COMPTIA SECURITY + WEEK 2 CHAPTER 3 & 4 Flashcards

1
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is malware?

A

A wide range of software intentionally designed to cause harm to systems, networks, or users.

Malware can gather information, provide illicit access, and take unwanted actions on a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name three types of malware.

A
  • Ransomware
  • Trojan
  • Worm

Other types include spyware, bloatware, virus, keylogger, logic bomb, and rootkit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is ransomware?

A

Malware that takes over a computer and demands a ransom for access to data.

It can encrypt files and hold them hostage until payment is made.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are indicators of compromise (IoCs) for ransomware?

A
  • Command and control traffic
  • Use of legitimate tools in abnormal ways
  • Lateral movement processes
  • Encryption of files
  • Ransom notices
  • Data exfiltration behaviors

These indicators help in identifying ransomware attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a Trojan?

A

Malware disguised as legitimate software that provides attackers a path into a system.

The term comes from the Trojan horse myth, where the malware relies on user interaction to install.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are common indicators of compromise for Trojans?

A
  • Signatures for specific malware
  • Command and control hostnames
  • Newly created folders or files

Remote Access Trojans (RATs) provide attackers with remote access to systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are botnets?

A

Groups of systems under central command, with individual systems referred to as bots.

They often utilize command and control techniques for coordinated attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do worms spread?

A

Worms spread themselves, often through automated means without user interaction.

They can spread via email attachments, network shares, and vulnerable devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the significance of the Stuxnet worm?

A

Recognized as the first implementation of a worm as a cyber weapon aimed at the Iranian nuclear program.

It utilized advanced techniques to cause physical damage to industrial systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is spyware?

A

Malware designed to obtain information about an individual, organization, or system.

It can track browsing habits, installed software, or sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are common IoCs for spyware?

A
  • Remote-access indicators
  • Known software file fingerprints
  • Malicious processes disguised as system processes
  • Injection attacks against browsers

Spyware can use techniques from other types of malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is bloatware?

A

Unwanted applications installed on systems by manufacturers.

While not typically malicious, it can take up resources and create vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What differentiates spyware from bloatware?

A

Spyware’s primary intention is to gather information about the user, while bloatware consists of unwanted programs.

Bloatware may not have malicious intent but can still pose risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the mitigation practices for Trojans?

A
  • Awareness practices
  • Control of software acquisition
  • Anti-malware and EDR tools

These practices help prevent the installation and execution of Trojans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a command and control (C&C) system?

A

A system that allows attackers to communicate with and control compromised systems.

C&C systems often use encrypted connections to avoid detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the primary intention of spyware?

A

To gather information about the user, their use of the system and Internet, and the configuration of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What distinguishes bloatware from spyware?

A

Bloatware is simply unwanted programs, while spyware is designed to collect user data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define computer viruses.

A

Malicious programs that self-copy and self-replicate once activated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the two main types of viruses based on their memory usage?

A
  • Memory-resident viruses
  • Non-memory-resident viruses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of virus resides inside the boot sector of a drive?

A

Boot sector viruses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How do macro viruses spread?

A

Using macros or code inside word processing software or other tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

True or False: Fileless viruses require local file storage.

A

False.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is an example of a method to prevent fileless virus attacks?

A

Using antimalware tools that can detect unexpected behavior from scripting tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are IoCs related to viruses?

A
  • File hashes and signatures
  • Exfiltration activity
  • Process names
  • Command and control traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the standard practice for removing malware from an infected machine?

A

Wiping the drive and restoring it from a known good backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Define keyloggers.

A

Programs that capture keystrokes from a keyboard and other input.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What security measure can limit the impact of a keylogger?

A

Use of multifactor authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are common IoCs for keyloggers?

A
  • File hashes and signatures
  • Exfiltration activity
  • Process names
  • Known reference URLs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What activates a logic bomb?

A

Set conditions being met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is a common technique for analyzing malware?

A
  • Online analysis tools
  • Sandbox tools
  • Manual code analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are rootkits designed to do?

A

Allow attackers to access a system through a backdoor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What makes rootkit detection challenging?

A

The infected system cannot be trusted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is a common method for preventing rootkits?

A

Using normal security practices like patching and secure configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is the role of command and control domains in malware?

A

They are used for communication between malware and the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What does bloatware typically do?

A

Takes up resources like disk space, memory, and CPU cycles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the most effective tool in preventing malware attacks?

A

Awareness.

38
Q

Fill in the blank: _______ is malware that encrypts files and holds them for ransom.

A

Ransomware

39
Q

List the types of malware mentioned.

A
  • Ransomware
  • Trojans
  • Worms
  • Spyware
  • Bloatware
  • Viruses
  • Keyloggers
  • Logic bombs
  • Rootkits
40
Q

What are common indicators of malicious activity associated with malware?

A
  • Command and control traffic patterns
  • IP addresses
  • Hostnames
  • Domains
  • Unexpected use of system utilities
41
Q

What is a common technique for malware removal?

A

Reinstallation of a system or restoration from a known good backup.

42
Q

What is social engineering?

A

The practice of manipulating people through strategies to accomplish desired actions.

43
Q

What are common human vectors in social engineering?

A
  • Phishing
  • Vishing
  • Smishing
  • Misinformation/disinformation
  • Impersonation
  • Business email compromise
  • Pretexting
  • Watering hole
  • Brand impersonation
  • Typosquatting
44
Q

What principle of social engineering relies on obeying authority figures?

45
Q

What principle relies on scaring or bullying an individual?

A

Intimidation

46
Q

What is consensus-based social engineering also known as?

A

Social proof

47
Q

What principle of social engineering makes something look more desirable?

48
Q

What is the focus of familiarity-based attacks?

A

Targeting individuals based on liking the impersonator or organization.

49
Q

What principle creates a feeling that an action must be taken quickly?

50
Q

True or False: Social engineering attacks often rely on multiple principles at once.

51
Q

What is phishing?

A

Fraudulent acquisition of information, often focused on credentials and sensitive personal information.

52
Q

What is spear phishing?

A

Phishing that targets specific individuals or groups in an organization.

53
Q

What does whaling refer to in phishing?

A

Phishing aimed at senior employees like CEOs and CFOs.

54
Q

What are common defenses against phishing?

A
  • Awareness training
  • Filtering using reputation tools
  • Keyword and text pattern matching
55
Q

What is vishing?

A

Phishing accomplished via voice or voicemail messages.

56
Q

What is smishing?

A

Phishing conducted via SMS (text) messages.

57
Q

What is the difference between misinformation and disinformation?

A
  • Misinformation: Incorrect information often resulting from getting facts wrong.
  • Disinformation: Intentionally provided incorrect information to serve goals.
58
Q

What does the acronym MDM stand for?

A

Misinformation, Disinformation, and Malinformation

59
Q

What is impersonation in social engineering?

A

Pretending to be someone else to manipulate a target.

60
Q

What is Business Email Compromise (BEC)?

A

Using apparently legitimate email addresses to conduct scams and attacks.

61
Q

What are common methods for creating legitimate appearing emails in BEC?

A
  • Using compromised accounts
  • Sending spoofed emails
  • Using common fake but similar domain techniques
  • Using malware
62
Q

What is pretexting?

A

Using a made-up scenario to justify approaching an individual.

63
Q

What are watering hole attacks?

A

Attacks using websites frequently visited by targets.

64
Q

What is brand impersonation?

A

Phishing attacks that appear to be from a legitimate brand.

65
Q

What is typosquatting?

A

Using misspelled URLs to conduct attacks by redirecting users.

66
Q

What is a brute-force attack?

A

Iterating through passwords until finding one that works.

67
Q

What is a password spraying attack?

A

A form of brute-force attack that uses a single password against many accounts.

68
Q

What is a brute-force attack?

A

A process that involves trying different variations until it succeeds.

69
Q

What are password spraying attacks?

A

A form of brute-force attack that attempts to use a single password or small set of passwords against many accounts.

70
Q

When is a password spraying attack particularly effective?

A

When the attacker knows that a target uses a specific default password or a set of passwords.

71
Q

What are common candidates for a password spraying attack?

A
  • Common chants for fans
  • Names of well-known players
  • Other common terms related to the team
72
Q

What is a dictionary attack?

A

A form of brute-force attack that uses a list of words for their attempts.

73
Q

What is John the Ripper?

A

A popular open source password cracking tool with built-in word lists.

74
Q

What types of password attacks are focused on in the SY0-701 Exam Outline?

A
  • Spraying
  • Brute force
75
Q

What differentiates online attacks from offline attacks?

A

Online attacks occur against a live system, while offline attacks occur against a compromised or captured password store.

76
Q

What are rainbow tables?

A

An easily searchable database of precomputed hashes using the same hashing methodology as the captured password file.

77
Q

What is a hash?

A

A one-way cryptographic function that takes an input and generates a unique and repeatable output.

78
Q

What is the significance of hash collisions?

A

They lead to new hashing algorithms being designed and used.

79
Q

How do rainbow tables operate?

A

They use computational power to create a database where hashes and the value that created them can be looked up.

80
Q

What can be used against a captured password file?

A

A password cracker.

81
Q

What is the purpose of password assessment tools?

A

To periodically test for weak and easily cracked passwords.

82
Q

What best practices should be followed for password storage?

A
  • Use strong password hashing mechanisms
  • Use salt and pepper
  • Verify passwords at login without storing them
83
Q

What is OWASP’s Password Storage Cheat Sheet used for?

A

To learn about secure password storage practices.

84
Q

What do social engineering techniques focus on?

A

Human reactions and psychology to gather information and perform attacks.

85
Q

What are some types of social engineering attacks?

A
  • Phishing
  • Impersonation
  • Misinformation
  • Disinformation
86
Q

What is pretexting?

A

A technique used with impersonation to provide a believable reason for an action or request.

87
Q

What is business email compromise?

A

A technique used to make malicious emails appear legitimate.

88
Q

What are watering hole attacks?

A

Attacks that focus on sites that targets frequently visit.

89
Q

What do typosquatters rely on?

A

Users who make typos while entering URLs.

90
Q

How can passwords be acquired and cracked?

A

Through online and offline attacks, brute-force attacks, and improper storage methods.

91
Q

What makes password attacks easier for attackers?

A

Unencrypted or plain-text passwords and improper storage methods like MD5 hashes.