Examen:

CISSP - (ISC)2 Certified Information Systems Security Professional - Chapter 21

Dylan is reviewing the security controls currently used by his organization and realizes that he lacks a tool that might identify abnormal actions taken by an end user.

1.-What type of tool would best meet this need?
A. EDR
B. Integrity monitoring
C. Signature detection
D. UEBA

Tim is working to improve his organization’s antimalware defenses and would also like to reduce the operational burden on his security team.

2.-Which one of the following solutions would best meet his needs?
A. UEBA
B. MDR
C. EDR
D. NGEP

Carl works for a government agency that has suffered a ransomware attack and has lost access to critical data but does have access to backups.

3.-Which one of the following actions would best restore this access while minimizing the risk facing the organization?
A. Pay the ransom
B. Rebuild systems from scratch
C. Restore backups
D. Install antivirus software

4.-What attack technique is often leveraged by advanced persistent threat groups but not commonly available to other attackers, such as script kiddies and hacktivists?
A. Zero-day exploit
B. Social engineering
C. Trojan horse
D. SQL injection

John found a vulnerability in his code where an attacker can enter too much input and then force the system running the code to execute targeted commands.

5.-What type of vulnerability has John discovered?
A. TOCTTOU
B. Buffer overflow
C. XSS
D. XSRF

Mary identified a vulnerability in her code where it fails to check during a session to determine whether a user’s permission has been revoked.

6.-What type of vulnerability is this?
A. Backdoor
B. TOC/TOU
C. Buffer overflow
D. SQL injection

7.-What programming language construct is commonly used to perform error handling?
A. If...then
B. Case...when
C. Do...while
D. Try...catch

Fred is reviewing the logs from his web server for malicious activity and finds this request: http://www.mycompany.com/../../../etc/passwd.

8.-What type of attack was most likely attempted?
A. SQL injection
B. Session hijacking
C. Directory traversal
D. File upload

A developer added a subroutine to a web application that checks to see whether the date is April 1 and, if it is, randomly changes user account balances.

9.-What type of malicious code is this?
A. Logic bomb
B. Worm
C. Trojan horse
D. Virus

Francis is reviewing the source code for a database- driven web application that his company is planning to deploy. He is paying particular attention to the use of input validation within that application.

10.-Of the characters listed here, which is most commonly used in SQL injection attacks?
A. !
B. &
C. *
D. '

Katie is concerned about the potential for SQL injection attacks against her organization. She has already put a web application firewall in place and conducted a review of the organization’s web application source code. She would like to add an additional control at the database level.

11.-What database technology could further limit the potential for SQL injection attacks?
A. Triggers
B. Parameterized queries
C. Column encryption
D. Concurrency control

12.-What type of malicious software is specifically used to leverage stolen computing power for the attacker’s financial gain?
A. RAT
B. PUP
C. Cryptomalware
D. Worm

David is responsible for reviewing a series of web applications for vulnerabilities to cross- site scripting attacks.

13.-What characteristic should he watch out for that would indicate a high susceptibility to this type of attack?
A. Reflected input
B. Database-driven content
C. .NET technology
D. CGI scripts

You are the IT security manager for a retail merchant organization that is just going online with an ecommerce website. You hired several programmers to craft the code that is the backbone of your new web sales system. However, you are concerned that although the new code functions well, it might not be secure. You begin to review the code to track down issues and concerns.

(Choose all that apply.)
14.-Which of the following do you hope to find in order to prevent or protect against XSS?
A. Input validation
B. Defensive coding
C. Allowing script input
D. Escaping metacharacters

Sharon believes that a web application developed by her organization contains a cross- site scripting vulnerability, and she would like to correct the issue.

15.-Which of the following is the most effective defense that Sharon can use against cross- site scripting attacks?
A. Limiting account privileges
B. Input validation
C. User authentication
D. Encryption

Beth is looking through web server logs and finds form input that looks like this:

What type of attack has she likely discovered?
16.- < SCRIPT >alert('Enter your password')< /SCRIPT >
A. XSS
B. SQL injection
C. XSRF
D. TOCTTOU

Ben’s system was infected by malicious code that modified the operating system to allow the malicious code author to gain access to his files.

17.-What type of exploit did this attacker engage in?
A. Privilege escalation
B. Backdoor
C. Rootkit
D. Buffer overflow

Karen would like to configure a new application so that it automatically adds and releases resources as demand rises and falls.

18.-What term best describes her goal?
A. Scalability
B. Load balancing
C. Fault tolerance
D. Elasticity

19.-What HTML tag is often used as part of a cross- site scripting (XSS) attack?
A. < H1 >
B. < HEAD >
C. < XSS >
D. < SCRIPT >

Recently, a piece of malicious code was distributed over the internet in the form of software claiming to allow users to play Xbox games on their PCs. The software actually launched the malicious code on the machines of use implemented by one partyrs who attempted to execute it.

20.-What type of malicious code does this describe?
A. Logic bomb
B. Virus
C. Trojan horse
D. Worm