physical
threats & security
threats & security
A data center must enhance its security measures to prevent unauthorized access to its facility. The center are considering different methods to achieve this goal.
What should the data center implement first to ensure a strong physical barrier against intrusions?
Fencing
Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?
OSINT
What is the MOST common form of host-based IDS that employs signature or pattern-matching detection methods?
Antivirus software
A threat actor has successfully breached a company's network and has installed malicious code on a compromised host. The threat actor is now operating the compromised host remotely and maintaining access to it over a period of time. The threat actor's activity is disguised as part of the network's regular traffic.
Detection of this type of activity usually depends on identifying anomalous connection endpoints.
Which stage of the cyberattack lifecycle does this scenario represent?
Command and Control
You want to check a server for user accounts that have weak passwords.
What tool should you use?
John the Ripper
You want to use CCTV to increase your physical security, and you want the ability to remotely control the camera position.
What camera type should you choose?
PTZ
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches.
What tool should you use?
Nessus
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.
What solution should you implement?
Host-based IDS
A company CEO is upset after receiving a call from a reporter at a local news station that the company is apparently at a launching point for a massive attack. The reporter provided detailed IP logs, and the network team reviewed them but could not find similar entries.
What could be a possible explanation for the different records?
DNS poisoning
A hacker successfully exfiltrates a database of user passwords and attempts to gain access to it as the
hacker can now go around the authentication system.
What type of attack has the hacker achieved?
Offline
A security manager decides to enhance the physical security of a warehouse storing high-value tech equipment by installing a deterrent at the perimeter to prevent vehicle-based attacks.
What security measure would be the MOST suitable for this purpose?
Bollards
As a cybersecurity analyst, you are tasked with performing active reconnaissance on a potential client's network to identify vulnerabilities. You have already completed the passive reconnaissance phase.
What following steps would you take next, and why?
Begin with port scanning to identify open ports and the services running on them.
Which of the following describes a false positive when using an IPS device?
Legitimate traffic being flagged as malicious.
A major online retail company has recently been experiencing intermittent downtime of its website. Network analysts observe a massive influx of traffic from multiple sources to the server. However, the traffic seems redirected from other systems.
What type of attack is the company likely experiencing?
Distributed denial-of-service (DDoS)
Carl receives a phone call from a woman who states she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password.
What non-technical password attack has occurred?
Social engineering
If a fingerprint or retina scan is required to open a secured door, which kind of physical security has been implemented?
Biometric locks
You need to check network connectivity from your computer to a remote computer.
What tools would be the BEST option to use?
ping
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
A threat actor has successfully manipulated a client's DNS cache, causing the client to resolve domain names to incorrect IP addresses controlled by the threat actor. This allows the threat actor to redirect the client's network traffic to malicious websites.
Which type of attack does this scenario represent?
Client cache poisoning
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it.
What non-technical password attacks have you enabled?
Dumpster diving
To increase the physical security of a secured location, an organization deploys motion detection sensors throughout the grounds and building.
What type of sensor uses this technology?
Infrared sensor
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram.
What tool should you use?
Network mapper
You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections.
What type of device should you use?
Anomaly-based IDS
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?
ARP poisoning
You are using a password attack that tests every possible keystroke for every single key in a password until the correct one is found.
What technical password attacks are you using?
Brute force attack