CEH Quiz 1-10 (RP)

In a Windows system, an attacker was found to have run the following command:type C:\SecretFile.txt >C:\LegitFile.txt:SecretFile.txtWhat does the above command indicate? - The attacker has used Alternate Data Streams to rename SecretFile.txt file to LegitFile.txt. - The attacker was trying to view SecretFile.txt file hidden using an Alternate Data Stream. - The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt. -The attacker has used Alternate Data Streams to copy the content of SecretFile.txt file into LegitFile.txt.

The attacker has used Alternate Data Streams to hide SecretFile.txt file into LegitFile.txt.

You need to do an ethical hack for BAYARA Company, and the manager says that you need to obtain the password of the root account of the main server to hire you. You are in possession of a rainbow table, what else do you need to obtain the password of the root? - Do a vulnerability assessment - Perform a network recognition - Inject an SQL script into the database - The hash of the root password

The hash of the root password

A penetration tester is conducting a port scan on a specific host. The tester found several open ports that were confusing in concluding the operating system (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 7.70 at 2018-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89 - The host is likely a Windows machine. - The host is likely a router. - The host is likely a Linux machine. - The host is likely a printer.

The host is likely a printer.

Which of the following is the advantage of adopting a single sign on (SSO) system? - Impacts user experience when an application times out the user needs to login again reducing productivity - Decreased security as the logout process is different across applications - A reduction in overall risk to the system since network and application attacks can only happen at the SSO point -A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications

A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications

Which of the following are valid types of rootkits? (Choose three.) - Hypervisor level - Application level - Kernel level - Data access level - Physical level - Network level

- Hypervisor level - Application level - Kernel level

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use? - sT - sn - sS - sU

- sn

Which of the following techniques rely on tunneling to transmit one protocol data in another protocol? - Scanning - Asymmetric routing - A covert channel - Steganography

A covert channel

Which element in a vulnerability scanning report allows the system administrator to obtain additional information about the scanning such as the origin of the scan? - Scan Information - Target information - Classification - Services

Classification

While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? - The firewall is dropping the packets. - UDP port is closed. - UDP port is open - The host does not respond to ICMP packets.

UDP port is closed.

An NMAP scan of a server shows port 69 is open. What risk could this pose? - Unauthenticated access - Cleartext login - Web portal data leak - Weak SSL version

Unauthenticated access

Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? - TCP/IP and IPSec - Implement VPN - Configure web servers - Configure IIS

Configure IIS

You are performing a port scan with Nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results? - Connect scan - Stealth scan - Fragmented packet scan - XMAS scan

Connect scan

Which of the following channels is used by an attacker to hide data in an undetectable protocol? - Encrypted - Covert - Classified - Overtg

Covert

What is the correct order for vulnerability management life cycle? - Verification → risk assessment → monitor → remediation → creating baseline → vulnerability assessment - Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor - Verification → vulnerability assessment → monitor → remediation → creating baseline → risk assessment - Monitor → risk assessment → remediation → verification → creating baseline → vulnerability assessment

Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor

Which of the following terms refers to gaining access to one network and/or computer and then using the same to gain access to multiple networks and computers that contain desirable information? - Daisy Chaining - Kill Chain - Social Engineering - Doxing

Daisy Chaining

Which of the following Trojan construction kits is used to create user-specified Trojans by selecting from the various options available? - Trojan.Gen - Senna Spy Trojan Generator - Win32.Trojan.BAT - DarkHorse Trojan Virus Maker

DarkHorse Trojan Virus Maker

Which of the following tasks DOES NOT fall under the scope of ethical hacking? - Risk assessment - Defense-in-depth implementation - Vulnerability scanning - Pen testing

Defense-in-depth implementation

Individuals who promote security awareness or a political agenda by performing hacking are known as:

Hacktivist

In which of the following techniques does an unauthorized user try to access the resources, functions, and other privileges that belong to the authorized user who has similar access permissions? - Horizontal Privilege Escalation - Vertical Privilege Escalation - Rainbow Table Attack - Kerberos Authentication

Horizontal Privilege Escalation

Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by Sohum? - Internal Assessment - Network based Assessment - External Assessment - Host based Assessment

Host based Assessment

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? - Broadcast ping - Hping - TCP ping - Traceroute

Hping

Which of the following techniques allows attackers to inject malicious script on a web server to maintain persistent access and escalate privileges? - Scheduled Task - Launch daemon - Access Token Manipulation - Web Shell

Web Shell

Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system? - TCP/IP - WhoIs Lookup - DNS Lookup - Traceroute

WhoIs Lookup

In the options given below; identify the nature of a library-level rootkit? - Uses devices or platform firmware to create a persistent malware image in hardware - Functions either by replacing or modifying the legitimate bootloader with another one - Works higher up in the OS and usually patches, hooks, or supplants system calls with backdoor versions - Operates inside the victim's computer by replacing the standard application files

Works higher up in the OS and usually patches, hooks, or supplants system calls with backdoor versions

Which of the following commands is used to disable the BASH shell from saving the history? - shred ~/.bash_history - history -w - history -c - export HISTSIZE=0

export HISTSIZE=0

Which command lets a tester enumerate live systems in a class C network via ICMP using native Windows tools? - ping 192.168.2. - for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply" - for %V in (1 1 255) do PING 192.168.2.%V - ping 192.168.2.255

for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

An engineer is learning to write exploits in C++ and is using Kali Linux. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this? - g++ -i hackersExploit.pl -o calc.exe - g++ --compile -i hackersExploit.cpp -o calc.exe - g++ hackersExploit.cpp -o calc.exe - g++ hackersExploit.py -o calc.exe

g++ hackersExploit.cpp -o calc.exe

An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. Which of the following Hping commands he/she needs to use to gather the required information? - hping3 -S <Target IP> -p 80 --tcp-timestamp - hping3 -A <Target IP> -p 80 - hping3 -F -P -U 10.0.0.25 -p 80 - hping3 <Target IP> -Q -p 139 -s

hping3 <Target IP> -Q -p 139 -s

Which of the following vulnerability repositories is available online and allows attackers access to information about various software vulnerabilities? - http://foofus.net - http://project-rainbowcrack.com - http://www.securityfocus.com - https://www.tarasco.org

http://www.securityfocus.com

Which of the following windows utilities allow an attacker to perform NetBIOS enumeration? - ntpdate - nbtstat - SetRequest - GetRequest

nbtstat

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? - nessus *s - nessus & - nessus -d - nessus +

nessus &

Which of the following command is used by the attackers to query the ntpd daemon about its current state? - ntpdate - ntpdc - ntptrace - ntpq

ntpdc

Which of the following protocols is the technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions? - SMTP - SNMP - NetBios - IPSec

IPSec

Which of the following is a routing protocol that allows the host to discover the IP addresses of active routers on their subnet by listening to router advertisement and soliciting messages on their network? - ARP - DHCP - DNS - IRDP

IRDP

Which one of the following techniques is used by attackers to hide their programs? - Scanning - Enumeration - Footprinting - NTFS Stream

NTFS Stream

Which of the following protocols is responsible for synchronizing clocks of networked computers? - SMTP - DNS - NTP - LDAP

NTP

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing? - Metasploit - BeEF - Nessus - NMAP

Nessus

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11? - Clamwin - Sub7 - Truecrypt - Nessus

Nessus

Sanya is a security analyst in a multinational company who wants to schedule scans across multiple scanners, use wizards to easily and quickly create policies and wants to send results via email to her boss. Which vulnerability assessment tool should she use to get the best results? - Wireshark - Nessus Professional - FOCA - Recon-ng

Nessus Professional

An attacker identified that port 139 on the victim's Windows machine is open and he used that port to identify the resources that can be accessed or viewed on the remote system. What is the protocol that allowed the attacker to perform this enumeration? - NetBIOS - SMTP - SNMP - LDAP

NetBIOS

Ransomware encrypts the files and locks systems, leaving the system in an unusable state. The compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya delivers malicious code that can even destroy the data with no hope of recovery. What is this malicious code called? - Payload - Bot - Honeypot - Vulnerability

Payload

Which of the following steps in enumeration penetration testing extracts information about encryption and hashing algorithms, authentication type, key distribution algorithms, SA LifeDuration, etc.? - Perform IPsec enumeration - Perform DNS enumeration - Perform SMTP enumeration - Perform NTP enumeration

Perform IPsec enumeration

Which of the following is an active reconnaissance technique? - Collecting contact information from yellow pages - Performing dumpster diving - Collecting information about a target from search engines - Scanning a system by using tools to detect open ports

Scanning a system by using tools to detect open ports

A computer installed with port monitoring, file monitoring, network monitoring, and antivirus software and connected to network only under strictly controlled conditions is known as: - Sheep Dip - Droidsheep - Sandbox - Malwarebytes

Sheep Dip

Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: Secretly observes the target to gain critical information Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique.

Shoulder surfing

Which of the following regional internet registries (RIRs) provides services related to the technical coordination and management of Internet number resources in Canada, the United States, and many Caribbean and North Atlantic islands? - LACNIC - AFRINIC - APNIC - ARIN

ARIN

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? - Active - Distributive - Passive - Reflective

Active

Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)? - Active Metrics - Temporal Metrics - Base Metrics - Environmental Metrics

Active Metrics

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All of the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications. There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. A competitor learns that employees use their own personal smartphones to communicate with other employees of Highlander, Incorporated. Which information security attack vector should the competitor use to gather information over a long period of time from the phones, without the victim being aware that he or she has been compromised?

Advanced Persistent Threat

Which assessment focuses on transactional Web applications, traditional client-server applications, and hybrid systems? - Passive Assessment - Active Assessment - Wireless network Assessment - Application Assessment

Application Assessment

Which of the following steps in enumeration penetration testing serves as an input to many of the ping sweep and port scanning tools for further enumeration? - Perform competitive intelligence - Calculate the subnet mask - Perform email footprinting - Perform ARP poisoning

Calculate the subnet mask

Which of the following techniques do attackers use to escalate privileges in the Windows operating system? - Plist Modification - Launch Daemon - Application Shimming - Setuid and Setgid

Application Shimming

Which of the following is an sh-compatible shell that stores command history in a file? - ksh - Tcsh/Csh - BASH - Zsh

BASH

Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? - IP address decoy - Source routing - Port scanning - Banner grabbing

Banner grabbing

A hacker wants to encrypt and compress 32-bit executables and .NET apps without affecting their direct functionality. Which of the following cryptor tools should be used by the hacker? - Cypherx - Hidden sight crypter - Java crypter - BitCrypter

BitCrypter

Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system ? - Active Footprinting - Buffer Overflows - Port Scanning - Banner Grabbing

Buffer Overflows

How does an attacker perform a "social engineered clickjacking" attack? - By exploiting flaws in browser software to install malware merely by visiting a website - By attaching a malicious file to an e-mail and sending the e-mail to a multiple target address - By mimicking legitimate institutions, such as banks, in an attempt to steal passwords and credit card -By injecting malware into legitimate-looking websites to trick users by clicking them

By injecting malware into legitimate-looking websites to trick users by clicking them

Which type of assessment tools are used to find and identify previously unknown vulnerabilities in a system? - Depth assessment tools - Active Scanning Tools - Application-layer vulnerability assessment tools - Scope assessment tools

Depth assessment tools

Which of the following techniques do attackers use to cover the tracks? - Steganography - Steganalysis - Scanning - Disable auditing

Disable auditing

Which of the following SMTP in-built commands tells the actual delivery addresses of aliases and mailing lists? - RCPT TO - PSINFO - VRFY - EXPN

EXPN

Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? - Website Mirroring Tools - Email Tracking Tools - Metadata Extraction Tools - Web Updates Monitoring Tools

Email Tracking Tools

Why is ethical hacking necessary? (Select two.) - Ethical hackers try to find what an intruder can see on the system under evaluation. - Ethical hackers are responsible for selecting security solutions and try to verify the ROI of security systems. - Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched - Ethical hackers are responsible for incident handling and response in the organization.

Ethical hackers try to find what an intruder can see on the system under evaluation. Ethical hackers try to find if all the components of information systems are adequately protected, updated, and patched

Which of the following enumeration techniques is used by a network administrator to replicate domain name system (DNS) data across many DNS servers, or to backup DNS files? - Extract information using default passwords - Brute force Active Directory - Extract user names using email IDs - Extract information using DNS Zone Transfer

Extract information using DNS Zone Transfer

Which of the following tools can be used to perform LDAP enumeration? - JXplorer - SuperScan - SoftPerfect Network Scanner - Nsauditor Network Security Auditor

JXplorer

Which of the following protocols is responsible for accessing distributed directories and access information such as valid usernames, addresses, departmental details, and so on? - DNS - NTP - LDAP - SMTP

LDAP

Which of the following protocols uses TCP or UDP as its transport protocol over port 389? - SIP - SMTP - LDAP - SNMP

LDAP

SecTech Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, SecTech does not have the required resources or capabilities to perform a vulnerability assessment. They decide to purchase a vulnerability assessment tool to test a host or application for vulnerabilities. Which of the following factors should the organization NOT consider while purchasing a vulnerability assessment tool? - Functionality for writing own tests - Links to patches - Types of vulnerabilities being assessed - Test run scheduling

Links to patches

Which of the following type of access control determines the usage and access policies of the users and provides that a user can access a resource only if he or she has the access rights to that resource? - Discretionary access control - Mandatory access control - Rule-based access control - Role-based access control

Mandatory access control

Which tool includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems? - Foca - Microsoft Baseline Security Analyzer (MBSA) - Netcraft - Wireshark

Microsoft Baseline Security Analyzer (MBSA)

Identify the Trojan which exhibits the following characteristics: • Login attempts with 60 different factory default username and password pairs • Built for multiple CPU architectures (x86, ARM, Sparc, PowerPC, Motorola) • Connects to CnC to allows the attacker to specify an attack vector • Increases bandwidth usage for infected bots • Identifies and removes competing malware - PlugBot - Ramnit - Mirai - Windigo

Mirai

Tesla is running an application with debug enabled in one of its system. Under which category of vulnerabilities can this flaw be classified? - Unpatched servers - Misconfiguration - Design Flaws - Operating System Flaws

Misconfiguration

Which of the following open source tools would be the best choice to scan a network for potential targets? - John the Ripper - hashcat - Cain & Abel - NMAP

NMAP

Which of the following information is collected using enumeration? - Network resources, network shares, and machine names. - Open ports and services - Email Recipient's system IP address and geolocation. - Operating systems, location of web servers, users and passwords.

Network resources, network shares, and machine names.

Which of the following tools is not a NetBIOS enumeration tool? - SuperScan - OpUtils - NetScanTools Pro - Hyena

OpUtils

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Passive information gathering

John the Ripper is a technical assessment tool used to test the weakness of which of the following? - Firewall rulesets - Passwords - File permissions - Usernames

Passwords

Which of the following techniques is used to place an executable in a particular path in such a way that it will be executed by the application in place of the legitimate target? - Application Shimming - File System Permissions Weakness - Scheduled Task - Path Interception

Path Interception

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications. As per Highlander's policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices. Management at Highlander, Incorporated, has agreed to develop an incident management process after discovering laptops were compromised and the situation was not handled in an appropriate manner. What is the first phase that Highlander, Incorporated, needs to implement within their incident management process?

Preparation for Incident Handling and Response.

Passive reconnaissance involves collecting information through which of the following? - Social engineering - Email tracking - Traceroute analysis - Publicly accessible sources

Publicly accessible sources

Which of the following malware types restricts access to the computer system's files and folders, and demands a payment to the malware creator(s) in order to remove the restrictions? - Spyware - Trojan Horse - Adware - Ransomware

Ransomeware

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity? - Consider unscanned ports as closed - Silent Dependencies - Netstat WMI Scan - Reduce parallel connections on congestion

Reduce parallel connections on congestion

Which of the following term refers to the process of reducing the severity of vulnerabilities in vulnerability management life cycle? - Remediation - Verification - Vulnerability Assessment - Risk Assessment

Remediation

Which of the following tools provides comprehensive vulnerability management for mobile devices, smartphones, and tablets? - FaceNiff - Pamn IP Scanner - zANTI - Retina CS for Mobile

Retina CS for Mobile

Which one of the following software program helps the attackers to gain unauthorized access to a remote system and perform malicious activities? - Anti-spyware - Rootkit - Antivirus - Keylogger

Rootkit

Which protocol enables an attacker to enumerate user accounts and devices on a target system? - SNMP - NetBIOS - TCP - SMTP

SNMP

Which of the following tools can be used to perform SNMP enumeration? - SoftPerfect Network Scanner - SNScan - Nsauditor Network Security Auditor - SuperScan

SNScan

You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks or SQL injection techniques? - SQL injection site:Wikipedia.org - site:Wikipedia.org intitle:"SQL Injection" - site:Wikipedia.org related:"SQL Injection" - allinurl: Wikipedia.org intitle:"SQL Injection"

SQL injection site:Wikipedia.org

At a Windows server command prompt, which command could be used to list the running services? - Sc config - Sc query - Sc query type = running - Sc query \\servername

Sc query

Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs? - Sean should use Sublist3r tool - Sean should use website mirroring tools - Sean should use email tracking tools - Sean should use WayBackMachine in Archive.org

Sean should use Sublist3r tool

What is the output returned by search engines when extracting critical details about a target from the Internet? - Operating systems, location of web servers, users and passwords - Advanced search operators - Search Engine Results Page ("SERPS") - Open ports and Services

Search Engine Results Pages ('SERPs')

Low humidity in a data center can cause which of the following problems? - Heat - Static electricity - Airborne contamination - Corrosion

Static electricity

Which of the following techniques refers to the art of hiding data "behind" other data without the target's knowledge? - Footprinting - Scanning - Enumeration - Steganography

Steganography

Which of the following protocols provides reliable multiprocess communication service in a multinetwork environment? - UDP - SNMP - SMTP - TCP

TCP

Which of the following technique is used by the attacker to distribute the payload and to create covert channels? - TCP Parameters - Performing steganalysis - Covering tracks - Clear online tracks

TCP Parameters

What is the port number used by DNS servers to perform DNS zone transfer? - TCP/UDP 53 - TCP 139 - UDP 137 - TCP/UDP 135

TCP/UDP 53

Which of the following business challenges could be solved by using a vulnerability scanner? - A web server was compromised and management needs to know if any further systems were compromised. - There is an urgent need to remove administrator access from multiple machines for an employee who quit. - Auditors want to discover if all systems are following a standard naming convention. - There is a monthly requirement to test corporate compliance with host application usage and security policies.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? - Fingerprinting to identify which operating systems are running on the network. - Timing options to slow the speed that the port scan is conducted. - Traceroute to control the path of the packets sent during the scan. - ICMP ping sweep to determine which hosts on the network are not available .

Timing options to slow the speed that the port scan is conducted.

What is the sole purpose of writing destructive Trojans? - To copying itself to the system and create a scheduled task that executes the copied payload - To stop the working of security programs such as firewall and IDS - To randomly delete files, folders, registry entries, and local and network drives - To trick the victim to install the malicious application

To randomly delete files, folders, registry entries, and local and network drives

A covert channel is a channel that: - Transfers information over, within a computer system, or network that is within the security policy. - Transfers information via a communication path within a computer system, or network for transfer of data. - Transfers information over, within a computer system, or network that is encrypted. - Transfers information over, within a computer system, or network that is outside of the security policy.

Transfers information over, within a computer system, or network that is outside of the security policy.

Tina downloaded and installed a 3D screensaver. She is enjoying watching the 3D screensaver, but whenever the screensaver gets activated, her computer is automatically scanning the network and sending the results to a different IP address on the network. Identify the malware installed along with the 3D screensaver? - Beacon - Virus - Worm - Trojan Horse

Trojan Horse