21. A security team is performing a vulnerability assessment on a banking app that is about to be released. Their objective is to identify the tools and methods that an attacker might use.

Which steps of an attacker mindset should the team perform to figure this out? Select three answers.

  • Consider potential threat actors.
  • Identify a target.
  • Evaluate attack vectors that can be exploited.
  • Determine how the target can be accessed.

22. Consider the following scenario:

You are working as a security professional for a school district. An application developer with the school district created an app that connects students to educational resources. You’ve been assigned to evaluate the security of the app.

Using an attacker mindset, which of the following steps would you take to evaluate the application? Select two answers.

  • Integrate the app with existing educational resources.
  • Identify the types of users who will interact with the app.
  • Ensure the app’s login form works.
  • Evaluate how the app handles user data.

23. An application has broken access controls that fail to restrict any user from creating new accounts. This allows anyone to add new accounts with full admin privileges.

The application’s broken access controls are an example of what?

  • A vulnerability
  • An exploit
  • A threat
  • A security control

24. Which of the following layers do not provide protection for information that users provide? Select two answers.

  • The perimeter layer
  • The network layer
  • The data layer
  • The application layer

25. Which layer of the defense in depth model is a user authentication layer that can include usernames and passwords?

  • Perimeter
  • Network
  • Endpoint
  • Application

26. Which of the following are characteristics of the vulnerability management process? Select two answers.

  • Vulnerability management is a way to discover new assets.
  • Vulnerability management is a way to limit security risks.
  • Vulnerability management should consider various perspectives.
  • Vulnerability management should be a one-time process.

27. What are the two types of attack surfaces that security professionals defend? Select two answers.

  • Digital
  • Physical
  • Intellectual property
  • Brand reputation

28. A project manager at a utility company receives a suspicious email that contains a file attachment. They open the attachment and it installs malicious software on their laptop.

What are the attack vectors used in this situation? Select two answers.

  • The suspicious email
  • The infected workstation
  • The malicious software
  • The file attachment

Shuffle Q/A 3

29. What is not a step of practicing an attacker mindset?

  • Evaluate attack vectors that can be exploited.
  • Determine how a target can be accessed.
  • Identify ways to fix existing vulnerabilities.
  • Find the tools and methods of attack.

30. A hotel chain has outdated WiFi routers in their guest rooms. An attacker hacked into the devices and stole sensitive information from several guests.

The outdated WiFi router is an example of what?

  • An exploit
  • A vulnerability
  • A threat
  • An access control

Leave a Reply