1.2 Given a scenario, analyze potential indicators to determine the type of attack. Flashcards
An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select all that apply.)
A dictionary word
A rainbow table
An IT staff member used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user received pop-up ads, frequent crashes, slow computer performance, and strange services running when the staff member turns on the computer. What most likely happened to cause these issues?
The user installed Trojan horse malware.
A user purchased a laptop from a local computer shop. After powering on the laptop for the first time, the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT security specialist classify these programs?
PUP
What type of brute force attack aims at exploiting collisions in hash functions?
birthday attacks
A security operations center (SOC) analyst investigates the propagation of a memory-resident virus across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service (DoS). What type of virus is this?
a worm
A cybersecurity department received alerts about browser pop-ups on users’ computers. After further investigation, the security analysts discovered that websites they visit on the compromised machines redirect them to malicious websites due to modified DNS (Domain Name System) queries. Which of the following most likely infected the computers?
spyware
A hacker is using a password spraying attack to gain access to a remote computer connected to the company network. Which of the following attack characteristics describes the actions of the hacker in this case?
Using multiple usernames and passwords
What type of attack can facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths?
a downgrade attack
An attacker facilitated a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths. What type of attack does this describe?
a downgrade attack
An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user’s Windows computer. What type of malware did the attacker install on the victim host?
rootkit
Which of the following is a way to protect against birthday attacks?
Encryption algorithms, demonstrating collision avoidance
During an internal investigation, a security specialist discovered a malicious backdoor script on a system administrator’s machine that executes if the admin’s account becomes disabled. What type of malware did the specialist discover?
a logic bomb
An attacker installs Trojan malware that can execute remote backdoor commands, such as the ability to upload files and install software to a victim PC. What type of Trojan malware is this?
remote access trojan (RAT)
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?
a rainbow table attack
If a hacker compromised multiple computers with Trojan malware to create a botnet, what type of attack can the hacker launch?
distributed denial of service (DDoS)