21. What should security teams do after identifying threats, according to the threat modeling process? Select two answers.

  • Identify who might perform an attack and how
  • Examine existing protections and identify gaps
  • Consider how users interact with an environment
  • Determine mitigation strategies

22. During which stage of the PASTA framework is an attack tree created?

  • Decomposing an application
  • Vulnerability analysis
  • Threat analysis
  • Attack modeling

23. Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.

  • impersonate a relative
  • distribute malicious email
  • establish trust
  • obtain access credentials

24. Fill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.

  • Smishing
  • Whaling
  • Vishing
  • Pretexting

25. Which of the following are not types of malware? Select two answers.

  • Worm
  • SQL injection
  • Cross-site scripting
  • Virus

26. A member of a government agency is tricked into installing a virus on their workstation. The virus gave a criminal group access to confidential information. The attackers threaten to leak the agency's data to the public unless they pay $31,337.

What type of attack is this an example of?

  • Ransomware
  • Cross-site scripting
  • Cryptojacking
  • Scareware

27. What is malicious code that is inserted into a vulnerable application called?

  • Input validation
  • Cryptojacking
  • Social engineering
  • Injection attack

28. An attacker injected malware on a server. When a user visits a website hosted by the server, their device gets infected with the malware.

This is an example of what type of injection attack?

  • Brute force
  • DOM-based
  • Stored
  • Reflected

Shuffle Q/A 3

29. Which of the following are areas of a website that are vulnerable to SQL injection? Select two answers.

  • Social media feeds
  • Pop-up advertisements
  • Credit card payment forms
  • User login pages

30. A security team is conducting a threat model on a new software system. They are determining whether risks can be transferred, reduced, or accepted.

Which key step of a threat model does this scenario represent?

  • Evaluate findings
  • Analyze threats
  • Define the scope
  • Mitigate risks

Leave a Reply