prioritizing, and the mitigation of security risks much simpler.

Q: What is the purpose of vulnerability management? Select three answers.

• To review an organization’s internal security systems 
• To identify exposures to internal and external threats 
• To track assets and the risks that affect them
• To uncover vulnerabilities and reduce their exploitation 

Explanation: The assessment of systems, applications, and networks is an essential part of vulnerability management. The goal of this assessment is to discover vulnerabilities that might be exploited by either internal or external threats. This method involves keeping an inventory of assets (including data, software, and hardware) and doing an analysis of the risks associated with those assets to prioritize the efforts to mitigate those risks. The goal of vulnerability management is to identify and evaluate vulnerabilities in systems and applications, and then to mitigate the risk of exploitation by putting in place controls or fixes.

Q: What is the main goal of performing a vulnerability assessment?

• To catalog assets that need to be protected
• To practice ethical hacking techniques
• To pass remediation responsibilities over to the IT department
• To identify weaknesses and prevent attacks 

Explanation: The process of conducting vulnerability assessments involves scanning systems, networks, and applications to identify vulnerabilities or security holes that provide the possibility of being exploited by malicious actors. Organizations can prioritize repair activities and take security measures to limit the risk of attacks before they occur if they identify vulnerabilities early on via assessments and then apply those measures.

Q: Fill in the blank: All the potential vulnerabilities that a threat actor could exploit is called an attack _____.

• vector
• network
• surface
• database

Explanation: An attack surface is a term that refers to all of the possible vulnerabilities that a threat actor may exploit using their resources.

Q: Fill in the blank: An attack _____ refers to the pathways attackers use to penetrate security defenses.

• vector 
• landscape
• vulnerability
• surface

Explanation: When we talk about attack vectors, we are referring to the several methods that attackers may get through security barriers.

Q: What are ways to protect an organization from common attack vectors? Select three answers.

• By keeping software and systems updated 
• By not practicing an attacker mindset
• By educating employees about security vulnerabilities 
• By implementing effective password policies 

Explanation: It is possible to resolve known vulnerabilities in software and systems by deploying security patches and updates regularly. This helps to reduce the risk that attackers would exploit these flaws. It is possible to significantly reduce the likelihood of successful attacks that are based on human error by providing personnel with training on security best practices, popular attack tactics (such as phishing), and how to spot suspicious behaviors.To reduce the likelihood of credential-based assaults, such as brute-force attacks, it is helpful to enforce stringent password requirements, such as those requiring a high level of complexity, a long duration, and frequent modifications.

Q: Consider the following scenario:

A cloud service provider has misconfigured a cloud drive. They’ve forgotten to change the default sharing permissions. This allows all of their customers to access any data that is stored on the drive.

This misconfigured cloud drive is an example of what?

• An exploit
• A security control
• A vulnerability 
• A threat

Explanation: A flaw in a system or process that has the potential to be exploited by attackers to undermine the security of the system is referred to as a vulnerability. In this particular instance, the misconfiguration of the sharing rights on the cloud drive constitutes a vulnerability since it leaves sensitive data open to unauthorized access as a result of poor security settings.

Q: Why do organizations use the defense in depth model to protect information? Select two answers.

• Security teams can easily determine the “who, what, when, and how” of an attack.
• Each layer uses unique technologies that communicate with each other.
• Threats that penetrate one level can be contained in another. 
• Layered defenses reduce risk by addressing multiple vulnerabilities. 

Explanation: The implementation of this component of defense in depth guarantees that further levels of protection are in place to limit or contain the damage of an assault, even if the threat is successful in penetrating one of the layers of security. This confinement helps to prevent the intruder from moving farther into the system and gaining access to more security. Companies can handle a wide variety of vulnerabilities and attack vectors by putting in place many levels of security controls. These controls include firewalls, intrusion detection systems, access restrictions, encryption, and other similar measures. Since attackers are required to overcome many hurdles to compromise the system, this strategy lowers the total chance of an offensive assault being successful.

Q: An organization’s firewall is configured to allow traffic only from authorized IP addresses. Which layer of the defense in depth model is the firewall associated with?

• Endpoint
• Network
• Data
• Application

Explanation: The network infrastructure itself is the primary target of this layer's protection efforts. Network security devices known as firewalls are responsible for controlling and monitoring network traffic coming into and going out of a network based on a set of established security rules. To properly filter and limit access to the network, the firewall can accept traffic only from approved IP addresses. This results in an increase in the level of network security.

Q: Which of the following are criteria that a vulnerability must meet to qualify for a CVE® ID? Select all that apply.

• It must be independent of other issues. (CORRECT)
• It must pose a financial risk.
• It must be submitted with supporting evidence. 
• It must be recognized as a potential security risk. 
• It can only affect one codebase.

Explanation: For a vulnerability to be eligible for a CVE® ID, it is not necessary for the vulnerability to be recognized as a possible security issue or to constitute a financial risk. In addition, vulnerabilities might have an impact on many codebases, which means that they are not restricted to having an impact on each and every codebase.

Q: A security team is preparing new workstations that will be installed in an office.

Which vulnerability management steps should they take to prepare these workstations? Select three answers.

• Consider who will be using each computer. 
• Configure the company firewall to allow network access. 
• Download the latest patches and updates for each system.
• Install a suite of collaboration tools on each workstation.

Explanation: When it comes to designing proper security settings and access restrictions, having a solid understanding of user roles and access needs really helps. If you want to reduce the risk of known vulnerabilities, you should make sure that the operating system and all of the applications that you have installed are up to date with the most recent security patches and updates. Make adjustments to the settings of the firewall to manage and secure network access under the rules and needs of the company.

Q: What are the two types of attack surfaces that security professionals defend? Select two answers.

• Intellectual property
• Brand reputation
• Digital 
• Physical 

Explanation: When we talk about cyber dangers, we are referring to all of the digital assets, networks, systems, software, and data that are susceptible to harm. The protection of physical assets, such as buildings, hardware devices, and infrastructure, from physical threats and unlawful entry is a part of this process.

Q: An online newspaper suffered a data breach. The attackers exploited a vulnerability in the login form of their website. The attackers were able to access the newspaper’s user database, which did not encrypt personally identifiable information (PII).

• What attack vectors did the malicious hackers use to steal user information? Select two answers.
• The online login form 
• The user database
• The newspaper’s website 
• The unencrypted PII

Explanation: To obtain unauthorized access to the website, attackers took advantage of a vulnerability that was present in the login form. Following their successful exploitation of the login form vulnerability, attackers were able to get access to the unencrypted personally identifiable information (PII) that was contained in the user database once they had gained access to the system.

Q: A security team is performing a vulnerability assessment on a banking app that is about to be released. Their objective is to identify the tools and methods that an attacker might use.

• Which steps of an attacker mindset should the team perform to figure this out? Select three answers.
• Determine how the target can be accessed. 
• Evaluate attack vectors that can be exploited. 
• Identify a target. 
• Consider potential threat actors.

Explanation: It is necessary to have an awareness of the entry points or interfaces that an adversary may use to attempt to obtain access to the banking application. These may include web interfaces, application programming interfaces (APIs), or mobile app endpoints. When doing an assessment of possible attack vectors, it is necessary to determine the various techniques or paths that attackers may use to exploit vulnerabilities in the banking application. These vulnerabilities could include SQL injection, cross-site scripting (XSS), or authentication bypass by the attacker. By gaining an understanding of potential threat actors, it is possible to better anticipate the various capabilities, resources, and motives that attackers may deploy to target the banking application. In this context, it is important to take into account a wide range of potential adversaries, including hacktivists, cybercriminals, and insider threats.

Q: Consider the following scenario:

You are working as a security professional for a school district. An application developer with the school district created an app that connects students to educational resources. You’ve been assigned to evaluate the security of the app.

Using an attacker mindset, which of the following steps would you take to evaluate the application? Select two answers.

• Evaluate how the app handles user data.
• Identify the types of users who will interact with the app. 
• Ensure the app’s login form works.
• Integrate the app with existing educational resources.

Explanation: To detect possible vulnerabilities connected to data security, it is essential to evaluate how the application stores, processes, and safeguards user data. By gaining an understanding of the various user roles and the access rights associated with them, one may more accurately evaluate the possible attack surfaces and the consequences of any compromised accounts.

Q: What phase comes after identifying a target when practicing an attacker mindset?

• Evaluate the target’s attack vectors.
• Determine how the target can be accessed. (CORRECT)
• Find the tools and methods of attack.
• Prepare defenses against threats.

Explanation: During this stage, it is necessary to determine the entry points, interfaces, or vulnerabilities via which an adversary may obtain access to the system or application that is the target of the attack.

Q: A hotel chain has outdated WiFi routers in their guest rooms. An attacker hacked into the devices and stole sensitive information from several guests.

The outdated WiFi router is an example of what?

• A threat
• An exploit
• A vulnerability 
• An access control

Explanation: An attacker may be able to exploit a vulnerability in a system or its design to compromise the integrity, availability, or confidentiality of that system. A vulnerability is a flaw in a system or its design. In this particular instance, the obsolete WiFi routers include loopholes or vulnerabilities in their security, which the attacker exploited to get unauthorized access to sensitive information belonging to hotel visitors.

Q: Fill in the blank: According to the CVE® list, a vulnerability with a score of _____ or above is considered to be a critical risk to company assets that should be addressed right away.

• 11
• 1
• 4
• 9 

Explanation: According to the Common Vulnerability Scoring System (CVSS), a vulnerability that has a score of nine or more is regarded to be a serious risk that has to be fixed as soon as possible.