1. Which is an example of social engineering?

  • A. A computer displaying unauthorized pop-ups and adware
  • B. An anonymous programmer directing a DDoS attack on a data center
  • C. The infection of a computer by a virus carried by a Trojan
  • D. An unidentified person claiming to be a technician collecting user information from employees

A social engineer attempts to gain the confidence of an employee and convince that person to divulge confidential and sensitive information, such as usernames and passwords. DDoS attacks, pop-ups, and viruses are all examples of software based security threats, not social engineering.

2. What is a significant characteristic of virus malware?

  • A. A virus can execute independently of the host system.
  • B. Once installed on a host system, a virus will automatically propagate itself to other systems.
  • C. Virus malware is only distributed over the Internet.
  • D. A virus is triggered by an event on the host system.

A virus is malicious code that is attached to a legitimate program or executable file, and requires specific activation, which may include user actions or a time-based event. When activated, a virus can infect the files it has not yet infected, but does not automatically propagate itself to other systems. Self-propagation is a feature of worms. In addition to being distributed over the Internet, viruses are also spread by USB memory sticks, CDs, and DVDs.

3. Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?

  • A. Denial of service attack
  • B. IP spoofing attack
  • C. Buffer overflow attack
  • D. Port redirection attack
  • E. Brute-force attack
  • F. Packet sniffer attack

An access attack tries to affect services that affect entry into accounts, databases, and other sensitive information. Access attacks commonly involve a dictionary ths is used to guess a specific user password. A brute-force access attack would try to access an account via repeated attempts.

4. What is the purpose of a reconnaissance attack on a computer network?

  • A. To gather information about the target network and system
  • B. To prevent users from accessing network resources
  • C. To redirect data traffic so that it can be monitored
  • D. To steal data from the network servers

Preventing users from accessing network resources is a denial of service attack. Being able to steal data from the network servers may be the objective after a reconnaissance attack gathers information about the target network and system. Redirecting data traffic so it can be monitored is a man-in-the middle attack.

5. To which category of security attacks does man-in-the-middle belong?

  • A. Reconnaissance
  • B. Social engineering
  • C. DoS
  • D. Access

With a man-in-the-middle attack, a threat actor is positioned in between two legitimate entities in order to read, modify, or redirect the data that passes between the two parties.

6. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

  • A. Vishing
  • B. Backdoor
  • C. Trojan
  • D. Phishing

Phishing is used by malicious parties who create fraudulent messages that attempt to trick a user into either sharing sensitive information or installing malware.

7. What is the primary goal of a DoS attack?

  • A. To facilitate access to external networks
  • B. To obtain all addresses in the address book within the server
  • C. To prevent the target server from being able to handle additional requests
  • D. To scan the data on the target server

A denial of service (DoS) attack attempts to overwhelm a system or process by sending large amounts of data or requests to the target. The goal is to keep the system so overwhelmed handling false requests that it is unable to respond to legitimate ones.

8. What is the best description of Trojan horse malware?

  • A. It is software that causes annoying but not fatal computer problems.
  • B. It is malware that can only be distributed over the Internet.
  • C. It is the most easily detected form of malware.
  • D. It appears as useful software but hides malicious code.

The best description of Trojan horse malware, and what distinguishes it from viruses and worms, is that it appears as useful software but hides malicious code. Trojan horse malware may cause annoying computer problems, but can also cause fatal problems. Some Trojan horses may be distributed over the Internet, but they can also be distributed by USB memory sticks and other means. Specifically targeted Trojan horse malware can be some of the most difficult malware to detect.

9. Which tool is used to provide a list of open ports on network devices?

  • A. Nmap
  • B. Tracert
  • C. Ping
  • D. Whois

The Nmap tool is a port scanner that is used to determine which ports are open on a particular network device. A port scanner is used before launching an attack.

10. When describing malware, what is a difference between a virus and a worm?

  • A. A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
  • B. A virus can be used to deliver advertisements without user consent, whereas a worm cannot.
  • C. A virus focuses on gaining privileged access to a device, whereas a worm does not.
  • D. A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks.

Malware can be classified as follows:

  • Virus (self replicates by attaching to another program or file)
  • Worm (replicates independently of another program)
  • Trojan Horse (masquerades as a legitimate file or program)
  • Rootkit (gains privileged access to a machine while concealing itself)
  • Spyware (collects information from a target system)
  • Adware (delivers advertisements with or without consent)
  • Bot (waits for commands from the hacker)
  • Ransomware (holds a computer system or data captive until payment is received)

11. What is the main goal of using different evasion techniques by threat actors?

  • A. To prevent detection by network and host defenses
  • B. To identify vulnerabilities of target systems
  • C. To gain the trust of a corporate employee in an effort to obtain credentials
  • D. To launch DDoS attacks on targets

Many threat actors use stealthy evasion techniques to disguise an attack payload because  the malware and attack methods are most effective if they are undetected. The goal is to prevent detection by network and host defenses.

12. What is the purpose of a rootkit?

  • A. To masquerade as a legitimate program
  • B. To replicate itself independently of any other programs
  • C. To gain privileged access to a device while concealing itself
  • D. To deliver advertisements without user consent

Malware can be classified as follows:

  • Virus (self replicates by attaching to another program or file)
  • Worm (replicates independently of another program)
  • Trojan Horse (masquerades as a legitimate file or program)
  • Rootkit (gains privileged access to a machine while concealing itself)
  • Spyware (collects information from a target system)
  • Adware (delivers advertisements with or without consent)
  • Bot (waits for commands from the hacker)
  • Ransomware (holds a computer system or data captive until payment is received)ent)

13. In what way are zombies used in security attacks?

  • A. In what way are zombies used in security attacks?
  • B. They target specific individuals to gain corporate or personal information.
  • C. They are infected machines that carry out a DDoS attack.
  • D. They probe a group of machines for open ports to learn which services are running.

Zombies are infected computers that make up a botnet. The zombies are used to deploy a distributed denial of service (DDoS) attack.