1. Which is an example of social engineering?
- an unidentified person claiming to be a technician collecting user information from employees
- a computer displaying unauthorized pop-ups and adware
- an anonymous programmer directing a DDoS attack on a data center
- the infection of a computer by a virus carried by a Trojan
Explanation: A social engineer attempts to gain the confidence of an employee and convince that person to divulge confidential and sensitive information, such as usernames and passwords. DDoS attacks, pop-ups, and viruses are all examples of software based security threats, not social engineering.
2. What is a significant characteristic of virus malware?
- Virus malware is only distributed over the Internet.
- Once installed on a host system, a virus will automatically propagate itself to other systems.
- A virus can execute independently of the host system.
- A virus is triggered by an event on the host system.
Explanation: A virus is malicious code that is attached to a legitimate program or executable file, and requires specific activation, which may include user actions or a time-based event. When activated, a virus can infect the files it has not yet infected, but does not automatically propagate itself to other systems. Self-propagation is a feature of worms. In addition to being distributed over the Internet, viruses are also spread by USB memory sticks, CDs, and DVDs.
3. Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?
- buffer overflow attack
- denial of service attack
- port redirection attack
- brute-force attack
- packet sniffer attack
- IP spoofing attack
Explanation: An access attack tries to affect services that affect entry into accounts, databases, and other sensitive information. Access attacks commonly involve a dictionary ths is used to guess a specific user password. A brute-force access attack would try to access an account via repeated attempts.
4. What is the purpose of a reconnaissance attack on a computer network?
- to prevent users from accessing network resources
- to gather information about the target network and system
- to steal data from the network servers
- to redirect data traffic so that it can be monitored
Explanation: Preventing users from accessing network resources is a denial of service attack. Being able to steal data from the network servers may be the objective after a reconnaissance attack gathers information about the target network and system. Redirecting data traffic so it can be monitored is a man-in-the middle attack.
5. To which category of security attacks does man-in-the-middle belong?
- social engineering
Explanation: With a man-in-the-middle attack, a threat actor is positioned in between two legitimate entities in order to read, modify, or redirect the data that passes between the two parties.
6. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
Explanation: Phishing is used by malicious parties who create fraudulent messages that attempt to trick a user into either sharing sensitive information or installing malware.
7. What is the primary goal of a DoS attack?
- to scan the data on the target server
- to prevent the target server from being able to handle additional requests
- to obtain all addresses in the address book within the server
- to facilitate access to external networks
Explanation: A denial of service (DoS) attack attempts to overwhelm a system or process by sending large amounts of data or requests to the target. The goal is to keep the system so overwhelmed handling false requests that it is unable to respond to legitimate ones.
8. What is the best description of Trojan horse malware?
- It is software that causes annoying but not fatal computer problems.
- It is the most easily detected form of malware.
- It appears as useful software but hides malicious code.
- It is malware that can only be distributed over the Internet.
Explanation: The best description of Trojan horse malware, and what distinguishes it from viruses and worms, is that it appears as useful software but hides malicious code. Trojan horse malware may cause annoying computer problems, but can also cause fatal problems. Some Trojan horses may be distributed over the Internet, but they can also be distributed by USB memory sticks and other means. Specifically targeted Trojan horse malware can be some of the most difficult malware to detect.
9. Which tool is used to provide a list of open ports on network devices?
Explanation: The Nmap tool is a port scanner that is used to determine which ports are open on a particular network device. A port scanner is used before launching an attack.
10. When describing malware, what is a difference between a virus and a worm?
- A virus focuses on gaining privileged access to a device, whereas a worm does not.
- A virus can be used to deliver advertisements without user consent, whereas a worm cannot.
- A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
- A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks.
Explanation: Malware can be classified as follows:
- Virus (self replicates by attaching to another program or file)
- Worm (replicates independently of another program)
- Trojan Horse (masquerades as a legitimate file or program)
- Rootkit (gains privileged access to a machine while concealing itself)
- Spyware (collects information from a target system)
- Adware (delivers advertisements with or without consent)
- Bot (waits for commands from the hacker)
- Ransomware (holds a computer system or data captive until payment is received)
11. What is the main goal of using different evasion techniques by threat actors?
- to launch DDoS attacks on targets
- to identify vulnerabilities of target systems
- to gain the trust of a corporate employee in an effort to obtain credentials
- to prevent detection by network and host defenses
Explanation: Many threat actors use stealthy evasion techniques to disguise an attack payload because the malware and attack methods are most effective if they are undetected. The goal is to prevent detection by network and host defenses.
12. What is the purpose of a rootkit?
- to replicate itself independently of any other programs
- to gain privileged access to a device while concealing itself
- to deliver advertisements without user consent
- to masquerade as a legitimate program
Explanation: Most rootkits take advantage of software vulnerabilities to gain access to resources that normally shouldn’t be accessible (privilege escalation) and modify system files.
13. In what way are zombies used in security attacks?
- They probe a group of machines for open ports to learn which services are running.
- They target specific individuals to gain corporate or personal information.
- They are infected machines that carry out a DDoS attack.
- They are maliciously formed code segments used to replace legitimate applications.
Explanation: Zombies are infected computers that make up a botnet. The zombies are used to deploy a distributed denial of service (DDoS) attack.