Module 4: Threats to Asset Security

Q: Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.

  • establish trust 
  • distribute malicious email
  • perform open-box testing
  • obtain access credentials
Explanation: Preparation, carrying out the assault, using various methods of persuasion, and distancing oneself from the victim are the four steps that comprise a social engineering attack.

Q: What is the main difference between a vishing attack and a smishing attack?

  • Vishing is used to target executives at an organization.
  • Vishing involves a widespread email campaign to steal information.
  • Vishing makes use of voice calls to trick targets. 
  • Vishing exploits social media posts to identify targets.
Explanation: Vishing is an abbreviation for "voice phishing," which refers to the practice of utilizing phone calls (often automated or via a human imposter) to trick targets into divulging sensitive information or doing activities that they would not have done otherwise. Smishing, which is an abbreviation for "SMS phishing," is a kind of cybercrime that involves the use of text messages (SMS) or other messaging platforms to trick intended victims into downloading malware, clicking on harmful links, or exposing personal information.

Q: Fill in the blank: The main difference between a worm and a virus is that a worm can _____.

  • operate without the target’s knowledge
  • take control of an infected system by encrypting its data
  • be delivered inside of a legitimate-looking application
  • replicate itself across devices without requiring users to perform an action 

Explanation: The primary distinction between a virus and a worm is that a worm is capable of replicating itself across several machines without the need for users to take any action.

Q: Which type of malware requires the user to make a payment to the attacker to regain access to their device?

  • Brute force attacks
  • Cryptojacking
  • Botnets
  • Ransomware 
Explanation: The form of malicious software known as ransomware is the kind of malware that compels the user to pay a fee to the attacker to recover access to their device. Ransomware is a kind of malicious software that encrypts the files of the victim or locks their system and then, in return for the decryption key or to restore access to the afflicted equipment or data, demands payment (often in cryptocurrency).

Q: Fill in the blank: Cryptojacking is a type of malware that uses someone’s device to _____ cryptocurrencies.

  • collect
  • mine 
  • earn
  • invest
Explanation: Utilizing the computer resources (such as CPU and GPU cycles) of a victim's device illegally to mine cryptocurrencies such as Bitcoin, Monero, or Ethereum is an example of cryptojacking. This activity is carried out covertly, without the user's agreement or awareness, which results in an increase in the amount of power used and may also result in a decrease in the device's functionality.

Q: What is malicious code that is inserted into a vulnerable application called?

  • Social engineering
  • Input validation
  • Injection attack 
  • Cryptojacking
Explanation: Injection attacks include inserting malicious code (such as SQL instructions, JavaScript, or other executable code) into an application by way of input fields or other parts of the program that are susceptible to attack. As a result of this form of attack, which takes advantage of deficient input validation or inappropriate processing of user-supplied data by the program, attackers can carry out unauthorized instructions or activities on the system.

Q: An attacker sends a malicious link to subscribers of a sports news site. If someone clicks the link, a malicious script is sent to the site’s server and activated during the server’s response.

  • This is an example of what type of injection attack?
  • Stored
  • DOM-based
  • SQL injection
  • Reflected
Explanation: In contrast to stored injection attacks, this kind of attack does not remain on the server, nor does it interact with the Document Object Model (DOM) of the web page, as is the case with DOM-based assaults. Rather than that, it is a reflected injection attack since it is based on reflecting the malicious payload back to the user in a form that looks to be normal.

Q: What are the reasons that an attacker would perform a SQL injection attack? Select three answers.

  • To send phishing messages to users in a database
  • To delete entire tables in a database 
  • To steal the access credentials of users in a database 
  • To gain administrative rights to a database 
Explanation: To interrupt operations or cause data loss, attackers may try to execute SQL queries that remove or change data inside the database. This may include deleting whole tables. By inserting fraudulent SQL queries, attackers can acquire usernames, passwords, and other sensitive information that is stored in the database. This information may then be utilized for other attacks or for illegal access. An attacker may get administrator or root-level access to the database server via the use of SQL injection, which offers them significant control over the database and perhaps the whole system. SQL injection can be used to escalate privileges, which allows attackers to achieve elevated rights.

Q: What are some key benefits of the threat modeling process? Select all that apply.

  • Identify points of failure 
  • Help prioritize threats 
  • Reduce an attack surface 
  • Remediate all vulnerabilities
Explanation: The process of threat modeling assists in identifying flaws or vulnerabilities in the design or architecture of a system that adversaries may be able to take advantage of. Because of this, businesses can prioritize threats according to the possible effect and probability of such threats, which enables them to concentrate their efforts on mitigating the most significant risks first. It is possible for threat modeling to assist in lowering the total attack surface of a system by assisting in the knowledge and resolution of vulnerabilities at an earlier stage in the development lifecycle.

Q: A security team is decomposing an application during a PASTA threat model. What information will they discover during this step of the process?

  • The types of threats that can be used to compromise data
  • Which data owners are compromising the organization
  • The vulnerabilities that have been reported to the CVE® list
  • How the application handles data and which controls are in place 
Explanation: During the deconstruction phase, the major emphasis is on understanding the architecture of the application, including its components, data flows, and the security controls that are already in place. Threat modeling entails identifying possible threats and vulnerabilities. In the following phases of the threat modeling process, this knowledge will serve as the foundation for identifying possible threats and hazards. Because of this, the answer that is most pertinent to the question of what information they will uncover during this stage is how the program manages data and the controls that are in place.

Q: Which of the following could be examples of social engineering attacks? Select three answers.

  • An email urgently asking you to send money to help a friend who is stuck in a foreign country
  • A pop-up advertisement promising a large cash reward in return for sensitive information 
  • An unfamiliar employee asking you to hold the door open to a restricted area
  • A lost record of important customer information
Explanation: As an illustration of a social engineering assault known as "phishing," in which the perpetrators pretend to be someone the victim knows and trusts to trick the victim into performing an action (in this instance, transferring money), this is this example. Using deception to trick others into divulging sensitive information in return for a reward that is very improbable to be genuine is an example of a social engineering assault. This particular attack includes the use of deception. The following is an example of a social engineering assault known as "tailgating" or "piggybacking," in which an adversary gets physical entry to a restricted location by taking advantage of the politeness of authorized individuals.

Q: Fill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.

  • Pretexting
  • Smishing 
  • Vishing
  • Whaling
Explanation: Smishing is a sort of social engineering that operates via the use of text messages (SMS) to trick and manipulate targets into divulging critical information or clicking on dangerous links. Text messaging is a kind of phishing that takes advantage of the instantaneous nature and trustworthiness that are often associated with text messages to deceive victims into exposing personal information or doing activities that endanger their security.

Q: A digital artist receives a free version of professional editing software online that has been infected with malware. After installing the program, their computer begins to freeze and crash repeatedly.

The malware hidden in this editing software is an example of which type of malware?

  • Spyware
  • Adware
  • Scareware
  • Trojan
Explanation: In this particular case, the virus that is concealed inside the editing program is, in fact, an example of a Trojan. Trojans are harmful programs that seem to be legal software or files to deceive users into installing them on their computers with their permission. Following their installation, they are capable of carrying out a variety of malicious actions, including the theft of data, the compromise of system security, and the inability of the computer to function properly, as mentioned in the scenario.

Q: Fill in the blank: A(n) _____ tool can be used by security professionals to catch abnormal activity, like malware mining for cryptocurrency.

  • Intrusion detection system (IDS) 
  • Fileless malware
  • Spyware
  • Attack tree
Explanation: With the use of an Intrusion Detection System (IDS), security experts can monitor network or system activity for malicious activities or policy breaches. This includes the detection of anomalous activities such as the mining of cryptocurrencies by malware. Network intrusion detection systems (IDSs) can examine system logs or network traffic to identify possible threats and notify administrators for further study or action.

Q: A hacktivist group gained access to the website of a utility company. The group bypassed the site’s login page by inserting malicious code that granted them access to customer accounts to clear their debts.

What type of attack did the hacktivist group perform?

  • Quid pro quo
  • Watering hole
  • Injection 
  • Rainbow table
Explanation: To exploit vulnerabilities and gain unauthorized access or manipulate data, injection attacks include introducing malicious code or instructions into a system or application. In this particular instance, the hacktivist group bypassed authentication to gain access to user accounts by inserting malicious code into the website of the utility business, with the login page being the explicit focus of their attack.

Q: Fill in the blank: A _____ cross-site scripting (XSS) attack is an instance when malicious script exists in the webpage a browser loads.

  • Brute force
  • Stored
  • DOM-based 
  • Reflected
Explanation: An instance of malicious script being present on the website that a browser loads is an example of a mirrored cross-site scripting attack, often known as an XSS attack. When a reflected cross-site scripting attack is carried out, the script that has been injected is reflected off the web server. This might have an effect on users who engage with a link or input field that has been maliciously constructed.

Q: During which stage of the PASTA framework is an attack tree created?

  • Vulnerability analysis
  • Threat analysis
  • Decomposing an application
  • Attack modeling 
Explanation: In the PASTA (Process for Attack Simulation and Threat Analysis) paradigm, the creation of an attack tree normally takes place during the attack modeling step. With the use of attack trees, one can model and visualize the many possible attack pathways that an adversary may follow to compromise a system or application. They provide a better understanding of the chain of events and dependencies that might contribute to the effective execution of an attack.

Q: Which of the following are not types of malware? Select two answers.

  • Cross-site scripting 
  • Worm
  • Virus
  • SQL injection 
Explanation: It is possible to insert malicious scripts into online pages that are seen by other users by exploiting a vulnerability known as cross-site scripting (XSS), which is a sort of vulnerability that may be discovered in web applications. The inserting of malicious SQL statements into an input field for the purpose of execution is an example of SQL injection, which is another form of vulnerability that may occur in online applications.

Q: Which of the following are common signs that a computer is infected with cryptojacking software? Select three answers.

  • Unusually high electricity costs 
  • Sudden system crashes 
  • Modified or deleted files
  • Increased CPU usage 
Explanation: To mine bitcoin, cryptojacking software makes use of the processing capacity of the computer, which results in an increase in the amount of CPU utilization. It is possible for cryptojacking to result in increased energy consumption because it might take a considerable amount of CPU power. Since the cryptojacking program makes extensive use of the central processing unit (CPU), the system may face performance difficulties, such as slowdowns or crashes.

Q: Which of the following are areas of a website that are vulnerable to SQL injection? Select two answers.

  • Pop-up advertisements
  • Credit card payment forms 
  • Social media feeds
  • User login pages 
Explanation: SQL injection attacks can take advantage of weaknesses in login forms that do not adequately verify or sanitize user inputs. Through the usage of username and password fields, attackers can insert fraudulent SQL queries, which might result in them getting unauthorized access to the application or database. Websites that accept payments often make use of databases to keep information on all transactions. If these forms are susceptible to SQL injection, attackers can alter queries to gain access to or change sensitive payment data that is in the database.

Q: Which stage of the PASTA framework is related to identifying the application components that must be evaluated?

  • Implement prepared statements
  • Perform a vulnerability analysis
  • Define the technical scope 
  • Characterize the environment
Explanation: The exact components of the application or system that will be included in the process of threat modeling and analysis are identified and defined at this stage of the process. The boundaries are established, and the components of the application that will be reviewed for possible vulnerabilities and threats are the primary focus of the evaluation.

Q: A threat actor tricked a new employee into sharing information about a senior executive over the phone.

  • This is an example of what kind of attack?
  • SQL injection
  • Malware
  • Credential stuffing Social engineering 
Explanation: This situation is a superb example of social engineering in its purest form. Through the use of deception and manipulation, social engineering is the process of coercing others into carrying out certain acts or exposing personal information. When it came to this particular instance, the threat actor used deceit to deceive the new employee into divulging confidential information about a senior executive over the phone.

Q: What is the most common form of social engineering used by attackers?

  • Ransomware
  • Adware
  • Malware
  • Phishing 
Explanation: Attackers often use phishing as their method of social engineering since it is the most popular kind. Sending false communications, often via email or other messaging platforms, that give the impression of coming from a reliable source is what is known as phishing. By tricking users into divulging important information such as login passwords, credit card numbers, or other personal information, or by downloading malware onto their devices by clicking on harmful links or files, the objective is to achieve the desired consequences.

Q: A government contractor is tricked into installing a virus on their workstation that encrypts all their files. The virus displays a message on the workstation telling the contractor that they can have the files decrypted if they make a payment of $31,337 to an email address.

What type of attack is this an example of?

  • Cross-site scripting
  • Ransomware 
  • Brute force attack
  • Scareware
Explanation: As an illustration of a ransomware assault, consider the following situation. A kind of malicious software known as ransomware is a sort of program that encrypts data on a victim's computer or network, making them unavailable to the victim. After that, the attacker will ask for payment, which is often made in cryptocurrency, to decrypt the files and restore access to the victim. It is abundantly evident that a ransomware assault originated from the message that was shown on the workstation of the contractor, which demanded money to unlock the data.

Post a Comment

Previous Post Next Post