Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks

Question 1

What is a threat actor?

Answer 1

An attacker - anyone who launches a cyberattack on others

Question 2

What is open-source intelligence?

Answer 2

Any information that is available via web sites and social media

Question 3

How do attackers exploit open-source intelligence?

Answer 3

They use the information to gather intel and strategize their attack

Question 4

A ____ ____ is an attacker who uses existing computer scripts or code to launch attacks.

Answer 4

Script kiddie

Question 5

A _____ launches attacks as part of an activist movement or to further a cause

Answer 5

Hactivist

Question 6

An _____ is anyone who has legitimate access to an organization’s internal resources.

Answer 6

Insider

Question 7

What are some common security issues caused by insider threats?

Answer 7

Loss of confidentiality, integrity, and availability of an organization’s assets

Question 8

True or False: Competitors can also engage in attacks

Answer 8

True

Question 9

What does APT stand for and what is it?

Answer 9

Advanced Persistent Threat

A targeted attack against a network. Often sponsored by governments

Question 10

What does DoS stand for and what is it?

Answer 10

Denial of Service

From one attacker against one target

Question 11

What does DDoS stand for and what is it?

Answer 11

Distributed Denial of Service

From two or more attackers against a single target

Question 12

What is the difference between DoS and DDoS?

Answer 12

DoS is a single attacker to a single target. DDoS is two or more attackers/computers to a single target

Question 13

_____ attacks often include sustained, abnormally high network traffic on the network interface card of the attacked computer

Answer 13

DDoS

Question 14

_____ and _____ attacks often attempt to overload an application or service on a computer.

Answer 14

DoS DDoS

Question 15

A ____ is a malicous code that attaches itself to a host application.

Answer 15

Virus
Note: The host application must be executed to run, and the malicious code executes when the host application is executed

Question 16

True or False: A virus does not try to replicate by finding other host applications to infect with the malicious code

Answer 16

False

Question 17

A ____ is a self-replicating malware that travels throughout a network without assistance of a host application or user interaction.

Answer 17

Worm

Question 18

A ___ resides in memory and can use different transport protocols to travel over the network

Answer 18

Worm

Question 19

True or False: Worms do not consume significant bandwidth

Answer 19

False

Question 20

____ can replicate themselves hundreds of times and spread to all the systems in the network.

Answer 20

Worms

Question 21

What are some types of malware?

Answer 21

1. Trojans
2. Viruses
3. Worms
4. Rootkits
5. Ransomware
6. Spyware
7. Logic bombs

Question 22

A ____ is a string of code embedded into an application or script that will execute in response to an event.

Answer 22

Logic bomb

Question 23

A ____ provides another way of accessing a system

Answer 23

Backdoor

Question 24

Malware often installs _____ on systems to bypass normal authentication methods.

Answer 24

Backdoors

Question 25

A ____ looks like something beneficial, but it’s actually something malicious.

Answer 25

Trojan/Trojan horse

Question 26

What are some forms that trojan horses can come in?

Answer 26

1. Pirated software
2. Useful utility software i.e. fake antivirus software
3. Game

Question 27

What is a drive by download?

Answer 27

When web services include malicious code that attempts to download and install itself on users computers after the user visits

Question 28

_______ masquerades as a free antivirus porgram

Answer 28

Rogueware/scareware

Question 29

What does RAT stand for and what is it?

Answer 29

Remote access trojan
A type of malware that allows attackers to take control of systems from remote locations; often delivered by drive-by downloads

Question 30

True or False: Some RATs automatically collect and log keystrokes, usernames and passwords, incoming and outgoing email, chat sessions, and browser history as well as take screenshots.

Answer 30

True

Question 31

____ is a type of Trojan

Answer 31

Ransomware

Question 32

_____ is when attackers encrypt the user’s data or take control of the computer and lock out the user. They they demand that the user pay a ransom to regain access to the data or computer.

Answer 32

Ransomware

Question 33

True or False: Many organizations indicate that ransomware attacks continue to grow and are becoming one of the greatest cyber threats

Answer 33

True

Question 34

Ransomware that encrypts the user’s data is sometimes called ______

Answer 34

crypto-malware

Question 35

_____ is when the user doesn’t pay the ransom to decrypt the files and the attacker threatens to publish the files along with the victim’s credentials.

Answer 35

Doxing

Question 36

A ____ attempts to capture a user’s keystrokes.

Answer 36

Keylogger

Question 37

True or False: A keylogger is only software and never hardware

Answer 37

False
You can purchase a USB keylogger to plug into a computer and plug the keyboard into the USB keylogger to record al keystrokes and store them within memory on the USB device

Question 38

____ is software installed on users’ systems without their awareness or consent

Answer 38

Spyware

Question 39

______ purpose is often to monitor the user’s computer and the user’s activity and sends to a third party

Answer 39

Spyware

Question 40

True or False: If spyware can access a user’s private data, it results in a loss of integrity

Answer 40

False

Confidentiality is what is lost

Question 41

True or False: Some examples of spyware activity are changing a user’s home page, redirecting web browsers, and installing additional software within the browser.

Answer 41

True

Question 42

______ _____ ______ tries to separate users from their money using data-harvesting techniques

Answer 42

Privacy invasion software

Question 43

True or False: Privacy invasion software attempts to gather information to impersonate users, empty bank accounts, and steal identities.

Answer 43

True

Question 44

True or False: Spyware often includes a keylogger

Answer 44

True

Question 45

What was the primary intent of adware?

Answer 45

To learn a user’s habits for the purpose of targeted advertising

Question 46

____ are software robots

Answer 46

Bots

Question 47

______ are a combination of robots and network

Answer 47

Botnets

Question 48

Describe what a botnet is/does

Answer 48

Where multiple computers act as software robots and function together in a network often for malicious purposes

Question 49

___ ____ are criminals who manage botnets

Answer 49

Bot herders

Question 50

Bot herders use _____ ____ _____ software to control infected computers

Answer 50

Command and Control

Question 51

True or False: Users are often unaware of activity being run on computers infected with command and control software

Answer 51

True

Question 52

A ____ is a group of programs that hides the fact that the system has been infected or compromised by malicious code

Answer 52

Rootkit

Question 53

True or False: Rootkits often modify the internal OS processes such as Windows Registry

Answer 53

True

Question 54

Rootkits use _____ techniques to intercept calls to the operating system

Answer 54

Hooking

Question 55

Another method used to detect rootkits is to ______

Answer 55

Boot into safe mode

Question 56

____ ____ is the practice of using social tactics to gain information.

Answer 56

Social engineering

Question 57

Some methods used in social engineering are:

Answer 57

1. Flattery and conning
2. Assuming a position of authority
3. Encouraging someone to perform a risky action
4. Encouraging someone to reveal sensitive information
5. Impersonating someone, such as an authorized technician
6. Tailgating or closely following authorized personnel without providing credentials

Question 58

True or False: Social engineering tactics can occur in person, over the phone, while surfing the Internet, and via email.

Answer 58

True

Question 59

_____ _____ methods are useful to prevent the success of impersonation attacks.

Answer 59

Identity verification

Question 60

____ ____ is simply looking over the shoulder of someone to gain information

Answer 60

Shoulder surfing

Question 61

What is one way to prevent should surfing?

Answer 61

To position monitors and other types of screens so that unauthorized personnel cannot see them.

Question 62

A ____ ___ is another method to reduce shoulder surfing

Answer 62

Screen filter

Question 63

A ___ is a message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist

Answer 63

Hoax

Question 64

______ is the practice of one person following closely behind another without showing credentials.

Answer 64

Tailgating

Question 65

_____ ____ is the practice of searching through trash or recycling containers to gain information from discarded documents.

Answer 65

Dumpster diving

Question 66

A ____ ___ ___ attempts to discover which web sites a group of people are likely to visit and then infects those web sites with malware that can infect the visitors

Answer 66

Watering hole attack

Question 67

___ is unwanted or unsolicited email

Answer 67

Spam

Question 68

____ can include malicious links, malicious code, or malicious attachments

Answer 68

Spam

Question 69

True or False: Laws require companies to include the ability to opt out of receiving emails from them

Answer 69

True

Question 70

True or False: Malicious attackers may include opt-out instructions in spam e-mail to confirm the email address is valid

Answer 70

True

Question 71

____ is the practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link.

Answer 71

Phishing

Question 72

True or False: Legitimate companies do not ask you to revalidate your credentials via email

Answer 72

True

Question 73

A ____ is a link included in an email email that links to an image stored on an Internet server.

Answer 73

Beacon

Note: This is one reason why most email programs won’t display images by default

Question 74

_____ _____ is a targeted form of phishing.

Answer 74

Spear phishing

Question 75

True or False: The use of digital signatures is one solution used to deter spear phishing via email

Answer 75

True

Question 76

______ is a form of spear phishing that attempts to target high-level executives.

Answer 76

Whaling

Question 77

Attackers consider high-level executives ____

Answer 77

Whales

Question 78

True or False: With successful whaling, attackers gain confidential company information that they might not be able to get anywhere else.

Answer 78

True

Question 79

______ attacks use the phone system to trick users into giving up personal and financial information.

Answer 79

Vhishing

Question 80

True or False: When a vhishing attack uses VoIP it can spoof caller ID making it appear as if the call is coming from within the organization

Answer 80

True

Question 81

Which of the following is not a common security control to protect against malware?

1. Spam filtering gateway
2. Anti-malware on mail gateways
3. All systems (workstations and servers) have anti-malware software installed on them
4. Boundaries or Firewalls for traffic monitoring of malware
5. Auto scripts to modify windows registry

Answer 81

Auto scripts to modify windows registry

Question 82

Viruses and other malware have known patterns. ____ ____ (also called data definition files) define the patterns, and the antivirus software scans files for matching patterns.

Answer 82

Signature files

Question 83

A _______ virus is not harmful to the system while it is in quarantine, but it’s still available for analysis.

Answer 83

Quarantined

Question 84

______ _____ detection attempts to detect viruses that were previously unknown and do not have signatures.

Answer 84

Heuristic based

Question 85

True or False: Heuristic-based analysis runs questionable code in a sandbox or virtualized environment specifically designed to protect the live environment, while it observes the code’s behavior.

Answer 85

True

Question 86

Some antivirus scanners use ____ ____ ____ to detect modified system files.

Answer 86

File integrity checkers

Question 87

True or False: A file integrity checker calculates hashes on system files as a baseline. It then periodically recalculates the hashes on these files and compares them with the hashes in the baseline. If the hashes are ever different, it indicates the system files have been modified.

Answer 87

True

Question 88

The Microsoft File Checksum Integrity Verifier _____ tool can verify the integrity of all files within a folder, or a group of nested folders.

Answer 88

fciv.exe

Question 89

____ ____ _____ is a security feature that prevents code from executing in memory regions marked as nonexecutable.

Answer 89

Data execution prevention (DEP)

Question 90

What is the primary purpose of DEP?

Answer 90

To protect a system from malware

Question 91

True or False: Encrypted data is being sent out of the network is a serious red flag and indicates malware is collecting data and sending it to an attacker.

Answer 91

True

Question 92

True or False: Trained users provide a significant risk to any organization and are often one of the largest vulnerabilities.

Answer 92

False

Untrained users are the ones who provide a significant risk