Lesson 8 Practice Questions
A security manager sets up a defense in depth mechanism and sets up monitoring to catch communications from the attacker to the malware. What is the manager monitoring for?
C2 Whether a backdoor is used as a standalone intrusion mechanism or to manage bots, the threat actor must establish a connection from the compromised host to a command and control (C2 or C&C) host or network.
A security manager in charge of the vulnerability program for the enterprise is looking at mobile security. They are reading about a "walled garden" approach. What does this entail?
Trusted Source Mobile OS vendors use this "walled garden" model of software distribution as well. Apps are distributed from an approved store, such as Apple's App Store or the Windows Store.
A security manager wants to set up a program where they can proactively mitigate malware infection as much as possible. Which of the following is least helpful in this endeavor?
Update Trusted Root Certificates Updating trusted root certificates is helpful in the overall defense-in-depth security strategy, but is least helpful in this scenario in preventing malware. It does play its part though.
A Firefox user wants to open up their browser settings to configure their intranet as the home page. How can the Firefox user access the settings?
about:preferences Users can open the internal URL for firefox by going to about:preferences. Each browser maintains its own settings that are accessed via its Meatball (...) or Hamburger (☰) menu button as well.
A server administrator notices that a few servers in their screened subnet (demilitarized zone) went from around 5% central processing unit (CPU) utilization to 95%. They also notice the machines lack many patches. If malware infects the servers, what is the likely cause?
Cryptomining software A cryptominer hijacks the resources of the host to perform cryptocurrency mining. This is also referred to as cryptojacking.
A security analyst baselines web activity and notices several caveats with browsers. For example, they notice that when a user types in a query, a query is actually made after every typed key. The analyst is trying to group browser activity together. Which browser is based on the same code as Chrome?
Edge Edge, Microsoft's replacement browser, now uses the same underlying Chromium codebase as Google Chrome.
A manager is responsible for client laptops, and is concerned about exposing data on the disks to a different OS and the permissions becoming overridden. What will help prevent this possible attack?
Encrypting File System The Encrypting File System (EFS) feature of the New Technology File System (NTFS) supports file and folder encryption. EFS is not available in the Home edition of Windows.
A developer wants to create functionality for a web browser by making API calls on the back end. What should the developer build?
Extension Extensions add or change a browser feature via its application programming interface (API). The extension must be granted specific permissions to make configuration changes. With sufficient permissions, they can run scripts to interact with the pages the developer is looking at.
A security administrator wants to set up anomalistic monitoring around behavioral-based user activity. Which of the following could the administrator implement for monitoring?
Failed Attemps Login Times Concurrent Logins Monitoring login times are typically used to see if an account is logging in at an unusual time of the day or night or during the weekend. Concurrent logins are another behavioral-based monitoring mechanism. Most users should only need to sign in to one computer at a time, so this sort of policy can help to prevent or detect misuse of an account. Failed attempts can be a sign of malicious activity.
A security analyst receives a notification of possible malware based on common indicators. They run several different antivirus software against the disk, and the scans indicate no malware. What is the analyst's computer likely infected with?
Fileless Malware Fileless malware refers to malicious code that uses the host's scripting environment, such as Windows PowerShell or PDF JavaScript, to create new malicious processes in memory.
A security manager is setting up a password policy for users. Which of the following is the best security practice when it comes to passwords?
Length Length is preferable to the use of highly cryptic mixing of character types. It will take an attacker significantly longer to crack a passphrase rather than a much shorter but complex password.
A user visits a news site that they go to frequently, and the news articles are not updated but are the same as the day before. The user also hears complaints about people not having internet, which is odd since they are on their normal news site. What is most likely going on?
Page is cached. By default, the browser will maintain a history of pages visited, cache files to speed up browsing, and save text typed into form fields. The page is most likely cached from the previous visit.
A developer is reading their email and comes across a new memorandum from the security department about a clean desk policy. Why does security need to publish this?
Personal Identifiable Information (PII) Protection Paper copies of personal and confidential data must not be left where they could be read or stolen. A clean desk policy ensures that all such information is not left in plain sight.
A helpdesk operator is reviewing a notification that a user clicked links in a very suspicious email. What is the second step the operator should take?
Quarantine After verifying the symptoms of malware, the host should be placed in quarantine, where it is not able to communicate on the main network.
A server administrator helps the human resources department whitelist an external website for their new training platform. What will the administrator need to do to ensure the web page shows up as secure?
Add trusted certificates. When using enterprise certificates for internal sites and a third-party browser, the administrator must ensure that the internal CA root certificate is added to the browser.
