CompTIA A+ 1002 (Core 2) - Sections 2.4 to 2.6
You are monitoring the network by analyzing the external traffic with a sniffer when, suddenly, a server starts receiving hundreds of unidentified random packets from many different sources. What is most likely happening? A) A hacker is trying to perform a Distributed Denial of Service (DDoS) attack on the server by flooding it with bogus requests from zombies in a botnet. B) A hacker is making the server devote more resources than the attacker's machine by exploiting a protocol weakness. C) A hacker is performing an ARP (Address Resolution Protocol) poisoning attack to make the attacker's IP the default gateway in order to redirect traffic. D) A hacker is trying to brute force the server to break into it with admin credentials. CA) ________ means that the attacks are launched from multiple compromised systems, referred to as THIS, with multiples of THESE. WA1) With regular ________ attacks, the attacker relies on the target being required TO DO THIS and is performed from a single attacking machine. WA2) With THIS, the software tries to match the password hash against one of every possible combination it could be. - Password attempts such as these would be recognized in the packet capture. WA3) With THIS, the attacker poisons the switch's ___ table with a false MAC-IP addresses, typically allowing the attacker to impersonate as the subnet's default gateway. - However, the attacker must be inside the network to gain access to the switch.
A) A hacker is trying to perform a Distributed Denial of Service (DDoS) attack on the server by flooding it with bogus requests from zombies in a botnet. FILL IN THE BLANK == DDoS. WA1) A hacker is making the server devote more resources than the attacker's machine by exploiting a protocol weakness. WA2) A hacker is trying to brute force the server to break into it with admin credentials. WA3) A hacker is performing an ARP (Address Resolution Protocol) poisoning attack to make the attacker's IP the default gateway in order to redirect traffic.
What is an attack where the attacker sends spoofed messages onto the network to associate the attacker's IP address with another host? A) ARP (Address Resolution Protocol) poisoning B) Brute force C) Dictionary attack D) Rainbow table attack CA) In THIS attack, the attacker sends spoofed _____ messages into the network to associate the attacker's IP address with another host, typically the subnet's default gateway. WA1) THESE refine the attack defined by (2). - THESE attacks use a pre-computed lookup table of all probable plaintext passwords (derived from the dictionary) and their matching hashes. - The hash value of a stored password can then be looked up in the table and the corresponding plain-text discovered. WA2) THIS attack is an attack where the password cracker matches the hash to those produced by ordinary words found in THIS. WA3) In THIS attack, the software tries to match the hash against one of every possible combination it could be.
A) ARP (Address Resolution Protocol) poisoning WAs) D, C, B.
What kind of hidden folders are associated with C$, ADMIN$ and PRINT$? A) Administrative shares B) Local shares C) A network drive D) The Shared Folders snap-in CA) Windows automatically creates many hidden versions of THESE, including the root folder of any local drives (C$), the system folder (ADMIN$), and the folder storing printer drivers (PRINT$). PC) THESE are created by users that will be listed as available shares to the rest of the network. WA1) THIS is basically a local share that has been assigned a drive letter. - To map a share as a drive, right-click it and select Map ________ ______. WA2) THIS (available through the Computer Management console) lets you view all the shares configured on the local machine as well as any current user sessions and open files.
A) Administrative shares PC) Local shares WAs) C, D.
Who has privileges to perform all system management tasks on a family computer? A) Administrators B) Guests C) Power Users D) Standard Users CA) Members of THIS group can perform all system management tasks. - The user created at installation is automatically added to this group. WA1) THESE can perform most common tasks, such as shutting down the computer, running applications, using printers, change the time zone and install local printers. WA2) THIS group has only limited rights; for example, members can browse the network and Internet and shut down the computer but cannot save changes made to the desktop environment. WA3) THIS group is used for those who need more powerful control with certain administrator rights but cannot perform all system management tasks.
A) Administrators WAs) Standard Users, Guests, Power Users.
What can detect software threats that include spyware, Trojans, rootkits, and ransomware? A) Anti-malware B) Network firewalls C) Patch Management D) Port-based Network Access Control (PNAC) CA) Most anti-virus software is better described as THIS, as it can detect software threats that are not technically virus-like, including spyware, Trojans, rootkits, and ransomware. WA1) THIS applies critical and security updates for OS and application software. - Failing to keep OS and software applications up-to-date can cause complete system crashes and vulnerabilities to malware. WA2) THESE are principally deployed to manage access between networks. T - They control communications by blocking packets based on access rules permitting or denying certain combinations of IP addresses and network ports. WA3) THIS (_____) means that the switch (or router) performs some sort of authentication of the attached device before activating the port.
A) Anti-malware WAs) C, B, D.
What uses a database of virus definitions and heuristic malware identification techniques to identify infected files? A) Anti-virus (AV) B) Packet filtering firewalls C) SANS "Top 20" D) Software firewalls CA) THIS software uses a database of known virus patterns (definitions) plus heuristic malware identification techniques to try to identify infected files and prevent viruses from spreading. WA1) THESE critical security controls is one of the most useful starting points for investigating the various new attacks that are developed against computer systems. WA2) THESE firewalls are installed on the host and only inspect traffic addressed to that host. - However, if malware is able to run with administrative privileges, it may can make changes to the software (host) firewall configuration. WA3) THIS firewall can inspect the headers of IP packets, and rules can be based on the information found in those headers, such as IP (internet Protocol) filtering, protocol type, and port security.
A) Anti-virus (AV) WAs) C, D, B.
What kind of malware can allow an attacker to use a computer to launch mass-mail spam? A) Botnet B) Rootkits C) Spyware D) Worms CA) A Trojan backdoor could allow the attacker to use the computer in THIS MANNER to launch Denial of Service (DoS) attacks or mass-mail spam. WA1) THIS is a set of tools designed to gain control of a computer and create a backdoor with root or system-level privileges without revealing its presence. WA2) THIS is a program that monitors user activity and sends the information to someone else. WA3) THESE are self-contained memory-resident malware that replicate over and rapidly consume network resources. - THEY are able to crash an operating system or server application by performing a Denial of Service (DoS) attack and can install backdoors.
A) Botnet WAs) Rootkits, Spyware, Worms.
As part of preventing reinfection, what should you configure to prevent spoofing? A) DNS B) The host firewall C) MAC filtering D) Regular backups CA) THIS (_________) allows attackers to direct victims away from the legitimate sites they were intending to visit and towards fake sites. - As part of preventing reinfection, you should inspect and re-secure THIS configuration. WA1) If malware could run with administrative privileges, it may have made changes to THIS software configuration and change port settings that could lead to reinfection. WA2)In case of data loss, you should carry out THESE that allow data to be recovered. WA3) THIS can be set up with whitelists of allowed ______ or blacklists of prohibited ______. This can be time-consuming to set up, and it is easy for malicious actors to spoof THIS.
A) DNS WAs) Host Firewall, Backups, MAC Filtering.
What kind of attack is associated with cutting phone lines or network cabling? A) Denial of Service (DoS) B) Man-in-the-Middle (MitM) C) Network footprinting D) Network mapping CA) THIS attack causes a service to fail or to become unavailable to legitimate users. - An example of a physical _____ attack would be cutting telephone lines or network cabling. WA1) THIS is an information gathering threat in which the attacker attempts to learn about the configuration of the network and security systems and can be accomplished by social engineering or software-based information gathering. WA2) THIS refers to tools that gather information about the way the network is built and configured and the current status of hosts. WA3) is another specific type of spoofing attack where the attacker sits between two communicating hosts and transparently monitors, captures, and relays all communication between them.
A) Denial of Service (DoS) WAs) C, D, B.
In most cases, what NTFS (NT File System) folder permission overrides any other permission? A) Deny B) Full Control C) Read D) Write CA) THIS permission overrides anything else (in most cases). - If an account is not granted THE OPPOSITE permission, an implicit version is applied. - This is usually sufficient for most purposes. WA1) THIS folder permission includes read, write, list, read & execute and modify permissions, plus it allows the user to change permissions, take ownership, and delete subfolders and files. WA2) THIS folder permission allows the user to view files and subfolders including their attributes, permissions, and ownership. WA3) THIS folder permission allows the user to create new folders and files, change attributes, view permissions, and ownership.
A) Deny (Opposite: "Allow") WAs) Full Control, Read, Write.
What attack is accomplished by flooding a server with bogus requests launched from a botnet? A) Distributed Denial of Service (DDoS) B) Man-in-the-Middle (MitM) C) Network footprinting D) Network mapping CA) Most bandwidth-directed DoS attacks are THESE. - This means that the attacks are launched from multiple compromised systems, referred to as a botnet. WA1) THIS is an information gathering threat in which the attacker attempts to learn about the configuration of the network and security systems and can be accomplished by social engineering or software-based information gathering. WA2) THIS refers to tools that gather information about the way the network is built and configured and the current status of hosts. WA3) THIS attack is another specific type of spoofing attack where the attacker sits between two communicating hosts and transparently monitors, captures, and relays all communication between them.
A) Distributed Denial of Service (DDoS) WAs) C, D, B.
An employee at your company has reported that someone suspicious slipped through a secure area while following the authorized employee inside. What security measures should be put in place to best prevent this type of attack? A) Employees should be trained to prevent tailgating, and security guards should be hired to monitor CCTV events. B) Install a key-less electronic door access system that requires a PIN to unlock the door. C) Install simple conventional door locks that can only be operated with a key and deadbolts on door frames of the gateway. D) Require photographic ID badges (keys) that use Radio Frequency ID (RFID) to unlock doors via proximity badge readers. CA) STEP 1 should ensure that employees keep doors locked to protect secure areas. - Gateways can also have improved physical security, such as a combination of THESE. WA1) THESE are not the best method for preventing tailgating. - A technique an attacker could use is to persuade someone to hold a door open, using an excuse such as "I've forgotten my _____/___." WA2) THESE can be picked, depending on the quality of the lock; doors locked with THESE (as well) can be kicked down and broken into. WA3) THIS is considered "something you know". - It would be better to require multi-factor authentication that combines different security methods, such as a smart card and THIS built into it.
A) Employees should be trained to prevent tailgating, and security guards should be hired to monitor CCTV events. WAs) D, C, B.
An administrator moved a group of files and folders from D:\Finance to E:\Accounting to free up space on the D: drive. After the files were moved, the permissions were all wrong. What happened? A) Moving files from one partition or drive to another is like copying; the files take on the permissions of the parent folder they were copied to. B) The administrator did not select the option in the move dialog box to retain permissions. C) The administrator did not perform an administrative-level move by using administrator privilege to move the files. D) Moving files causes permissions to be changed from explicit to implicit, so that any explicit deny permissions became deny or not allow. CA) Moving files between partitions or drives sets the permissions to those of the parent destination folder. WA1) When moving files and folders to a different drive, permissions are inherited from the destination folder. - Directly assigned permissions (explicit permissions) always override inherited permissions, including "deny" inherited permissions. WA2) Permissions are always inherited from the destination folder, which is default behavior regardless of the account used to move the files. WA3) There is no interactive dialog box for retaining permissions when moving files. - The permissions are automatically applied when the files are moved.
A) Moving files from one partition or drive to another is like copying; the files take on the permissions of the parent folder they were copied to. WAs) D, C, B.
All users on the network have antivirus software; however, several users report that they have what an administrator described as a "browser redirection virus." How can the users have this virus if they have updated antivirus software installed? A) Redirection viruses are not always classic viruses and therefore are not detectable with antivirus software. B) Redirection viruses are not considered to be a threat to system security. C) Redirection viruses are a special virus class that disables antivirus programs long enough to infect a system. D) Redirection viruses are stealth viruses and are designed to avoid detection. CA) Phishing and pharming are ways of redirecting users from a legitimate website to a malicious one. Browser redirection is EXACTLY THIS, thus not easy to eradicate. WA1) Malicious browser redirection programs do NOT DO THIS, but rather bypass it because anti-virus often does not have signatures or definitions to detect them. WA2) Redirection viruses ARE EXACTLY THIS because the victim is redirected to a malicious site that can host other kinds of malware, or to a website that looks legitimate, but actually leads to the attacker's spoofed site. WA3) THESE hide from applications and may attach themselves to the boot sector of the hard drive. - Browser redirections are not considered THESE.
A) Redirection viruses are not always classic viruses and therefore are not detectable with antivirus software. WAs) C, B, D.
An end-user has reported that an email from a legitimate sender sent an unexpected email stating the user needed to urgently update the password account information to a vendor website. Once the user clicked on the URL in the email, the user was taken to a landing page to update the user's credentials. The user entered the credentials, despite noticing the URL was slightly misspelled. What happened in this situation? A) The user is a victim of a phishing scam, and the attacker spoofed or compromised the sender's email address and spoofed the website. B) The user is the victim of an impersonation attack where the attacker intimidation by coaxing the target and engaging with them by putting them at ease. C) The attacker has sniffed the user's packets on the user's local network and has captured the user's credentials in plain text. D) The user is a victim of a pharming attack by using social engineering to trick the user into clicking a link that redirected their traffic to a spoof website. CA) With THIS, the attacker sets up a spoof website to imitate a legitimate one. - The attacker then emails users informing them that their account must be updated, supplying a disguised link that leads to their spoofed site. WA1) THIS is means of redirecting users from a legitimate website to a malicious one. - THIS relies on corrupting the way the victim's computer performs. WA2) The sense of urgency in THIS situation would not put the end-user at ease and may in fact cause panic. WA3) THIS refers to capturing packets after the attacker has gained access to the internal network. - In this case, THIS would not be necessary because the user entered credentials into an external website form that most likely captured the credentials into the attacker's database.
A) The user is a victim of a phishing scam, and the attacker spoofed or compromised the sender's email address and spoofed the website. WAs) D, B, C.
Which of these is defined as a system that has not been updated with patches, and does not have anti-virus or firewall security? A) A legacy system B) A non-compliant system C) A zero-day D) A zombie device CA) An unpatched system (i.e.: THIS) is one that its owner has not updated with OS and application patches or installed with A-V and firewall security software. WA1) A vulnerability that is exploited before the developer knows about it or can release a patch is called THIS. - It is called THIS because the developer has had zero days to fix the flaw. WA2) THIS system is one where the software vendor no longer provides support or fixes for problems. WA3) When creating a botnet, an attacker will first compromise one or two machines to use as "handlers" or "masters." - The handlers are used to compromise multiples of THESE with DoS tools (bots).
B) A non-compliant system WAs) C, A, D.
A company's password policy requires employees to encode their passwords in Base64 when storing them. What is true about this policy if you were to implement it? A) Base64 automatically stores passwords using a cryptographic hash. B) Base64 encoding is not a secure form of cryptography. C) Base64 scrambles data so the original plaintext password is normally unrecoverable, and therefore not vulnerable to dictionary or brute force password attacks. D)Base64 uses mutual authentication to prevent Man-in-the-Middle (MitM) attacks. CA) A password can be encoded in Base64, which is simply an ASCII representation of binary data. - The password value can easily be derived from the Base64 string. WA1) Base64 is not the same as THIS. - THIS type of hash scrambles the data in a way that THIS credential is normally unrecoverable. - Base64, however, simply uses binary-to-text encoding and can easily be decrypted. WA2) THIS is WHAT actually scrambles the data in a way that the original plaintext password is normally unrecoverable yet may still be vulnerable to dictionary and brute force attacks. - Base64 is not the same as THIS, however. WA3) THIS can be defeated using mutual authentication, where both server and client exchange secure credentials. - However, Base64 does not use THIS.
B) Base64 encoding is not a secure form of cryptography. WAs) A, C, D.
What kind of Full Disk Encryption (FDE) is built into the Enterprise edition of Windows? A) Access Control Lists (ACL) B) BitLocker C) Data Loss Prevention (DLP) D) Encrypting File System (EFS) CA) An alternative to file encryption is to use a Full Disk Encryption (FDE) product. - THIS EXACT disk encryption product is built into the Enterprise editions of Windows. WA1) One approach to encrypting file system data is to apply encryption to individual files or folders. - THIS feature of NTFS supports file and folder encryption. WA2) Most resources in a computer or network environment are protected from unauthorized use by THIS. - THIS is basically a list of subjects (users or computers) and the privileges they have on the object (or resource). WA3) THIS software uses a dictionary database or algorithm to identify data. - The transfer of content to removable media can be blocked if it does not conform to a policy.
B) BitLocker WAs) EFS, ACL, DLP.
What kind of Windows Full Disk Encryption (FDE) can be used with removable drives? A) Access Control Lists (ACL) B) BitLocker to Go C) Encrypting File System (EFS) D) Trusted Platform Module (TPM) CA) THIS can be used with any volumes on fixed (internal) drives. - It can also be used with removable drives in THIS more-portable form. WA1) Our (CA) can use THIS hardware chip in the computer to tie use of a hard disk to a particular motherboard. WA2) One approach to encrypting file system data is to apply encryption to individual files or folders. - THIS feature of NTFS supports file and folder encryption. WA3) THIS describes the permissions that different users (or user groups) have on a file. - To protect data at-rest against these risks, the information stored on a disk can be encrypted.
B) BitLocker to Go WAs) TPM, EFS, ACL.
What attack uses a password cracker and matches the hash to those produced by a list of words? A) Brute Force B) Dictionary attack C) Packet sniffing D) Rainbow table attack CA) THIS password attack is an attack where the password cracker matches the hash to those produced by a list of words found in one of THESE. WA1) In THIS attack, the software tries to match the hash against one of every possible combination it could be. WA2) If a network protocol uses clear-text credentials, then THESE attacks can obtain these credentials. WA3) THESE refine our (CA). - HERE, attacks use a pre-computed lookup table of all probable plaintext passwords (derived from the ___________) and their matching hashes. - The hash value of a stored password can then be looked up in the table and the corresponding plain-text discovered.
B) Dictionary attack WAs) A, C, D.
What malware removal step should be supplemented with procedures that will prevent certain files from being allowed to run? A) Disable system restore. B) Educate end users about not running attachments. C) Quarantine (disable system restore) and remediate the threat. D) Remediate the infected system(s). CA) YOU SHOULD DO THIS about not running attachments, and supplement this with procedures that will prevent files, such as executables and Office macros, from being allowed to run. WA1) YOU SHOULD DO THIS after symptoms of a malware infection are detected. WA2) Once the infected system is isolated, the next step is to DO THIS and other automated backup systems, such as File History. WA3) THIS PROCESS includes updating anti-malware software, and scanning and using removal techniques, such as Safe Mode.
B) Educate end users about not running attachments. WAs) C, A, D.
When encrypting file system data, how can you apply encryption to individual files and folders? A) Access Control Lists (ACL) B) Encrypting File System (EFS) C) Full Disk Encryption (FDE) D) Trusted Platform Module (TPM) CA) One approach to encrypting file system data is to apply encryption to individual files or folders. - THIS feature of NTFS supports file and folder encryption. WA1) THESE describe the permissions that different users (or user groups) have on a file. - To protect data at-rest against these risks, the information stored on a disk can be encrypted. WA2) BitLocker can use THIS hardware chip in the computer to tie use of a hard disk to a particular motherboard. WA3) An alternative to file encryption is to use THIS product. - The BitLocker disk encryption product is built into the Enterprise editions of Windows.
B) Encrypting File System (EFS) WAs) ACL, TPM, FDE.
What group has only limited rights and cannot save any changes made? A) Administrators B) Guests C) Power Users D) Standard Users CA) THIS group has only limited rights; for example, members can browse the network and Internet and shut down the computer but cannot save changes made to the desktop environment. WA1) THIS group still appears to support legacy applications, but its use is strongly deprecated. - The rights allocated to this account type can be abused to allow the user to obtain more powerful Administrator or System privileges. WA2) Members of THIS group can perform all system management tasks. - The user created at installation is automatically added to this group. WA3) THESE can perform most common tasks, such as shutting down the computer, running applications, using printers, change the time zone and install local printers.
B) Guests WAs) Power Users, Administrators, Standard Users.
What type of attack involves intimidating, alarming or coaxing the victim to make the attack more convincing? A) Dumpster diving B) Impersonation C) Pharming D) Shoulder surfing CA) THIS (or pretending to be someone else) is one of the basic social engineering techniques. - To make THIS attack convincing, attackers will try to either intimidate, alarm or coax the victim. WA1) THIS redirects users from a legitimate website to a malicious one. - THIS relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected to the malicious site. WA2) THIS refers to combing through an organization's (or individual's) refuse to try to find useful documents or discarded removable media. WA3) THIS refers to stealing a password or PIN, or other secure information, by watching the user type it.
B) Impersonation WAs) Pharming, Dumpster Diving, Shoulder Surfing.
What would you have to do if a virus infection does not allow you to run anti-virus software? A) Configure on-access scanning. B) Perform a complete system restore. C) Remove the infection and quarantine the file. D) Re-secure the DNS configuration. CA) If a virus disrupts the computer system, you might not be able to run anti-virus software and would have to perform THIS. WA1) If a file is infected with a virus, you can (hopefully) use anti-virus software to DO THIS, or erase the file. WA2) Once a system has been cleaned, take the appropriate steps to prevent re-infection. Although real-time scanning reduces performance somewhat, almost all security software is now configured to DO THIS. WA3) _____ spoofing allows attackers to direct victims away from the sites they were intending to visit and towards fake sites. - As part of preventing reinfection, you should inspect and DO THIS.
B) Perform a complete system restore. WAs) C, A, D.
What type of malware gains control of a computer and creates a backdoor with root privileges? A) Boot sector viruses B) Rootkits C) Spyware D) Trojans CA) THIS is a set of tools designed to gain control of a computer and create a backdoor with root or system-level privileges without revealing its presence. WA1) THIS is a program (usually harmful) that is disguised and packaged as something else. Many of THESE function as backdoor applications. WA2) THIS is a program that monitors user activity and sends the information to someone else. WA3) THIS might be able to overwrite the existing boot sector, an application might be able to delete, corrupt, or install files, and a script might be able to change system settings or delete or install files.
B) Rootkits WAs) Trojans, Spyware, Boot Sector Viruses.
What can happen if malware could run with administrative privileges on a workstation computer? A) The malware will try to remediate the infected system. B) The malware can make changes to the software (host) firewall. C) The malware will update its signature(s) or definition(s). D) The malware will scan software to block infected files. CA) If malware could run with administrative privileges, it may have DONE THIS. WA1) The main tool to use TO DO THIS will be anti-virus software. WA2) Infected files could have been uploaded to network servers or cloud services, though these systems should have server-side scanning software TO DO THIS. WA3) When you install an anti-virus package, it must be kept up-to-date with THESE, since viruses are continually being developed and the latest versions of THESE offer the most protection.
B) The malware can make changes to the software (host) firewall. WAs) A, D, C.
What is a program designed to replicate and spread amongst computers that can cause permanent damage or loss of files? A) A backdoor B) A botnet C) A computer virus D) A worm CA) THESE are programs designed to replicate and spread amongst computers. - They produce a wide variety of symptoms on a PC and, in extreme cases, can cause permanent damage or loss of files. WA1) Many Trojans function as THESE applications. Once installed, it allows the attacker to access the PC, upload files, and install software on it. WA2) THESE are malware that replicate over network resources. - Unlike our correct answer, it is self-contained; that is, it does not need to attach itself to another executable file. WA3) (1) could allow the attacker to use the computer in THIS MANNER to launch Denial of Service (DoS) attacks or mass-mail spam.
C) A computer virus WAs) Backdoor, Worms, Botnet.
What is a vulnerability that is exploited before the developer knows about it? A) A legacy system B) A non-compliant system C) A zero-day D) A zombie device CA) A vulnerability that is exploited before the developer knows about it or can release a patch is called THIS exploit. - It is called THIS because the developer has had zero days to fix the flaw. WA1) An unpatched oi.e.: THIS) system is one that its owner has not updated with OS and application patches or installed with A-V and firewall security software. WA2) THIS system is one where the software vendor no longer provides support or fixes for problems. WA3) When creating a botnet, an attacker will first compromise one or two machines to use as ""handlers"" or ""masters."" - The handlers are used to compromise multiples of THESE with DoS tools (bots).
C) A zero-day WAs) B, A, D.
If a password is under 7 characters long and non-complex, what is the best way to crack it? A) Cryptographic hashing B) Dictionary attack C) Brute force D) Packet sniffing CA) In THIS attack, the software tries to match the hash against one of every possible combination it could be. - If the password is short (under 7 characters) and non-complex (using only letters for instance), a password might be cracked in minutes. WA1) THIS attack is an attack where the password cracker matches the hash to those produced by ordinary words found in THIS. WA2) If a network protocol uses clear-text credentials, then THIS attack can obtain these credentials. WA3) THIS scrambles the data in a way that the original plaintext password is normally unrecoverable. - However, THIS function might be vulnerable to dictionary and brute force attacks.
C) Brute force WAs) B, D, A.
What type of malware attempts to steal confidential information by capturing credit card numbers? A) Backdoors B) Botnets C) Keyloggers D) Rootkits CA) THESE actively attempt to steal confidential information by capturing a credit card number by recording key strokes entered into a web form. WA1) THESE function as backdoor applications. Once THIS is installed, it allows the attacker to access the PC, upload files, and install software on it. WA2) (1) could allow the attacker to use the computer in THIS MANNER to launch Denial of Service (DoS) attacks or mass-mail spam. WA3) THIS is a set of tools designed to gain control of a computer and create a backdoor with root or system-level privileges without revealing its presence.
C) Keyloggers WAs) Backdoors, Botnets, Rootkits.
What is it referred to when Windows applies security settings for a folder to all child objects? A) Effective permissions B) Explicit permissions C) Permission propagation D) Resource owner(ship) CA) To apply security settings for the current folder to all child objects (i.e.: THIS), check the "Replace all child object permissions with inheritable permissions" box in the Advanced Security Settings for the folder. WA1) A user may obtain multiple permissions from membership of different groups or by having permissions allocated directly to his or her account. - Windows analyzes the permissions obtained from different accounts to determine THESE. WA2) Directly assigned permissions (i.e.: THESE) always override inherited permissions, including "deny" inherited permissions. WA3) THIS PERSON can manage that resource in terms of permissions and other attributes. - Generally speaking, if a user creates a file they will own the file.
C) Permission propagation WAs) A, B, D.
What threat is a combination of social engineering and spoofing? A) Dumpster diving B) Pharming C) Phishing D) Shoulder surfing CA) THIS is a combination of social engineering and spoofing. - The attacker sets up a fake website to imitate a secure website. - The attacker then emails users of the genuine website to update their account but gives the users a link that leads to the attacker's spoofed site. WA1) THIS redirects users from a legitimate website to a malicious one. - THIS relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected to the malicious site. WA2) THIS refers to combing through an organization's (or individual's) refuse to try to find useful documents or discarded removable media. WA3) THIS refers to stealing a password or PIN, or other secure information, by watching the user type it.
C) Phishing WAs) Pharming, Dumpster Diving, Shoulder Surfing.
What kind of account can be abused to allow a user to obtain more powerful Administrator or System privileges? A) Administrators B) Guests C) Power Users D) Standard Users CA) THIS group still appears to support legacy applications, but its use is strongly deprecated. The rights allocated to this account type can be abused to allow the user to obtain more powerful Administrator or System privileges. WA1) Members of THIS group can perform all system management tasks. - The user created at installation is automatically added to this group. WA2) THESE folks can perform most common tasks, such as shutting down the computer, running applications, using printers, change the time zone and install local printers. WA3) THIS group has only limited rights; for example, members can browse the network and Internet and shut down the computer but cannot save changes made to the desktop environment.
C) Power Users WAs) Administrators, Standard Users, Guests.
What type of malware tries to extort money from the victim? A) Trojans B) Rootkits C) Ransomware D) Spyware CA) THIS is malware that tries to extort money from the victim. - One type will display threatening messages and may block access to the computer. - Another type attempts to encrypt data, and the user will be unable to access the files without obtaining the private encryption key WA1) THIS is a program that monitors user activity and sends the information to someone else. WA2) THIS is a set of tools designed to gain control of a computer and create a backdoor with root or system-level privileges without revealing its presence. WA3) THIS is a program (usually harmful) that is disguised and packaged as something else. - Many of THESE function as backdoor applications.
C) Ransomware WAs) Spyware, Rootkits, Trojans.
What is used by the Windows 2000 and Windows XP versions that presents a limited subset of the commands normally available at a Windows command prompt? A) msconfig B) regedit C) Recovery console D) Windows Recovery Environment (WinRE) CA) THIS is a precursor to our (PC), used by the Windows 2000 and Windows XP versions. - THIS presents a limited subset of the commands normally available at a Windows command prompt and does not provide as many tools as our (PC). PC) When removing a virus manually, you can boot the computer using the product disc and use THIS to run commands from a "clean" command environment. WA1) You can execute commands at a command prompt terminal and/or manually remove registry items using THIS. WA2) You can use THIS to perform a safe boot or boot into Safe Mode, hopefully preventing any infected code from running at startup.
C) Recovery console PC) Windows Recovery Environment (WinRE) WAs) regedit, msconfig.
What must you do when you need to run a command prompt with elevated privileges? A) Execute commands from Instant Search or from the Run dialog. B) Operate the command prompt in interactive mode. C) Run the command prompt as administrator then confirm the UAC (User Account Control). D) Type 'help' at the command prompt. CA) To execute a command from the command prompt with elevated privileges, DO THIS. WA1) Some commands, such as nslookup or telnet, can operate HERE, where the command starts that program and from that point, the prompt will only accept input relevant to the program. WA2) The command prompt includes a help system. - If you type THIS at the command prompt then press ENTER, a list of available commands is displayed. WA3) You can DO THIS from THIS EXACT AREA. - An interactive command will open a command prompt window for input. - If a command is non-interactive, the command prompt window will open briefly and close again as the command executes.
C) Run the command prompt as administrator then confirm the UAC (User Account Control). - right-click the command prompt shortcut. WAs) B, D, A.
What kind of attack refers to stealing a password by watching the user type it? A) Impersonation B) Pharming C) Shoulder surfing D) Tailgating CA) THIS refers to stealing a password or PIN, or other secure information, by watching the user type it. WA1) THIS redirects users from a legitimate website to a malicious one. - THIS relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected to the malicious site. WA2) THIS (or pretending to be someone else) is one of the basic social engineering techniques. - To make THIS attack convincing, attackers will try to either intimidate, alarm or coax the victim. WA3) THIS (or piggybacking) is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint, or by persuading someone to hold a door open.
C) Shoulder surfing WAs) Pharming, Impersonation, Tailgating.
You see one of the cleaning crew at your company pocket a USB drive the custodian found while digging through an employee's trashcan. What kind of social engineering attack could this be associated with? A) Dumpster diving B) Pharming C) Shoulder surfing D) Tailgating CA) THIS refers to combing through an organization's (or individual's) refuse to try to find useful documents or discarded removable media. WA1) THIS (or piggybacking) is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint, or by persuading someone to hold a door open. WA2) THIS refers to stealing a password or PIN, or other secure information, by watching the user type it. WA3) THIS redirects users from a legitimate website to a malicious one. - THIS relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected to the malicious site."
C) Shoulder surfing WAs) Tailgating, Shoulder Surfing, Pharming.
What is a program that uses keyloggers to steal information and pop-ups to try to redirect a user to dubious websites? A) Ransomware B) Rogueware/Scareware C) Spyware D) Trojans CA) THIS can use keyloggers to steal information and spawn browser pop-ups to try to redirect the user to dubious websites. WA1) THIS is a program (usually harmful) that is disguised and packaged as something else. - Many of THESE function as backdoors and keyloggers. WA2) THIS is malware that tries to extort money from the victim. - One type will display threatening messages and may block access to the computer. - Another type attempts to encrypt data unless you have the private encryption key. WA3) THIS is fake anti-virus, where a web pop-up displays a security alert and claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker's Trojan.
C) Spyware WAs) Trojan, Ransomware, Rougeware/Scareware.
What folder option governs how Search is configured? A) Hidden files and folders B) Hide extensions C) The Indexing applet D) The View menu ribbon CA) Search is governed by how the Indexing Options applet is configured. - This allows you to define indexed locations and rebuilt the index. - A corrupted index is a common cause of search problems. WA1) ANYTHING VALID marked as THIS are not shown by default but can be revealed by setting the Show hidden files, folders, and drives option. WA2) Over-typing a file extension (when renaming a file) can make it difficult to open, so THIS is a NORMAL thing. WA3) In Windows 10, you can use THIS to toggle hidden items and file extensions without going through the Folder Options dialog.
C) The Indexing applet WAs) A, B, D.
What is a harmful program that is packaged as something else? A) A Keylogger B) A Rootkit C) Rogueware/Scareware D) A Trojan (Horse) CA) THIS is a program (usually harmful) that is disguised and packaged as something else. - Many of THESE function as backdoor applications. WA1) THIS is fake anti-virus, where a web pop-up displays a security alert and claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker's ________. WA2) THIS is a set of tools designed to gain control of a computer and create a backdoor with root or system-level privileges without revealing its presence. WA3) THESE actively attempt to steal confidential information, by capturing a credit card number by recording key strokes entered into a web form.
D) A Trojan (Horse) WAs) Rogueware/Scareware, Rootkit, Keylogger.
You are reviewing the password policy for a company and are considering implementing Kerberos authentication on the network. In what kind of environment could a Kerberos vulnerability be exploited? A) A network that uses the enforce password history/minimum password age policy B) A network that uses multi-factor authentication when logging into it C) A network that implements a web application that uses weak passwords to authenticate D) A network that uses a Windows Active Directory domain with Single Sign On (SSO) CA) Kerberos authentication and authorization system is used for EXACTLY THIS. - This means that a user only has to authenticate to a system once to gain access to all its resources. WA1) THIS EXACTLY specifies that a unique password must be used when the user changes the password. - Password protection policies mitigate against the risk of attackers being able to compromise an account and use it to launch other attacks on the network. WA2) Authentication methods are stronger when they are combined. - THIS means using at least two different authentication methods. - Kerberos uses our (CA). WA3) THIS could be obtained with various password attacks by hackers, not a Kerberos exploit.
D) A network that uses a Windows Active Directory domain with Single Sign On (SSO) WAs) A, B, C.
What spoofing attack involves an attacker stealing cookies to impersonate the original user? A) ARP (Address Resolution Protocol) poisoning B) DNS spoofing C) Man-in-the-Middle (MitM) D) A replay attack CA) If an attacker can steal the web cookie token, the attacker may be able to present the token again and impersonate the original user. WA1) THIS allows attackers to direct victims away from the legitimate sites they were intending to visit and towards fake sites. WA2) In THIS attack, the attacker sends spoofed _____ messages onto the network to associate his IP address with another host, typically the subnet's default gateway. - The rest of the network hosts will then start communicating with the attacker. WA3) THIS attack is a specific type of spoofing attack where the attacker sits between two communicating hosts and transparently monitors, captures, and relays all communication between them.
D) A replay attack WAs) B, A, C.
What is the purpose of implementing client-side Domain Name System (DNS) configuration? A) It allows the client to serve a default gateway for other clients on the same local network. B) It allows the client to automatically assign itself an IP address if no Dynamic Host Configuration Protocol (DHCP) server is present. C) It allows the client to lease Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information to other clients in its database. D) It allows the client to resolve cached host names without connecting to a server. CA) If client-side DNS has been implemented, the client will be able to perform basic DNS lookups without having to connect to a DNS server. - These names are stored in a resolver cache on the client. WA1) DNS servers provide resolution of host and domain names to their IP addresses. - However, it is APIPA that DOES THIS. WA2) If the DNS lookup is out of scope for the client resolver, the DNS servers that store, maintain, and update the databases will respond to the resolution request for the client-side DNS services to handle. WA3) To use a router, you need to configure the Default gateway and DNS server parameters in TCP/IP properties for the local network adapter.
D) It allows the client to resolve cached host names without connecting to a server. WAs) B (APIPA), C, A.
What action results in losing NTFS (NT File System) encryption? A) Moving files and folders to a different NTFS (NT File System) volume B) Moving files and folders on the same NTFS (NT File System) volume C) Copying files and folders on the same NTFS (NT File System) volume or different NTFS volumes D) Moving files and folders to a FAT (File Allocation Table) or FAT32 partition CA) When moving files and folders THIS, all permissions and NTFS (NT File System) attributes (such as encryption) are lost, as THIS does not support permissions or special attributes. WA1) When moving files and folders on HERE, NTFS permissions are retained. WA2) When moving files and folders to HERE, NTFS permissions are inherited from the destination folder, and the user becomes the Creator/Owner. WA3) When DOING EXACTLY THIS, NTFS permissions are inherited from the destination folder, and the user becomes the Creator/Owner.
D) Moving files and folders to a FAT (File Allocation Table) or FAT32 partition WA1) Moving files and folders on the same NTFS (NT File System) volume WA2) Moving files and folders to a different NTFS (NT File System) volume WA3) Copying files and folders on the same NTFS (NT File System) volume or different NTFS volumes
What attack uses a pre-computed list of all probable plaintext dictionary passwords and their matching hashes? A) Brute Force B) Dictionary attack C) Packet sniffing D) Rainbow table attack CA) THESE refine the type of attack (1) is. - THESE attacks use a pre-computed lookup table of all probable plaintext passwords (derived from the dictionary) and their matching hashes. - The hash value of a stored password can then be looked up in the table and the corresponding plain-text discovered. WA1) THIS attack is an attack where the password cracker matches the hash to those produced by a list of words found in one of THESE. WA2) In THIS attack, the software tries to match the hash against one of every possible combination it could be. WA3) If a network protocol uses clear-text credentials, then THESE attacks can obtain these credentials.
D) Rainbow table attack WAs) B, A, C.
Kerberos authentication and authorization for Active Directory domain networks uses what kind of access control? A) Credential Manager B) Multifactor authentication C) Pre-boot authentication D) Single Sign-On (SSO) CA) THIS means that a user only needs to authenticate to a system once to gain access to all its resources. - An example is the Kerberos authentication and authorization model for Active Directory domain networks. WA1) When our (CA) is not available, users will often cache passwords. - You can view cached passwords for websites and Windows/network accounts using THIS Control Panel app. WA2) Authentication methods are stronger when they are combined. - THIS means using two different methods to authenticate. WA3) A PC with Unified Extensible Firmware Interface (UEFI) firmware may support THIS. - This means that the system loads an authentication application to contact an authentication server on the network and allow the user to submit the credentials for a user account.
D) Single Sign-On (SSO) WAs) A, B, C.
What type of website spoofing attack makes the target more likely to be fooled because the attacker has some personal information pertaining to the victim? A) Establishing trust B) Impersonation C) Pharming D) Spear phishing CA) THIS is a combination of social engineering and spoofing. - THIS type refers to a phishing scam where the attacker has some information that makes the target more likely to be fooled by the attack. WA1) THIS redirects users from a legitimate website to a malicious one. - THIS relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected to the malicious site. WA2) Being convincing or DOING THIS usually depends on the attacker obtaining privileged information, but typically does not involve website spoofing. WA3) THIS (or pretending to be someone else) is one of the basic social engineering techniques. - To make THIS attack convincing, attackers will try to either intimidate, alarm or coax the victim.
D) Spear phishing WAs) Pharming, Establishing trust, Impersonation.
What kind of users can perform most common tasks on a computer? A) Administrators B) Guests C) Power Users D) Standard Users CA) THESE can perform most common tasks, such as shutting down the computer, running applications, using printers, change the time zone and install local printers. WA1) THIS group has only limited rights; for example, members can browse the network and Internet and shut down the computer but cannot save changes made to the desktop environment. WA2) THIS group still appears to support legacy applications, but its use is strongly deprecated. - The rights allocated to this account type can be abused to allow the user to obtain more powerful Administrator or System privileges. WA3) Members of THIS group can perform all system management tasks. - The user created at installation is automatically added to this group.
D) Standard Users WAs) Guests, Power Users, Administrators.
When permissions are created on a folder, what automatically happens to the permissions on the subfolders? A) The permissions become explicitly denied. B) Permission inheritance becomes disabled. C) The subfolders are granted Full Control permissions. D) Sub-folders inherit the permissions from the parent folder. CA) NTFS (NT File System) permissions that are assigned to a folder are automatically HAVING THIS TAKE PLACE. WA1) To prevent automatic permission inheritance, you can change the permissions and DO THIS. - You can then either convert inheritable permissions to explicit or remove the inherited permissions. WA2) By default, if an account is not granted an "allow" permission, an implicit deny is applied. - THESE permissions are only used in quite specific circumstances when you want to deny permissions directly to an object, no matter what. WA3) The user obtains the most effective "allow" permissions obtained from any source. - A user may obtain multiple permissions from different groups or by explicit permissions.
D) Sub-folders inherit the permissions from the parent folder. WAs) B, A, C.
An authorized employee was persuaded to hold the door open for someone. What social engineering threat was the employee possibly a victim of? A) Establishing trust B) Pharming C) Shoulder surfing D) Tailgating CA) THIS (or piggybacking) is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint, or by persuading someone to hold a door open. WA1) THIS refers to stealing a password or PIN, or other secure information, by watching the user type it. WA2) THIS redirects users from a legitimate website to a malicious one. - THIS relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected to the malicious site. WA3) Being convincing or DOING THIS usually depends on the attacker obtaining privileged information about the organization or about an individual.
D) Tailgating WAs) Shoulder Surfing, Pharming, Establishing Trust.
If there is no Certificate Authority (CA) to issue a file encryption certificate for a Windows system using EFS (Encrypting File System), what can the administrator do to use encryption? A) Bypass the certificate requirement. B) Encrypt using a weaker encryption scheme. C) Remove the CA (Certificate Authority) when authenticating users on the network. D) Use a self-signed certificate. CA) The only other option for encryption is to have the system issue THIS, which is a standard method of certificate issue when a CA (Certificate Authority) is not available. WA1) Attackers can utilize a network service to access EFS (Encrypting File System) and DO THIS. WA2) Using THIS (EVER!) only makes the system more vulnerable to attackers and more susceptible to authentication bypass. WA3) Public Key Infrastructure (PKI) is a solution to the problem of authenticating subjects on public networks. Under PKI, users or servers are validated by THIS, which issues the subject a digital certificate.
D) Use a self-signed certificate. WAs) A, B, C.
In a Windows system, what directory contains drivers, logs, and registry files? A) Program Files B) Public C) Users D) Windows CA) THIS directory is the system root, and contains drivers, logs, add-in applications, system and registry files (notably the System32 sub-directory), and fonts. WA1) THIS directory contains subdirectories for installed applications software. - In 64-bit versions of Windows, a _______ ______ (x86) folder is created to store 32-bit applications. WA2) THIS directory is the storage for users' profile settings and data. - Each user has a folder named after their user account that contains registry data and other subfolders. WA3) THIS directory is used for sharing documents between users on the same computer.
D) Windows WAs) Program Files, Users, Public.
Which of these is self-contained memory-resident malware that can replicate and consume network resources, perform Denial of Service (DoS) attacks, and can install backdoors? A) Botnets B) Rootkits C) Spyware D) Worms CA) THESE are self-contained memory-resident malware that replicate over and rapidly consume network resources. - THESE are able to crash an operating system or server application by performing a Denial of Service (DoS) attack and can install backdoors. WA1) THIS is a set of tools designed to gain control of a computer and create a backdoor with root or system-level privileges without revealing its presence. WA2) A Trojan backdoor could allow the attacker to use the computer in THIS to launch Denial of Service (DoS) attacks or mass-mail spam. WA3) THIS is a program that monitors user activity and sends the information to someone else.
D) Worms WAs) Rootkits, Botnets, Spyware.
What do the "handlers" or "masters" compromise in a botnet? A) Backdoors B) Denial of Service (DoS) tools C) Hacker collectives D) Zombie devices CA) When creating a botnet, an attacker will compromise one or two machines to use as "handlers" or "masters." The handlers are used to compromise multiples of THESE with DoS tools (bots). WA1) THIS attack causes a service to fail or to become unavailable to users. - _____ tools (bots) can be installed to trigger our (CA) to launch attacks. WA2) If a bot is installed, THIS can give an attacker access to the device. - Then they can install Distributed Denial of Service (DDoS tools) and trigger our (CA) to launch attacks. WA3) Nation states, terrorist groups, and THESE engage in "cyber warfare" and perform Distributed Denial of Service (DDoS) attacks on companies and governments.
D) Zombie Devices WAs) B, A, C.