Domain 2: Threats, Vulnerabilities & Mitigations
15 questions · Instant feedback · 22% of the exam
A security analyst is investigating a malware infection on multiple workstations. The malware was automatically executed when users opened an email attachment. Which of the following would have BEST prevented this infection?
Security awareness training educates users about the risks of phishing and malicious email attachments, helping to prevent them from inadvertently executing malware.
Which of the following is the first step to secure a newly deployed server?
Updating software immediately ensures known vulnerabilities are patched before attackers can exploit them. It forms the foundation for further hardening, such as port lockdown or access controls.
A company's gate access logs show multiple entries from an employee's ID badge within a two-minute period. Which of the following is this an example of?
RFID cloning involves copying the information from an employee's badge and using it to gain unauthorized access.
After a security awareness training session, a user called the IT help desk and reported a suspicious call. The caller claimed to be the CFO and requested credit card information to close an invoice. Which of the following topics did the user recognize from the training?
The caller attempted to trick the employee into revealing sensitive information by pretending to be an executive, which is a form of social engineering. Since the attack occurred via a phone call rather than email, it is not phishing, but a social engineering tactic.
A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company’s reliance on open-source libraries?
Zero-day vulnerabilities in third-party open-source components have no available patches at discovery, making them exceptionally hard to remediate until maintainers release fixes. Dependence on external libraries delays mitigation.
An attacker overwrites a field while the system is updating to be able to access the system before the update is completed. What type of vulnerability is this?
A race condition occurs when multiple processes or threads access shared resources concurrently and the outcome depends on the sequence or timing of the access. In this case, the attacker exploits the timing of the system update to overwrite a field before it is completed, leading to unauthorized access.
While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?
An insider threat is likely responsible since ARP poisoning is often performed by someone with access to the internal network.
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?
Ransomware is a type of malware that encrypts the victim's files and demands a ransom for the decryption key. The .ryk extension is associated with a ransomware variant called Ryuk, which targets large organizations and demands high ransoms.
Which of the following threat actors is most likely to seek financial gain through the use of ransomware attacks?
Organized crime groups often use ransomware to extort money from victims.
Which of the following threat actors would most likely deface the website of a high-profile music group?
Unskilled attackers, often called script kiddies, deface websites for notoriety without deep resources or strategic motives. They exploit public vulnerabilities to alter site content rather than pursue data theft.
Which of the following is a use of CVSS?
The Common Vulnerability Scoring System (CVSS) assigns numeric severity scores to vulnerabilities. Organizations use these scores to rank and prioritize remediation efforts.
A company experiences a breach. The investigation reveals that the threat actor used a zero-day vulnerability to gain access and move laterally. Which of the following would best improve the company’s security posture and minimize the time to detect this type of incident?
User Behavior Analytics (UBA) detects anomalies in user activity patterns, enabling rapid identification of unusual lateral movements typical of zero-day exploits. By alerting on deviations from normal behavior, it shortens detection time and containment.
Which of the following is a use of CVSS?
CVSS (Common Vulnerability Scoring System) is used to prioritize vulnerabilities based on their severity and the potential impact they pose.
Logs show a user-agent of \`\${/bin/sh/id}\` in an HTTP request. Which mitigation is best?
Input sanitization removes or encodes special characters and dangerous payloads before processing requests. This prevents command injection by ensuring that untrusted input cannot be interpreted as executable code.
Which of the following is a risk of running a vulnerability scan?
The primary risk of running a vulnerability scan is false positives, where the scan flags issues that are not actual vulnerabilities. This can lead to wasted effort and resources in investigating non-problems.
Quiz Complete!
Domain 2: Threats, Vulnerabilities & Mitigations