Analyzing Malicious Activity Flashcards
What is the purpose of using the Tor browser? Choose more than one option.
A. Dark web content is accessible
B. To increase the speed of loading web pages
C. Regular web content is not accessible
D. Visted websites are unaware of the true origin of the connection
A. Dark web content is accessible
D. Visited websites are unaware of the true origin of the connection
A: The Tor browser allows access to the dark web, which consists of websites with “.onion” domains that are not accessible through regular browsers.
D: Tor anonymizes users by routing their internet traffic through multiple volunteer-operated servers, making it difficult for websites to track the true origin of the connection.
Which types of artifacts can an Azure Blueprint consist of? Choose more than one option.
A. Azure policy management
B. ARM template
C. Subscription
D. Virtual machine
A. Azure policy management
B. ARM template
A (Azure policy management): Azure Blueprints can include Azure Policy definitions to enforce compliance and governance at the resource level.
B (ARM template): Azure Blueprints can contain ARM (Azure Resource Manager) templates that define infrastructure as code for deploying resources.
You are using a third-party network analysis tool on your Windows computer. Windows Virus and Threat Protection detects this as a threat and prevents the program from running. You need to run the program. What should you do?
A. Add the tool as an allowed threat
B. Update the virus definitions
C. Disable Virus and Threat Protection real-time detection
D. Run the tool in a virtual machine
A. Add the tool as an allowed threat
If Windows Virus and Threat Protection detects a legitimate program as a threat (often a false positive), you can add an exclusion for the program. This will allow it to run without interference from the antivirus, and it will be treated as safe.
Windows Defender allows you to exclude certain files, folders, or processes from being scanned or blocked. This option is a safer and more controlled approach than disabling real-time protection entirely (which is what option C suggests).
Which types of items can be analyzed using the VirusTotal website? Choose more than one option.
A. File
B. Web component
C. URL
D. Network router
A. File
C. URL
A (File): VirusTotal can analyze files to check for malware or other malicious content using multiple antivirus engines.
C (URL): VirusTotal also supports URL analysis to identify potentially malicious or phishing sites.
Which items can be analyzed using Joe Sandbox? Choose more than one option.
A. Applications
B. Data files
C. Network router
D. URL
A. Applications
B. Data files
A (Applications): Joe Sandbox is designed to analyze applications (e.g., executables) to detect malicious activity and behaviors.
B (Data files): It can also analyze data files, such as documents (e.g., PDFs, Word files), to check for embedded malicious content.
What is the primary incentive for bug bounty hunters?
A. Financial gain
B. Espionage
C. Promotion of ideology
D. Peer recognition
A. Financial gain
The primary incentive for bug bounty hunters is typically financial gain. They are rewarded with monetary compensation for identifying vulnerabilities in software, websites, or systems, as part of official bug bounty programs run by companies or organizations.
Which items can indicate that an email message is fraudulent? Choose more than one option.
A. Low resolution graphic logos
B. Lack of digital signature
C. Bad grammar
D. Corporate email addresses ending in hotmail.com
C. Bad grammar
D. Corporate email addresses ending in hotmail.com
C (Bad grammar): Phishing or fraudulent emails often contain poor grammar, spelling mistakes, or awkward phrasing. This is a common indicator of a scam.
D (Corporate email addresses ending in hotmail.com): Legitimate businesses typically use custom domain names for their email addresses (e.g., @company.com). If you receive an email from a corporate entity with an address ending in a generic email service (like @hotmail.com), it is suspicious.
