CS4451 Module 5
Which of the following statements accurately describe similarities or differences between a CSRF and a SSRF attack? Select three.
A CSRF attack takes advantage of an authentication token. A CSRF attack pretends to be an authorized user. A SSRF attack can inject harmful data.
Which of the following statements are true regarding an IoA or can be an example of an IoA? Select three.
An IoA is a sign an attack is currently in progress. A user is not able to log into their account a day before their password expires. A user checks email while in Europe and downloads a file as if in Australia within 6 minutes.
Jennifer's computer is infected due to a phishing scam. Based on the message presented, she is willing to pay in Bitcoin to regain access to her computer because she does not want to lose her video productions. However, she is having a difficult time launching a browser to pay the ransom. What type of malware was most likely installed?
Blocking ransomware
A malicious actor modifies the return address in an application to execute the code in the malware they injected into memory. What type of attack is this?
Buffer overflow
A software quality assurance associate is testing two modules in an application on a web server. One module generates data and the other reads data. However, whenever data is being generated, as soon as the module that reads data is initiated, the application crashes. Which of the following is most likely to be causing the problem?
Dereferencing a pointer with a NULL value.
Spiro is doing research on HIDS, HIPS, and EDRs in his quest to implement a stronger security posture in a small company that was recently awarded a government contract. Which of the following statements are true regarding the technologies he is researching? Select two.
EDR tools perform analytics that identify patterns and detect anomalies. A HIPS attempts to block a malicious attack.
Jefferson downloads a version of PowerShell that is purported to have capabilities that exceed those of the native version. Shortly thereafter his computer starts to exhibit unusual behavior. The installed anti-malware tool does not reveal anything he does not already know. What type of malware is most likely to be installed on the system?
Fileless virus
A company is developing an online app that will require users to sign in using their email and a password. What should the company do to prevent SQLi attacks?
Filter inputs
A malicious actor manages to install a backdoor on a system. What are some of the most likely reasons why they would do this? Select two.
For privilege escalation purposes To circumvent security protections
Which of the following best describes the risks of installing bloatware that is not harmful and does not contain malware? Select two.
It may inject advertising that interferes with web browsing. The bundle may contain an unpatched application.
Which of the following represents a disadvantage of a hardware keylogger?
It needs to be installed and retrieved without the threat actor being detected.
How does a worm deliver its malicious payload?
It replicates itself over the network.
A user is browsing a website when they get a popup from what appears to be a government agency. The message says the computer is involved in an illegal activity and they need to pay a fine online by entering their credit card number. The user tries to close the message, but they cannot. What category of action did the user most likely experience?
Kidnap
On December 15, a small company starts transitioning to a new accounting package during their holiday break. Suddenly, on January 2, when employees return to work at 9:00 a.m., all computers in the accounting department repeatedly shut down within 15 minutes of being powered up. What type of malware is likely to have infected the computers?
Logic bomb
A vulnerability in a web application infrastructure is most likely to affect which of the following? Select three.
Network Databases App servers
Company Beta does some testing on a highly anticipated software application and soon installs it in a production environment. Problems ensue so they contact Company Alpha, the company who released the software. While investigating the problem, Company Alpha discovers a buffer overflow vulnerability. What could have caused the vulnerability?
Poor coding practices
A user sees a message in their browser that appears to be from the company whose OS is installed on their computer. It displays a number to call support to fix the problem. When the user calls, the threat actor requests permission to install software to scan the system but instead installs a threat agent for later access. What type of malware did the attacker most likely install?
RAT
An attacker captures traffic with the intention of impersonating a legitimate user. In what type of attack is the malicious actor engaging?
Replay attack
A security company is testing an unpatched server running an older OS connected to the internet in an isolated network. However, the anti-malware software installed on the server was consistently not able to detect a particular type of infection. What type of infection was least likely to be detected by the anti-malware app?
Rootkit
Pamela installed a program that scanned the internet for coupons. A week later her bank account was hacked. How was Pamela's bank account most likely compromised?
She installed a computer Trojan
Florentina is analyzing a network and notices an unusual amount of traffic is being generated by some computers. Additional investigation reveals that most of the traffic is in the form of images being transmitted to an unfamiliar site. What specific type of malware was most likely installed on the compromised systems?
Software keylogger
Which of the following represents a true statement regarding the similarities or differences between keyloggers and spyware?
Spyware does not capture keyboard input.
Identify the differences and/or similarities between static analysis and dynamic analysis regarding AV software. Select two.
Static analysis uses signature-based monitoring. Dynamic analysis looks for characteristics of a virus.
Which of the following are reasons for which ransomware is considered the most serious malware threat? Select two.
The consequences are considerable. They occur with very high frequency.
A company's network is infected with ransomware. They are told data has been stolen. In addition, they are told to pay a ransom to decrypt the data on their servers, or the stolen data will be released to the public. Which of the following would be the best option for the company?
There is no best option.
What means of protection can be used to help ensure a browsing experience is not susceptible to unauthorized interception of certain elements of the transmission? Select two.
Use HTTPS Use secure cookies
You are serving as a contractor at a company to help harden endpoints. Which of the following could you implement to help achieve the goal? Select two.
Use a patch management system. Use an application allow list.
Which of the following statements best describes a TOCTTOU race condition?
When one thread overwrites the data created by another thread.
Hissana enters information on a compromised website, which does a poor job sanitizing the input. As a result, the web server sends back a response that infects her system. What type of attack is this?
XSS
A company determines that some of their computers are using specially coded attack commands that have been posted on certain social media sites. Every single one of the infected computers is considered a ________.
zombie
