CompTIA Security+ Cert Prep 1: Threats, Attacks, and Vulnerabilities
What presents itself to be legitimate software but delivers a malicious payload behind the scenes?
Trojan Horses
Most programs run in what type of less privileged mode?
User Mode
Name 2 types of code based malware
1. Backdoors 2. Logic Bombs
Name common attack vectors?
1. Emails 2. Social Media 3. Removable Media 4. Card Skimmers 5. Cloud Services 6. Network/Wireless Network 7. Supply Chain 8. Direct Access
What are the 4 steps used for a Botnet Network?
1. Hacker first infects a system with malware. 2. Once they gain control of the system they join with other infected systems to create a Botnet Network. 3. The system lies dormant awaiting instructions. 4. The hacker will then send instructions to the botnet through command-and-control mechanism to perform the malicious act.
Name 3 ways to avoid malware.
1. Installing and keeping Antivirus Software current 2. Applying Security Patches 3. Educate users about the dangers of malware.
What are ways to prevent insider attacks?
1. Perform background checks on potential employees. 2. Follow the principal of least privilege 3. Use two person control for very sensitive transactions. 4. Implement a mandatory vacation policy for critical staff.
What are the 3 Hack Colors?
1. White Hats 2. Black Hats 3. Gray Hats
First worm was released in what year and by whom? The worm was known as the RTM Worm and it infected 10% of the internet.
1988; Robert T Morris
Name the most popular Macro Script Language.
VBA (Visual Basics for Applications)
What spreads from system to system based on human action?
Viruses
What CVSS value is the threshold at which PCI DSS requires remediation to achieve a passing scan? A. 4 B. 5.5 C. 6 D. 8
A. 4
Which one of the following metrics does not contribute to the exploitability score for a vulnerability in CVSS? A. Confidentiality B. User Interaction C. Attack Vector D. Attack Complexity
A. Confidentiality
Which one of the following is not an example of an open source intelligence resource? A. IP Reputation Service B. Social Media C. Security Website D. Government Security Analysis Center
A. IP Reputation Service
What security technology best assists with the automation of security workflows? A. SOAR B. IPS C. SIEM D. CASB
A. SOAR
Randy is developing a vulnerability management program. Which one of the following is not a common source of requirements for such a program? A. Sales Team Requests B. Legal Requirements C. Security Objectives D. Corporate Policy
A. Sales Team Requests
In what type of social engineering attack does the attacker physically observe the victim's activity? A. Shoulder Surfing B. Tailgating C. Dumpster Diving D. Phishing
A. Shoulder Surfing
It is difficult to develop defenses against APT attackers. A. True B. False
A. True
It is generally a bad practice to run software after the vendor's end of life. A. True B. False
A. True
Which one of the following types of malware can spread without any user interaction? A. Worm B. Back Door C. Trojan Horse D. Virus
A. Worm
These state actors employ extremely advanced tools and are very difficult to detect?
APT Group (Advanced Persistent Threat Group)
What does APT (APT Groups) stand for?
Advanced Persistent Threat
_____ is a malware that has the specific purpose of displaying advertisements, but instead of generating revenue for the content owner, this generates revenue for the malware author.
Adware
What two malwares often come packaged together through software a user actually wants to download? Often times the click through installer tricks the user into granted them access or obtaining access without permission.
Adware and Spyware
_____ are integrated into software applications and are allowed interaction with that application in a programmatic manner.
Application Scripts
Paths that attackers use to gain initial access?
Attack Vectors
As Dave works with his colleagues in other IT disciplines, he notices that they use different names to refer to the same products and vendors. Which SCAP component would best assist him in reconciling these differences? A. CVE B. CPE C. CVSS D. OVAL
B. CPE (Common Platform Enumeration)
Helen has vulnerability scanners located at several points on her network. Which one of the following scanners is likely to provide the most complete picture of the vulnerabilities present on a public web server? A. External Scanner B. DMZ Scanner C. User Subnet Scanner D. Intranet Scanner
B. DMZ Scanner
The analysis of adversary TTP includes tools, techniques, and policies. A. True B. False
B. False
Matt would like to limit the tests performed by his vulnerability scanner to only those that affect operating systems installed in his environment. Which setting should he modify? A. Ping Type B. Plug-Ins C. Safe Checks D. Sensitivity Level
B. Plug-Ins
What language is commonly used to automate the execution of system administration tasks on Windows systems? A. Bash B. PowerShell C. Python D. Ruby
B. PowerShell
In what technique do attackers pose as their victim to elicit information from third parties? A. Spoofing B. Pretexting C. Skimming D. Phishing
B. Pretexting
Dan is engaging in a password cracking attack where he uses precomputed hash values. What type of attack is Dan waging? A. Brute Force B. Rainbow Table C. Hybrid D. Dictionary
B. Rainbow Table
Cryptolocker is an example of what type of malicious software? A. Adware B. Ransomware C. Spyware D. Trojan Horse
B. Ransomware
Which one of the following issues is not generally associated with the use of default configurations? A. Extraneous Services Running B. SQL Injection Flaws C. Open Ports D. Vendor-Assigned Passwords
B. SQL Injection Flaws
What type of website does the attacker use when waging a watering hole attack? A. Software Distribution Site B. Site Trusted by the End User C. Hacker Forum D. Known Malicious Site
B. Site Trusted by the End User
Where do fileless viruses often store themselves to maintain persistence? A. Memory B. Windows Registry C. BIOS D. Disk
B. Windows Registry
Name the Script Language used for Mac and Linux.
BASH (Bourne-Again Shell)
_____ occur when a programmer provides a means to grant themselves or others further access to a system.
Backdoors
These hackers do not have permission of the target and hack with malicious intent?
Black Hats
_____ are collections of zombie computers used for malicious purposes.
Botnets
What approach to threat identification begins with a listing of all resources owned by the organization? A. Likelihood-focused B. Threat-Focused C. Asset-Focused D. Service-Focused
C. Asset-Focused
What is the basic principle underlying threat hunting activities? A. Fail-Sasfe B. Default Deny C. Assumption of Compromise D. Least Privilege
C. Assumption of Compromise
Which one of the following controls is not particularly effective against the insider threat? A. Least Privilege B. Background Checks C. Firewalls D. Separation of Duties
C. Firewalls
Which of the following is a common command-and-control mechanism for botnets? A. FTP B. SMTP C. IRC D. HTTP
C. IRC (Internet Relay Chat)
What type of malware delivers its payload only after certain conditions are met, such as specific date and time occurring? A. Worm B. Ransomware C. Logic Bomb D. Trojan Horse
C. Logic Bomb
What type of artificial intelligence technique is most commonly associated with optimization? A. Proactive Analytics B. Descriptive Analytics C. Prescriptive Analytics D. Predictive Analytics
C. Prescriptive Analytics
Which of the following is a standardized language used to communicate security information between systems and organizations A. CybOX B. TAXII C. STIX D. CVSS
C. STIX
Linda's organization recently experienced a social engineering attack. The attacker called a help desk employee and persuaded her that she was a project manager on a tight deadline and locked out of her account. The help desk technician provided the attacker with access to the account. What social engineering principle was used? A. Social Proof B. Authority C. Urgency D. Scarcity
C. Urgency
What attack vector uses devices attached to ATMs, gas pumps, and/or other magnetic reader machines, which will read the data from the magnetic strip, copy that data that can then be cloned for use elsewhere?
Card Skimmers
What attack vector does attackers scan regularly to find improper access controls, systems that have security flaws, or accidentally published API keys (Application Programming Interface Key) or passwords?
Cloud Services
What does the acronym CVSS stand for?
Common Vulnerability Scoring System
_____ is a form of malware that takes over the computing capacity of a user's system and uses that capacity to mine cryptocurrencies.
Cryptomalware
Data breaches violate which principle of cybersecurity? A. Integrity B. Availability C. Non-Repudiation D. Confidentiality
D. Confidentiality
The reuse of passwords across multiple sites makes an individual susceptible to _____ attacks. A. Rainbow Table B. Password Spraying C. Brute Force D. Credential Stuffing
D. Credential Stuffing
Jason recently investigated a vulnerability discovered during a scan and, after exhaustive research, determined that the vulnerability did not exist. What type of error occurred? A. False Negative B. True Negative C. True Positive D. False Positive
D. False Positive
What type of attacker is primarily concerned with advancing an ideological agenda? A. APT B. Script Kiddie C. Organized Crime D. Hacktivist
D. Hacktivist
What type of organization facilitates cybersecurity information sharing among a industry-specific communities? A. CIRT B. CERT C. InfraGard D. ISAC
D. ISAC
Renee is creating a prioritized list of scanning targets. Which one of the following is the least important criteria for her prioritization? A. Network Exposure B. Information Sensitivity C. Services Installed D. Operating System
D. Operating System
What device is often used in card cloning attacks? A. Malicious USB B. Unsecured Network C. Smart Card D. Skimmer
D. Skimmer
What type of phishing attack focuses specifically on senior executives of a targeted organization? A. Pharming B. Spear Phishing C. Vishing D. Whaling
D. Whaling
What attack vector sends phishing messages and messages containing malicious attachments and links directly to the user?
Emails
What avoids detection of simple antivirus software and operate completely in a computers memory?
Fileless Viruses
What can maintain persistence on a system by writing a copy of themselves to the Windows Registry, where they can instruct Windows to load them back into memory after a reboot?
Fileless Viruses
These hackers do not have permission of the target but hack with the motivation of helping their victims improve their security?
Gray Hats
Attackers seeking to use their hacking skills to advance a political or social agenda are called?
Hacktivists
What is a common command-and-control mechanism for botnets?
IRC (Internet Relay Chat)
What threats are considered the most costly and dangerous attacks?
Insider Threats
What does IRC stand for?
Internet Relay Chat
Operating Systems run in what highly privileged mode?
Kernel Mode
What type of malware delivers its payload only after certain conditions are met, such as specific date and time occurring?
Logic Bomb
_____ are malware that is set to execute. payload after conditions are met.
Logic Bombs
What attack vector do attackers exploit with direct access to a jack or port in an unsecured public area?
Network
What is the term given to the malicious action that malware performs?
Payload
Name the Script Language used for Windows
PowerShell
What language is commonly used to automate the execution of system administration tasks on Windows systems?
PowerShell
What attacks can take a normal user's credentials and transform them into super user accounts?
Privilege Escalation Attacks
What is term given to the way that a malware object spreads?
Propagation Mechanism
Name the most popular Programming Script Language.
Python
What provided hackers with the ability to remotely access and control infected systems?
RAT (Remote Access Trojans)
Cryptolocker îs an example of what type of malicious software?
Ransomware
_____ blocks a user's use of a computer or data until a set amount has been paid.
Ransomware
What attack vector uses physical devices or drives to spread malware? Attackers will leave those devices or drives in locations such as parking lots, airports, or other public areas hoping that someone will find the drive and plug it into their system.
Removable Media
Hackers will gain access to a normal user's account on a system and then use a _____ to obtain superuser access.
Rootkit
_____ are a type of malware designed for privilege escalation.
Rootkits
Attackers who are hacking just to see if they can break into a system are known as?
Script Kiddies
_____ are a sequence of instructions that a developer provides to a computer, telling it how to execute a series of steps.
Scripts
What does the acronym SCAP stand for?
Security Content Automatic Protocol
Technology brought into he organization by individual employees without the approval of technology leaders?
Shadow IT
_____ are designed to be run at the command line and are typically integrated with the operating systems.
Shell Scripts
What attack vector spreads malware in the same way as emails but by using a often used application as a part of an influence campaign, designed to gain the trust of users who can then be tricked into granting unauthorized access to information or systems?
Social Media
Keystroking, monitoring for visits to capture credentials, targeting the system hard drive or cloud base storage used by the user to seek out sensitive information is what form of malware?
Spyware
_____ is a malware that gathers information without the user's knowledge or consent. It then reports that info back to the malware author, who can use it for any purpose.
Spyware
What was the first worm to cross the virtual/physical barrier?
Stuxnet (2010)
What is the attack vector where attackers try to interfere or obtain devices prior to them getting to the organization?
Supply Chain
These hackers work with full permission of the target, and have the motivation of finding security flaws that can be fixed?
White Hats
Where do fileless viruses often store themselves to maintain persistence?
Windows Registry
What attack vector do attackers not need to have physical access but can access via the parking lot nearby or through poor security?
Wireless Network
Which type of malware can spread without any user interaction
Worm
What spreads from system to system without any human interaction?
Worms