A threat actor has compromised a VM in a data center and discovered a vulnerability that provides access to data in another VM. What type of VM vulnerability has been…
Which option is a characteristic of a VM hypervisor? Type 1 hypervisors are also known as native or bare-metal hypervisors. Type 1 hypervisors run on top of other operating systems.…
Why do cloud architectures help minimize the impact of DoS or DDoS attacks compared to hosting services on-premise? cloud providers use a distributed architecture cloud providers provide sandbox analysis cloud…
Which credential harvesting tool could be used to send a spear phishing email with a link to a malicious site to a target victim? Social-Engineer Toolkit (SET) Searchsploit Drozer Dagda…
Which tool is a set of open-source analysis tools that uses the ClamAV antivirus engine to help detect vulnerabilities, Trojans, backdoors, and malware in Docker images and containers? Anchore’s Grype…
A threat actor uploaded a VM with malicious software to the VMware Marketplace. When an organization deploys the VM, the threat actor can manipulate the systems, applications, and user data.…
Which option is a collection of compute interface specifications designed to offer management and monitoring capabilities independently of the CPU, firmware, and operating system of the host? Intelligent Platform Management…
Which two IoT systems should never be exposed to the Internet? (Choose two.) turbines in a power plant robots in a factory refrigerators in a restaurant thermostat in a home…
Which option is a security vulnerability that affects IoT implementations? plaintext communication and data leakage VM escape vulnerabilities certificate pinning hyperjacking Explanation & Hint: Common IoT security vulnerabilities include: Insecure…
Match the Bluetooth Low Energy (BLE) phase to the description. Phase 1 ==> Transport-specific key distribution Phase 2 ==> Short-term key generation Phase 3 ==> Pairing feature exchange Explanation & Hint: Place the…
Which tool is an open-source framework used to test the security of iOS applications? Needle Drozer APK Studio ApkX Explanation & Hint: Needle is an open-source framework used to test…
Which mobile device vulnerability is targeted when a threat actor reverse engineers a mobile app to see how it creates and stores keys in the iOS Keychain? insecure storage passcode…
Which tool helps software developers and cloud consumers deploy applications in the cloud and use the resources that the cloud provider offers? Software development kits (SDKs) Cloud development kits (CDKs)…
A threat actor has compromised a VM in a cloud environment that shares the same physical hardware as non-compromised VMs. Which cloud technology attack method could now be used to…
What is a common cause of data breaches in attacks against misconfigured cloud assets? using insecure permission configurations for cloud object storage services using hard-coded credentials to access different services…
Which cloud technology attack method would require the threat actor to create a malicious application and install it into a SaaS, PaaS, or IaaS environment? resource exhaustion attack account takeover…
Which cloud technology attack method could generate crafted packets to cause a cloud application to crash? resource exhaustion attack account takeover metadata service attack side-channel attack Explanation & Hint: Threat…
Which tool could be used to find vulnerabilities that could lead to metadata service attacks? Nimbostratus Clair Falco Dagda Explanation & Hint: Tools such as nimbostratus (https://github.com/andresriancho/nimbostratus) can be used…
Which cloud technology attack method could a threat actor use to access a user or application account that allows access to more accounts and information? account takeover metadata service attacks…
Which term describes when a lower-privileged user accesses functions reserved for higher-privileged users? vertical privilege escalation horizontal privilege escalation credential harvesting metadata service attacks Explanation & Hint: Vertical privilege escalation…