CH 5: Social Engineering, Malware Threats & Vulnerability Analysis

Veriato Investigator is an example of what? a. Software keylogger b. Trojan c. Hardware keylogger d. Covert communication tool

a

Which of the following attacks can be done by altering the host file on a victim's system, through DNS poisoning, or by exploiting a vulnerability in a DNS server? a. Phishing b. SMS Phishing c. Pharming d. None of these answers are correct

a

Which of the following best describes a phishing attack? a. A social engineering attack in which the attacker presents to a user a link or an attachment that looks like a valid, trusted resource. b. A social engineering attack in which the attacker calls the victim and makes him or her click a malicious link. c. A social engineering attack that is similar to malvertising in which the attacker presents to a user a link or an attachment that looks like a valid, trusted resource. d. An attack similar to whaling where the attacker performs a social engineering interrogation to persuade the victim to disclose sensitive information.

a

Which of the following best describes what is pretexting? a. Impersonation b. Social Engineering c. Whaling d. Pharming

a

Which of the following is a vulnerability assessment methodology where the targeted host is not actively attacked? a. Passive assessment b. Tree-based assessment c. Service-based assessment d. Inference-based assessment

a

Which of the following refers to the act of incorporating malicious ads on trusted websites, which results in users' browsers being inadvertently redirected to sites hosting malware? a. Malvertising b. Pharming c. Active ad exploitation d. Whaling

a

You have configured a standalone computer to analyze malware. It has port monitors, file monitors, and virtualization installed, and it has no network connectivity. What is this system called? a. A sheep dip computer b. A live analysis system c. A honeypot d. A Tripwire system

a

After two days of work, you successfully exploited a traversal vulnerability and gained root access to a CentOS 6.5 server. Which of the following is the best option to maintain access? a. Install spyware b. Install Netcat c. Disable IPchains d. Add your IP addresses to /etc/hosts

b

In CVSS, the ______ group represents the intrinsic characteristics of a vulnerability that are constant over time and do not depend on a user-specific environment. This metric group is the most important information in the scoring system and the only one that's mandatory to obtain a vulnerability score. a. temporal b. base c. environmental d. None of these are correct.

b

Tools used to combine a piece of malware with a legitimate program are known as what? a. Fuzzers b. Wrappers c. Compilers d. Binders

b

What is the purpose of the command nc -l -v -n -p 80? a. Redirect port 80 traffic b. Set up a covert channel listening on port 80 c. Act as a keylogger on port 80 d. Block port 80

b

Which covert communication program can bypass router ACLs that block incoming SYN traffic on port 80? a. Loki b. AckCmd c. Stealth Tools d. Firekiller 2000

b

Which of the following best describes Netcat? a. Netcat is a more powerful version of Snort and can be used for network monitoring and data acquisition. This program enables you to dump the traffic on a network. It can also be used to print out the headers of packets on a network interface that matches a given expression. b. Netcat is called the TCP/IP Swiss army knife. It works with Windows and Linux and can read and write data across network connections using TCP or UDP. c. Netcat is called the TCP/IP Swiss army knife. It is a simple Windows-only utility that reads and writes data across network connections using TCP or UDP. d. Netcat is called the TCP/IP Swiss army knife. It is a simple Linux-only utility that reads and writes data across network connections using TCP or UDP.

b

Which of the following is a vulnerability assessment methodology where the auditor may use methodologies for Windows-based systems that are different from Linux-based systems? a. Product-based assessment b. Tree-based assessment c. Service-based assessment d. Inference-based assessment

b

Which of the following is an example of a tool that can be used to perform social engineering attacks? a. Maltego b. SET c. The Harvester d. Recon-NG

b

Which of the following is an industry standard that is used to provide a score of the risk of a given security vulnerability? a. CVE b. CVSS c. CVRF d. CWE

b

Which of the following is not a Trojan mitigation step? a. User education b. Manual updates c. Isolate infected systems d. Establish user practices built on a policy

b

Which of the following is not a banking malware propagation technique? a. TAN grabber b. Code injection c. Form grabber d. HTML injection

b

Which of the following is true about social engineering motivation techniques? a. Social proof can be used to create a feeling of urgency in a decision-making context. It is possible to use specific language in an interaction to present a sense of urgency and manipulate the victim. b. Scarcity can be used to create a feeling of urgency in a decision-making context. It is possible to use specific language in an interaction to present a sense of urgency and manipulate the victim. c. Scarcity cannot be used to create a feeling of urgency in a decision-making context. It is possible to use specific language in an interaction to present a sense of urgency and manipulate your victim. d. Social proof cannot be used in an interrogation because it is illegal. It is not legal to use specific language in an interaction to present a sense of urgency and manipulate your victim.

b

Which of the following is true about spear phishing? a. Spear phishing attacks use the Windows Administrative Center. b. Spear phishing is phishing attempts that are constructed in a very specific way and directly targeted to specific individuals or companies. c. Spear phishing, whaling, and phishing are the same type of attack. d. Spear phishing attacks use the Windows PowerShell.

b

Which of the following measures whether or not a public exploit is available? a. CVSS base group scope metric b. CVSS temporal group exploit code maturity metric c. CVSS base group exploit metric d. none of these are correct

b

While getting ready to pay some bills, you visit your bank's website and prepare to log in. However, you notice that the login page now has several additional fields where your bank ATM and your Social Security number are requested. What category of banking Trojan could be responsible for this modification? a. A form grabber b. HTML injection c. A TAN grabber d. A SID grabber

b

You have been asked to examine a Windows 7 computer that is running poorly. You first used Netstat to examine active connections, and you now would like to examine performance via the Computer Management Console. Which of the following is the correct command to launch it? a. c:\services.msc b. c:\compmgmt.msc c. ps -aux d. c:\msconfig

b

Your Windows computer is running erratically, and you suspect that spyware has been installed. You have noticed that each time you try to go to an antivirus website, your computer is redirected to another domain and you are flooded with pop-ups. What file did the spyware most likely modify? a. /etc/hosts b. Hosts c. Boot.ini d. Config.ini

b

A business has hired you as a penetration tester after a recent security breach. The attacker was successful at planting a Trojan on one internal server and extracting all its financial data. Which of the following is an immediate recommendation that you can give the business? a. Require all employees to move from 7-character to 14-character passwords. b. Harden the web server. c. Immediately move the financial data to another system. d. Budget for a new web application firewall to perform deep packet inspection.

c

If you approach a running system that you suspect may be infected, what might you do to quickly assess what is running on the system by using built-in applications? a. CurrPorts b. Fport c. netstat -an d. TList

c

KeyGhost is an example of what? a. Software keylogger b. Trojan c. Hardware keylogger d. Covert communication tool

c

Which of the following best describes a covert communication? a. A program that appears desirable, but actually contains something harmful b. A way of getting into a guarded system without using the required password c. Sending and receiving unauthorized information or data by using a protocol, service, or server to transmit info in a way in which it was not intended to be used d. A program or algorithm that replicates itself over a computer network and usually performs malicious actions

c

Which of the following is an example of a social engineering attack that is not related to email? a. SMS command injection b. SMS buffer overflow c. SMS phishing d. Pretexting

c

You have discovered that several of your team members' computers were infected. The attack was successful because the attacker guessed or observed which websites the victims visited and infected one or more of those sites with malware. Which type of attack was executed? a. Spear phishing attack b. Phishing attack c. Watering hole attack d. SMiShing attack

c

______are similar to programs such as WinZip, Rar, and Tar in that they compress the file yet are used to hide the true function of malware. a. Compressors b. Wrappers c. Packers d. Crypters

c

A number of attackers have used _____________ to send malware or malicious links to mobile devices. a. Voice Phishing b. Mobile Phishing c. Mobile Device Management (MDM) d. SMS Phishing

d

Netcat is an example of which of the following? a. Document Trojan that could be used to infect a system b. Mac OS X Trojan that could be used for exfiltration c. Credit card Trojan that could be used to steal credit card information d. A Linux utility that could be used as a command shell Trojan

d

What does the command nc -n -v -l -p 25 accomplish? a. Allows the hacker to use a victim's mail server to send spam b. Forwards email on the remote server to the hacker's computer on port 25 c. Blocks all incoming traffic on port 25 d. Opens up a Netcat listener on the local computer on port 25

d

Which of the following describes a type of malware that restricts access to the computer system's files and folders until a monetary payment is made? a. Crypter b. Trojan c. Spyware d. Ransomware

d

Which of the following is not a common tool used for static malware analysis? a. IDA Pro b. BinText c. UPX d. CurrPorts

d

Which of the following is not a valid virus type of infection? a. Boot sector b. Macro c. Multipartite d. Add-on shell

d

Which of the following is not true about pharming? a. Pharming can be done by altering the host file on a victim's system b. Threat actors performing a pharming attack can leverage DNS poisoning and exploit DNS-based vulnerabilities. c. In a pharming attack, a threat actor redirects a victim from a valid website or resource to a malicious one that could be made to look like the valid site to the user. d. Pharming can be done by exploiting a buffer overflow using Windows PowerShell.

d