CH03 Malware Infection Flashcards
Your company’s Security Operations Center (SOC) is currently detecting an ongoing DDoS attack against your network’s file server. One of the cybersecurity analysts has identified forty internal workstations on the network that are conducting the attack against your network’s file server. The cybersecurity analyst believes these internal workstations are infected with malware and places them into a quarantined area of the network. The analyst then submits a service desk ticket to have the workstations scanned and cleaned of the infection. What type of malware was the workstation likely a victim of based on the scenario provided?
a. Spyware
b. Botnet
c. Rootkit
d. Ransomware
b. Botnet
A botnet is a number of internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection. A zombie (also known as a bot) is a computer or workstation that a remote attacker has accessed and set up to forward transmissions (including spam and viruses) to other computers on the internet.
The Security Operations Center Director for Dion Training received a pop-up message on his workstation that said, “You will regret firing me; just wait until Christmas!” He suspects the message came from a disgruntled former employee that may have set up a piece of software to create this pop-up on his machine. The director is now concerned that other code might be lurking within the network that could create a negative effect on Christmas. He directs his team of cybersecurity analysts to begin searching the network for this suspicious code. What type of malware should they be searching for?
a. Worm
b. Trojan
c. Adware
d. Logic Bomb
d. Logic Bomb
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. The director is concerned that a logic bomb may have been created and installed on his system or across the network before the analyst was fired.
In which type of attack does the attacker begin with a normal user account and then seeks to gain additional access rights?
a. Privilege escalation
b. Cross-site scripting
c. Spear Phishing
d. Remote Code Execution
a. Privilege Escalation
Privilege escalation attacks seek to increase the level of access that an attacker has to a target system. Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
Which of the following is not normally part of an endpoint security suite?
a. Anti-virus
b. Software friewall
c. VPN
d. IPS
c. VPN
OBJ-3.2: Endpoint security includes software host-based firewalls, host-based intrusion protection systems (HIPS), and anti-virus software. A VPN is not typically considered an endpoint security tool because it is a network security tool.