Comptia+ Chapter 5

Question 1

Malware

Answer 1

Malicious software designed to interfere with a computer’s normal functions and can be used to commit an unwanted and harmful action

Question 2

Ransomware

Answer 2

Malicious software designed to extort money from victims in exchange for their endpoint device to be restored to its normal working state

Question 3

Keylogger

Answer 3

Software or hardware that silently captures and stores each keystroke that a user types on the computer’s keyboard

Question 4

Spyware

Answer 4

Tracking software that is deployed without the consent or control of the user

Question 5

Trojan

Answer 5

An executable program that masquerades as performing a benign activity but also does something malicious

Question 6

Remote access Trojan (RAT)

Answer 6

Basic functionality of a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specially configured communication protocols

Question 7

Virus

Answer 7

Software that infects a computer with malware

Question 8

File-based virus

Answer 8

Malicious computer code that becomes part of a file

Question 9

Fileless virus

Answer 9

Viruses that take advantage of native services and processes that are part of the OS

Question 10

Worm

Answer 10

A malicious program that uses a computer network to replicate

Question 11

Bloatware

Answer 11

Software installed on a device without the user requesting it

Question 12

Bot

Answer 12

An infected robot computer; software that allows the infected computer to be placed under the remote control of an attacker for the purpose of launching attacks

Question 13

Logic bomb

Answer 13

Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it

Question 14

Rootkit

Answer 14

Malware that can hide its presence and the presence of other malware on the device

Question 15

Backdoor

Answer 15

Gives access to a computer, program, or service that circumvents any normal security protections

Question 16

Indicator of attack (IoA)

Answer 16

A sign an attack is currently underway

Question 17

Account lockout

Answer 17

An indicator of attack in which a user account is inaccessible through a normal login attempt.

Question 18

Concurrent session usage.

Answer 18

An indicator of attack in which both a legitimate user and an attacker are logged into the same account.

Question 19

Blocked content

Answer 19

An indicator of attack in which data is no longer accessible.

Question 20

Impossible travel.

Answer 20

An indicator of attack in which a resource is accessed that is not possible due to geography.

Question 21

Resource consumption

Answer 21

An indicator of attack in which system resources such as memory or processing capabilities are suddenly depleted.

Question 22

Resource inaccessibility

Answer 22

An indicator of attack in which a large-scale attack can block system resources from being accessed.

Question 23

Out-of-cycle logging

Answer 23

An indicator of attack in which log records do not correspond to actual events that have occurred

Question 24

Published/undocumented

Answer 24

An indicator of attack in which evidence from external sources can be used to identify and attack

Question 25

Missing logs

Answer 25

An indicator of attack in which log files have mysteriously been deleted.

Question 26

Privilege escalation

Answer 26

An attack, in which the threat actor gains illicit access of elevated rights or privileges beyond what is entitled for a user.

Question 27

Buffer overflow attack

Answer 27

An attack in which a process attempts to store data in Ram beyond the boundaries of a fixed length storage buffer, so an attacker can overflow the buffer with a new address pointing to the attacker's malware code.

Question 28

Injections

Answer 28

An attack in which threat actors introduced something into RAM

Question 29

Web-based attacks

Answer 29

Application attacks directed at programs running on internet web servers.

Question 30

Directry traversal

Answer 30

An attack in which a threat actor takes advantage of a vulnerability to move from the root directory to other restricted directories.

Question 31

Cross-site scripting

Answer 31

An attack, in which a website accepts user input without validating it, so it can be exploited.

Question 32

SQL injection

Answer 32

An attack the insert statements to manipulate a database server.

Question 34

Antivirus (AV)

Answer 34

Software that examines a computer for file-based virus infections as well as monitors computer activity and scans new documents that might contain a virus

Question 35

Static analysis

Answer 35

Signature-based monitoring; AV software scans files by attempting to match known virus patterns against potentially infected files

Question 36

Dynamic analysis

Answer 36

Heuristic monitoring; uses a variety of techniques to spot the characteristics of a virus instead of attempting to make matches

Question 37

Secure cookie

Answer 37

A cookie that is only sent to the server with an encrypted request over the secure HTTPS protocol

Question 38

HTTP Response Headers

Answer 38

A response from the web server that tells the browser how to behave while communicating with the website

Question 39

HTTP Strict Transport Security (HSTS)

Answer 39

Forces browser to communicate over more secure HTTPS; encrypts transmissions to prevent unauthorized user from intercepting

Question 40

Content Security Policy (CSP)

Answer 40

Restricts the resources a user is allowed to load within the website; protects against injection attacks

Question 41

Cross Site Scripting Protection (X-XSS)

Answer 41

Prohibits a page from loading if it detects a cross-site scripting attack; prevents XSS attacks

Question 42

X-Frame-Options

Answer 42

Prevents attackers from "overlaying" their content on the webpage; foils a threat actor's attempt to trick a user into providing personal information

Question 43

Host intrusion detection system (HIDS)

Answer 43

Software-based application that runs on an endpoint computer and can detect that an attack has occurred

Question 44

Host intrusion prevention system (HIPS)

Answer 44

Software that monitors endpoint activity to immediately block a malicious attack by following specific rules

Question 45

Endpoint Detection and Response (EDR)

Answer 45

Tools that are more robust than HIDS and HIPS

Question 46

Patching

Answer 46

Installing software security updates

Question 47

Disabling ports/protocols

Answer 47

Closing unused ports and disabling unnecessary protocols

Question 48

Application allow listing

Answer 48

Approving in advance only specific applications to run

Question 49

Sandbox

Answer 49

A container in which an application can be run so that it does not impact the underlying OS