21. What should security teams do after identifying threats, according to the threat modeling process? Select two answers.
- Identify who might perform an attack and how
- Examine existing protections and identify gaps
- Consider how users interact with an environment
- Determine mitigation strategies
22. During which stage of the PASTA framework is an attack tree created?
- Decomposing an application
- Vulnerability analysis
- Threat analysis
- Attack modeling
23. Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.
- impersonate a relative
- distribute malicious email
- establish trust
- obtain access credentials
24. Fill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.
- Smishing
- Whaling
- Vishing
Pretexting
25. Which of the following are not types of malware? Select two answers.
- Worm
- SQL injection
- Cross-site scripting
- Virus
26. A member of a government agency is tricked into installing a virus on their workstation. The virus gave a criminal group access to confidential information. The attackers threaten to leak the agency's data to the public unless they pay $31,337.
What type of attack is this an example of?
- Ransomware
- Cross-site scripting
- Cryptojacking
- Scareware
27. What is malicious code that is inserted into a vulnerable application called?
- Input validation
- Cryptojacking
- Social engineering
- Injection attack
28. An attacker injected malware on a server. When a user visits a website hosted by the server, their device gets infected with the malware.
This is an example of what type of injection attack?
- Brute force
- DOM-based
- Stored
- Reflected
Shuffle Q/A 3
29. Which of the following are areas of a website that are vulnerable to SQL injection? Select two answers.
- Social media feeds
- Pop-up advertisements
- Credit card payment forms
- User login pages
30. A security team is conducting a threat model on a new software system. They are determining whether risks can be transferred, reduced, or accepted.
Which key step of a threat model does this scenario represent?
- Evaluate findings
- Analyze threats
- Define the scope
- Mitigate risks