Prac 3 Flashcards
(32 cards)
1
Q
- What word is used today to refer to network-connected hardware devices?
a. Host
b. Endpoint
c. Device
d. Client
A
2
Q
- Which of the following is NOT a characteristic of malware?
a. Deceive
b. Launch
c. Imprison
d. Diffusion
A
3
Q
- Gabriel’s sister called him about a message that suddenly appeared on her screen that says her
software license has expired and she must immediately pay $500 to have it renewed before control
of the computer will be returned to her. What type of malware has infected her computer?
a. Persistent lockware
b. Blocking ransomware
c. Cryptomalware
d. Impede-ware
A
4
Q
- Marius’s team leader has just texted him that an employee, who violated company policy by
bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up
with cryptomalware. Why would Marius consider this a dangerous situation?
a. It sets a precedent by encouraging other employees to violate company policy.
b. Cryptomalware can encrypt all files on any network that is connected to the employee’s
computer.
c. The organization may be forced to pay up to $500 for the ransom.
d. The employee would have to wait at least an hour before her computer could be restored.
A
5
Q
- Which of the following is known as a network virus?
a. TAR
b. Worm
c. Remote exploitation virus (REV)
d. C&C
A
6
Q
- Randall’s roommate is complaining to him about all of the software that came pre-installed on his
new computer. He doesn’t want the software because it slows down the computer. What type of
software is this?
a. Spyware
b. Bot
c. PUP
d. Keylogger
A
7
Q
- What is the difference between a Trojan and a RAT?
a. There is no difference.
b. A RAT gives the attacker unauthorized remote access to the victim’s computer.
c. A Trojan can carry malware while a RAT cannot.
d. A RAT can infect only a smartphone and not a computer.
A
8
Q
- Which of these would NOT be considered the result of a logic bomb?
a. Send an email to Rowan’s inbox each Monday morning with the agenda of that week’s
department meeting.
b. If the company’s stock price drops below $50, then credit Oscar’s retirement account with one
additional year of retirement credit.
c. Erase the hard drives of all the servers 90 days after Alfredo’s name is removed from the list of
current employees.
d. Delete all human resource records regarding Augustine one month after he leaves the company.
A
9
Q
- Which of the following attacks is based on a website accepting user input without sanitizing it?
a. RSS
b. XSS
c. SQLS
d. SSXRS
A
10
Q
- Which of the following attacks is based on the principle that when a user is currently
authenticated on a website and then loads another webpage, the new page inherits the identity and
privileges of the first website?
a. SSFR
b. DLLS
c. CSRF
d. DRCR
A
11
Q
- Which of the following manipulates the trusting relationship between web servers?
a. SSRF
b. CSRF
c. EXMAL
d. SCSI
A
12
Q
- Which type of memory vulnerability attack manipulates the “return address” of the memory
location of a software program?
a. Shim overflow attack
b. Factor overflow attack
c. Integer overflow attack
d. Buffer overflow attack
A
13
Q
- Which of the following is technology that imitates human abilities?
a. AI
b. ML
c. RC
d. XLS
A
14
Q
- Which statement regarding a keylogger is NOT true?
a. Software keyloggers can be designed to send captured information automatically back to the
attacker through the Internet.
b. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB
port.
c. Software keyloggers are generally easy to detect.
d. Keyloggers can be used to capture passwords, credit card numbers, or personal information.
A
15
Q
- An IOC (indicator of compromise) occurs when what metric exceeds its normal bounds?
a. IRR
b. LRG
c. EXR
d. KRI
A
16
Q
- What are the two concerns about using public information sharing centers?
a. Cost and availability
b. Privacy and speed
c. Security and privacy
d. Regulatory approval and sharing
A
17
Q
- Oskar has been receiving emails about critical threat intelligence information from a public
information sharing center. His team leader has asked him to look into how the process can be
automated so that the information can feed directly into their technology security. What technology
will Oskar recommend?
a. Automated Indicator Sharing (AIS)
b. Bidirectional Security Protocol (BSP)
c. Linefeed Access
d. Lightwire JSON Control
A
18
Q
- What are the two limitations of private information sharing centers?
a. Access to data and participation
b. Government approval and cost
c. Timing of reports and remote access
d. Bandwidth and CPU
A
19
Q
- Which of the following is NOT a limitation of a threat map?
a. Many maps claim that they show data in real time, but most are simply a playback of previous
attacks.
b. Because threat maps show anonymized data it is impossible to know the identity of the attackers
or the victims.
c. They can be difficult to visualize.
d. Threat actors usually mask their real locations so what is displayed on a threat map is incorrect.
A
20
Q
- Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their
organization. The next week, Luca reports back that he was unable to find anything due to how
looking for information on the dark web is different from using the regular web. Which of the
following is not different about looking for information on the dark web?
a. It is necessary to use Tor or IP2.
b. Dark web search engines are identical to regular search engines.
c. Dark web merchants open and close their sites without warning.
d. The naming structure is different on the dark web.
A
21
Q
- Which of the following is not an improvement of UEFI over BIOS?
a. Stronger boot security
b. Networking functionality in UEFI
c. Access larger hard drives
d. Support of USB 3.0
A
22
Q
- Which boot security mode sends information on the boot process to a remote server?
a. UEFI Native Mode
b. Secure Boot
c. Trusted Boot
d. Measured Boot
A
23
Q
- Which of the following is NOT an important OS security configuration?
a. Employing least functionality
b. Disabling default accounts
c. Disabling unnecessary services
d. Restricting patch management
A
24
Q
- Which stage conducts a test that will verify the code functions as intended?
a. Production stage
b. Testing stage
c. Staging stage
d. Development stage
A
25
25. Which model uses a sequential design process?
a. Secure model
b. Agile model
c. Rigid model
d. Waterfall model
26
26. Which of the following is NOT an advantage to an automated patch update service?
a. Downloading patches from a local server instead of using the vendor’s online update service can
save bandwidth and time because each computer does not have to connect to an external server.
b. Specific types of updates that the organization does not test, such as hotfixes, can be
automatically installed whenever they become available.
c. Users can disable or circumvent updates just as they can if their computer is configured to use the
vendor’s online update service.
d. Administrators can approve or decline updates for client systems, force updates to install by a
specific date, and obtain reports on what updates each computer needs.
27
27. What type of analysis is heuristic monitoring based on?
a. Dynamic analysis
b. Static analysis
c. Code analysis
d. Input analysis
28
28. Which of these is a list of preapproved applications?
a. Greenlist
b. Redlist
c. Blacklist
d. Whitelist
29
29. What is the advantage of a secure cookie?
a. It cannot be stored on the local computer without the user’s express permission.
b. It is sent to the server over HTTPS.
c. It is analyzed by AV before it is transmitted.
d. It only exists in RAM and is deleted once the web browser is closed.
30
30. Which of the following tries to detect and stop an attack?
a. HIDS
b. HIPS
c. RDE
d. SOMA
31
31. Which of the following is FALSE about a quarantine process?
a. It holds a suspicious application until the user gives approval.
b. It can send a sanitized version of the attachment.
c. It can send a URL to the document that is on a restricted computer.
d. It is most often used with email attachments.
32
