1. An administrator is estimating the cost associated with an attack that could result in the replacement of a physical server. Which of the following processes is the administrator performing?
A. Quantitative risk analysis Correct
B. Disaster recovery test
C. Physical security controls review
D. Threat modeling
Explanation
Quantitative risk analysis involves assigning monetary values to assets and potential losses, such as the cost of replacing a server. Disaster recovery tests validate recovery procedures but do not focus on cost estimation. Physical security controls review assesses physical safeguards, not financial impact. Threat modeling identifies potential threats and vulnerabilities but does not primarily focus on calculating financial losses.
2. During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?
A. Race condition Correct
B. Memory injection
C. Malicious update
D. Slice loading
Explanation
A race condition occurs when the system's behavior depends on the sequence or timing of uncontrollable events, such as a temporary field being altered before an operation completes. Memory injection involves inserting malicious code into memory. Malicious update implies an intentionally harmful update, not an exploitation of timing. Slice loading is not a standard security term for this type of vulnerability.
3. Which of the following attacks primarily targets insecure networks?
A. Evil twin Correct
B. Impersonation
C. Watering hole
D. Pretexting
Explanation
An evil twin attack creates a rogue Wi-Fi access point that mimics a legitimate one, exploiting users on insecure networks. Impersonation involves pretending to be someone else, often in social engineering. Watering hole attacks compromise websites frequented by a target group. Pretexting is creating a fabricated scenario to obtain information.
4. Which of the following is the most likely benefit of conducting an internal audit?
A. Findings are reported to shareholders.
B. Reports are not formal and can be reassigned.
C. Control gaps are identified for remediation. Correct
D. The need for external audits is eliminated.
Explanation
Internal audits are designed to evaluate and improve the effectiveness of risk management, control, and governance processes, directly leading to the identification of control gaps for remediation. Reporting to shareholders is typically for external audits. Internal audit reports are formal documents. Internal audits complement but do not eliminate the need for external audits.
5. Which of the following provides the best protection against unwanted or insecure communications to and from a device?
A. System hardening
B. Host-based firewall Correct
C. Intrusion detection system
D. Anti-malware software
Explanation
A host-based firewall controls incoming and outgoing network traffic based on predetermined security rules, directly blocking unwanted or insecure communications. System hardening reduces the attack surface but doesn't actively filter network traffic. An intrusion detection system monitors and alerts but does not block communications. Anti-malware software focuses on detecting and removing malware, not managing network connections.