1.3_ Certifications and Security+

Question 1

What are some jobs that may require the Security+ certification?

Answer 1

Security Architect
Security Engineer
Security Consultant
Security Specialist
Information Security Analyst
Security Administrator

Question 2

As of December 2019, what was the average annual pay for an information security analyst?

Answer 2

$98,735

Question 3

How many topics are in the Secuirty+ exam?

Answer 3

There are 6:
1. Threats, Attacks and Vulnerabilities (21%)
2 .Technology and Tools (22%)
3. Architecture and Design (15%)
4. Identity and Access Management (16%)
5. Risk Access Management (14%)
6. Cryptography and PKI (12%)

Question 4

Which of the following describes a logic bomb?

1. A program that performs a malicious activity at a specifictime or after triggering an event.
2. A type of malicious code similar to a virus whose
   primary purpose is to duplicate itself, and spread
   while not necessarily internally damaging or destroying resources.
3. A program that appears to be a legitimate application,
   utility, game or screen saver that performs malicious activities surreptitiously.
4. A program that has no useful purpose, but attempts
   to spread itself to other systems and often damages resources on the system where it is found.

Answer 4

1. A program that performs a malicious activity at a specifictime or after triggering an event.

Question 5

Scenario: You are responsible for security at a small
organization and have been tasked with implementing a
security policy. Place the actions of organizing a security
policy in their appropriate order. Note that there are five
options, but you need to choose four.

Answer 5

Step 1: Obtain support and commitment from management
Step 2: Analyze risks to security Implement appropriate controls
Step 3: Implement appropriate controls
Step 4: Review, test, and update procedures

Question 6

Of vulnerability, threat, or exploit, and risk, which would be assessed by the likelihood and impact?

1. Vulnerability
2. Risk
3. Threat
4. Exploit

Answer 6

2. Risk

Question 7

Name all 5 Threat Actors

Answer 7

• The Lone Hacker (Black Hat / Script kiddies)
• Organized Cyber Crimes
• Nation State
• Hacktivist
• Competitor

Question 8

What’s the difference between a virus and a worm?

Answer 8

Viruses are programs that copies itself onto another computer system and need to be executed, whereas a worm does not need to attach itself to an executable file and instead can replicate over network resources.

Question 9

What are the three ways viruses can damage the infected hosts?

Answer 9

1. Slowing down the host by using up a computer’s resources, such as CPU and RAM.
2. Denial of Service Attacks (DoS): Shutting down the host by using up all of its resources or destroying essential files.
3. Ransomware “Scrambling” data on the host so that users can’t read it, and demanding money to “unscramble” it.

Question 10

True or False:

All virus types need to infect a host, which can be distributed in a number of ways, such as on a disk, a network, or as an email or message attachment.

Answer 10

True

For example, email attachment viruses, which are usually a program or macro viruses hosted in an attached file, can use the infected victim’s list of email contacts to spoof the sender’s address when replicating.

Question 11

True or False:

A virus can have a payload that executes when the virus is activated. The payload can perform any action available to the host process.

Answer 11

True

Question 12

What is a Worm?

Answer 12

A worm is a self-replicating program. It is considered a memory-resident virus. A worm does not need to attach itself to an executable file and instead can replicate over network resources.

Question 13

True or False:

A worm attaches itself to a host.

Answer 13

False

A virus attaches itself to a host.

Question 14

True or False:

Once on a computer, a worm does not need human interaction.

Answer 14

True

Question 15

True or False:

A virus automatically. replicates itself and can travel
across computer networks without human interaction.

Answer 15

False

A worm automatically. replicates itself and can travel
across computer networks without human interaction.

Question 16

True or False:

A worm is known for having .bat file extension interaction.

Answer 16

False

A virus is known for having .bat file extension interaction.

Question 17

Since viruses and worms are merely programming scripts, is every OS vulnerable?

Answer 17

YES

Question 18

Is a virus self-replicating?

Answer 18

NO

Question 19

What is a trojan?

Answer 19

A Trojan is a program that typically hides within something else. They can be embedded within a downloadable object, such as a game or screensaver.

Question 20

What does RAT stand for and what is it?

Answer 20

Remote Access Trojans (RAT) function as backdoor applications. Once this Trojan backdoor is installed, the attacker can access the victim’s computer and install files and software on it.

• The RAT needs to establish a covert channel from the victim’s host to a Command and Control (C2 or C&C) host or network operated by the attacker. Identifying a network connection is usually the best indicator that a RAT has compromised a victim’s computer.

Question 21

What is botonets?

Answer 21

Botnets are two or more zombie computers that are remotely controlled by an attacker.

Question 22

What does zombie refer to?

Answer 22

When the attacker is able to send remote commands to the victim’s computer, the computer is called a zombie. This can be used for many purposes, such as downloading additional malicious programs.

Question 23

A program that gains a foothold into the victim’s system, and can be installed with or without the user’s knowledge, monitoring user activity and send the information to an external source is called what?

Answer 23

Spyware

Question 24

Explain Keyloggers?

Answer 24

Keyloggers actively attempt to steal confidential information by capturing the keystrokes of the victim. Keyloggers are considered a type of spyware, as they are hidden on the remote computer system and used to discreetly capture the victims information.

Question 25

What is Adware?

Answer 25

Adware is any type of software or browser plugin that displays or downloads advertisements via pop-ups. Some can act like spyware, for example, by tracking websites that a user visits.

Question 26

Ture or False:

Programmers create backdoors in software application for testing and development, but do not always remove them when the application is deployed.

Answer 26

True

Question 27

What are rootkits?

Answer 27

Rootkits are a type of backdoor that are more difficult to detect and remove. They remain undetected by:

• Changing core system files and programming interfaces. The local shell processes can’t show their presence if run from an infected machine.
• Using tools that clean system logs.

Question 28

These are installed into the kernel of an operating system, which means that they can infect a machine through a corrupted device driver or kernel patch.

Answer 28

Rootkits

While less effective, some rootkits can operate in user mode, meaning that they can replace key utilities or less-privileged drivers.

Question 29

What’s the difference between vulnerabilities and exploits?

Answer 29

Vulnerabilities are weaknesses that can be exploited by an attacker.

Exploits are how actors attack computer systems.

Question 30

Risks can include what known kept vulnerabilities?

Answer 30

Risks can include known kept vulnerabilities.

• These vulnerabilities are kept because it would either cost the business too much to protect against them, or the business would not be able to operate without the risk.
• Risks can be reduced, but it’s impossible to fully remove all risks in an organization.
• Organizations have a formula to calculate risks: Risk = Likelihood × Impact.

Question 31

What does APT stand for?

Answer 31

Advanced Persistent Threat (APT)

Question 32

Which of the following is a type of a classic virus that infects executable files, and upon execution of an infected file, infects other files.

1. Macro viruses
2. Metamorphic viruses
3. File-infecting or classic viruses
4. Crypto-malware

Answer 32

3. File-infecting or classic viruses

Question 33

a rootkit is a particularly dangerous type of malware. What makes it so dangerous?

1. It takes control of a system at the lowest levels while
   attempting to hide from detection.
2. It attaches to files and spread from one computer to another.
3. It generates unsolicited advertisements that direct users to sites infected with malware.
4. It records all keystrokes made by a user, exposing that user’spasswords.

Answer 33

1. It takes control of a system at the lowest levels while

attempting to hide from detection.