A ____ attack usually begins with a Trojan infecting the computer and installing an extension into the browser configuration so that when the browser is launched, the extension is activated.
man-in-the-browser (MITB)
____ is an attack that sends unsolicited messages to Bluetooth-enabled devices.
Bluejacking
Vulnerability scanning involves looking for the presence of a threat by comparing what is scanned against a set of known threats. This approach is ___ because it compares a vulnerability scan against a set of known threat signatures.
signature based
A senior official at an organization is part of a team writing a set of documents that defines the organization's philosophy of how to safeguard its information. Which set of documents are they producing?
Policies
In a _____ attack, the attacker assumes a position in the communication channel between two devices.
man-in-the-middle (MITM)
An ___ is an AP that is set up by an attacker. This AP is designed to mimic an authorized AP, so a user's mobile device will unknowingly connect to this ____ instead.
evil twin
A company has been involved in a three-month project to ensure they do not suffer downtime due to threats that could hamper their operations. They are now ready to test some of the elements in the project. What most likely represents what the company is doing?
developing a BCP
Galina is implementing a series of changes that were ratified by the governance board in the organization where she works. Included in the changes is updating the password policy for all users. Which document is Galina most likely to use when implementing the change?
Procedures
____ is intended to infect an external DNS server with IP addresses that point to malicious sites.
DNS hijacking
You are a cloud sales engineer working with an institution that needs to comply with strict federal regulations to avoid being levied very hefty fines. What type of cloud offering are you most likely to recommend?
community cloud
A data center suffered damage due to a natural disaster. The IT staff is in the process of restoring service, but they need to follow a specific series of steps due to critical dependencies. The content of which document are they most likely to follow?
Disaster Recovery Plan (DRP)
A recent college graduate was hired. Part of the onboarding process includes reading a series of documents. One of the documents states that vulnerability scans conducted after network changes may be performed by internal staff. Which of the following types of documents is the college graduate most likely to be reading?
Standards
A threat actor manages to spoof the MAC address in the cache of a computer with the goal of redirecting traffic. What type of attack is the threat actor launching?
ARP Poisoning
Diana is not very tech savvy but is a marketing genius. She signs a deal with a cloud contractor who will help her set up an online retail store selling rare items. On what type of cloud will her website most likely be hosted?
Public
An ___ should provide clear descriptions of the types and categories of documented incident definitions.
incident response plan
A ____ gives the user guidance and additional information to help conform to more specific requirements.
Guideline
You can use an access control list (ACL) on a router to limit devices on the network from performing IP spoofing by applying ACLs that limit the traffic to known valid local Internet Protocol (IP) addresses.
access control list (ACL)
A company is using resources on a server to host an application in a Software as a Service (SaaS) environment. Which of the following best describes the type of architecture being employed?
Serverless Infrastructure
___ is an incident response testing exercise where the same tests are conducted simultaneously in multiple environments.
Parallel processing
A company wants to implement a security awareness training program that includes sending certain types of emails to help keep track of the extent to which employees are behaving like human firewalls. They also want to rotate the different types of messages based on job description and include links to online games in some of the messages. What type of training should they include?
Phishing simulations