2 Flashcards

1
Q

What is a PUP?

A
  • A type of computer program not explicitly classified as malware by AV software
  • A type of software that may adversely affect the computer’s security and performance, compromise user’s privacy, or display unsolicited ads
  • An application downloaded and installed with the user’s consent (legal app)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of malware resides only in RAM?

A

Fileless virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the function of a C2 server?

A

Botnet control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A malware-infected network host under remote control of a hacker is commonly referred to as:

A

Bot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following applies to a collection of intermediary compromised systems that can be used as a platform for a DDoS attack?

A

Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is an example of cryptomalware?

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Malicious code activated by a specific event is called:

A

Logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Malicious software collecting information about users without their knowledge/consent is known as:

A

Spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is an example of spyware?

A

Keylogger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of Trojan enables unauthorized remote access to a compromised system?

A

** RAT **

Remote access trojans (RATs) give the attacker access to a variety of information on the infected device, including text messages, emails, contact lists, GPS location, camera feeds, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:

A

** RootKit **

A rootkit is a malicious piece of software that’s designed to give admin control of the targeted system to an attacker while remaining hidden

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?

A

** Backdoor **

Backdoor Trojans are malicious software programs designed to grant unwanted access for a remote attack. Remote attackers can send commands or leverage full control over a compromised computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A short list of commonly used passwords tried against large number of user accounts is a characteristic feature of:

A

** Spraying attack **

A password spraying attack is a type of brute force attack where a hacker, much like the name implies, “sprays” an authentication server with combinations of usernames and common passwords. Attackers often run through lists of commonly used passwords available on the web.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which password attack bypasses account-lockout policies?

A

** Spraying attack **

A password spraying attack is a type of brute force attack where a hacker, much like the name implies, “sprays” an authentication server with combinations of usernames and common passwords. Attackers often run through lists of commonly used passwords available on the web.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which password attack takes advantage of a predefined list of words?

A

** Dictionary attack **

A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline.

A

True

17
Q

An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as:

A

Brute-force attack

18
Q

Rainbow tables are lookup tables used to speed up the process of password guessing

A

True

19
Q

Which of the following refers to the contents of a rainbow table entry?

A

Hash/Password

20
Q

In cryptography, the term “Plaintext” is used to describe data in an unencrypted form.

A

True

21
Q

Due to added functionality in its plug, malicious USB cable can be used for:

  • GPS tracking
  • Capturing keystrokes
  • Sending and receiving commands
  • Delivering and executing malware
    ** Any of the above **
A
  • GPS tracking
  • Capturing keystrokes
  • Sending and receiving commands
  • Delivering and executing malware
    ** Any of the above **
22
Q

Which of the following terms is used to describe the theft of personal data from a payment card?

A

Skimming

23
Q

The practice of making an unauthorized copy of a payment card is referred to as:

A

Cloning

24
Q

An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:

A

** ML **

In security, machine learning continuously learns by analyzing data to find patterns so we can better detect malware in encrypted traffic, find insider threats, predict where “bad neighborhoods” are online to keep people safe when browsing, or protect data in the cloud by uncovering suspicious user behavior.

25
Q

Which cryptographic attack relies on the concepts of probability theory?

A

** Birthday **

A method of cracking cryptographic algorithms through matches in hash functions. It is based on the birthday paradox, according to which the probability of two people sharing a birthday is far higher than it seems — for a group of 23 people, for example, the probability is 50%.