Midterm 1 - Chapters 1-7

A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court's website was hacked, and the content was replaced with the text "Equal justice for all. "Which of the following type of threat actors attacked the court's site? Select one: a. State actors b. Cyberterrorists c. Hacktivists d. Insiders

Hacktivists

What is an objective of state-sponsored attackers? a. To spy on citizens b. To sell vulnerabilities to the highest bidder c. To amass fortune over of fame d. To right a perceived wrong

To spy on citizens

What are the two limitations of private information sharing centers? Select one: a. Access to data and participation b. Timing of reports and remote access c. Government approval and cost d. Bandwidth and CPU

a. Access to data and participation

Which of the following ensures that only authorized parties can view protected information? Select one: a. Confidentiality b. Integrity c. Availability d. Authorization

a. Confidentiality

In an interview, the interviewer introduced the following scenario: An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur. Which of the following should you choose? Select one: a. Configuration vulnerability b. Zero-day vulnerability c. Third-party vulnerability d. Physical access vulnerability

a. Configuration vulnerability

Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose? Select one: a. Fame b. Financial gain c. Personal security d. Fortune

a. Fame

Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it? Select one: a. Integrity b. Availability c. Confidentiality d. Assurance

a. Integrity

How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance? Select one: a. It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels. b. It identifies configuration and security postures within the network. c. It performs a fast initial scan that identifies open ports and responsive software. d. It focuses the full scan by first comparing network configurations against known vulnerability databases.

a. It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.

Which of the following is FALSE about a quarantine process? Select one: a. It holds a suspicious application until the user gives approval. b. It is most often used with email attachments. c. It can send a sanitized version of the attachment. d. It can send a URL to the document that is on a restricted computer.

a. It holds a suspicious application until the user gives approval.

What does Windows 10 Tamper Protection do? Select one: a. Limits access to the registry b. Compresses and locks the registry c. Prevents any updates to the registry until the user approves the update. d. Creates a secure backup copy of the registry

a. Limits access to the registry

Which of the following is not a recognized attack vector? a. On-prem b. Email c. Social media d. Supply chain

a. On-prem

What term refers to changing the design of existing code? Select one: a. Refactoring b. Shimming c. Library manipulation d. Design driver manipulation

a. Refactoring

Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next? Select one: a. Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next. b. Robert used mimikatz for footprinting, and should install a backdoor next. c. Robert used mimikatz for phishing, and should perform lateral movement next. d. Robert used mimikatz for tailgating, and should perform phishing next.

a. Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next.

After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered? a. Security manager b. Security administrator c. Security officer d. Security technician

a. Security manager

Which attack embeds malware-distributing links in instant messages? Select one: a. Spim b. Spam c. Tailgating d. Phishing

a. Spim

Which of the following groups use Advanced Persistent Threats? a. State actors b. Brokers c. Criminal syndicates d. Shadow IT

a. State actors

What race condition can result in a NULL pointer/object dereference? Select one: a. Time of check/time of use race condition b. Value-based race condition c. Thread race condition d. Conflict race condition

a. Time of check/time of use race condition

Which of the following is NOT an advantage to an automated patch update service? Select one: a. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. b. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. c. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. d. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.

a. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.

What is the primary goal of penetration testing? Select one: a. Attempt to perform an automated scan to discover vulnerabilities b. Attempt to uncover deep vulnerabilities and then manually exploit them c. Perform SYN DOS attack towards a server in a network d. Scan a network for open FTP ports

b. Attempt to uncover deep vulnerabilities and then manually exploit them

What is the difference between a Trojan and a RAT? Select one: a. A RAT can infect only a smartphone and not a computer. b. A RAT gives the attacker unauthorized remote access to the victim's computer. c. There is no difference. d. A Trojan can carry malware while a RAT cannot

b. A RAT gives the attacker unauthorized remote access to the victim's computer.

Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test? Select one: a. A vulnerability scan identifies deep vulnerabilities. b. A vulnerability scan is usually automated. c. A vulnerability scan can be done when a regulatory body requires it or on a pre-determined schedule. d. A vulnerability scan is usually a manual process.

b. A vulnerability scan is usually automated.

Which of the following is technology that imitates human abilities? Select one: a. XLS b. AI c. RC d. ML

b. AI

What are the primary features of a security information event management (SIEM) tool? Select one: a. Aggregation, deep packet investigation, and policy creation b. Aggregation, correlation, event deduplication, time synchronization, and alerting c. Bandwidth monitoring, alerting, and volume measuring d. Filtering, alerting, packet dropping, packet capturing, and traffic analyzing

b. Aggregation, correlation, event deduplication, time synchronization, and alerting

Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security. What technology will Oskar recommend? Select one: a. Linefeed Access b. Automated Indicator Sharing (AIS) c. Lightwire JSON Control d. Bidirectional Security Protocol (BSP)

b. Automated Indicator Sharing (AIS)

Which of these is a list of preapproved applications? Select one: a. Whitelist b. Blacklist c. Greenlist d. Redlist

b. Blacklist

Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer? Select one: a. Persistent lockware b. Blocking ransomware c. Impede-ware d. Cryptomalware

b. Blocking ransomware

Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with crypto malware. Why would Marius consider this a dangerous situation? Select one: a. The employee would have to wait at least an hour before her computer could be restored. b. Cryptomalware can encrypt all files on any network that is connected to the employee's computer. c. It sets a precedent by encouraging other employees to violate company policy. d. The organization may be forced to pay up to $500 for the ransom.

b. Crypto malware can encrypt all files on any network that is connected to the employee's computer.

Which of the following is NOT a characteristic of malware? Select one: a. Launch b. Diffusion c. Deceive d. Imprison

b. Diffusion

Which of the following is a physical social engineering technique? Select one: a. Watering hole b. Dumpster diving c. Pharming d. Hoaxes

b. Dumpster diving

What type of analysis is heuristic monitoring based on? Select one: a. Code analysis b. Dynamic analysis c. Input analysis d. Static analysis

b. Dynamic analysis

Which of the following is NOT a means by which a bot communicates with a C&C device? Select one: a. Signing in to a third-party website b. Email c. Command sent through Twitter posts d. Signing in to a website the bot herder operates

b. Email

What word is used today to refer to network-connected hardware devices? Select one: a. Host b. Endpoint c. Client d. Device

b. Endpoint

Which of the following tries to detect and stop an attack? Select one: a. HIDS b. HIPS c. RDE d. SOMA

b. HIPS

Which of the following is considered an industry-specific cybersecurity regulation? Select one: a. Sarbanes-Oxley Act of 2002 (SOX) b. Health Insurance Portability and Accountability Act of 1996 (HIPAA) c .Gramm-Leach-Bliley Act (GLB) d. Personal Information Protection and Electronic Documents Act (PIPEDA)

b. Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here? Select one: a. Kate has installed a Trojan. b. Kate has installed a potentially unwanted program (PUP). c. Kate has installed an injection. d. Kate has installed a backdoor.

b. Kate has installed a potentially unwanted program (PUP)

Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here? Select one: a. Kate has installed a Trojan. b. Kate has installed a potentially unwanted program (PUP). c. Kate has installed an injection. d. Kate has installed a backdoor.

b. Kate has installed a potentially unwanted program (PUP).

Which of the following is not used to describe those who attack computer systems? Select one: a. Hacker b. Malicious agent c. Threat actor d. Attacker

b. Malicious agent

What are the two concerns about using public information sharing centers? Select one: a. Security and privacy b. Privacy and speed c. Regulatory approval and sharing d. Cost and availability

b. Privacy and speed

Which of the following is NOT an important OS security configuration? Select one: a. Employing least functionality b. Restricting patch management c. Disabling default accounts d. Disabling unnecessary services

b. Restricting patch management

Which of the following attacks is based on a website accepting user input without sanitizing it? Select one: a. SSXRS b. SQLS c. XSS d. RSS

b. SQLS

What is the name of the process where a website validates user input before the application uses the input? Select one: a. Tokening b. Sanitizing c. Authorizing d. Eliminating

b. Sanitizing

Which of the following is not true regarding security? Select one: a. Security is a process. b. Security is a war that must be won at all costs. c. Security is a goal. d. Security includes the necessary steps to protect from harm.

b. Security is a war that must be won at all costs.

Which statement regarding a keylogger is NOT true? Select one: a. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. b. Software keyloggers are generally easy to detect. c. Keyloggers can be used to capture passwords, credit card numbers, or personal information. d. Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet.

b. Software keyloggers are generally easy to detect.

What is a variation of a common social engineering attack targeting a specific user? Select one: a. Spam b. Spear phishing c. Watering holes d. Redirection

b. Spear phishing

What is a risk to data when training a machine learning (ML) application? Select one: a. Improper exception handling in the ML program b. Tainted training data for machine learning c. API attack on the device d. ML algorithm security

b. Tainted training data for machine learning

Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database: 'whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection? Select one: a. The attacker accessed the data of specific users. b. The attacker has determined the names of different types of fields in the database. c. The attacker has used the SQL injection to delete the table in the database. d. The attacker accessed the entirety of email address data from all users in the database.

b. The attacker has determined the names of different types of fields in the database.

Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database: 'whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection? Select one: a. The attacker accessed the data of specific users. b. The attacker has determined the names of different types of fields in the database. c. The attacker has used the SQL injection to delete the table in the database. d. The attacker accessed the entirety of email address data from all users in the database.

b. The attacker has determined the names of different types of fields in the database.

An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack? Select one: a. The attacker is using a buffer overflow to initiate an integer overflow attack that can allow access to private data on the local drive. b. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine. c. The attacker is using an integer overflow attack that will change the state of the local drive's memory. d. The attacker is using a buffer overflow to initiate an integer overflow attack that will give them access to the machine's OS code

b. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine.

Which model uses a sequential design process? Select one: a. Rigid model b. Waterfall model c. Agile model d. Secure model

b. Waterfall model

Which of the following is known as a network virus? Select one: a. Remote exploitation virus (REV) b. Worm c. TAR d. C&C

b. Worm

Which tool is most commonly associated with state actors? a. Closed-Source Resistant and Recurrent Malware (CSRRM) b. Network Spider and Worm Threat (NSAWT) c. Advanced Persistent Threat (APT) d. Unlimited Harvest and Secure Attack (UHSA)

c. Advanced Persistent Threat (APT)

Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as? Select one: a. Payload b. Zombie c. Bot herder d. Botnet

c. Bot herder

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? Select one: a. Cyberterrorists b. Resource managers c. Brokers d. Competitors

c. Brokers

Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program? Select one: a. Shim overflow attack b. Integer overflow attack c. Buffer overflow attack d. Factor overflow attack

c. Buffer overflow attack

Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website? Select one: a. DRCR b. SSFR c. CSRF d. DLLS

c. CSRF

What is the advantage of a secure cookie? Select one: a. It cannot be stored on the local computer without the user's express permission. b. It is analyzed by AV before it is transmitted. c. It is sent to the server over HTTPS. d. It only exists in RAM and is deleted once the web browser is closed.

c. It is sent to the server over HTTPS.

Which boot security mode sends information on the boot process to a remote server? Select one: a. UEFI Native Mode b. Secure Boot c. Measured Boot d. Trusted Boot

c. Measured Boot

Which of the following is not an issue with patching? a. Delays in patching OSs b. Difficulty patching firmware c. Patches address zero-day vulnerabilities d. Few patches exist for application software

c. Patches address zero-day vulnerabilities

Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming? Select one: a. Phishing involves sending customized emails to recipients, including their names and personal information, to make the message appear legitimate, whereas pharming is a variant of phishing that specifically targets wealthy individuals or senior executives within a business. b. Phishing involves digging through trash receptacles to find information that can be useful in an attack, whereas pharming involves sending millions of unsolicited emails to a large volume of users. c. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP. d. Phishing involves sending millions of generic email messages to a large volume of users, whereas pharming targets specific users by sending emails customized to the recipients, including their names and personal information.

c. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP.

Which of the following is false about the CompTIA Security+ certification? Select one: a. Security+ is one of the most widely acclaimed security certifications. b. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. c. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification. d. The Security+ certification is a vendor-neutral credential.

c. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.

Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats? Select one: a. Blue team b. White team c. Purple team d. Red team

c. Purple team

Which of the following manipulates the trusting relationship between web servers? Select one: a. SCSI b. EXMAL c. SSRF d. CSRF

c. SSRF

A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take? Select one: a. Scan all endpoint devices b. Scan only infrastructure devices for a very short time c. Scan the most important devices for as long as it takes for each device d. Scan all devices, each for a very short time

c. Scan the most important devices for as long as it takes for each device

Which of the following is true regarding the relationship between security and convenience? Select one: a. Security is less importance than convenience. b. Security and convenience are equal in importance. c. Security and convenience are inversely proportional. d. Security and convenience have no relationship.

c. Security and convenience are inversely proportional

Which of these would NOT be considered the result of a logic bomb? Select one: a. Delete all human resource records regarding Augustine one month after he leaves the company. b. Erase the hard drives of all the servers 90 days after Alfredo's name is removed from the list of current employees. c. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting. d. If the company's stock price drops below $50, then credit Oscar's retirement account with one additional year of retirement credit.

c. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.

Which stage conducts a test that will verify the code functions as intended? Select one: a. Production stage b. Development stage c. Staging stage d. Testing stage

c. Staging stage

Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS? Select one: a. AIP-TAR b. TCP-Over-Secure (ToP) c. TAXII d. STIX

c. TAXII

Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information? Select one: a. CISA b. FOIA c. TLP d. PCII

c. TLP

An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack? Select one: a. The attacker is using a buffer overflow to initiate an integer overflow attack that can allow access to private data on the local drive. b. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine. c. The attacker is using an integer overflow attack that will change the state of the local drive's memory. d. The attacker is using a buffer overflow to initiate an integer overflow attack that will give them access to the machine's OS code.

c. The attacker is using an integer overflow attack that will change the state of the local drive's memory.

Which of the following is NOT a limitation of a threat map? Select one: a. Threat actors usually mask their real locations so what is displayed on a threat map is incorrect. b. Many maps claim that they show data in real time, but most are simply a playback of previous attacks. c. They can be difficult to visualize. d. Because threat maps show anonymized data it is impossible to know the identity of the attackers or the victims.

c. They can be difficult to visualize.

How do vendors decide which should be the default settings on a system? a. The default settings are always mandated by industry standards. b. There is no reason behind why specific default settings are chosen. c. Those settings that provide the means by which the user can immediately begin to use the product. d. Those that are the most secure are always the default settings.

c. Those settings that provide the means by which the user can immediately begin to use the product.

Attackers have taken over a site commonly used by an enterprise's leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so taking this site will allow for attacks on many organizations. Which type of malicious activity is this? Select one: a. Vishing b. Spear phishing c. Watering hole d. Hoax

c. Watering hole

The files in James's computer were found spreading within the device without any human action. As an engineer, you were requested to identify the problem and help James resolve it. During file code inspection, you noticed that certain types of files in the computer have similar codes. You found that the problem is coming from a set of codes that are not part of the actual files, appended at the bottom of the file. You also noticed a transfer control code written at the beginning of the files giving control to the code at the bottom of the file. Which type of infection is this a characteristic of? Select one: a. This is a typical characteristic of a spyware infection in the endpoint device. b. This is a typical characteristic of files infected by keystrokes in an endpoint. c. This is a typical characteristic exhibited by files attacked by ransomware in the device. d. This is a typical characteristic of an endpoint device infected with a file-based virus attack.

d. This is a typical characteristic of an endpoint device infected with a file-based virus attack.

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. a. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources b. through a long-term process that results in ultimate security c. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network d. through products, people, and procedures on the devices that store, manipulate, and transmit the information

d. through products, people, and procedures on the devices that store, manipulate, and transmit the information

Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports back that he was unable to find anything due to how looking for information on the dark web is different from using the regular web. Which of the following is not different about looking for information on the dark web? Select one: a. Dark web merchants open and close their sites without warning. b. The naming structure is different on the dark web. c. It is necessary to use Tor or IP2. d. Dark web search engines are identical to regular search engines.

d. Dark web search engines are identical to regular search engines.

Which of the following attacks targets the external software component that is a repository of both code and data? Select one: a. Device driver manipulation attack b. OS REG attack c. Application program interface (API) attack d. Dynamic-link library (DLL) injection attack

d. Dynamic-link library (DLL) injection attack

Which of the following is an attack vector used by threat actors to penetrate a system? Select one: a .Intimidation b. Phishing Incorrect. Phishing is a specific type of attack but not an actual vector type. c. Urgency d. Email

d. Email

Which type of malware relies on LOLBins? Select one: a. File-based virus b. PUP c. Bot d. Fileless virus

d. Fileless virus

Which of the following describes a memory leak attack? Select one: a. Memory leak attacks take advantage of the token generated and sent to the user's browser by the website as part of the authentication. b. In a memory leak attack, an attacker changes the variable's value to something outside the range the programmer had intended. c. A memory leak occurs when a process attempts to store data beyond a fixed-length storage buffer's boundaries. d In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.

d. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.

Which of the following describes a memory leak attack? Select one: a. Memory leak attacks take advantage of the token generated and sent to the user's browser by the website as part of the authentication. b. In a memory leak attack, an attacker changes the variable's value to something outside the range the programmer had intended. c. A memory leak occurs when a process attempts to store data beyond a fixed-length storage buffer's boundaries. d. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.

d. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.

An IOC occurs when what metric exceeds its normal bounds? Select one: a. LRG b. IRR c. EXR d. KRI

d. KRI

Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet? Select one: a. Malware b. Spam c. Ad fraud d. LOLBins

d. LOLBins

Which of the following computing platforms is highly vulnerable to attacks? Select one: a. Hybrid b. Cloud c. On-premises d. Legacy

d. Legacy

Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed? Select one: a. Only look at the highest priority vulnerability b. Escalate the situation to a higher analyst c. Only look at the accuracy of the vulnerability d. Look at the priority and the accuracy of the vulnerability

d. Look at the priority and the accuracy of the vulnerability

Which of the following is not a reason why a legacy platform has not been updated? a. Neglect b. An application only operates on a specific OS version c. Limited hardware capacity d. No compelling reason for any updates

d. No compelling reason for any updates

Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this? Select one: a. Keylogger b. Bot c. Spyware d. PUP

d. PUP

Which of the following groups have the lowest level of technical knowledge? a. Insiders b. State actors c. Hactivists d. Script kiddies

d. Script kiddies

Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system: On booting the computer, the following message was flashing on the computer screen with the IRS logo: "This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of the law. You may make a secure payment by clicking on the following link. If you face any issues, you may reach out to us at [email protected]."The message will not close, nor is there access to applications or files on the computer; however, James can open shared files and folders on Smitha's computer through the network. What is your inference about the problem faced by Smitha on her computer? Select one: a. Smitha's computer is compromised by a PUP. b. Smitha's computer is compromised by crypto malware. c. Smitha's computer is compromised by spyware. d. Smitha's computer is compromised by ransomware.

d. Smitha's computer is compromised by ransomware.

Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system: On booting the computer, the following message was flashing on the computer screen with the IRS logo: "This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of the law. You may make a secure payment by clicking on the following link. If you face any issues, you may reach out to us at [email protected]."The message will not close, nor is there access to applications or files on the computer; however, James can open shared files and folders on Smitha's computer through the network. What is your inference about the problem faced by Smitha on her computer? Select one: a. Smitha's computer is compromised by a PUP. b. Smitha's computer is compromised by crypto malware. c. Smitha's computer is compromised by spyware. d. Smitha's computer is compromised by ransomware.

d. Smitha's computer is compromised by ransomware.

Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company's IM account. Even though no one has clicked on the messages, they are spreading throughout the network. Which type of malicious activity is this? Select one: a. Vishing b. Spear phishing c. Whaling d. Spimming

d. Spimming

Which of the following is not an improvement of UEFI over BIOS? Select one: a. Access larger hard drives b. Stronger boot security c. Networking functionality in UEFI d. Support of USB 3.0

d. Support of USB 3.0

What is the term used to describe the connectivity between an organization and a third party? a. Network layering b. Resource migration c. Platform support d. System integration

d. System integration

A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation? Select one: a. This is a software keylogger attack, as it is sharing the information every three hours to the attacker. b. This is a hardware keylogger attack, as video capture functionality and periodic transfer of data are not possible with a software keylogger. c. This is a hardware keylogger attack; it is only periodically sharing the information and is a manual transfer of information by a human agent. d. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.

d. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.

The files in James's computer were found spreading within the device without any human action. As an engineer, you were requested to identify the problem and help James resolve it. During file code inspection, you noticed that certain types of files in the computer have similar codes. You found that the problem is coming from a set of codes that are not part of the actual files, appended at the bottom of the file. You also noticed a transfer control code written at the beginning of the files giving control to the code at the bottom of the file. Which type of infection is this a characteristic of? Select one: a. This is a typical characteristic of a spyware infection in the endpoint device. b. This is a typical characteristic of files infected by keystrokes in an endpoint. c. This is a typical characteristic exhibited by files attacked by ransomware in the device. d. This is a typical characteristic of an endpoint device infected with a file-based virus attack.

d. This is a typical characteristic of an endpoint device infected with a file-based virus attack.

What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation? Select one: a. Using Wireshark for detecting hidden and persistent threats from a network b. Using SIEM for combining many logs into one record based on IP addresses, usernames, and port numbers c. Using Cisco Firepower for computationally identifying and categorizing opinions, usually expressed in response to textual data, to determine the writer's attitude toward a particular topic Incorrect. CISCO Firepower is an IPS tool which cannot be used to perform sentiment analysis. d. Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data

d. Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data

Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? Select one: a. Gray hat hackers b. Black hat hackers c. Red hat hackers d. White hat hackers

d. White hat hackers