Chapter 5 Review Questions
Which of the following manipulates the trusting relationship between web servers? A. SSRF B. CSRF C. EXMAL D. SCSI
A. SSRF
Which of the following is NOT a Microsoft Windows common LOLBin? A. DLR B. .NET Framework C. Macro D. PowerShell
A. DLR
Nollaig is reviewing the steps that an attacker took when they compromised a web server and accessed confidential files. What type of attack was this? A. Directory traversal B. Account overflow C. Race condition D. TOE
A. Directory traversal
Which of the following types of computer viruses is malicious computer code that becomes part of a file? A. File-based virus B. Jump virus C. Fileless virus D. RAM-Check virus
A. File-based virus
Which of the following is NOT correct about a secure cookie? A. It is a means of protection of a web browser. B. A secure cookie is only sent to the server with an encrypted request. C. It uses the HTTPS protocol. D. It prevents an unauthorized person from intercepting a cookie that is being transmitted.
A. It is a means of protection of a web browser.
Cillian is explaining to an intern why ransomware is considered to be the most serious malware threat. Which of the follow reasons would Cillian NOT give? A. Once a device is infected with ransomware, it will never function normally. B. Launching a ransomware attack is relatively inexpensive and does not require a high degree of skill. C. Ransomware attacks occur with a very high frequency. D. Attacks from ransomware have a high impact on organizations.
A. Once a device is infected with ransomware, it will never function normally.
Which of the following would NOT be considered an IoA? A. Resource manipulation B. Out-of-cycle logging C. Account lockout D. Blocked content 3
A. Resource manipulation
Which of these would NOT be considered the result of a logic bomb? A. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting. B. If the company's stock price drops below $50, then credit Oscar's retirement account with one additional year of retirement credit. C. Erase the hard drives of all the servers 90 days after Alfredo's name is removed from the list of current employees. D. Delete all human resource records regarding Augustine one month after he leaves the company.
A. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
Which of the following is NOT true about RATs? A. A RAT gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols. B. A RAT and a worm have the same basic function. C. A RAT allows the attacker to not only monitor what the user is doing but also can change computer settings, browse and copy files, and even use the computer to access other computers connected on the network. D. A RAT creates an opening into the victim's computer, allowing the threat actor unrestricted access.
B. A RAT and a worm have the same basic function.
What word is the currently accepted term that is used today to refer to network-connected hardware devices? A. Host B. Endpoint C. Device D. Client
B. Endpoint
Finn's team leader has just texted him that an employee, who violated company policy by bringing in a file on a USB flash drive, has just reported that their computer is infected with locking ransomware. Why would Finn consider this a serious situation? A. It sets a precedent by encouraging other employees to violate company policy. B. It can encrypt all files on any network that is connected to the employee's computer. C. The organization may be forced to pay up to $500 for the ransom. D. The employee would have to wait at least an hour before their computer could be restored.
B. It can encrypt all files on any network that is connected to the employee's computer.
Which of the following is sometimes called a "network virus" because it enters a computer to move through the network? A. Fileless virus B. Worm C. Trojan D. File-based virus
B. Worm
Which of the following attacks is based on a website accepting user input without sanitizing it? A. RSS B. XSS C. iSQL D. SSXRS
B. XSS
Which of the following is NOT a technology used by spyware? A. Tracking software B. System-modifying software C. Active tracking technologies D. Automatic download of software
C. Active tracking technologies
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website? A. SSFR B. DLLS C. CSRF D. DRCR
C. CSRF
Which of the following is NOT a feature of blocking ransomware? A. A message on the user's screen appears pretending to be from a reputable third party. B. It prevents a user from using their computer in a normal fashion. C. It can be defeated by a double power cycle. D. It is the earliest form of ransomware.
C. It can be defeated by a double power cycle.
Which statement regarding a keylogger is NOT true? A. Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet. B. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. C. Software keyloggers are generally easy to detect. D. Keyloggers can be used to capture passwords, credit card numbers, or personal information.
C. Software keyloggers are generally easy to detect.
What is the difference between a keylogger and spyware? A. A keylogger operates much faster than spyware. B. Spyware is illegal while a keylogger is not. C. Spyware typically secretly monitors users but unlike a keylogger makes no attempts to gather sensitive user keyboard input. D. Spyware can be installed using a hardware device while a keylogger cannot.
C. Spyware typically secretly monitors users but unlike a keylogger makes no attempts to gather sensitive user keyboard input.
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program? A. Pointer attack B. Stuffing attack C. Integer overwrite D. Buffer overflow attack
D. Buffer overflow attack
What race condition can result in a NULL pointer/object dereference? A. Conflict race condition B. Value-based race condition C. Thread race condition D. Time of check (TOC) to time of use (TOU)
D. Time of check (TOC) to time of use (TOU)
