COMPTIA SECURITY + WEEK 2 CHAPTER 3 & 4

Question 2

What is malware?

Answer 2

A wide range of software intentionally designed to cause harm to systems, networks, or users.

Malware can gather information, provide illicit access, and take unwanted actions on a system.

Question 3

Name three types of malware.

Answer 3

• Ransomware
• Trojan
• Worm

Other types include spyware, bloatware, virus, keylogger, logic bomb, and rootkit.

Question 4

What is ransomware?

Answer 4

Malware that takes over a computer and demands a ransom for access to data.

It can encrypt files and hold them hostage until payment is made.

Question 5

What are indicators of compromise (IoCs) for ransomware?

Answer 5

• Command and control traffic
• Use of legitimate tools in abnormal ways
• Lateral movement processes
• Encryption of files
• Ransom notices
• Data exfiltration behaviors

These indicators help in identifying ransomware attacks.

Question 6

What is a Trojan?

Answer 6

Malware disguised as legitimate software that provides attackers a path into a system.

The term comes from the Trojan horse myth, where the malware relies on user interaction to install.

Question 7

What are common indicators of compromise for Trojans?

Answer 7

• Signatures for specific malware
• Command and control hostnames
• Newly created folders or files

Remote Access Trojans (RATs) provide attackers with remote access to systems.

Question 8

What are botnets?

Answer 8

Groups of systems under central command, with individual systems referred to as bots.

They often utilize command and control techniques for coordinated attacks.

Question 9

How do worms spread?

Answer 9

Worms spread themselves, often through automated means without user interaction.

They can spread via email attachments, network shares, and vulnerable devices.

Question 10

What is the significance of the Stuxnet worm?

Answer 10

Recognized as the first implementation of a worm as a cyber weapon aimed at the Iranian nuclear program.

It utilized advanced techniques to cause physical damage to industrial systems.

Question 11

What is spyware?

Answer 11

Malware designed to obtain information about an individual, organization, or system.

It can track browsing habits, installed software, or sensitive data.

Question 12

What are common IoCs for spyware?

Answer 12

• Remote-access indicators
• Known software file fingerprints
• Malicious processes disguised as system processes
• Injection attacks against browsers

Spyware can use techniques from other types of malware.

Question 13

What is bloatware?

Answer 13

Unwanted applications installed on systems by manufacturers.

While not typically malicious, it can take up resources and create vulnerabilities.

Question 14

What differentiates spyware from bloatware?

Answer 14

Spyware’s primary intention is to gather information about the user, while bloatware consists of unwanted programs.

Bloatware may not have malicious intent but can still pose risks.

Question 15

What are the mitigation practices for Trojans?

Answer 15

• Awareness practices
• Control of software acquisition
• Anti-malware and EDR tools

These practices help prevent the installation and execution of Trojans.

Question 16

What is a command and control (C&C) system?

Answer 16

A system that allows attackers to communicate with and control compromised systems.

C&C systems often use encrypted connections to avoid detection.

Question 17

What is the primary intention of spyware?

Answer 17

To gather information about the user, their use of the system and Internet, and the configuration of the system.

Question 18

What distinguishes bloatware from spyware?

Answer 18

Bloatware is simply unwanted programs, while spyware is designed to collect user data.

Question 19

Define computer viruses.

Answer 19

Malicious programs that self-copy and self-replicate once activated.

Question 20

What are the two main types of viruses based on their memory usage?

Answer 20

• Memory-resident viruses
• Non-memory-resident viruses

Question 21

What type of virus resides inside the boot sector of a drive?

Answer 21

Boot sector viruses.

Question 22

How do macro viruses spread?

Answer 22

Using macros or code inside word processing software or other tools.

Question 23

True or False: Fileless viruses require local file storage.

Answer 23

False.

Question 24

What is an example of a method to prevent fileless virus attacks?

Answer 24

Using antimalware tools that can detect unexpected behavior from scripting tools.

Question 25

What are IoCs related to viruses?

Answer 25

* File hashes and signatures * Exfiltration activity * Process names * Command and control traffic

Question 26

What is the standard practice for removing malware from an infected machine?

Answer 26

Wiping the drive and restoring it from a known good backup.

Question 27

Define keyloggers.

Answer 27

Programs that capture keystrokes from a keyboard and other input.

Question 28

What security measure can limit the impact of a keylogger?

Answer 28

Use of multifactor authentication.

Question 29

What are common IoCs for keyloggers?

Answer 29

* File hashes and signatures * Exfiltration activity * Process names * Known reference URLs

Question 30

What activates a logic bomb?

Answer 30

Set conditions being met.

Question 31

What is a common technique for analyzing malware?

Answer 31

* Online analysis tools * Sandbox tools * Manual code analysis

Question 32

What are rootkits designed to do?

Answer 32

Allow attackers to access a system through a backdoor.

Question 33

What makes rootkit detection challenging?

Answer 33

The infected system cannot be trusted.

Question 34

What is a common method for preventing rootkits?

Answer 34

Using normal security practices like patching and secure configurations.

Question 35

What is the role of command and control domains in malware?

Answer 35

They are used for communication between malware and the attacker.

Question 36

What does bloatware typically do?

Answer 36

Takes up resources like disk space, memory, and CPU cycles.

Question 37

What is the most effective tool in preventing malware attacks?

Answer 37

Awareness.

Question 38

Fill in the blank: _______ is malware that encrypts files and holds them for ransom.

Answer 38

Ransomware

Question 39

List the types of malware mentioned.

Answer 39

* Ransomware * Trojans * Worms * Spyware * Bloatware * Viruses * Keyloggers * Logic bombs * Rootkits

Question 40

What are common indicators of malicious activity associated with malware?

Answer 40

* Command and control traffic patterns * IP addresses * Hostnames * Domains * Unexpected use of system utilities

Question 41

What is a common technique for malware removal?

Answer 41

Reinstallation of a system or restoration from a known good backup.

Question 42

What is social engineering?

Answer 42

The practice of manipulating people through strategies to accomplish desired actions.

Question 43

What are common human vectors in social engineering?

Answer 43

* Phishing * Vishing * Smishing * Misinformation/disinformation * Impersonation * Business email compromise * Pretexting * Watering hole * Brand impersonation * Typosquatting

Question 44

What principle of social engineering relies on obeying authority figures?

Answer 44

Authority

Question 45

What principle relies on scaring or bullying an individual?

Answer 45

Intimidation

Question 46

What is consensus-based social engineering also known as?

Answer 46

Social proof

Question 47

What principle of social engineering makes something look more desirable?

Answer 47

Scarcity

Question 48

What is the focus of familiarity-based attacks?

Answer 48

Targeting individuals based on liking the impersonator or organization.

Question 49

What principle creates a feeling that an action must be taken quickly?

Answer 49

Urgency

Question 50

True or False: Social engineering attacks often rely on multiple principles at once.

Answer 50

True

Question 51

What is phishing?

Answer 51

Fraudulent acquisition of information, often focused on credentials and sensitive personal information.

Question 52

What is spear phishing?

Answer 52

Phishing that targets specific individuals or groups in an organization.

Question 53

What does whaling refer to in phishing?

Answer 53

Phishing aimed at senior employees like CEOs and CFOs.

Question 54

What are common defenses against phishing?

Answer 54

* Awareness training * Filtering using reputation tools * Keyword and text pattern matching

Question 55

What is vishing?

Answer 55

Phishing accomplished via voice or voicemail messages.

Question 56

What is smishing?

Answer 56

Phishing conducted via SMS (text) messages.

Question 57

What is the difference between misinformation and disinformation?

Answer 57

* Misinformation: Incorrect information often resulting from getting facts wrong. * Disinformation: Intentionally provided incorrect information to serve goals.

Question 58

What does the acronym MDM stand for?

Answer 58

Misinformation, Disinformation, and Malinformation

Question 59

What is impersonation in social engineering?

Answer 59

Pretending to be someone else to manipulate a target.

Question 60

What is Business Email Compromise (BEC)?

Answer 60

Using apparently legitimate email addresses to conduct scams and attacks.

Question 61

What are common methods for creating legitimate appearing emails in BEC?

Answer 61

* Using compromised accounts * Sending spoofed emails * Using common fake but similar domain techniques * Using malware

Question 62

What is pretexting?

Answer 62

Using a made-up scenario to justify approaching an individual.

Question 63

What are watering hole attacks?

Answer 63

Attacks using websites frequently visited by targets.

Question 64

What is brand impersonation?

Answer 64

Phishing attacks that appear to be from a legitimate brand.

Question 65

What is typosquatting?

Answer 65

Using misspelled URLs to conduct attacks by redirecting users.

Question 66

What is a brute-force attack?

Answer 66

Iterating through passwords until finding one that works.

Question 67

What is a password spraying attack?

Answer 67

A form of brute-force attack that uses a single password against many accounts.

Question 68

What is a brute-force attack?

Answer 68

A process that involves trying different variations until it succeeds.

Question 69

What are password spraying attacks?

Answer 69

A form of brute-force attack that attempts to use a single password or small set of passwords against many accounts.

Question 70

When is a password spraying attack particularly effective?

Answer 70

When the attacker knows that a target uses a specific default password or a set of passwords.

Question 71

What are common candidates for a password spraying attack?

Answer 71

* Common chants for fans * Names of well-known players * Other common terms related to the team

Question 72

What is a dictionary attack?

Answer 72

A form of brute-force attack that uses a list of words for their attempts.

Question 73

What is John the Ripper?

Answer 73

A popular open source password cracking tool with built-in word lists.

Question 74

What types of password attacks are focused on in the SY0-701 Exam Outline?

Answer 74

* Spraying * Brute force

Question 75

What differentiates online attacks from offline attacks?

Answer 75

Online attacks occur against a live system, while offline attacks occur against a compromised or captured password store.

Question 76

What are rainbow tables?

Answer 76

An easily searchable database of precomputed hashes using the same hashing methodology as the captured password file.

Question 77

What is a hash?

Answer 77

A one-way cryptographic function that takes an input and generates a unique and repeatable output.

Question 78

What is the significance of hash collisions?

Answer 78

They lead to new hashing algorithms being designed and used.

Question 79

How do rainbow tables operate?

Answer 79

They use computational power to create a database where hashes and the value that created them can be looked up.

Question 80

What can be used against a captured password file?

Answer 80

A password cracker.

Question 81

What is the purpose of password assessment tools?

Answer 81

To periodically test for weak and easily cracked passwords.

Question 82

What best practices should be followed for password storage?

Answer 82

* Use strong password hashing mechanisms * Use salt and pepper * Verify passwords at login without storing them

Question 83

What is OWASP's Password Storage Cheat Sheet used for?

Answer 83

To learn about secure password storage practices.

Question 84

What do social engineering techniques focus on?

Answer 84

Human reactions and psychology to gather information and perform attacks.

Question 85

What are some types of social engineering attacks?

Answer 85

* Phishing * Impersonation * Misinformation * Disinformation

Question 86

What is pretexting?

Answer 86

A technique used with impersonation to provide a believable reason for an action or request.

Question 87

What is business email compromise?

Answer 87

A technique used to make malicious emails appear legitimate.

Question 88

What are watering hole attacks?

Answer 88

Attacks that focus on sites that targets frequently visit.

Question 89

What do typosquatters rely on?

Answer 89

Users who make typos while entering URLs.

Question 90

How can passwords be acquired and cracked?

Answer 90

Through online and offline attacks, brute-force attacks, and improper storage methods.

Question 91

What makes password attacks easier for attackers?

Answer 91

Unencrypted or plain-text passwords and improper storage methods like MD5 hashes.