Module 15 - Host Threats - Q&A Flashcards
Which of the following characteristics best describes a virus?
A. Script that executes at a certain time
B. Displays annoying pop-up advertisements
C. Unable to propagate itself
D. Is specifically used to capture a user’s personal information and send it back to the attacker
C. A virus, unlike a worm, is unable to self-replicate or propagate itself; it relies on user action to do so.
Which of the following types of malware appears to be a useful piece of software, but in fact is malicious in nature? A. Worm B. Trojan C. Adware D. Logic bomb
B. A trojan appears to be a useful piece of software but is malicious in nature.
Which of the following types of malware infects critical operating system files, often replacing them with malicious ones? A. Rootkit B. Trojan C. Boot sector virus D. Ransomware
A. A rootkit infects critical operating system files, often replacing them with malicious ones.
One of your users calls you in a panic because he has just seen a pop-up message on his computer screen that states that all of the files on the system are encrypted, and that he must pay to have them decrypted or lose them forever. You back up the user’s files on a daily basis and update the antivirus signatures every other day. What is the best course of action to take in this case?
A. Pay the fee the ransomware is asking for.
B. Notify the authorities at once and attempt to update the antivirus signature with the latest release.
C. Wipe the computer’s hard drives and restore the user’s files from backup.
D. Reboot the computer.
C. Because the user’s files are backed up daily, the best course of action is to wipe the computer’s hard drive and restore the user’s files from backup.
Which of the following methods of phishing attacks uses chat to target its victims? A. Whaling B. Vishing C. Spam D. Spim
D. Spim is a form of phishing attack that uses instant messaging and chat to target its victims.
Which of the following attacks involves sending false IP-to-MAC address mappings to a host, causing it to communicate with the attacker’s machine instead of the legitimate one? A. XMAS attack B. Pharming C. DNS poisoning D. ARP poisoning
D. ARP poisoning involves sending false IP-to-MAC address mappings to a host, causing it to communicate with the attacker’s machine instead of the legitimate one.
All of the following statements about password attacks are true, except:
A. Brute-force attacks use word lists to attempt password guessing.
B. Dictionary attacks are generally faster than brute-force attacks.
C. Rainbow tables are word lists consisting of precomputed hashes.
D. Online attacks are usually mitigated by account lockout controls.
A. Brute-force attacks do not use word lists, but dictionary attacks do.
Which of the following best describes a birthday paradox attack?
A. A password attack that uses precomputed hashes in its word list.
B. Two unique pieces of plaintext can have the same hash value under certain circumstances.
C. In a room with 23 people, the odds of any 2 having the same birthdate is 50 percent.
D. A password attack that attempts every single possible combination of characters and password lengths to discover a password.
C. In a room with 23 people, the odds of any 2 having the same birthdate is 50 percent.
The URL http:// www.microsoftsucks.com is an example of A. Phishing B. Cybersquatting C. Watering hole attack D. Vishing
B. The URL http:// www.microsoftsucks.com is an example of cybersquatting on a domain name that attempts to disparage a legitimate domain.
In a watering hole type of attack, which web site is an attacker most likely to compromise?
A. An organization’s official web site
B. A site with a name very similar to the victim’s web site
C. A user’s social media site
D. A site frequented by the users of a victim organization
D. In a watering hole attack, an attacker is most likely to compromise a site frequented by the users of a victim organization, in order to download malware to their computers.