SEC 110 Ch2

Match the general defense methodology on the left with the appropriate description on the right. Each methodology can be used once, more than once, or not at all. -layering -principle of least privilege -variety -randomness -simplicity ============================== -The constant change in personal habits and passwords to prevent anticipated events and exploitation. -Diversifying layers of defense. -Giving users only the access they need to do their job and nothing more. -Implementing multiple security measures to protect the same asset. -Eliminating single points of failure. Giving groups only the access they need to do their job and nothing more.

-The constant change in personal habits and passwords to prevent anticipated events and exploitation=randomness -Diversifying layers of defense.= variety -Giving users only the access they need to do their job and nothing more.=principle of least privilege -Implementing multiple security measures to protect the same asset.=layering Eliminating single points of failure= layering Giving groups only the access they need to do their job and nothing more.=principle of least privilege

Which of the following is the BEST example of the principle of least privilege? -Jill has been given access to all of the files on one server. -Lenny has been given access to files that he does not need for his job. -Wanda has been given access to the files that she needs for her job. -Mary has been given access to all of the file servers.

-Wanda has been given access to the files that she needs for her job.

Which methodologies can you use to defend a network?

-layering -principle of least privilege -variety -randomness -simplicity

What protections can you implement against organized crime threat actors?

-proper user security training -implementing email filtering systems -properly secure and stored data backups

Which of the following are characteristics of a rootkit? (Select two.) -Uses cookies saved on the hard drive to track user preferences. -Monitors user actions and opens pop-ups based on user preferences. -Resides below regular antivirus software detection. -Requires administrator-level privileges for installation. -Collects various types of personal information.

-resides below regular antivirus software detection -requires administrator level privileges for installation.

You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.) -Enable chassis intrusion detection. -Schedule regular full-system scans. -Educate users about malware. -Enable account lockout. -Disable UAC.

-schedule regular full system scans -educate users about malware

Potentially unwanted program (PUP)

A PUP is a software inadvertently installed that contains adware, installs toolbars, or has some other objective.

zombie

A computer that is infected with malware and is controlled by a command and control center called a zombie master.

Identity theft

A crime in which an attacker commits fraud by using someone else's name or existing accounts to obtain money or to purchase items.

Fileless virus

A fileless virus uses legitimate programs to infect a computer.

Which of the following is the BEST definition of the term hacker? -A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention. -Any individual whose attacks are politically motivated. -A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. -A threat actor whose main goal is financial gain. The most organized, well-funded, and dangerous type of threat actor.

A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.

Botnet

A group of zombie computers that are commanded from a central control infrastructure.

Hacktivist

A hacktivist is a hacker with a political motive.

Hoax

A hoax is a type of malicious email with some type of urgent or alarming message to deceive the target.

Script Kiddy

A less skilled hacker who often relies on automated tools or scripts written by crackers to scan systems and exploit weaknesses.

Trojan horse

A malicious program that is disguised as legitimate or desirable software.

Cybercriminal

A person ( or team of individuals) who use technology to steal sensitive information for a profit. Cybercriminals are often associated with large organized crime syndicates such as the mafia.

Cracker

A person actively engaged in developing and distributing worms, Trojans, and viruses; engaging in probing and reconnaissance activities; creating toolkits so that others can hack known vulnerabilities; and/or cracking protective measures.

Virus

A program that attempts to damage a computer system and replicate itself to other computer systems.

Which of the following describes a logic bomb? -A program that performs a malicious activity at a specific time or after a triggering event. -A program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found. -A type of malicious code similar to a virus whose primary purpose is to duplicate itself and spread while not necessarily intentionally damaging or destroying resources. -A program that appears to be a legitimate application, utility, game, or screensaver that performs malicious activities surreptitiously.

A program that performs a malicious activity at a specific time or after a triggering event.

Scareware

A scam to fool a user into thinking there is some form of malware on the system.

Worm

A self replicating malware program.

Rootkit

A set of programs that allows attackers to maintain hidden, administrator level access to a computer.

Black hat

A skilled acker who uses skills and knowledge for illegal or malicious purposes.

Gray hat

A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't malicious like a black hat hacker.

White hat

A skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission is given.

Nation state

A sovereign state threat agent may wage an all out war on a target and have significant resources for the attack.

Coompetitor

A threat agent who carries out attacks on behalf of an organization and target competing companies.

Insider

A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack.

Internal threat

A threat from authorized individuals(insiders) who exploit assigned privileges and inside information to carry out an attack.

External threat

A threat from individuals or groups not associated with the organization, who seek to gain unauthorized access to data.

Non-persistent threat

A threat that focuses on getting into a system and stealing information. It is usually a one time event, so the attacker is not concerned with detection..

Persistent threat

A threat that seeks to gain access to a network and remain there undetected.

Targeted attack

A type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity.

White hat hacker

A white hat hacker is a professional who helps companies find the vulnerabilities in their security. Also known as an ethical hacker.

Opportunistic attack

An attack in which the threat actor is almost always trying to make money as fast as possible and with minimal effort.

Which of the following BEST describes an inside attacker? -An unintentional threat actor. This is the most common threat. -An agent who uses their technical knowledge to bypass security. -A good guy who tries to help a company see their vulnerabilities. -An attacker with lots of resources and money at their disposal.

An unintentional threat actor. This is the most common threat.

Hacker

Any threat agent who uses technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information. or A person who commits crimes through gaining unauthorized acces to computer systems.

In 2001, a worm exploited vulnerabilities in Microsoft Internet Information Services (IIS) to infect over 250,000 systems in under nine hours. What was this worm called? -Michelangelo -Nimda -Melissa -Code Red

Code Red

Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for a name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? -DNS cache poisoning -Social networking -Host file modification -Feigning ignorance

DNS cache poisoning

Which of the following is a common social engineering attack? -Distributing hoax virus-information emails -Using a sniffer to capture network traffic -Distributing false information about an organization's financial status -Logging on with stolen credentials

Distributing hoax virus information emails

Elicitation

Elicitation is a technique to extract information from a target without arousing suspicion.

Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? -Competitor -Script kiddie -Insider -Hacktivist -Nation state

Hacktivist

Impersonation

Impersonation is pretend to be somebody else and approaching a target to extract information.

Open-Source Intelligence (OSINT)

Information that is readily available to the public and doesn't require any type of malicious activity to obtain.

The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal includes the following: -Create and follow onboarding and off-boarding procedures. -Employ the principal of least privilege. -Have appropriate physical security controls in place. Which type of threat actor do these steps guard against? -Competitor -Hacktivist -Script kiddie -Insider

Insider

Which of the following best describes spyware? -It monitors the actions you take on your machine and sends the information back to its originating source. -It monitors user actions that denote personal preferences and then sends pop-ups and ads to the user that match their tastes. -It is a program that attempts to damage a computer system and replicate itself to other computer systems. -It is a malicious program disguised as legitimate software.

It monitors the actions you take on your machiine and sends the information back to its originating source.

A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the BEST defense against script kiddie attacks? -Build a comprehensive security approach that uses all aspects of threat prevention and protection. -Have appropriate physical security controls in place. -Properly secure and store data backups. -Implement email filtering systems. -Keep systems up to date and use standard security practices.

Keep systems up to date and use standard security practices

Availability loss

Loss of access to computer resources due to the network being overwhelmed or crashing.

logic bomb

Malware designed to execute only under predefined conditions. It is dormant until the predefined condition is met.

Crimeware

Malware designed to perpetrate identify theft. It allows a hacker access to online accounts at financial services, such as banks and online retailers.

Ransomware

Malware that denies access to a computer system until the user pays a ransom.

Remote Access Trojan (RAT)

Malware that includes a back door to allow a hacker administrative control over the target computer.

Adware

Malware that monitors a user's personal preferences and sends pop-up ads that match those prefernces.

Social engineers are master manipulators. Which of the following are tactics they might use? Keylogging, shoulder surfing, and moral obligation Shoulder surfing, eavesdropping, and keylogging Moral obligation, ignorance, and threatening Eavesdropping, ignorance, and threatening

Moral obligation, ignorance, and threatening

What does it mean for software to be quarantined?

Moves the infected files to a secure folder where it cannot open or run normally.

Crypto-malware

Ransom that encrypts files until a ransom is paid.

Which kind of malware provides an attacker with administrative control over a target computer through a backdoor? -Potentially Unwanted Program (PUP) -Trojan horse -Remote Access Trojan (RAT) -Crypto-malware

Remote Access Trojan (RAT)

SPIM

SPIM is similar to spam, but the malicious link is sent to the target over instant message to deceive the target.

SMiShing

SmiShing, or SMS phishing, is doing phishing through an SMS message. In other words, tricking a user to download a virus, Trojan horse, or malware onto a cell phone.

Social engineering

Social engineering is an attack involving human interaction to obtain information or access.

Malware

Software designed to take over or damage a computer without the user's knowledge or approval.

spyware

Software installed without a user's personal preferences and sends pop-up ads that match those preferences.

Data breach

The exposure of confidential or protected data, either accidentally or through malicious acts.

Data loss

The loss of files and documents either accidentally or through malicious acts.

Data Exfiltration

The unauthorized transfer of information or files from a computer.

zero day vulnerability

Zero-day is a software vulnerability that is unknown to the vendor.

Script Kiddie

a less skilled hacker that often relies on automated tools or scripts written by crackers to scan systems at random to find and exploit weaknesses.

An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? -Persuasive -Social validation -Commitment -Authority

authority

Sometimes, an attacker's goal is to prevent access to a system rather than to gain access. This form of attack is often called a denial-of-service attack and causes which impact? -Identity theft -Availability loss -Data loss -Data exfiltration

availability loss

A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent? -spyware -logic bomb -botnet -trojan horse

botnet

When confidential or protected data is exposed, either intentionally or accidentally, it is considered to be which of the following? -Data loss -Data exfiltration -Availability loss -Data breach

data breach

DNS tunneling is a common method that allows an attacker to accomplish which attack? -Availability loss -Data exfiltration -Medical identity theft -Data loss

data exfiltration

Every ACME computer comes with the same account created at the factory. Which kind of vulnerability is this? -Weak passwords -Backdoor -Default accounts and passwords -Misconfigurations

default accounts and passwords

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? -Research phase -Exploitation phase -Development phase -Elicitation phase

developmental phase

What is pretexting and how is it used in social engineering ?

doing research on your target and creating a fictitious scenario.

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? -Impersonation -Elictitation -Interrogation -Preloading

elicitation

Which kind of virus operates only in memory and usually exploits a trusted application like PowerShell to circumvent traditional endpoint security solutions? -Worm -Remote Access Trojan (RAT) -Fileless virus -Ransomware

fileless virus

Which types of malware typically use email to spread?

fileless virus

footprinting

footprinting uses social engineering to obtain as much information as possible about an organization.

Which impact of vulnerabilities occurs when an attacker uses information gained from a data breach to commit fraud by doing things like opening new accounts with the victim's information? -Identity theft -Data exfiltration -Availability loss -Data loss

identity theft

Having a legitimate reason for approaching someone to ask for sensitive information is called what? Preloading Pretexting Impersonation Footprinting

impersonation

In healthcare, regulations often dictate that important systems remain unpatched to maintain compliance. Which kind of vulnerability does this introduce? -Weak passwords -Application flaws -Inherent vulnerabilities -Misconfigurations

inherent vulnerabilities

An employee stealing company data could be an example of which kind of threat actor? -external threat -non persistent threat -persistent threat -internal threat

internal threat

How do hackers use interview and interrogation techniques for social engineering?

interview- target talks, attacker listens. interrogation- attacker leads the conversation

What must you do to ensure that you are protected from the latest virus variations?

keep your antivirus program up to date with latest patches.

Which of the following are examples of social engineering attacks? (Select two.) -Keylogger -War dialing -Impersonation -Shoulder surfing -Port scanning

keylogger shoulder surfing

A hacker scans hundreds of IP addresses randomly on the internet until they find an exploitable target. What kind of attack is this? -Opportunistic attack -Insider attack -Targeted attack -Nation state attack

opportunistic attack

How do persistent and non persistent threats differ?

persistent-plans on going back in over and over. non persistent is a one and done.

Which security control, if not applied, can allow an attacker to bypass other security controls? -Updating firmware or software -Principle of least privilege -Changing default passwords -Physical access control

physical access control

preloading

preloading is influencing a target's thoughts, opinions, and emotions before something happens.

What are some of the most common social engineering techniques?

pretexting preloading impersonation elicitation interviews interrogation

pretexting

pretexting is a fictitious scenario to persuade someone to perform an action or give information.

A user is able to access privileged administrative features with an account that is not granted administrator rights. Which type of vulnerability is this? -Backdoor account -Stealing administrator credentials -Privilege escalation -Weak passwords

privilege escalation

A type of malware that prevents the system from being used until the victim pays the attacker money is known as what? -Denial-of-service attack (DoS attack) -Ransomware -Fileless virus -Remote Access Trojan (RAT)

ransomware

In which phase of an attack does the attacker gather information about the target? -Escalating privileges -Exploit the system -Breach the system -Reconnaissance

reconnaissance

Any attack involving human interaction of some kind is referred to as what? -An opportunistic attack -Attacker manipulation -Social engineering -A white hat hacker

social engineering

Match the general attack with the appropriate description. (each strategy may be used once, more than once, or not at all). -reconnaissance -breaching -escalating privileges -staging -exploitation -------------------------------- -Stealing information -preparing a computer to perform additional tasks in the attack -crashing systems -gathering system hardware information -penetrating system defenses to gain unauthorized access. -configuring additional rights to do more than breach the system.

stealing information= exploitation Preparing a computer to perform additional tasks in the attack= staging crashing systems- exploitation gathering system defenses to gain unauthorized access= reconnaissance penetrating system defenses to gain unauthorized access= breaching configuring additional rights to do more than breach the system= escalating privileges

The root account has all privileges and no barriers. Which of the following is another name for the root account? -User account -Default account -Superuser account -Backdoor account

super user

Which of the following is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously? -Outlook Express -ActiveX control -Worm -Trojan horse

trojan horse

A wireless access point configured to use Wired Equivalent Privacy (WEP) is an example of which kind of vulnerability? -Unpatched software -Weak security configurations -Zero-day exploit -Default settings

weak security configurations

What is the difference between a virus and a worm?

worm-wants to harm the computer without the users knowledge. virus-attempts to damage a computer system and replicate itself to the other systems.