Security Testing & Exploits
A financial institution hires ethical hackers to test its security without revealing any system details. The testers rely on publicly available information to attempt unauthorized access. What type of security testing is being performed?
What is Black box testing
A security operations team wants up-to-date alerts on emerging cyber threats, including indicators of compromise and attack patterns. They subscribe to a regularly updated cybersecurity resource. What type of intelligence source are they using?
What is Threat Intelligence feed
A company transitions to a new encryption model that ensures data is unreadable unless decrypted by an authorized user with a private key. What security technique is the company using?
What is Encryption
A company installs fingerprint scanners at server room entrances to ensure only authorized personnel can access sensitive equipment. What security measure is being implemented?
A web application allows users to input HTML into its comment section, leading to attackers embedding malicious scripts that run when other users view the comments. What type of vulnerability is this?
What is Cross-site scripting (XSS)
A developer accidentally allows user input to modify a database query directly, exposing sensitive data. Attackers exploit this flaw by injecting malicious SQL commands. What kind of vulnerability is being exploited?
What is SQL Injection
A company reviewing its security logs notices thousands of alerts about blocked login attempts, but closer inspection reveals that most come from legitimate employees forgetting their passwords. What type of error has occurred in the system's detection?
What is False Positive
A company requires employees to authenticate using multiple verification methods, including a password and a biometric scan, before accessing sensitive data. What security technique is being employed?
What is Multi-Factor Authentication (MFA)
A security expert warns that a facility’s surveillance system is vulnerable because camera feeds can be intercepted and modified by an external hacker. What type of attack is the security expert concerned about?
What is Man-in-the-middle attack
A cloud service provider fails to isolate customer environments properly, leading to a situation where one tenant can access another’s stored data. What security flaw has occurred?
What is Multi-tenant data leakage
A penetration tester notices that an application checks a file’s access permissions but fails to validate them again when executing the file. An attacker replaces the file between these steps to gain unauthorized privileges. What type of vulnerability is this?
A malware analyst explores dark web marketplaces and hacker forums to collect intelligence on newly developed ransomware strains before they spread widely. What type of cybersecurity monitoring are they conducting?
What is Dark Web Monitoring
A company restricts access to its data center by requiring employees to scan their fingerprints before entering secured areas. What authentication method is being used?
What is Biometric Authentication
An enterprise security team labels and tracks all IT assets, keeping detailed records to ensure proper inventory management and prevent unauthorized use.
What is this process called?
What is Asset Management
A cybersecurity team discovers that employees are using personal cloud storage to transfer company files, bypassing official security controls. The IT department intervenes by enforcing strict device management policies. What kind of security risk is being mitigated?
What is Shadow IT
An online banking system crashes when a malicious user inputs an extremely large string of characters into a password field. Further investigation reveals that the system attempted to store more data than its allocated memory space could handle. What type of attack caused the crash?
A hospital’s cybersecurity team receives no alerts from their intrusion detection system but later discovers an attacker has been exfiltrating patient records unnoticed for weeks. What type of detection failure occurred?
What is False Negative
A military facility is protected by multi-layered security, including guard patrols, surveillance cameras, and perimeter fencing. Each measure complements the others, making infiltration extremely difficult. What security concept is being applied?
What is Defense in Depth
A company ensures uninterrupted access to its database by setting up multiple failover servers in different locations. If one server fails, another automatically takes over. What strategy is being used?
What is Redundancy
A large e-commerce website ensures high availability by deploying multiple web servers that can take over in case one fails, preventing downtime for customers. What type of redundancy strategy is being used?
What is Load Balancing
A security firm needs to test a cloud provider’s defenses but also wants insight into backend architecture and configurations. They request limited system documentation before starting their testing. What type of security testing are they performing?
What is Gray box testing
A security analyst inspects log files from a breached system and notices a pattern where an attacker modified timestamps to hide their activity. What process is the analyst performing?
What is Log Review
A retail company wants to prevent unauthorized users from accessing customer databases. Instead of simply encrypting files, they also scramble data so that even if stolen, it remains unusable. What technique enhances security beyond encryption?
What is Data Masking
An organization implements a firewall policy blocking all traffic except that from explicitly approved sources.
What network security principle does this follow?
What is Default Deny
A data center houses multiple synchronized database servers so that if one server crashes, another seamlessly continues operations without data loss.
What type of clustering is being implemented?
What is High-availability clustering