1. In what way are zombies used in security attacks?
- They probe a group of machines for open ports to learn which services are running.
- They target specific individuals to gain corporate or personal information.
- They are infected machines that carry out a DDoS attack.
- They are maliciously formed code segments used to replace legitimate applications.
2. What is an example of a local exploit?
- A threat actor performs a brute force attack on an enterprise edge router to gain illegal access.
- A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan.
- A buffer overflow attack is launched against an online shopping website and causes the server crash.
- Port scanning is used to determine if the Telnet service is running on a remote server.
3. Which two statements describe access attacks? (Choose two.)
- Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.
- Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot.
- Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.
- To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host.
- Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.
4. Why would a rootkit be used by a hacker?
- to gain access to a device without being detected
- to reverse engineer binary files
- to do reconnaissance
- to try to guess a password
5. Which statement describes the term attack surface?
- It is the total number of attacks toward an organization within a day.
- It is the total sum of vulnerabilities in a system that is accessible to an attacker.
- It is the group of hosts that experiences the same attack.
- It is the network interface where attacks originate.
6. Which risk management plan involves discontinuing an activity that creates a risk?
- risk reduction
- risk avoidance
- risk sharing
- risk retention
7. What name is given to an amateur hacker?
- black hat
- blue team
- script kiddie
- red hat
8. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
- backdoor
- phishing
- vishing
- Trojan
9. Which two characteristics describe a worm? (Choose two.)
- travels to new computers without any intervention or knowledge of the user
- infects computers by attaching to software code
- executes when software is run on a computer
- hides in a dormant state until needed by an attacker
- is self-replicating
10. A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent?
- anonymous keylogging
- DDoS
- spam
- social engineering
11. Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials?
- traffic substitution
- resource exhaustion
- pivoting
- protocol-level misinterpretation
12. In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?
- DoS
- address spoofing
- MITM
- session hijacking