Info Sec Ch 6
Dwight was fired from his job and in an act of revenge installed malware that would allow him to have access to the system from a remote location. What is the name of this? (6)
A backdoor
Dwight was fired from his job and in an act of revenge installed malware that would allow him to have access to the system whenever he wants. What is the name of this? (6)
A backdoor
"The CIA has decided that it needs to take down Mitochondria, Inc. a foreign private intelligence agency that has gotten too close to discovering the secret powerhouse facilities inside Area 51. The CIA launches a sophisticated, targeted attack on Mitochondria, Inc. Given the resources available to the CIS, this kind of attack would be characterized as which of the following? (Ch. 6)"
APT (advanced persistent threat)
You are scanning your system with a legitimate antivirus scanner. It warns you that the hash of one of your files no longer matches the baseline and could potentially have been modified by malware. What tool did the scanner use to determine this? (6)
File Integrity Checker
"He was already the world's greatest boy detective, and now, Angus McDonald has decided that he also wants to become a top notch kid hacker to boot. Angus signs up for a 3-month coding boot camp and by the end of it, he's crafting his very own simple attack code to turn his enemies' websites into PSAs supporting global climate change action. Which of the following best describes what Angus has become? (Ch. 6)"
Hacktivist
John launched an attack against the government to release confidential documents in order to further his group's cause of a completely transparent government. Which of the following best describes John? (6)
Hacktivist
"When attempting to get into someone's computer, Michael typically uses flattery when talking to said person. He frequently encourages the person take risky actions or attempts to get them to reveal sensitive information. This is an example of ____? (6)"
Social Engineering
"E Corp. just got all their data decrypted last week. Yesterday one of their employee's opened an email that contained a link to Crypto Locker, and once again all their data is encrypted. What are the two things E Corp. needs to do to stop similar types of attacks? (6)"
Implement a spam filter to make sure that employees only get safe emails; train their employees to understand the difference between legit and spam emails and to be aware of social engineering attacks.
"You did everything you could to train your employees, but they still click on EVERYTHING. Finally you gave up and upgraded every security system in your network, suddenly everyone is getting far less emails than they used to, including valid email. Which technology has been too aggressively configured and is most likely causing this issue? (6)"
Spam Filter
"Jerry and his coworkers in the accounting group are getting emails from the CEO requesting a spreadsheet with confidential information of employees for a report ASAP. However, the CEO is not actually sending these emails. What type of attack best describes this situation? (6)"
Spear Phishing
What type of software is installed on users' systems without their awareness or consent to monitor the user's computer and user's activity? (6)
Spyware
"Sally is a freshman at University of Tulsa. She is currently on winter break and has gotten quite bored. Sally hated her time in high school and has always thought it would be fun to hack into and deface the website of her former high school, but she doesn't have much experience with launching an attack or developing new code. She decides to look up some easy ways to hack into the website and mess with her despised teachers. What type of threat actor is Sally? (6)"
Script Kiddie
What is the single best defense against attacks like social engineering and phishing? (6)
Security Awareness Training
"Apple is developing its newest iPhone in a top-secret facility in California. They want to make sure that their systems are equipped with the most advanced antivirus software and technology, such that it cannot be penetrated by any known vulnerability. They commission their cybersecurity team to develop an antimalware program and install it on their top-secret systems. When Tim Cook saw the system, he proclaimed, ""Even God Himself could not penetrate our systems."" Which of the following is a way that the could the system be compromised? (6)"
a zero-day vulnerability
A recent change to a law office's security policy states that computer monitors need to be positioned such that they cannot be viewed from outside any windows. Additionally, users are directed to place screen filters over the monitor. These actions reduce the success of ______
Shoulder surfing
"Jerry and his coworkers in the accounting group are getting emails from the CEO requesting a spreadsheet with confidential information of employees for a report ASAP. However, the CEO is not actually sending these emails. What could the company do to deter the success of attacks such as this? (6)"
Sign emails with digital signatures
"After weeks of consistently denouncing new offshore drilling regulations put in place by the US government, Chevron Corporation discovered that attackers targeted their corporate servers and gained unauthorized access using sophisticated techniques. What kind of attack most likely describes this situation? (6)"
advanced persistent threat (APT) (what is this question)
Which of the following elements of a system is a rootkit able to modify? (6)
all of these (just memorize this for rootkit question)
Lisa decided to create a code that would only run if she ever got fired from work. The code will only create a new account with credentials that only she knows three days after her original account is deleted. What type of account did the code created? (6)
backdoor
What is another name for criminals who manage botnets? (6)
bot herder
"Armored Viruses use various techniques to make the reverse engineering process more difficult for AV researchers, EXCEPT _____. (6)"
code camouflage
"Micaela mistakenly installed a Trojan when she believed a website with many testimonials listing all the benefits of its antivirus software. Unfortunately, the testimonials and the antivirus were fake but she geniunely believed all was safe. Why did social engineering worked in this case? (6)"
consensus
There are seven principles to social engineering. Which is not one of them? (6)
dissension
"Which social engineering tactics apply to the following scenario? After reading about social engineering in his Security+ book, Max decides he wants to incorporate such tactics into his next phishing attack. He sends Dr. Leonard an email pretending to be Dean Wofford making friendly conversation. A while later, he emails her a link to a malicious website and tells her to click on it if she wants to keep her job. (6)"
familiarity, authority, intimidation
"What attempts to detect viruses that were previously unknown (and, thus, do not have signatures) based upon the behaviors of the virus? (6)"
heuristic-based
"Back when Abe was younger, he and others convinced far too many people on a public forum that System32 was actually a virus and needed to be deleted asap. What is this called? (6)"
hoax
Maya received an email telling her that there is a virus that would destroy her system if she didn t delete a certain file from her computer. What type of attack is this? (6)
hoax
Which of the following social engineering tactics relies on identity theft? (6)
impersonation
Verifying the checksums of files downloaded from the Internet serves which of the following fundamental cybersecurity protection goals? (6)
integrity
"A malicious attacker keeps getting access to all accounts belonging to one employee. No matter how many times they change their password or how complex the employee makes their passwords, the attacker keeps getting in. There is no evidence that the attacker has gained physical access to the device or compromised Active Directory. What should you look for first? (6)"
keylogger
A student broke into a professors office in Keplinger and installed a utility to capture everything the professor types on their computer in order to change their grades sometime in the future. This malware is known as a ________________. (6)
keylogger
"A hacking group has recently installed malware on thousands of computers. Within days, the group has located passwords nearly every infected computer. Select all the types of malware the group could have installed. (6)"
keylogger, spyware, rootkit
"A company fires an engineer and within weeks they begin to have computer problems. When he returns the problems mysteriously end. But, he is who he is and gets fired again. Not long after, computer systems that are typically stable start having issues. Which type of malware is likely used in this scenario? (6)"
logic bomb
An engineer put a string of code into his company's payroll program so that all went well if his name was in the system but caused problems if it was not. What did the engineer program? (6)
logic bomb
"Many times, social engineers gain access to a building by tailgating legitimate workers. What are two ways to prevent this? (6)"
mantraps, security guards
"Jacob is on a computer and accidentally (and unknowingly) downloaded a piece of malware. This particular type of malware attached to a pirated version of the application Microsoft Word. Furthermore, the malware cannot execute until Microsoft Word is executed. What type of malware is this? (6)"
virus
"My friend recently had a situation where he got a phone call from someone asking if he was available to take a short survey, to which he said, ""Yes."" The survey asked him to rank 10 different things on a scale of 0-9. He completed the survey and hung up. Later, his credit card information was stolen by hackers. When he took them to court, the hackers played an audio recording of them asking if he would authorize them to use his card, to which he said, ""Yes."" The hackers asked for his credit card number next, to which he replied, ""0045 1818 3346 9125."" The hackers said this was evidence that they did nothing wrong. Which of the following likely occurred? (Ch. 6)"
vishing
You're currently sitting in a coffee shop across from a help desk employee who is 100% done/frustrated with the company that you're currently trying to hack. What social engineering method(s) would best be used to get the employee to crack just enough to be taken advantage of? (6)
wack
What type of attack attempts to discover which web sites a group of people are likely to visit and then infects those web sites with malware that can infect the visitors? (6)
watering hole
"Bobby is angry at the TU student body for not voting him in as the Student Association president. He decides to hack into Harvey and alert every user to download a malware-ridden file, so he can infect as many TU students as possible. What term describes Bobby's attack? (6)"
watering hole attack
An extremely advanced attacker manages to compromise the website of a company that Google HR trusts and uses to help their employees relocate. Now the website performs drive-by downloads every time an HR person visits the site. This is known as a: (6)
watering hole attack
In which situation is using authority not the most effective? (6)
watering hole attacks
"Jimmy is on a computer and the entire network in super slow due to some form of malware that is self-replicating, which is consuming massive amounts of network bandwidth. What type of malware is this? (6)"
worm
"While prototyping some new gadgets, Agent Q discovered a previously unknown exploit in Apache. What he now has is often referred to as a ? (Ch. 6)"
zero-day exploit
Which of the following vulnerabilities cannot be protected using an antivirus or antimalware software? (6)
zero-day vulnerability
Which of the following statements are NOT true regarding antivirus software? (6)
Antivirus software conventionally only protects against viruses. All antivirus software, regardless of vendor, automatically quarantines malware and suspicious applications.
Lisa recently developed an application for the HR department that accesses PII data. She programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance of the application if necessary. Lisa is not a malicious threat actor, she just wants to support her company as quickly and effectively as possible. Which of the following does this describe?
Backdoor
Thomas installed code designed to run if he ever lost his job at a tech company. The code will create a new account with credentials that only he knows, one month after his original account is deleted. Which type of account does this code create?
Backdoor
The prevention of code from executing in memory locations marked as nonexecutable and to protect a system from malware is called ____? (6)
Data execution prevention (DEP)
What is the name of the security feature that prevents code from executing in memory regions marked as nonexecutable? (6)
Data execution prevention (DEP)
"Jackie works at ABC Corp. to maintain the web server. Unfortunately, the web server is being flooded with thousands of HTTP requests per second, which can't be easily blocked because the requests are coming from multiple IP addresses. What type of attack could this be? (6)"
DDoS
What is a security feature that prevents code from executing in memory regions marked as nonexecutable? (6)
DEP
Reagan is the CEO of a large, international non-profit organization. Hashem, the CFO of the company, gets an email that looks like it is from Reagan (forged FROM field and includes basic personal greeting information) with a PDF file described as a funding document. What technology can Reagan's company use to help prevent this kind of attack?
Digital signatures
What is the attack called when it includes abnormally high network traffic and uses multiple computers to attack a single target?(6)
Distributed denial-of-service
While cleaning out his desk, Ansh threw several papers containing PII into the recycle bin. Which type of attack can exploit this action?
Dumpster diving
"The cybersecurity team at Cimarex has decided to upgrade its systems to protect against malicious attacks. They place a spam filter and an anti-malware filter on the email gateways, they install new anti-malware software on all workstations, and they make sure that all systems have active firewalls with appropriate settings turned on. After taking all of these measures, the cybersecurity team pats themselves on the back, thinking they have now protected the company from outside attacks. A week later, they find that all of the servers have been infected with ransomware, which has activated, encrypted all of the company's information, and is now demanding $500 million of payment to release the files. Which critical step did the cybersecurity team fail to take that could have prevented the attack? (6)"
Educating Users of Common Risks
Which social engineering principle is most effective with shoulder surfing and tailgating attacks? (6)
Familiarity
Crista has discovered that all of her passwords have been compromised and her bank account has been stolen and the money taken. She attempts to figure out how this happened and traced it back to an email she opened thinking it was from a friend. Which best describes the type of malware Crista accidently installed ? (6)
Keylogger
Richard, a small private IT contractor, was angry that he lost out on a contract with his government employer. He wrote code to turn off multiple services on a number of important systems at his job while he was away at a conference to make it appear that he was the only person qualified to fix the system, thus getting him the next contract. Which of the following does this describe?
Logic Bomb
"Amelia was browsing on the internet and noticed an online ad appeared. She was curious and clicked on it. As soon as she clicked the ad, without her knowing, a malicious code in the ad infected her computer when clicked on. What is this an example of? (6)"
Malvertising
"Worms, RAT, and Keyloggers are types of ________? (6)"
Malware
What resource can a hacker use to gather information about a potential target without using malicious software or social engineering? (6)
Open Source Intelligence
Saint Francis Hospital in Tulsa, OK suffered a serios attack in September 2016 (for real). The attackers notified management personnel that they encrypted a signficant amount of data on the hospital's servers and it would remain encrypted until the management paid a hefty fee to the attackers to get their files back. Which of the following identifies the MOST likely threat actor in this attack?
Organized Crime
James sends emails that alert people that a Nigerian Prince is wanting to send said person millions of dollars. He requires the person's banking information in order to send them the money. He typically targets the elderly but is open to targeting people of all ages. This is an example of _____? (6)
Phishing
What is the practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link? (6)
Phishing
"Matt is at the smoking area outside the office. After sharing a cancer stick, he told Wyatt (who works in the same building but on a different floor) that he forgot his badge inside and asked Wyatt to get him back into the building before he gets in trouble. Which of the following does this describe? Choose all that apply(6)"
Piggybacking, Tailgating
The amount of money an organization spends on technology to prevent malcious attacks can be potentially negated by a single user clicking on a malcious link. What is a viable and essential method a company can do to provide better protection of user-centric incidents and risks?(6)
Providing education programs to raise awareness
"An attacker successfully plants malware on a system via a drive-by download. Using the malware, the attacker is able to access the system at any time, collect keystrokes, view usernames and passwords, emails, etc. The infected system is connected to a network, and the malware allows the attacker to explore and infect other devices on the network. What type of malware did the attacker most likely use? (6)"
RAT (Remote Access Trojan) (I don't think this is right, but harvey says it is, so...)
Saranya recently discovered suspicious activity on the corporate network. Malicious traffic from outside the network boundary is connecting to a local staging server within the network. She determined that the malicious threat actor used this connection to install malware on the server and is collecting corporate data and sending it out of the network. Which of the following BEST describes the type of malware used by the threat actor?
RAT (remote-access Trojan)
What's the best way to protect users from social engineering attacks? (6)
Raise Awareness
The term ______ describes the event when too many HTML requests overload the web-server's processor. (6)
Resource Exhaustion
"Jack suspects he might have downloaded some type of malware as his computer is running really slowly. When he runs his antivirus software, however, it states that there are no infections on his PC. If he is correct and does have malware, what type of malware would be a group of programs with system-level access that could hide the infection from Jack? (6)"
Rootkit
Max noticed abnormal activity on a workstation. It is connecting to systems outside the organization's network using uncommon ports. He discovered the computer is also running several hidden processes. The activity occurs even after Max removes all the known malware on the system. Which of the following BEST describes this activity?
Rootkit
"On a recent graduate school visit, I found that I couldn't get into the building that I had an meeting in so, I pretended to check my phone until a student came along. The student had keycard access, scanned in, and I followed behind. This is an example of what? (Ch. 6)"
Tailgating
What is another name for the 419 scam? (6)
The Nigerian Scam
You just torrented the latest EA game because everyone knows it's not worth even a dollar. The following days after you noticed that your internet speed has slowed down and your computer is making thousands of requests to websites you never visited before. What most likely happened? (6)
The uploader slipstreamed a botnet slave software into the game's installer and your computer is now part of their botnet making DDos requests.
Which of the following is NOT a method that attackers typically gain user information/credentials (6)
This question is helpful to have in quizlet... the answer is ROOTKITS. Remember that.
That flashlight app that Sal showed us on the slides is real. It actually works as a flashlight but it requests too many system permissions that can be abused by the developer of the app. What kind of malware is it? (6)
Trojan
Reagan, still the CEO even after a string of cyber attacks, receives and email that indicates her company is being sued and names her specifically as a defendant in the lawsuit. The lawsuit is a result of the previous CFO opening a malware-laden PDF file (thanks, Hashem). Details are in an attachment, which is described as a time sensitive subpeona requiring an immediate response. Which BEST describes the social engineering principles used by the sender in this scenario? Select all that apply.
Urgency, Intimidation, Authority
What is a malicious code that attaches itself to a host application? (6)
Virus
Which of these is the Phishing attack that often uses telephony? (6)
Vishing
Reagan is the CEO of a large, international non-profit organization. Hashem, the CFO of the company, gets an email that looks like it is from Reagan (forged FROM field and includes basic personal greeting information) with a PDF file described as a funding document. The PDF is infected with malware. What attack BEST describes this attack?
Whaling
Winnifred is sending out malicious spam emails to high-level executives. What is the best definition of this? (6)
Whaling
Your organization recently suffered a loss from malware that was not previously known by any trusted source. Which of the following BEST describes this attack?
Zero-day
"Your company paid thousands of dollars for the latest and greatest firewalls, security software, antiviruses, and antimalware. One day your company gets hit by a nasty virus that none of your state of the art security tools picked up. This scenario is an example of ______. (6)"
a Zero-Day exploit.
"Tom has recently been fired. However, before losing administrative access to the computer system he creates another administrative account. Two weeks later, Tom still has access to the new account while his employee account has been disabled. What did Tom create? (6)"
a backdoor
"A Trojan looks beneficial, but actually is not. Which of the following is not a Trojan? (6)"
not logic bomb
"Mr. Redhat is hacking into Sal's bank account. He knows Sal's bank username and sees that his password hint is ""my favorite state."" Mr. Redhat visits Sal's Facebook page and notices he has shared 27 articles about Hawaii and wears flowery shirts in all his pictures. He guesses ""Hawaii"" as the password and gains access to the account. Which of the following methods did Mr. Redhat employ in this process? (6)"
open-source intelligence
"In order to gain access to Helm 316, you must scan your TU ID and the RFID reader must then allow you entry. However, it is common practice for people to hold open the door for other students to gain access. What best describes this situation? Select all that apply. (6)"
piggybacking, tailgating
"A client calls your company complaining that they're locked out of their computers and no one knows why and we need to get down there ASAP. Upon arriving, we are informed that the secretary, who likes to click on every clickbait and read her email, got an email that looked like it was from a potential vendor. Upon clicking it, it told her to ""update windows"" to see the pdf, she did so and nothing happened. Thinking nothing of it, she deleted the email and went on with her life. Days later they arrive to work to find that every single computer is encrypted and they are required to pay $400 via bitcoin or MoneyGram cards to get their data back. What malware were they hit with? Select the two best choices. (6)"
ransomware, worm
"You have recently been attacked by the Anonymous hacking group because they ""claim"" that you have been ""dumping millions of tons of asbestos in front of local hospitals"". Afterwards, you ran an antivirus scan on your system and it seems to be 100% healthy. However, every week all of your company's workstation backgrounds get changed to the Anonymous logo. What's the most likely reason your scan showed up clean? (6)"
rootkit
There are many reasons why social engineers are effective to overcome users' objections. Which of the following techniques encourage immediate action? Select two. (6)
scarcity, urgency
Which of the following is not a way to protect from malware? (6)
screen filter on mail gateways
What is the simple act of watching someone's actions (such as when they are typing a password) to gain information? (6)
shoulder surfing
"Rice Krispies just aren't selling like they used to, and Snap, Crackle, and Pop have expanded to new means of enriching themselves namely, working together to infiltrate other cereal companies and flattering the other mascots into giving up their secret recipes. This is an example of...? (Ch. 6)"
social engineering
"Spongebob and Squidward get an email from their boss, Mr. Krabs, saying he needs the Krabby Patty Secret Formula emailed over ASAP. The email message contains many spelling errors and is typed in Comic Sans, but Squidward sends the document anyway. They find out later that the email came from their biggest competitor, Plankton, and he now knows the company's proprietary secret. Which of the following terms describes Plankton's cyberattack? Select all that apply. (6)"
spear phishing
Which of the following is considered to be the hardest form of attack to detect and avoid? (Ch. 6)
spear phishing (says who?)
A mantrap is a physical security control that prevents _____? (6)
tailgating
What is the practice of one person following closely behind another without showing credentials? (6)
tailgating
"You go to your favorite shady website when suddenly you get a pop-up message from ""System"" that tells you your computer is horribly infected by malware. To fix it, you click the suggested link on the message to go download ""Da Computah Cleanah 9000"". Surprisingly, DCC9000 deletes every file that starts with the letter A and a laughing skull appears on you screen. The DCC9000 is what type of malware? (6)"
trojan