2.4.5 Section Quiz

pdf

School

Eastern Gateway Community College *

*We aren’t endorsed by this school

Course

NET232

Subject

Information Systems

Date

Feb 20, 2024

Type

pdf

Pages

5

Uploaded by AmbassadorDiscovery11913

Report
10/15/23, 11:23 AM TestOut LabSim https://labsimapp.testout.com/v6_0_573/exam-engine.html/5ff6c70b-9734-407f-b46b-a79656264411/exam-session/31151705/68ec89c7-1976-4bbb-8… 1/5 Score: 100% Passing Score: 80% Question 1: Correct Every ACME computer comes with the same account created at the factory. Which kind of vulnerability is this? Weak passwords Misconfigurations Backdoor Default accounts and passwords Explanation The factory account is considered a default account and would be a well-known default password. This is not a backdoor, as it is not hard-coded. This is not a misconfiguration because it is the factory default setting. Although the password is weak because it is well-known, a default password could still be considered complex if it meets password complexity requirements. References 2.4.1 Vulnerability Concerns 2.4.2 Vulnerability Concerns Facts 2.4.3 Impact of Vulnerabilities 2.4.4 Impact of Vulnerabilities Facts 4.2.2 Hardening Facts 4.4.1 Linux Host Security 4.4.2 Removing Unnecessary Services 4.4.4 Configure iptables 4.4.5 Configure iptables Facts 8.3.1 Wireless Security 8.3.2 Wireless Security Facts q_vuln_default_secp7.question.fex Question 2: Correct In healthcare, regulations often dictate that important systems remain unpatched to maintain compliance. Which kind of vulnerability does this introduce? Misconfigurations Inherent vulnerabilities Weak passwords Application flaws Explanation INDIVIDUAL RESPONSES OBJECTIVE ANALYSIS
10/15/23, 11:23 AM TestOut LabSim https://labsimapp.testout.com/v6_0_573/exam-engine.html/5ff6c70b-9734-407f-b46b-a79656264411/exam-session/31151705/68ec89c7-1976-4bbb-8… 2/5 Important systems may have to be left unpatched to comply with regulations or other constraints. This leads to these systems having inherent vulnerabilities that must be mitigated through other security controls. Weak passwords are passwords that are blank, too short, dictionary words, or overly simple. Application flaws are flaws in the validation and authorization of users. These flaws present the greatest threat to security in transactional applications. The primary cause of misconfiguration is human error. References 2.4.2 Vulnerability Concerns Facts 13.2.3 Analyzing Risks 13.2.4 Analyzing Risks Facts q_vuln_inherent_secp7.question.fex Question 3: Correct Which security control, if not applied, can allow an attacker to bypass other security controls? Principle of least privilege Changing default passwords Updating firmware or software Physical access control Explanation With physical access to a system, many security controls can be circumvented. It is important to secure access to devices. References 2.4.2 Vulnerability Concerns Facts 14.2.1 Control Categories and Types 14.2.2 Control Categories and Types Facts q_vuln_physical_secp7.question.fex Question 4: Correct A user is able to access privileged administrative features with an account that is not granted administrator rights. Which type of vulnerability is this? Weak passwords Backdoor account Stealing administrator credentials Privilege escalation Explanation Privilege escalation allows a user to gain privileges that aren't normally available to that user. A backdoor account vulnerability would imply that the user knew a secret password in addition to their account. Stealing administrator credentials is not privilege escalation because the account used already-granted privileges. Weak passwords would not grant a user more privileges than what the account is configured for. References
10/15/23, 11:23 AM TestOut LabSim https://labsimapp.testout.com/v6_0_573/exam-engine.html/5ff6c70b-9734-407f-b46b-a79656264411/exam-session/31151705/68ec89c7-1976-4bbb-8… 3/5 2.4.2 Vulnerability Concerns Facts 5.9.2 Device Vulnerability Facts 6.1.4 Access Control Best Practices q_vuln_privilege_secp7.question.fex Question 5: Correct The root account has all privileges and no barriers. Which of the following is another name for the root account? User account Backdoor account Default account Superuser account Explanation The root account is also known as the superuser account because it has the privilege to do anything on the system. It is possible that a default account or a backdoor account could have superuser privileges, but these accounts are not inherently root accounts. References 2.4.1 Vulnerability Concerns 2.4.2 Vulnerability Concerns Facts 2.4.3 Impact of Vulnerabilities 2.4.4 Impact of Vulnerabilities Facts 4.4.2 Removing Unnecessary Services q_vuln_root_secp7.question.fex Question 6: Correct A wireless access point configured to use Wired Equivalent Privacy (WEP) is an example of which kind of vulnerability? Default settings Unpatched software Weak security configurations Zero-day exploit Explanation Configuring a wireless access point with WEP would be considered a weak security configuration because WEP has been shown to be insecure. WEP is not a zero-day exploit because it is known to be a vulnerability. WEP is not a default setting on modern wireless access points and cannot be patched to become secure, so it is not an example of unpatched software. References 2.4.2 Vulnerability Concerns Facts q_vuln_weak_secp7.question.fex Question 7: Correct
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
10/15/23, 11:23 AM TestOut LabSim https://labsimapp.testout.com/v6_0_573/exam-engine.html/5ff6c70b-9734-407f-b46b-a79656264411/exam-session/31151705/68ec89c7-1976-4bbb-8… 4/5 Sometimes, an attacker's goal is to prevent access to a system rather than to gain access. This form of attack is often called a denial- of-service attack and causes which impact? Data loss Availability loss Data exfiltration Identity theft Explanation Denial-of-service (DoS) attacks intend to create availability loss to an important service. An example would be a botnet being used to exhaust the resources of a web server in order to deny access to the websites that it hosts. Data loss, data exfiltration, and identity theft are not the main purposes of denial-of-service attacks. References 2.4.1 Vulnerability Concerns 2.4.2 Vulnerability Concerns Facts 2.4.3 Impact of Vulnerabilities 2.4.4 Impact of Vulnerabilities Facts 9.5.3 Cloud Security Controls Facts q_impact_vuln_availabliity_secp7.question.fex Question 8: Correct When confidential or protected data is exposed, either intentionally or accidentally, it is considered to be which of the following? Availability loss Data breach Data exfiltration Data loss Explanation A data breach is when confidential or protected data is exposed. Data loss involves the loss of important data, such as a file being deleted. Data exfiltration could be used during a data breach, but it in itself is not the definition of a data breach. Availability loss would be an attack where the attacker is preventing authorized users from accessing the systems. References 2.4.1 Vulnerability Concerns 2.4.2 Vulnerability Concerns Facts 2.4.3 Impact of Vulnerabilities 2.4.4 Impact of Vulnerabilities Facts q_impact_vuln_breach_secp7.question.fex Question 9: Correct DNS tunneling is a common method that allows an attacker to accomplish which attack? Medical identity theft Data exfiltration
10/15/23, 11:23 AM TestOut LabSim https://labsimapp.testout.com/v6_0_573/exam-engine.html/5ff6c70b-9734-407f-b46b-a79656264411/exam-session/31151705/68ec89c7-1976-4bbb-8… 5/5 Availability loss Data loss Explanation A common tactic attackers use for data exfiltration is DNS tunneling. DNS tunneling is a method that allows an attacker to hide data being sent to an outside host by disguising it as DNS traffic on UDP port 53. Because DNS is critical to most network operations, it is generally not blocked on the firewall. The other answers are not directly associated with DNS tunneling. References 2.4.1 Vulnerability Concerns 2.4.2 Vulnerability Concerns Facts 2.4.3 Impact of Vulnerabilities 2.4.4 Impact of Vulnerabilities Facts q_impact_vuln_exfiltration_secp7.question.fex Question 10: Correct Which impact of vulnerabilities occurs when an attacker uses information gained from a data breach to commit fraud by doing things like opening new accounts with the victim's information? Data exfiltration Identity theft Data loss Availability loss Explanation Identity theft is when an attacker uses data from a victim to commit fraud. Data loss is the loss of files and documents, either accidentally or through malicious acts. Data exfiltration is the transfer of information or files from a computer without authorization. Availability loss is when an attacker performs a malicious act to make a network so busy that the whole system goes down.

Related Documents

5.2.7.pdf
7.1.6.pdf
2.2.6.pdf
IT Security Breaches.docx
QUIZ #1.docx
3.2.5 Section Quiz.pdf
2.1.6 Section Quiz.pdf
2.2.7 Section Quiz.pdf
1.1.4 Section Quiz.pdf
T2 DQ 2.docx
IMb880c16293b1412cb527202dd2dc4e6a.docx
Week 5 Homework Problems.docx