[Security Concepts]
In which form of attack is alternate encoding, such as hexadecimal representation, most often
observed?
C
Explanation:
Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a
user. The data is usually gathered in the form of a hyperlink which contains malicious content within
it. The user will most likely click on this link from another website, instant message, or simply just
reading a web board or email message.
Usually the attacker will encode the malicious portion of the link to the site in HEX (or other
encoding methods) so the request is less suspicious looking to the user when clicked on.
For example the code below is written in hex: <a
href=javascript:alert&#
x28'XSS')>Click Here</a>
is equivalent to:
<a href=javascript:alert('XSS')>Click Here</a>
Note: In the format “&#xhhhh“, hhhh is the code point in hexadecimal form.
[Security Concepts]
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A
Explanation:
SQL injection usually occurs when you ask a user for input, like their username/userid, but the user
gives
(“injects”) you an SQL statement that you will unknowingly run on your database. For example:
Look at the following example, which creates a SELECT statement by adding a variable (txtUserId) to
a select
string. The variable is fetched from user input (getRequestString):
txtUserId = getRequestString(“UserId”);
txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;
If user enter something like this: “100 OR 1=1” then the SzQL statement will look like this:
SELECT * FROM Users WHERE UserId = 100 OR 1=1;
The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE.
A
hacker might get access to all the user names and passwords in this database.
[Security Concepts]
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
B,E
Explanation:
SQL injection attacks are a type of code injection technique that exploit the use of dynamic SQL
queries in web applications. Attackers can inject malicious SQL statements into user input fields, such
as login forms, search boxes, or URLs, and execute them on the underlying database. This can result
in unauthorized access, data theft, data corruption, or denial of service.
To prevent SQL injection attacks, web developers should use the following techniques:
Use prepared statements and parameterized queries: Prepared statements are SQL queries that are
precompiled and executed with user-supplied parameters. Parameterized queries are SQL queries
that use placeholders for user input and bind them to actual values at runtime. Both techniques
separate the SQL code from the user input, making it impossible for attackers to inject SQL
commands into the query. For example, in Java, PreparedStatement is a class that implements
parameterized queries. In PHP, PDO and mysqli are extensions that support prepared statements.
Block SQL code execution in the web application database login: Web applications should use a
dedicated database user account with limited privileges to connect to the database. This account
should only have the permissions necessary to perform the required operations, such as select,
insert, update, or delete. It should not have the permissions to execute arbitrary SQL commands,
such as create, drop, alter, grant, or revoke. This way, even if an attacker manages to inject SQL code
into the query, the database will reject it due to insufficient privileges.
Reference:
[Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 5: Securing the
Cloud, Lesson 5.2: Cloud Application Security, Topic 5.2.2: SQL Injection
SQL Injection Prevention - OWASP Cheat Sheet Series
How to Prevent SQL Injection: 5 Key Prevention Methods - eSecurityPlanet
How to Protect Against SQL Injection Attacks
[Content Security]
Which two endpoint measures are used to minimize the chances of falling victim to phishing and
social
engineering attacks? (Choose two)
D,E
Explanation:
Phishing attacks are the practice of sending fraudulent communications that appear to come from a
reputable
source. It is usually done through email. The goal is to steal sensitive data like credit card and login
information,
or to install malware on the victim’s machine.
[Content Security]
Which two mechanisms are used to control phishing attacks? (Choose two)
A,E
Explanation:
Phishing attacks are a type of social engineering that aim to trick users into revealing their personal
or financial information, or installing malware on their devices. To control phishing attacks, users and
organizations need to implement various preventive and reactive measures, such as:
Enable browser alerts for fraudulent websites. Most modern browsers have built-in features that can
warn users when they visit a website that is suspected of being malicious or impersonating a
legitimate entity. These alerts can help users avoid falling for phishing scams that use fake web pages
to capture their credentials or other sensitive data. For example, Google Chrome has a Safe
Browsing feature that displays a red warning page when users try to access a deceptive site. Users
should always pay attention to these alerts and avoid proceeding to untrusted sites.
Implement email filtering techniques. Email is one of the most common channels for phishing
attacks, as attackers can send spoofed messages that appear to come from trusted sources, such as
banks, government agencies, or colleagues. Email filtering techniques can help block or flag
suspicious emails based on various criteria, such as the sender’s address, the subject line, the
content, or the attachments. For example, Microsoft Outlook has a Junk Email Filter that can move
potential phishing emails to a separate folder or delete them automatically. Users should also be
careful not to open or reply to any unsolicited or unexpected emails, especially those that ask for
personal or financial information, or contain links or attachments.
Other mechanisms that can help control phishing attacks include:
Use strong passwords and enable two-factor authentication. Even if users fall victim to phishing
attacks and reveal their passwords, they can still protect their accounts by using strong and unique
passwords for each service, and enabling two-factor authentication (2FA) whenever possible. 2FA
adds an extra layer of security by requiring users to enter a code or a token that is sent to their phone
or email, or generated by an app, in addition to their password. This way, even if attackers obtain the
password, they cannot access the account without the second factor.
Don’t ignore update messages. Users should always keep their operating systems, browsers, and
applications updated with the latest security patches and fixes. These updates can help prevent
phishing attacks that exploit known vulnerabilities or bugs in the software. Users should also use
antivirus and antispyware software that can detect and remove malware that may be installed by
phishing attacks.
Exercise caution when opening emails or clicking on links. Users should always be skeptical and
vigilant when they receive emails or messages that ask them to take urgent or unusual actions, such
as verifying their account, updating their payment information, or downloading a file. Users should
also check the sender’s address, the spelling and grammar, and the URL of any links before clicking
on them. Users can hover over the link to see the actual destination, or use a link scanner tool, such
as VirusTotal, to check if the link is malicious or not.
Reference :=
1: https://safebrowsing.google.com/ 2: https://support.microsoft.com/en-us/office/overview-of-the-
junk-email-filter-5ae3ea8e-cf41-4fa0-b02a-3b96e21de089 3:
https://www.virustotal.com/gui/home/url
[Security Concepts]
Which two behavioral patterns characterize a ping of death attack? (Choose two)
B,D
Explanation:
Ping of Death (PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash,
destabilize, or freeze the targeted computer or service by sending malformed or oversized packets
using a simple ping command.
A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is
considered,
and 84 including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may
be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping
packet larger than the maximum packet size because it violates the Internet Protocol documented
Like other large but well-formed packets, a ping of death is fragmented into groups of 8 octets before
transmission. However, when the target computer reassembles the malformed packet, a buffer
overflow can occur, causing a system crash and potentially allowing the injection of malicious code.
[Security Concepts]
Which two preventive measures are used to control cross-site scripting? (Choose two)
B,D
Explanation:
Cross-site scripting (XSS) is a web security vulnerability that allows an attacker to inject malicious
code into a web page that is viewed by other users. XSS can compromise the user’s interaction with
the web application, steal sensitive data, perform unauthorized actions, and more. To prevent XSS,
web developers need to apply various defensive techniques to ensure that user-supplied data is not
interpreted as code by the browser. Two of these techniques are:
Incorporate contextual output encoding/escaping: This means that any user-supplied data that is
displayed on the web page should be properly encoded or escaped according to the context where it
appears. For example, if the data is inserted into an HTML attribute, it should be HTML attribute
encoded; if the data is inserted into a JavaScript string, it should be JavaScript string encoded; and so
on. This prevents the data from breaking out of its intended context and being executed as code by
the browser. Output encoding should be done by using a reliable library or framework that supports
different contexts and encodings.
Run untrusted HTML input through an HTML sanitization engine: This means that any user-supplied
data that is intended to contain HTML markup should be filtered and validated by a sanitization
engine that removes or escapes any potentially dangerous elements, attributes, or scripts. This
prevents the attacker from injecting malicious HTML code that can execute scripts, load external
resources, redirect the user, or perform other malicious actions. HTML sanitization should be done by
using a well-tested and maintained library or framework that follows the best practices and
standards for HTML filtering.
Reference :=
[Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 5: Securing the
Cloud, Lesson 5.2: Web Application Security, Topic 5.2.2: Cross-Site Scripting (XSS)
Cross Site Scripting Prevention Cheat Sheet - OWASP
What is cross-site scripting (XSS) and how to prevent it? - Web Security Academy
[Content Security]
What is the difference between deceptive phishing and spear phishing?
B
Explanation:
In deceptive phishing, fraudsters impersonate a legitimate company in an attempt to steal people’s
personal data or login credentials. Those emails frequently use threats and a sense of urgency to
scare users into doing what the attackers want.
Spear phishing is carefully designed to get a single recipient to respond. Criminals select an
individual target within an organization, using social media and other public information – and craft a
fake email tailored for that person.
[Security Concepts]
Which attack is commonly associated with C and C++ programming languages?
D
Explanation:
A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of
the memory buffer. As a result, the program attempting to write the data to the buffer overwrites
adjacent memory locations.
Buffer overflow is a vulnerability in low level codes of C and C++. An attacker can cause the program
to crash, make data corrupt, steal some private information or run his/her own code. It basically
means to access any buffer outside of it’s alloted memory space. This happens quite frequently in
the case of arrays.
[Security Concepts]
What is a language format designed to exchange threat intelligence that can be transported over the
TAXII
protocol?
A
Explanation:
TAXII (Trusted Automated Exchange of Indicator Information) is a standard that provides a transport
[Security Concepts]
Which two capabilities does TAXII support? (Choose two)
A,B
Explanation:
The Trusted Automated eXchangeof Indicator Information (TAXII) specifies mechanisms for
exchanging
structured cyber threat information between parties over the network.
TAXII exists to provide specific capabilities to those interested in sharing structured cyber threat
information.
TAXII Capabilities are the highest level at which TAXII actions can be described. There are three
capabilities
that this version of TAXII supports: push messaging, pull messaging, and discovery.
Although there is no “binding” capability in the list but it is the best answer here.
[Security Concepts]
Which two risks is a company vulnerable to if it does not have a well-established patching solution
for
endpoints? (Choose two)
A,D
Explanation:
Malware means “malicious software”, is any software intentionally designed to cause damage to a
computer, server, client, or computer network. The most popular types of malware includes viruses,
ransomware and spyware. Virus Possibly the most common type of malware, viruses attach their
malicious code to clean code and wait to be run.
Ransomware is malicious software that infects your computer and displays messages demanding a
fee to be paid in order for your system to work again.
Spyware is spying software that can secretly record everything you enter, upload, download, and
store on your computers or mobile devices. Spyware always tries to keep itself hidden.
An exploit is a code that takes advantage of a software vulnerability or security flaw.
Exploits and malware are two risks for endpoints that are not up to date. ARP spoofing and
eavesdropping are attacks against the network while denial-of-service attack is based on the flooding
of IP packets.
[Secure Network Access, Visibility, and Enforcement]
Which PKI enrollment method allows the user to separate authentication and enrollment actions and
also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
C
Explanation:
A trustpoint enrollment mode, which also defines the trustpoint authentication mode, can be
performed via 3 main methods:
1. Terminal Enrollment – manual method of performing trustpoint authentication and certificate
enrolment using copy-paste in the CLI terminal.
2. SCEP Enrollment – Trustpoint authentication and enrollment using SCEP over HTTP.
3. Enrollment Profile – Here, authentication and enrollment methods are defined separately. Along
with terminal and SCEP enrollment methods, enrollment profiles provide an option to specify
HTTP/TFTP commands to perform file retrieval from the Server, which is defined using an
authentication or enrollment url under the profile.
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/211333-IOSPKI-Deployment-Guide-Initial-Design.html
[Security Concepts]
What are two rootkit types? (Choose two)
C,D
Explanation:
The term ‘rootkit’ originally comes from the Unix world, where the word ‘root’ is used to describe a
user with the
highest possible level of access privileges, similar to an ‘Administrator’ in Windows. The word ‘kit’
refers to the
software that grants root-level access to the machine. Put the two together and you get ‘rootkit’, a
program that
gives someone – with legitimate or malicious intentions – privileged access to a computer.
There are four main types of rootkits: Kernel rootkits, User mode rootkits, Bootloader rootkits,
Memory rootkits
[Security Concepts]
Which form of attack is launched using botnets?
C
Explanation:
A botnet is a collection of internet-connected devices infected by malware that allow hackers to
control them.
Cyber criminals use botnets to instigate botnet attacks, which include malicious activities such as
credentials
leaks, unauthorized access, data theft and DDoS attacks.