1.3_ Certifications and Security+ Flashcards
What are some jobs that may require the Security+ certification?
Security Architect Security Engineer Security Consultant Security Specialist Information Security Analyst Security Administrator
As of December 2019, what was the average annual pay for an information security analyst?
$98,735
How many topics are in the Secuirty+ exam?
There are 6: 1. Threats, Attacks and Vulnerabilities (21%) 2 .Technology and Tools (22%) 3. Architecture and Design (15%) 4. Identity and Access Management (16%) 5. Risk Access Management (14%) 6. Cryptography and PKI (12%)
Which of the following describes a logic bomb?
- A program that performs a malicious activity at a specifictime or after triggering an event.
- A type of malicious code similar to a virus whose
primary purpose is to duplicate itself, and spread
while not necessarily internally damaging or destroying resources. - A program that appears to be a legitimate application,
utility, game or screen saver that performs malicious activities surreptitiously. - A program that has no useful purpose, but attempts
to spread itself to other systems and often damages resources on the system where it is found.
- A program that performs a malicious activity at a specifictime or after triggering an event.
Scenario: You are responsible for security at a small
organization and have been tasked with implementing a
security policy. Place the actions of organizing a security
policy in their appropriate order. Note that there are five
options, but you need to choose four.
Step 1: Obtain support and commitment from management
Step 2: Analyze risks to security Implement appropriate controls
Step 3: Implement appropriate controls
Step 4: Review, test, and update procedures
Of vulnerability, threat, or exploit, and risk, which would be assessed by the likelihood and impact?
- Vulnerability
- Risk
- Threat
- Exploit
- Risk
Name all 5 Threat Actors
- The Lone Hacker (Black Hat / Script kiddies)
- Organized Cyber Crimes
- Nation State
- Hacktivist
- Competitor
What’s the difference between a virus and a worm?
Viruses are programs that copies itself onto another computer system and need to be executed, whereas a worm does not need to attach itself to an executable file and instead can replicate over network resources.
What are the three ways viruses can damage the infected hosts?
- Slowing down the host by using up a computer’s resources, such as CPU and RAM.
- Denial of Service Attacks (DoS): Shutting down the host by using up all of its resources or destroying essential files.
- Ransomware “Scrambling” data on the host so that users can’t read it, and demanding money to “unscramble” it.
True or False:
All virus types need to infect a host, which can be distributed in a number of ways, such as on a disk, a network, or as an email or message attachment.
True
For example, email attachment viruses, which are usually a program or macro viruses hosted in an attached file, can use the infected victim’s list of email contacts to spoof the sender’s address when replicating.
True or False:
A virus can have a payload that executes when the virus is activated. The payload can perform any action available to the host process.
True
What is a Worm?
A worm is a self-replicating program. It is considered a memory-resident virus. A worm does not need to attach itself to an executable file and instead can replicate over network resources.
True or False:
A worm attaches itself to a host.
False
A virus attaches itself to a host.
True or False:
Once on a computer, a worm does not need human interaction.
True
True or False:
A virus automatically. replicates itself and can travel
across computer networks without human interaction.
False
A worm automatically. replicates itself and can travel
across computer networks without human interaction.
True or False:
A worm is known for having .bat file extension interaction.
False
A virus is known for having .bat file extension interaction.
Since viruses and worms are merely programming scripts, is every OS vulnerable?
YES
Is a virus self-replicating?
NO
What is a trojan?
A Trojan is a program that typically hides within something else. They can be embedded within a downloadable object, such as a game or screensaver.
What does RAT stand for and what is it?
Remote Access Trojans (RAT) function as backdoor applications. Once this Trojan backdoor is installed, the attacker can access the victim’s computer and install files and software on it.
• The RAT needs to establish a covert channel from the victim’s host to a Command and Control (C2 or C&C) host or network operated by the attacker. Identifying a network connection is usually the best indicator that a RAT has compromised a victim’s computer.
What is botonets?
Botnets are two or more zombie computers that are remotely controlled by an attacker.
What does zombie refer to?
When the attacker is able to send remote commands to the victim’s computer, the computer is called a zombie. This can be used for many purposes, such as downloading additional malicious programs.
A program that gains a foothold into the victim’s system, and can be installed with or without the user’s knowledge, monitoring user activity and send the information to an external source is called what?
Spyware
Explain Keyloggers?
Keyloggers actively attempt to steal confidential information by capturing the keystrokes of the victim. Keyloggers are considered a type of spyware, as they are hidden on the remote computer system and used to discreetly capture the victims information.
