Security

informations

Ralph, a professional hacker, targeted Jane , who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane’s company using this opportunity and gathered sensitive informations by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on Jane?

Ralph, a professional hacker, targeted Jane , who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane’s company using this opportunity and gathered sensitive informations by scanning terminals for passwords, searching for important documents …

Ralph, a professional hacker, targeted Jane , who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane’s company using this opportunity and gathered sensitive informations by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on Jane? Read More »

whitelisting

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting?

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non – whitelisting programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Option 1 : Phishing malware Option 2 : File-less malware …

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Read More »

medical

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob’s boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob’s boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated? Option 1: ISO 2002 Option 2 : HIPPA/PHI Option 3 : PII Option 4 …

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob’s boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated? Read More »

vendors

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes?

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes? Option 1 : Vendors risk management Option 2 : Patch management Option 3 : Secure development lifecycle Option 4 : Security awareness training …

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes? Read More »

cloud service

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provide. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provide. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario? Option 1 : Cloud auditor Option 2 : Cloud …

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provide. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario? Read More »

configuration

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin? Option 1 …

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin? Read More »

scan

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Option 1 : Credential assessment Option 2 : Internal assessment Option 3 : External assessment Option 4 : …

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Read More »

There have been concerns in your network that the wireless network components is not sufficiently secure. You perform a vulnerabilities scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used?

There have been concerns in your network that the wireless network components is not sufficiently secure. You perform a vulnerabilities scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used? Option 1 : WPA Option 2 : WEP Option 3 : RADIUS Option 4 : WPA3 1. WPA Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), …

There have been concerns in your network that the wireless network components is not sufficiently secure. You perform a vulnerabilities scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used? Read More »

law

Widespread fraud at Enron, Worldcom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This is known by what acronym?

Widespread fraud at Enron, Worldcom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This is known by what acronym? Option 1 : HIPPA Option 2 : SOX Option 3 : PCIDSS Option 4 : FedRAMP 1. HIPPA The Standards for Privacy of …

Widespread fraud at Enron, Worldcom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This is known by what acronym? Read More »

Virtualization overview (1)

Virtualization Overview on Incident Response and Handling

Despite being an idea that was born fifty years ago, virtualization has advanced and may satisfy complex applications currently being developed. half all servers run on Virtual Machines (VMs), and therefore the IDC predicts that on the brink of 70% of entire computer workloads will run on VMs by 2024. As virtualization components increase and therefore the virtualized environment expands, the most concern becomes the way to maintain safe levels of security and integrity of …

Virtualization Overview on Incident Response and Handling Read More »