Chapter 1, 2 & 3 - CompTIA Security+
Typo squatting
A colleague asks you for advice on why he can't log in to his Gmail account. Looking at his browser, you see he has typed www.gmal.com in the address bar. The screen looks very similar to the Gmail login screen. Your colleague has just fallen victim to what type of attack?
Crypto-malware
A colleague can't open any Word document he has stored on his local system. When you force open one of the documents to analyze it, you see nothing but seemingly random characters. There's no visible sign the file is still a Word document. Regardless of what you use to view or open the Word documents, you don't see anything but random characters. Your colleague was most likely a victim of what type of malware?
Trojan
A colleague has been urging you to download a new animated screensaver he has been using for several weeks. While he was showing you the program, the cursor on his screen moves on its own and a command prompt window opens and quickly closes. You can't tell what if anything was displayed in that command prompt window. Your colleague says "It's been doing that for a while, but it's no big deal." Based on what you've seen, you suspect the animated screensaver is really what type of malware?
Firmware
A desktop system on your network has been compromised. Despite loading different operating systems using different media on the same desktop, attackers appear to have access to that system every time it is powered up and placed on the network. This could be an example of what type of rootkit?
Logic bomb
A disgruntled administrator is fired for negligence at your organization. Thirty days later, your organization's internal file server and backup server crash at exactly the same time. Examining the servers, it appears that critical operating system files were deleted from both systems. If administering those servers during her employment, this is most likely an example of what kind of malware?
Worm
A piece of malware is infecting the desktops in your organization. Every hour more systems are infected. The infections are happening in different departments and in cases where the users don't share any files, programs, or even e-mails. What type of malware can cause this type of infection?
Buffer overflow
A user calls to report a problem with an application you support. The user says when she accidentally pasted an entire paragraph into an input field, the application crashed. You are able to consistently reproduce the results using the same method. What vulnerability might that user have accidentally discovered in that application?
Vishing
A user in your organization contacts you to see if there's any update to the "account compromise" that happened last week. When you ask him to explain what he means, the user tells you he received a phone call earlier in the week from your department and was asked to verify his userid and password. The user says he gave the caller his userid and password. This user has fallen victim to what specific type of attack?
Adware
A user in your organization is having issues with her laptop. Every time she opens a web browser, she sees different pop-ups every few minutes. It doesn't seem to matter which websites are being visited-the pop-ups still appear. What type of malware does this sound like?
Man-in-the-middle
A user reports seeing "odd certificate warnings" on her web browser this morning whenever she visits Google. Looking at her browser, you see certificate warnings. Looking at the network traffic, you see all HTTP and HTTPS requests from that system are being routed to the same IP regardless of destination. Which of the following attack types are you seeing in this case?
ARP poisoning
A user wants to know if the network is down, because she is unable to connect to anything. While troubleshooting, you notice the MAC address for her default gateway doesn't match the MAC address of your organization's router. What type of attack has been used against this user?
Disassociation attack
All of the wireless users on the third floor of your building are reporting issues with the network. Every 15 minutes, their devices disconnect from the network. Within a minute or so they are able to reconnect. What type of attack is most likely underway in this situation?
Keylogger
An employee at your organization is concerned because her ex-spouse "seems to know everything she does." She tells you her ex keeps accessing her e-mails and social media accounts even after she has changed her passwords multiple times. She is using a laptop at home that was a gift from her ex. Based on what you've been told, you suspect the laptop has what type of malware loaded on it?
Hactivist
Attacks by an individual or even a small group of attackers fall into which threat category?
Structured threat
Attacks by individuals from organized crime are generally considered to fall into which threat category?
Dumpster diving
Coming into your office, you overhear a conversation between two security guards. One guard is telling the other she caught several people digging through the trash behind the building early this morning. The security guard says the people claimed to be looking for aluminum cans, but only had a bag of papers—no cans. What type of attack has this security guard witnessed?
Fraud, extortion, theft, embezzlement, and forgery
Criminal activity on the Internet can include which of the following?
Armored virus
Malware engineers sometimes take steps to prevent reverse engineering of their code. A virus, such as Zeus, that uses encryption to resist reverse engineering attempts is what type of malware?
Ransomware
Several desktops in your organization are displaying a red screen with the message "Your files have been encrypted. Pay 1 bitcoin to recover them." These desktops have most likely been affected by what type of malware?
Rogue AP
Users are reporting the wireless network on one side of the building is broken. They can connect, but can't seem to get to the Internet. While investigating, you notice all of the affected users are connecting to an access point you don't recognize. These users have fallen victim to what type of attack?
Bot (Botnet)
Users at your organization are complaining about slow systems. Examining several of them, you see that CPU utilization is extremely high and a process called "btmine" is running on each of the affected systems. You also notice each of the affected systems is communicating with an IP address outside your country on UDP port 43232. If you disconnect the network connections on the affected systems, the CPU utilization drops significantly. Based on what you've observed, you suspect these systems are infected with what type of malware?
Information warfare
Warfare conducted against the information and information processing equipment used by an adversary is known as which of the following?
Hacktivists
What is the name given to a group of hackers who work together for a collectivist effort, typically on behalf of some cause?
Elite hackers
What is the name given to the group of individuals who not only have the ability to write scripts that exploit vulnerabilities but also are capable of discovering new vulnerabilities?
Advanced persistent threat
What is the term used to define attacks that are characterized by using tookits to achieve a presence on a target network, with a focus on the long game—maintaining a persistence on the target network?
Threat intelligence
What term is used to describe the gathering of information from a variety of sources, including non-public sources, to allow an entity to properly focus their defenses against the most likely threat actors?
Highly structured threat
What term is used to describe the type of threat that is characterized by a much longer period of preparation (years is not uncommon), tremendous financial backing, and a large and organized group of attackers?
Shimming
What type of attack involves an attacker putting a layer of code between an original device driver and the operating system?
Replay attack
When an attacker captures network traffic and retransmits it at a later time, what type of attack are they attempting?
Where in the past it would take significant risk to copy the detailed engineering specifications of a major process for a firm, today it can be accomplished with a few clicks and a USB drive.
When discussing threat concerns regarding competitors, which of the following is true?
Insiders have the access and knowledge necessary to cause immediate damage to an organization; insiders may actually have all the access they need to perpetrate criminal activity such as fraud; and attacks by insiders are often the result of employees who have become disgruntled with their organization and are looking for ways to disrupt operations.
Which of the following are reasons that the insider threat is considered so dangerous?
Attackers do not have magic skills, but rather the persistence and skill to keep attacking weaknesses; and there is a surprising number of attacks being performed using old attacks, old vulnerabilities, and simple methods that take advantage of "low-hanging fruit."
Which of the following are true concerning attacker skill and sophistication?
All of the above: They can be deployed through malware such as worms; they allow attacks to connect to the system remotely; they give attackers the ability to modify files and change settings
Which of the following characteristics of remote-access Trojans?
All of the above: Unusual outbound network traffic; increased number of logins; large numbers of requests for the same file
Which of the following could be an indicator of compromise?
Attack
Which of the following is the term generally used to refer to the act of deliberately accessing computer systems and networks without authorization?
Open source intelligence
Which of the following is the term used to describe the processes used in the collection of information from public sources?
Script kiddies
Which of the following is the term used to refer to individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software but who have just enough understanding of computer systems to be able to download and run scripts that others have developed?
Blackdoor
While port scanning your network for unauthorized systems, you notice one of your file servers has TCP port 31337 open. When you connect to the port with netcat, you see a prompt that reads "Enter password for access:". Your server may be infected with what type of malware?
Tailgating
While waiting in the lobby of your building for a guest, you notice a man in a red shirt standing close to a locked door with a large box in his hands. He waits for someone else to come along and open the locked door, then proceeds to follow her inside. What type of social engineering attack have you just witnessed?
These users unwittingly installed spyware
You notice some unusual network traffic and discover several systems in your organization are communicating with a rather dubious "market research" company on a regular basis. When you investigate further you discover that users of the affected systems all installed the same piece of freeware. What might be happening on our network?
Bluejacking
You're sitting at the airport when your friend gets a message on her phone. In the text is a picture of a duck with the world "Pwnd" as the caption. Your friend doesn't know who sent the message. Your friend is a victim of what type of attack?
Rainbow tables
You've been asked to try and crack the password of a disgruntled user who was recently fired. Which of the following could help you crack that password in the least amount of time?
DDoS
Your e-commerce site is crashing under an extremely high traffic volume. Looking at the traffic logs, you see tens of thousands of requests for the same URL coming from hundreds of different IP addresses around the world. What type of attack are you facing?
Your systems are infected with polymorphic malware
Your organization is struggling to contain a recent outbreak of malware. On some of the PCs, your antivirus solution is able to detect and clean the malware. On other PCs exhibiting the exact same symptoms, your antivirus solution reports the system is "clean". These PCs are all running the same operating system and same antivirus software. What might be happening?
Zero day attack
Your organization's web server was just compromised despite being protected by a firewall and IPS. The web server is fully patched and properly configured according to industry best practices. The IPS logs show no unusual activity, but your network traffic logs show an unusual connection from an IP address belonging to a university. What type of attack is most likely occurring?
