Domain 2: Threats, Vulnerabilities & Mitigations
15 questions · Instant feedback · 22% of the exam
A security analyst receives an alert from a front-end web server connected to a database back end. The alert contains the following logs:\n\n\`\`\`\nSELECT * FROM users WHERE UserID = 1=1;\nSELECT * FROM users WHERE username = 'admin'--' AND password = 'password';\nIF 1=1 THEN dbms_lock.sleep(20) ELSE dbms_lock.sleep(0); END IF;\n\`\`\`\nWhich of the following attacks is occurring?
These log entries reveal SQL commands that have been manipulated to bypass authentication and introduce timing delays, a hallmark of SQL injection. Attackers inject malicious code into queries to extract data or cause the database to behave unexpectedly.
Which of the following are the best methods for hardening end user devices? (Select two)
Full disk encryption ensures that data remains confidential even if the device is lost or stolen. Endpoint protection platforms combine antivirus, anti-malware, and behavior monitoring to stop threats in real time. Together, they provide robust defense at both the data and application layers.
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?
Ransomware is a type of malware that encrypts the victim's files and demands a ransom for the decryption key. The .ryk extension is associated with a ransomware variant called Ryuk, which targets large organizations and demands high ransoms.
A security team receives reports about high latency and complete network unavailability throughout most of the office building. Flow logs from the campus switches show high traffic on TCP 445. Which of the following is most likely the root cause of this incident?
A worm can self-propagate across SMB shares on TCP port 445, causing massive traffic spikes and network outages. The pattern of widespread TCP 445 flows aligns with worm activity rather than amplification or password attacks.
Which of the following is a risk for a company using end-of-life applications on its network?
End-of-life applications no longer receive security patches, leaving known vulnerabilities unaddressed and open to exploitation. Running such software exposes the network to attacks that cannot be mitigated by updates.
An administrator learns that users are receiving large quantities of unsolicited messages. Which of the following best describes this kind of attack?
Phishing involves sending deceptive messages in bulk to trick users into clicking links or providing sensitive information. Unlike watering hole or business email compromise, this attack uses volume and deception through fraudulent emails.
A security analyst needs to ensure that a system update does not introduce new vulnerabilities. Which of the following should be performed before applying the update to production?
Performing a vulnerability scan before applying an update helps identify potential security risks that may be introduced by the update.
A user receives a malicious text message with a link to a fake bank login page. Which of the following attack types does this scenario describe?
Smishing is a type of phishing that uses SMS messages to lure users into clicking malicious links. In this case, the fake bank login page is delivered via text to trick the victim into entering credentials.
A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer's credit card information. The customer sees the caller ID is the same as the company's main phone number. Which of the following attacks is the customer most likely a target of?
Vishing is a form of social engineering that uses phone calls to deceive individuals into providing sensitive information.
A penetration tester, who did not have an access badge, managed to follow a group of employees through multiple badged-access doors and into the data center without being stopped. The tester mentions this finding during the after-action review with the Chief Information Security Officer (CISO). Which of the following issues should the CISO address as a result of this finding?
This scenario highlights an issue with social engineering, where the tester exploited human behavior to gain unauthorized access.
While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?
ARP poisoning requires internal network access, which strongly indicates that the attack was performed by someone inside the organization, such as a student or staff member. This makes 'Insider threat' the most accurate choice, regardless of whether the individual was skilled or unskilled.
A company's gate access logs show multiple entries from an employee's ID badge within a two-minute period. Which of the following is this an example of?
RFID cloning involves copying an RFID tag or badge's signal to gain unauthorized access to restricted areas, which is indicated by multiple entries from the same badge in a short period.
A systems administrator discovers that users are receiving emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?
Phishing involves creating a fake website or email address to impersonate a legitimate entity and deceive users.
Which of the following is the MOST effective control against tailgating?
A mantrap physically prevents tailgating by allowing only one person to enter at a time, making it the most effective control against this type of physical security breach.
Which of the following provides the best protection against unwanted or insecure communications to and from a device?
A host-based firewall provides the best protection against unwanted communications by blocking insecure or unauthorized connections.
Quiz Complete!
Domain 2: Threats, Vulnerabilities & Mitigations