Module 2 – 2.6.2 Attack Concepts and Techniques Quiz Exam Answers
Module 2 – 2.6.2 Attack Concepts and Techniques Quiz Exam Answers
The Module 2 – 2.6.2 Attack Concepts and Techniques Quiz Exam Answers provides a focused review of fundamental cybersecurity threats and the techniques used by attackers to exploit systems and networks. This module introduces key concepts such as social engineering, malware types, password attacks, and common network-based threats. By studying these answers, learners can better understand how attacks are structured, recognize potential vulnerabilities, and develop the critical thinking skills required to defend against real-world cyber threats and security incidents.
1. What is the primary motivation of threat actors in cybersecurity?
- To demonstrate their technical skills to peers without causing harm.
- To test the cybersecurity defense mechanisms of a corporation.
- To contribute to the enhancement of global cybersecurity measures.
- To exploit vulnerabilities for personal or financial gain.
Threat actors are motivated by various factors, but the primary one is the exploitation of vulnerabilities for personal or financial gain. This could include stealing sensitive information, demanding ransom payments, or disrupting services for profit. Understanding the motivations of these actors is crucial for developing effective cybersecurity strategies.
2. Match each type of threat actor with the correct description.
- Organized Attackers ==> Includes organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers
- Hackers ==> These actors break into computer systems or networks to gain access. Depending on the intent of their break-in, they can be classified as white hat, gray hat, or black hat hackers.
- Amateurs ==> Inexperienced hackers use existing tools or instructions on the Internet to launch attacks.
3. Which strategy most effectively supports an organization’s defense against OSINT-based reconnaissance activities?
- Establish employee training programs focused on preventing information leaks.
- Limit the use of strong authentication to systems with public access.
- Prioritize patching the high-value systems to avoid unnecessary downtime.
- As regular practice, delay publication of company updates to reduce visibility.
Training employees to understand what information attackers look for and how even seemingly harmless content can expose vulnerabilities is essential in defending against reconnaissance. OSINT-based attacks often begin with online searches, technical forum discussions, or oversharing on social media. A workforce that’s aware and cautious significantly reduces the organization’s digital footprint and overall risk.
4. What best describes the purpose of the MITRE ATT&CK framework?
- It serves as a comprehensive legal guideline for prosecuting cybercriminals internationally.
- It categorizes tactics, techniques, and procedures (TTPs) attackers use.
- It is primarily used to automate the cybersecurity defenses of financial institutions.
- It focuses exclusively on protecting personal data, ignoring other cybersecurity threats.
The MITRE ATT&CK framework is a globally recognized resource that provides detailed insights into adversarial tactics, techniques, and procedures (TTPs). Its main goal is to enable organizations to understand, anticipate, and prepare for cyber threats more effectively by offering a structured approach to cybersecurity, improving detection, and enhancing overall defense mechanisms against attacks.
5. What is the primary purpose of the Cyber Kill Chain framework?
- To automate the cybersecurity defenses.
- To serve as a legal framework for prosecuting cybercrime globally.
- To focus exclusively on protecting personal data from cybersecurity threats.
- To provide a broad view of the attack lifecycle.
The Cyber Kill Chain framework by Lockheed Martin is a proactive strategy for identifying and preventing cyber intrusions by outlining the stages of a cyberattack, enabling security teams to disrupt attacks early and enhance organizational security.
6. What is the primary goal of spyware when it infiltrates industrial control systems?
- To display advertisements and promotional content on user interfaces.
- To provide real-time protection against other malicious software.
- To secretly monitor and gather sensitive information.
- To install hidden entry points within industrial control systems that allow unauthorized access to the network without detection.
Spyware is a stealthy type of malicious software designed for undetected espionage and information gathering. It poses a significant threat due to its ability to silently exfiltrate sensitive data without detection.
7. Match the cyber attack stage with the correct description.
- Command and Control (C2) ==> The threat actor establishes communication with a remote server to control the compromised systems, controllers, and platforms that have access to your ICS environment.
- Lateral Movement ==> The threat actor moves through the ICS environment, accessing other devices or systems to deepen their control or cause further damage.
- Impair Process Control ==> The threat actor tries to manipulate, disable, or damage physical control processes.
- Inhibit Response Function ==> The threat actor attempts to prevent safety, protection, quality assurance, and operator intervention functions from responding to a failure, hazard, or unsafe state.
- Impact ==> The threat actor manipulates or disrupts industrial processes, potentially causing operational downtime, equipment damage, or physical harm.
- Collection ==> Sensitive data, such as operational configurations or system processes, is gathered for exfiltration or future attacks.
8. What is the primary objective of adware when it infiltrates industrial control systems?
- to deliver unwanted advertisements or promotional content
- to improve system security by adding additional layers of protection
- to gain unauthorized system access by bypassing the normal authentication procedures
- to secretly monitor and gather sensitive information from the system
Adware is malicious software that displays unwanted ads, particularly in web browsers, and when targeting industrial control systems, it can degrade performance and distract operators, negatively affecting operational efficiency.
9. What is a description of a computer virus?
- a program that monitors user activity without their consent and then sells user information
- a malicious program that replicates by attaching itself to other programs
- software that displays unwanted advertisements
- a tool used for securing network connections
A computer virus is a malware that replicates by altering other programs with its code. It requires user activation to spread and can be timed to execute damaging actions like data destruction.
10. What type of malware is described as carrying out malicious operations by masking its true intent, often appearing legitimate, but is in fact very dangerous, exploiting user privileges and most often found in image files, audio files, or games?
- Adware
- Spyware
- Ransomware
- Trojan Horse
A Trojan Horse masquerades as legitimate software and tricks users into installing it. It can then perform malicious activities, such as data theft and creating backdoors, without self-replicating like viruses.
11. What is the primary goal of on-path threat actors in cyberattacks?
- intercepting or modifying communications between two devices
- increasing the speed and efficiency of data transfer in networks
- infecting firewall protections between communicating edge devices
- modifying the encryption of messages sent between devices
On-path threat actors use MitM or MitMo attacks to intercept or alter communications between devices, such as web browsers and servers, to steal sensitive information or impersonate a party for malicious purposes.
12. What is the most common goal of SEO poisoning used by threat actors?
- to decrease the overall effectiveness of search engines by injecting false information
- to enhance the security of websites by implementing advanced encryption
- to increase traffic to malicious websites by improving their search engine ranking
- to decrease traffic to legitimate sites that may host malware or viruses
SEO poisoning is a malicious technique that skews search engine rankings to drive traffic to harmful sites, compromising user security and exploiting popular search terms.
13. What reason explains why individual threat actors typically do not execute Advanced Persistent Threats (APTs)?
- APTs require high coordination and resources that individual actors usually cannot sustain.
- APTs are less effective than simple malware attacks and, hence, not preferred by individual actors.
- Individual threat actors prefer to target multiple organizations simultaneously, contrary to the focused approach of APTs.
- Individual actors focus solely on immediate financial gain rather than long-term espionage or data exfiltration.
Advanced Persistent Threats (APTs) are complex, long-term cyber operations aimed at specific targets. Due to their resource-intensive and sophisticated nature, they are often carried out by highly organized or state-sponsored groups.
14. What was the primary target of the Stuxnet cyberwarfare attack discovered in 2010?
- Iran’s nuclear facilities
- Russian military communication networks
- United States’ power grid systems
- Global financial institutions
Discovered in June 2010 but active since at least 2005, Stuxnet was a groundbreaking cyber attack targeting Iran’s nuclear facilities. It marked a pivotal moment in cyberwarfare history by demonstrating the real-world impact of cyberweapons on physical infrastructure.
15. What type of network attack leads to disrupting service for users, devices, or applications by overwhelming the target with a flood of traffic or sending information that triggers a crash?
- SQL Injection
- Phishing Attack
- Denial-of-Service (DoS) Attack
- Man-in-the-Middle Attack
Denial-of-Service (DoS) attacks disrupt the normal operations of targeted systems by overwhelming them with excessive internet traffic or crash-inducing information.