REVIEW EXAM - MODULE 3
Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet? a. LOLBins b. Malware c. Spam d. Ad fraud
a. LOLBins
Which of the following correctly describes the action of a logic bomb? a. A logic bomb is a malicious code that performs benign and malicious activities simultaneously. b. A logic bomb is a malicious code added to a legitimate program that evades detection until a specific event activates it. c. A logic bomb is malware that can hide its presence by accessing the lower layers of the operating system or undocumented functions to make alterations. d. A logic bomb is malware that can hide itself and other malware within the device.
b. A logic bomb is a malicious code added to a legitimate program that evades detection until a specific event activates it.
Choose which statement is wrong by applying your knowledge from the reading. a. AI is already being used broadly in cybersecurity defenses. b. A recognized subset of ML is AI. c. Artificial intelligence (AI) may be defined as technology that imitates human abilities.
b. A recognized subset of ML is AI.
Which of the following is NOT a means by which a bot communicates with a C&C device? a. Signing in to a third-party website b. Email c. Command sent through Twitter posts d. Signing in to a website the bot herder operates
b. Email
Advantages of fileless virus over file-based virus
•Easy to infect •Extensive control •Persistent •Difficult to detect •Difficult to defend against
Which of the following statements are true for artificial intelligence (AI)?
A self-driving car is an example of AI AI focuses on the broad idea of making a system execute a task Machine Learning or ML is a subset of AI
Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?
Error Based SQL Injection
Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization?
Horizontal Privilege Escalation
What is the difference between a Trojan and a RAT? a. A RAT gives the attacker unauthorized remote access to the victim's computer. b. A Trojan can carry malware while a RAT cannot. c. There is no difference. d. A RAT can infect only a smartphone and not a computer.
a. A RAT gives the attacker unauthorized remote access to the victim's computer.
Which of the following malware types attacks the endpoint device; encrypts files, making them unreadable; and demands the user make payments to retrieve the files? a. Cryptomalware b. Ransomware c. File-based virus d. Worm
a. Cryptomalware
Which of the following is technology that imitates human abilities? a. ML b. RC c. AI d. XLS
c. AI
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program? a. Integer overflow attack b. Shim overflow attack c. Buffer overflow attack d. Factor overflow attack
c. Buffer overflow attack
Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation? a. It sets a precedent by encouraging other employees to violate company policy. b. The employee would have to wait at least an hour before her computer could be restored. c. The organization may be forced to pay up to $500 for the ransom. d. Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
d. Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
Which of the following attacks targets the external software component that is a repository of both code and data? a. Application program interface (API) attack b. Device driver manipulation attack c. OS REG attack d. Dynamic-link library (DLL) injection attack
d. Dynamic-link library (DLL) injection attack
Which of the following is a concern of AI and ML training? a. buffer overflow b. improper input handling c. device driver manipulation d. tained training data
d. tained training data
Smith installed new meeting-scheduling software that automatically sends emails and reminders to the recipient's computer. Smith noticed that after installation, the software was also tracking other applications he accessed on his computer. What is this attack called? a. Spyware b. Backdoor c. PUP d.Trojan
d.Trojan
A USB can be used to drop which of the following types of malware?
Backdoor Worms Keyboard loggers Trojan
Which of the following type of attack is a pre-cursor to the collision attack?
Birthday
Password spraying cyber-attack can be categorized as which of the following type of attack?
Brute-force
Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?
Buffer Overflow
Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?
Cross Site Scripting
An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?
Directory Listing
Which of the following is also known as a "dot dot slash" attack?
Path Traversal
Which of the following malware does not harm the system but only targets the data?
Ransomware
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following?
Session Hijacking
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer? a. Blocking ransomware b. Impede-ware c. Persistent lockware d. Cryptomalware
a. Blocking ransomware
Which of the following is NOT a characteristic of malware? a. Diffusion b. Imprison c. Deceive d. Launch
a. Diffusion
What word is used today to refer to network-connected hardware devices? a. Endpoint b. Host c. Client d. Device
a. Endpoint
Choose which statement is wrong by applying your knowledge from the reading. a. It is a common tactic for cryptomalware attackers to not send the decryption key after the ransom has been paid. b. A remote access Trojan (RAT) can monitor what the user is doing, change computer settings, browse and copy files, and use the computer to access other computers connected on the network. c. Fileless viruses take advantage of native services and processes that are part of the operating system (OS) to avoid detection and carry out its attacks, and these native services used in a fileless virus are called living-off-the-land binaries (LOLBins).
a. It is a common tactic for cryptomalware attackers to not send the decryption key after the ransom has been paid.
What is another term for a worm? a. Network virus b. Bot c. Fileless virus d. Zombie
a. Network virus
What term refers to changing the design of existing code? a. Refactoring b. Design driver manipulation c. Library manipulation d. Shimming
a. Refactoring
Jane sent an encrypted funds transfer message to her bank with her account details. A few days later, she noticed other transactions in her account that she did not authorize. What kind of an attack has Jane likely been subjected to? a. Replay attack b. SQL injection c. Backdoor attack d. XML injection
a. Replay attack
Which type of application attack will use this syntax? ' whatever' AND 'Email IS NULL' a. SQL injection b. cross site scripting c. client side secret forgency d. buffer overflow
a. SQL injection
What race condition can result in a NULL pointer/object dereference? a. Time of check/time of use race condition b. Value-based race condition c. Conflict race condition d. Thread race condition
a. Time of check/time of use race condition
Which of the following is the target of an attacker in a server-side request forgery (SSRF)? a. Web server b. User end device data c. ML training data d. User end device application
a. Web server
What is an attack on a NoSQL database compromised by data manipulation when the input is not sanitized by the application? a. XML injection b. SQL injection c. Backdoor attack d. Trojan attack
a. XML injection
Which of the following attacks is based on a website accepting user input without sanitizing it? a. XSS b. SSXRS c. RSS d. SQLS
a. XSS
What's the primary action that cryptomalware perform? a. imprison b. launch c. snoop d. deceive
a. imprison
Choose which statement is wrong by applying your knowledge from the reading. a. In an XSS attack, a website that accepts user input without sanitizing it and uses that input in a response can be exploited. b. An SSRF takes advantage of a trusting relationship between a web browser and web servers. c. A time of check/time of use is a vulnerability that causes a race condition.
b. An SSRF takes advantage of a trusting relationship between a web browser and web servers.
Which type of malware relies on LOLBins? a. File-based virus b. Fileless virus c. PUP d. Bot
b. Fileless virus
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this? a. Keylogger b. PUP c. Bot d. Spyware
b. PUP
Carol installed a new application from a free software website that converts avi-formatted files into mpeg format. After installing the application, she noticed that new applications are automatically getting downloaded and installed on the computer. What kind of attack is Carol's computer subjected to? a. Resource exhaustion b. Ransomware c. Spyware d. RAT
b. Ransomware
Which of the following manipulates the trusting relationship between web servers? a. EXMAL b. SSRF c. SCSI d. CSRF
b. SSRF
Which of the following is known as a network virus? a. Remote exploitation virus (REV) b. Worm c. C&C d. TAR
b. Worm
Which of these would NOT be considered the result of a logic bomb? a. If the company's stock price drops below $50, then credit Oscar's retirement account with one additional year of retirement credit. b. Erase the hard drives of all the servers 90 days after Alfredo's name is removed from the list of current employees. c. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting. d. Delete all human resource records regarding Augustine one month after he leaves the company.
c. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
Which of the following requires a carrier to be infected with a file-based virus? a. Vulnerabilities in the application or software on the computer. b. Vulnerable DLL files in the operating system c. A device that is already compromised with a backdoor d. A human to transfer these files from an infected computer
d. A human to transfer these files from an infected computer
Which of the following is a broad term used for cybersecurity risks in artificial intelligence (AI) and machine learning (ML)? a. Offensive AI b. Cyber weapon c. Cyberwar d. Adversarial AI
d. Adversarial AI
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website? a. DRCR b. DLLS c. SSFR d. CSRF
d. CSRF
