SECURITY+ Module 1

1. Your manager, Wayne, is concerned about malicious users who might compromise servers and remain undetected for a period of time. What type of threat is Wayne concerned about?
2. Which type of malicious users or groups attempt to promote a political or ideological view?
3. Your organization has begun quarterly lunch-and-learn sessions to educate employees about current scams and computer security threats to increase their awareness and help prevent security issues such as data leaks. To which of the following items does this initiative best apply?
4. You have enabled firewall rules to allow only HTTPS connections to a web server that resides in your company’s server room. The company’s web site stores sensitive customer data in a backend database stored on the same host. Which types of potential security problems do company IT technicians present in this scenario? (Choose two.)
5. Your organization has deployed mission-critical applications to a public cloud service provider (CSP) platform. The CSP recently disclosed a security flaw in the underlying network switches that was exploited by malicious users. The network switches were missing a firmware update that addressed security vulnerabilities. From your organization’s perspective, what is the source of this security issue?
6. You are reviewing network analysis reports for signs that could suggest malicious activity. What are you looking for?
7. Your organization collects, processes, and stores EU customer data. As a result, a Data Privacy Officer (DPO) role has been established to ensure regulatory compliance. To which European digital privacy legislation does this role apply?
8. Which of the following are normally considered potential insider threats? (Choose two.)
9. Which type of hacker may discover and exploit vulnerabilities, yet lacks malicious intent?
10. Which type of hacker has malicious intent and attempts to discover and exploit vulnerabilities?
11. Which type of active security testing attempts to exploit discovered vulnerabilities?
12. Which phrase best encompasses the mapping out of specific malicious user activity from beginning to end?
13. You are inspecting a user’s system after she has complained about slow Internet speeds. After analyzing the system, you notice that the default gateway in the ARP cache is referencing an unknown MAC address. What type of attack has occurred?
14.  You want to implement a security control that limits tailgating in a high-security environment. Which of the following protective controls would you use?
15. Which of the following descriptions best describes a buffer overflow attack?
16. You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1--”. Which of the following describes what is happening?
17. A user on your network receives an e-mail from the bank stating that there has been a security incident at the bank. The e-mail asks the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?
18. What type of attack involves the attacker modifying the source IP address of the packet?
19. Which of the following files might an attacker modify after gaining access to your system in order to achieve DNS redirection?
20.  What type of attack involves the attacker sending too much data to a service or application that typically results in the attacker gaining administrative access to the system?
21. Which of the following methods could be used to prevent ARP poisoning on the network? (Choose two.)
22. As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your systems?
23. Which of the following is the term for a domain name that is registered and deleted repeatedly so that the registrant can avoid paying for the domain name?
24.  You receive many calls from customers stating that your web site seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requests on that web server at a high rate. What type of attack is occurring?
25. What type of attack is a smurf attack?

Your manager has ensured that a policy is implemented that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?


What type of attack involves the attacker inserting a client-side script into the web page?


Your manager has read about SQL injection attacks and is wondering what can be done to protect against them for applications that were developed in-house. What would you recommend?


An attacker sitting in an Internet café ARP poisons everyone connected to the wireless network so that all traffic passes through the attacker’s laptop before she routes the traffic to the Internet. What type of attack is this?


Which of the following best describes a zero-day attack?


Your manager has requested that the combo padlocks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social-engineering attack is your manager hoping to avoid with this change?


Your manager has been hearing a lot about social-engineering attacks and wonders why such attacks are so effective. Which of the following identifies reasons why the attacks are so successful? (Choose three.)


A user calls and asks you to send sensitive documents immediately because a salesperson needs them to close a multimillion-dollar deal and the salesperson’s files are corrupted. She demands you do this immediately, or she’ll have you fired. What form of social engineering is this?


An attacker tricks a user into clicking a malicious link that causes an unwanted action on a web site the user is currently authenticated to. What type of exploit is this?


Your server is being flooded with DNS lookup requests, which is causing the server to be unavailable for legitimate clients. What sort of general attack is this?


James is a software developer for a high-tech company. He creates a program that connects to a chat room and waits to receive commands that will gather personal user information. James embeds this program into an AVI file for a current popular movie and shares this file on a P2P file-sharing network. Once James’s program is activated as people download and watch the movie, what will be created?


A user reports USB keyboard problems. You check the back of the computer to ensure that the keyboard is properly connected and notice a small connector between the keyboard and the computer USB port. After investigating, you learn that this piece of hardware captures everything a user types in. What type of hardware is this?


What is the difference between a rootkit and privilege escalation?


Which of the following are true regarding backdoors? (Choose two.)


You have discovered that a driver’s license was mistakenly left on a scanner that was remotely compromised by a malicious user who scanned the document and used it to secure a bank loan. Further investigation reveals that the attacker identified vulnerabilities in the unpatched web application component built into the multifunction printer, which was revealed through web app error messages. Which terms best describe the nature of this attack? (Choose two.)


You have been tasked with hardening Wi-Fi networks in your office building. You plan on seeking potential Wi-Fi vulnerabilities. What should you look for? (Choose two.)


 Botnets can be used to set what type of coordinated attack in motion?


The Michelangelo virus was said to be triggered to overwrite the first 100 hard disk sectors with null data each year on March 6, the date of the Italian artist’s birthday. What type of virus is Michelangelo?


While attempting to access documents in a folder on your computer, you notice all of your files have been replaced with what appear to be random filenames. In addition, you notice a single text document containing payment instructions that will result in the decryption of your files. What type of malicious software is described in this scenario?


What should be done to help mitigate the threat of ransomware? (Choose two.)


After reviewing perimeter firewall logs, you notice a recent change in activity, where internal stations are now connecting to the same unknown external IP address periodically. You are suspicious of this network traffic. Which explanation is the most likely to be correct?


 A user complains that his system has suddenly become unresponsive and ads for various products and services are popping up on the screen and cannot be closed. Which user actions could have led to this undesirable behavior? (Choose all that apply.)


 A server at your place of work has had all of its files encrypted after an attacker compromised a device on the network. Which attack has taken place?


After installing a new piece of software from an online web site and then reviewing system logs, you notice that programs have been running without your consent. You also realize that files have been added and removed to the system at times when you were not using the computer. Which of the following items was most likely used to result in these logged messages?


The Stuxnet attack’s primary function is to hide its presence while reprogramming industrial computer systems such as programmable logic controllers (PLCs) within a SCADA IDS environment. The malware was spread through USB flash drives, where it transmits copies of itself to other hosts. To which of the following does Stuxnet relate? (Choose two.)


Leave a comment