1.2 Given a scenario, analyze potential indicators to determine the type of attack. Flashcards

1
Q

An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select all that apply.)

A

A dictionary word

A rainbow table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An IT staff member used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user received pop-up ads, frequent crashes, slow computer performance, and strange services running when the staff member turns on the computer. What most likely happened to cause these issues?

A

The user installed Trojan horse malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A user purchased a laptop from a local computer shop. After powering on the laptop for the first time, the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT security specialist classify these programs?

A

PUP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of brute force attack aims at exploiting collisions in hash functions?

A

birthday attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security operations center (SOC) analyst investigates the propagation of a memory-resident virus across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service (DoS). What type of virus is this?

A

a worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A cybersecurity department received alerts about browser pop-ups on users’ computers. After further investigation, the security analysts discovered that websites they visit on the compromised machines redirect them to malicious websites due to modified DNS (Domain Name System) queries. Which of the following most likely infected the computers?

A

spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A hacker is using a password spraying attack to gain access to a remote computer connected to the company network. Which of the following attack characteristics describes the actions of the hacker in this case?

A

Using multiple usernames and passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of attack can facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths?

A

a downgrade attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An attacker facilitated a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths. What type of attack does this describe?

A

a downgrade attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user’s Windows computer. What type of malware did the attacker install on the victim host?

A

rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is a way to protect against birthday attacks?

A

Encryption algorithms, demonstrating collision avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

During an internal investigation, a security specialist discovered a malicious backdoor script on a system administrator’s machine that executes if the admin’s account becomes disabled. What type of malware did the specialist discover?

A

a logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An attacker installs Trojan malware that can execute remote backdoor commands, such as the ability to upload files and install software to a victim PC. What type of Trojan malware is this?

A

remote access trojan (RAT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?

A

a rainbow table attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If a hacker compromised multiple computers with Trojan malware to create a botnet, what type of attack can the hacker launch?

A

distributed denial of service (DDoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A script kiddie installed a backdoor on a victim’s computer that enabled the attacker to remotely access the PC, upload files, and install software on it. What kind of malware did the script kiddie install?

A

remote access trojan (RAT)

17
Q

A few end-users contacted the cybersecurity department about browser pop-ups on their computer and explained that some websites they visit redirect them to other sites they did not intend to navigate. The security team confirmed the pop-ups and noted modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users’ computers?

A

Spyware infected the computers.

18
Q

Through backdoor Trojan malware infections, an attacker compromised multiple computers to form zombie agent PCs with tools to create a botnet. Which of the following attacks can the hacker launch?

A

Distributed Denial of Service (DDoS)

19
Q

An attacker is planning to set up a backdoor that will infect a set of specific computers at an organization, to inflict a set of other intrusion attacks remotely. Which of the following will support the attackers’ plan? (Select all that apply.)

A

Command & Control

Computer Bots

20
Q

A hacker is trying to gain remote access to a company computer by trying brute force password attacks using multiple passwords in conjunction with multiple usernames. What specific type of password attack is the hacker most likely performing?

A

password spraying attack

21
Q

What type of attack is occuring when a counterfeit card reader is in use?

A

skimming

22
Q

If a user’s computer becomes infected with a botnet, which of the following can this compromise allow the attacker to do? (Select all that apply.)

A

Launch a Distributed Denial of Service (DDoS) attack

Launch a mass-mail spam attack

Establish a connection with a Command and Control server

23
Q

An end-user installed an application and began receiving pop-up ads, frequent crashes, slow computer performance, and strange services running. Which of the following most likely describes what occurred to cause these problems?

A

The user installed Trojan horse malware.

24
Q

If a user’s device becomes infected with crypto-malware, which of the following is the best way to mitigate this compromise?

A

Have up-to-date backups of the encrypted files.

25
Q

What can an attacker do to acquire a duplicate of another user’s smart card?

A

clone it.

26
Q

A fileless malicious software can replicate between processes in memory on a local host or over network shares. What other behaviors and techniques would classify a malware as fileless rather than a normal virus? (Select all that apply.)

A

Uses “live off the land” techniques

Runs lightweight shellcode

Uses low observable characteristic attacks

27
Q

An attacker compromised a series of computers with a botnet and installed Remote Access Trojans (RATs) on them. What else can the attacker now do with this type of malicious network? (Select all that apply.)

A

Launch a Distributed Denial of Service (DDoS) attack

Launch a mass-mail spam attack

Establish a connection with a Command and Control server

28
Q

A fileless malware can act like a worm. What behaviors and techniques would differentiate a fileless malware and a normal virus? (Select all that apply.)

A

Uses “live off the land” techniques

Runs lightweight shellcode

Uses low observable characteristic attacks