Final Exam: SEC110 VERIFIED 100% SOLUTIONS

Final Exam: SEC110 VERIFIED 100% SOLUTIONS Threat actors focused on financial gain often attack which of the following main target categories? a.Individual users b.REST services c.Product lists d.Social media assets - ANSWER a.Individual users What is a variation of a common social engineering attack targeting a specific user? a.Spam b.Watering holes c.Redirection d.Spear phishing - ANSWER d.Spear phishing Which of the following computing platforms is highly vulnerable to attacks? a.On-premises b.Hybrid c.Legacy d.Cloud - ANSWER c.Legacy Which of the following is a social engineering method that attempts to influence the subject before the event occurs? a.Watering hole b.Spear phishing c.Redirection d.Prepending - ANSWER d.Prepending Which of the following is the most common method for delivering malware? a.Email b.Identity theft c.Removable media d.Social media - ANSWER a.Email Which threat actors violate computer security for personal gain? a.Red hat hackers b.Gray hat hackers c.White hat hackers d.Black hat hackers - ANSWER d.Black hat hackers Which of the following is a primary difference between a red team and a white team? a.The red team uses an automated vulnerability scanning tool to find vulnerabilities, whereas the white team decides which tool to use in automated vulnerability scanning. b.The red team provides real-time feedback to enhance the threat detection capability, whereas the white team defines the rules of penetration testing. c.The red team uses an automated vulnerability scanning tool to find vulnerabilities, whereas the white team defines the rules of penetration testing. d.The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing. - ANSWER d.The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing. Which of the following is the advantage of penetration testing over vulnerability scanning? a.Penetration testing performs automated scans to discover vulnerabilities and prevent penetration, while vulnerability scanning requires manually scanning for vulnerabilities. b.Penetration testing scans a network for open FTP ports to prevent penetration, while vulnerability scanning only discovers versions of the running services. c.Penetration testing performs SYN DOS attacks towards a server in a network, while vulnerability scanning only discovers versions of the running services. d.Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities. - ANSWER d.Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities. Which of the following tools can be used to scan 16 IP addresses for vulnerabilities? a.Nessus Essentials b.QualysGuard c.App Scan d.Nessus - ANSWER a.Nessus Essentials What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user? a.Replay b.Buffer overflow c.Trojan d.Device driver manipulation - ANSWER a.Replay Which of the following is a form of malware attack that uses specialized communication protocols? a.Keylogger b.Bot c.Spyware d.RAT - ANSWER d.RAT Which of the following is a subset of artificial intelligence? a.Artificial intelligence algorithm b.Machine intelligence c.Data science d.Machine learning - ANSWER d.Machine learning What is meant by "infrastructure as code" in SecDevOps? a.SecDevOps method of managing code as infrastructure b.SecDevOps method of managing software and hardware using principles of developing code c.SecDevOps method of managing the infrastructure as a service d.SecDevOps