Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability?

-For configuration vulnerabilities, they come from settings not properly implemented (default settings, open ports, unsecured root accounts, open permissions, unsecure protocols, weak encryption, errors).
-Zero day is a vulnerability in software (failure of developer) that is not patched before a threat actor finds it, named for happening on day 1 of release.

Attackers have taken over a site commonly used by an enterprise's leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so taking this site will allow for attacks on many organizations.
Which type of malicious activity is this?

Watering hole attack

Your company is considering updating several electronic devices used in the enterprise network. The third-party service provider that your company approached says that they require access to the enterprise network in order to implement the updates. As the chief information security officer, you are asked to analyze the requirement and submit a report on potential vulnerabilities when giving a third-party access to the network.
Which of the following vulnerabilities should you list as the most likely to affect the enterprise network?

Weakest link

You work for an enterprise that provides various cybersecurity services. You are assigned to examine an enterprise's network and suggest security measures modifications, if necessary. On examining the network, you find that the enterprise hosts most of its computing resources on a cloud platform and few resources on-premises, and both seem to have secure settings implemented. You also find that the enterprise computers use the Windows XP operating system.
Which of the following vulnerabilities should you insist on fixing first?

Legacy platform (the XP os)

Which of the following is a configuration vulnerability?

Weak configuration, Default settings, open ports and services, unsecured root accounts, open permissions, unsecure protocols, weak encryption, errors

Which of the following types of platforms is known for its vulnerabilities due to age?

Legacy platform

An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker's instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials.
Which of the following social engineering techniques was used here?

Impersonation (of authority figure)

Which issue can arise from security updates and patches?

Difficulty patching firmware, few patches for application software, delays in patching OSes, zero day

What are the primary features of a security information event management (SIEM) tool?

A) Consolidates real-time security monitoring and management of security information with B) analysis and reporting of security events.

Features: aggregation of data, correlation of data, automated alerts and triggers, time sync, event duplication, logs

Which of the following offensive tools can be used by penetration testers post-exploitation or successful compromise of a user account in a network that dumps passwords from memory and hashes, PINs, and Kerberos tickets, and thus are used for privilege escalation attacks?

mimikatz and hashcat

What is the fastest-running vulnerability scan, and why does this type of scan run so fast?

non-credentialed, perform fundamental actions such as looking for open ports and finding software that will respond to requests

Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity?

Risk Management Framework (RMF)

Which of the following is NOT an automated vulnerability scanning tool?

(automated tools: SIEM, SOAR)

Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next?

He exposed a vulnerability and gained access, next he should attempt to escalate (privilege escalation, dump passwords and such)

Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary?

Blue team

How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance?

Define target devices (only what needs to be scanned), determine sensitivity level (be more specific), specify data types, limits the scope so less time is wasted