Identify Common Cybersecurity Threats And Vulnerabilities
Help Questions
CPA Information Systems and Controls (ISC) › Identify Common Cybersecurity Threats And Vulnerabilities
A company's employees receive emails appearing to be from the CEO asking them to urgently wire transfer funds to an external account. This attack is best described as:
A distributed denial-of-service (DDoS) attack overwhelming the email server.
A man-in-the-middle attack intercepting CEO communications.
A ransomware attack encrypting company data for payment.
A spear phishing / business email compromise (BEC) attack using impersonation to fraudulently induce financial transfers.
Explanation
BEC/spear phishing attacks impersonate executives to trick employees into authorizing fraudulent financial transactions - a major source of financial fraud. Answer B is correct. Ransomware (A) encrypts data. DDoS (C) disrupts availability. MITM (D) intercepts active communications rather than impersonating via email.
Ransomware is best described as:
Software that secretly monitors and transmits user activity to a remote attacker.
A type of social engineering that tricks users into revealing passwords.
Malware that encrypts a victim's files or systems, rendering them inaccessible, and demands payment (usually cryptocurrency) in exchange for the decryption key.
A network attack that floods a target with traffic to make it unavailable.
Explanation
Ransomware encrypts data and extorts payment for decryption - one of the most financially damaging cyberthreats to organizations. Answer A is correct. Silent monitoring and data exfiltration (B) describes spyware/RATs. Traffic flooding (C) describes DDoS. Password extraction through deception (D) describes phishing.
An attacker intercepts communications between a user and their bank's website, reading and potentially modifying the traffic without either party's knowledge. This is best described as:
A SQL injection attack.
A man-in-the-middle (MITM) attack.
A phishing attack.
A denial-of-service attack.
Explanation
A MITM attack positions the attacker between two communicating parties, enabling interception and potential modification of the traffic without detection. Answer B is correct. Phishing (A) deceives users into revealing credentials. DoS (C) disrupts availability. SQL injection (D) targets databases through application input.
Social engineering attacks are most dangerous because they:
Always result in complete system compromise and data exfiltration.
Bypass technical controls by exploiting human psychology - manipulating people rather than systems.
Are conducted by highly skilled nation-state hackers.
Exploit unpatched software vulnerabilities in operating systems.
Explanation
Social engineering targets the human element - the weakest link in security - using deception, urgency, or authority to convince people to take actions that compromise security. Technical controls cannot fully prevent socially engineered attacks. Answer C is correct. Software vulnerabilities (A) and nation-state actors (B) describe technical attacks. Outcomes vary (D).
A distributed denial-of-service (DDoS) attack primarily threatens which element of the CIA triad?
Availability - by overwhelming systems with traffic to make them inaccessible to legitimate users.
Integrity - by modifying data in transit between systems.
Confidentiality - by exposing sensitive data to unauthorized parties.
Authentication - by bypassing login controls to gain unauthorized access.
Explanation
DDoS attacks overwhelm systems with traffic, making them unavailable - directly attacking the availability principle. Answer A is correct. DDoS does not typically expose data (B), modify data (C), or bypass authentication (D).
An employee unknowingly installs software that appears to be a legitimate productivity tool but secretly creates a backdoor for attackers to access the corporate network. This malware type is called:
A Trojan horse - malware disguised as legitimate software that creates unauthorized access.
A worm - self-replicating malware that spreads across networks.
Adware - software that displays unwanted advertisements.
Ransomware - malware that encrypts files for extortion.
Explanation
A Trojan horse disguises itself as legitimate software to trick users into installing it, then executes malicious functionality like creating backdoors. Answer D is correct. Worms (A) spread without user action. Ransomware (B) encrypts data. Adware (C) displays ads.
Which of the following best describes an 'insider threat' in cybersecurity?
Security risks posed by current or former employees, contractors, or partners who misuse their authorized access - whether maliciously or inadvertently.
Threats from employees who are unaware of the organization's security policies.
Threats that originate from internal vulnerability scanning activities.
Attacks launched from inside the organization's firewall by external hackers who have breached the perimeter.
Explanation
Insider threats come from individuals with authorized access - including malicious insiders (data theft, sabotage), negligent insiders (accidental data disclosure), and compromised insiders (whose credentials are stolen). Answer B is correct. Perimeter-breaching attackers (A) are external threats. Vulnerability scanning (C) is a security activity. Policy unawareness (D) is a training gap, not an insider threat category.
Pretexting is a form of social engineering in which an attacker:
Creates a fabricated scenario (pretext) to manipulate a victim into revealing information or taking an action they otherwise wouldn't.
Sends mass emails impersonating a trusted organization to harvest login credentials.
Uses malware to intercept keystrokes and capture passwords.
Creates a fake website that closely mimics a legitimate one to steal credentials.
Explanation
Pretexting involves fabricating a believable story - posing as IT support, an auditor, or a vendor - to manipulate the victim. Answer C is correct. Fake websites (A) describe pharming/website spoofing. Mass credential harvesting emails (B) describe phishing. Keystroke capture (D) describes a keylogger.
Which of the following vulnerabilities does cross-site scripting (XSS) exploit?
Misconfigured database permissions allowing unauthorized SQL queries.
Weak password policies that allow brute-force attacks on web application accounts.
Unpatched operating system vulnerabilities in web servers.
Insufficient input validation that allows attackers to inject malicious scripts into web pages viewed by other users.
Explanation
XSS exploits insufficient sanitization of user-supplied input to inject client-side scripts into web pages - scripts that execute in other users' browsers, potentially stealing session tokens or performing actions on their behalf. Answer D is correct. OS vulnerabilities (A), brute-force (B), and SQL permissions (C) are different vulnerability types.
Which of the following best describes a 'supply chain attack' in cybersecurity?
An attack that compromises a trusted vendor or software update to deliver malware to the vendor's customers - targeting organizations indirectly through their trusted supply chain.
Social engineering of supply chain employees to gain physical access to warehouses.
An attack targeting an organization's procurement system to manipulate purchase orders.
An attack that disrupts an organization's physical supply chain operations.
Explanation
Supply chain attacks compromise trusted software, hardware, or service providers to reach a broader set of targets - exemplified by the SolarWinds attack where malware was distributed through a software update. Answer A is correct. Physical supply chain disruption (B), procurement system attacks (C), and physical access attacks (D) are different threat scenarios.