System Security Threats Flashcards

1
Q

Which type of threat is mitigated by shredding paper documents?

Rootkit

Spyware

Physical

A

Physical

Shredding document prevents physical threats such as theft of those documents or acquiring information from them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following statements are true? (Choose two.)

Worms log all typed characters to a text file.

Worms propagate themselves to other systems.

Worms can carry viruses.

Worms infect the hard disk MBR.

A

Worms propagate themselves to other systems.

Worms can carry viruses.

Worms are programs that multiply and self-propagate over the network, and they sometimes carry viruses (the worm is the delivery mechanism, and viruses must be attached to a file)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

One of your users, Christine, reports that when she visits web sites, pop-up advertisements appear incessantly. After further investigation, you learn one of the web sites she had visited had infected Flash code. Christine asks what the problem was. What do you tell her caused the problem?

Cross-site scripting attack

Worm

Adware

A

Adware

Adware is responsible for displaying pop-up advertisements pertaining to a user’s interest, usually as a result of spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which description best defines a computer virus?

A computer program that replicates itself

A computer program that gathers user information

A computer program that runs malicious actions

A

A computer program that runs malicious actions

Viruses are applications that run malicious actions without user consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An exploit connects to a specific TCP port and presents the invoker with an administrative command prompt. What type of attack is this?

Botnet

Trojan

Privilege escalation

A

Privilege escalation

Privilege escalation occurs when a user gains higher rights than she should have, either because she was given too many rights or because of a security flaw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ahmid is a software developer for a high-tech company. He creates a program that connects to a chat room and waits to receive commands that will gather personal user information. Ahmid embeds this program into an AVI file for a current popular movie and shares this file on a P2P file-sharing network. Once Ahmid’s program is activated as people download and watch the movie, what will be created?

Botnet

DDoS

Logic bomb

A

Botnet

Botnets consist of computers infected with malware that are under hacker control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A user reports USB keyboard problems. You check the back of the computer to ensure the keyboard is properly connected and notice a small connector between the keyboard and the computer USB port. After investigating, you learn that this piece of hardware captures everything a user types in. What type of hardware is this?

Smartcard

Trojan

Keylogger

A

Keylogger

Hardware keyloggers capture every keystroke and store them in a chip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the difference between a rootkit and privilege escalation?

Rootkits propagate themselves.

Privilege escalation is the result of a rootkit.

Rootkits are the result of privilege escalation.

A

Privilege escalation is the result of a rootkit.

Rootkits conceal themselves from operating systems and allow remote access with escalated privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following are true regarding backdoors? (Choose two.)

They are malicious code.

They allow remote users access to TCP port 26.

They are made accessible through rootkits.

They provide access to the Windows root account.

A

They are malicious code.

They are made accessible through rootkits.

Malicious code produces undesired results, such as a rootkit providing access to a backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You are hosting an IT security meeting regarding physical server room security. A colleague, Syl, suggests adding CMOS hardening to existing server security policies. What kind of security threat is Syl referring to?

Changing the amount of installed RAM

Changing CPU throttling settings

Changing the boot order

A

Changing the boot order

Changing the boot order means having the ability to boot through alternative means, thus bypassing any operating system controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are the IT security officer for a government department. You are amending the USB security policy. Which items apply to USB security? (Choose two.)

Disallow external USB drives larger than 1TB.

Disable USB ports.

Prevent corporate data from being copied to USB devices unless USB device encryption is enabled.

Prevent corporate data from being copied to USB devices unless USB port encryption is enabled.

A

Disable USB ports.

Prevent corporate data from being copied to USB devices unless USB device encryption is enabled.

Disabling USB ports on a system blocks malicious code on infected USB devices. Forcing USB device encryption ensures data confidentiality of departmental data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following are not considered serious cell phone threats? (Choose two.)

Hackers with the right equipment posing as cell towers

Having Bluetooth enabled

Changing the boot order

Ransomware

A

Having Bluetooth enabled

Changing the boot order

Enabling Bluetooth itself is not a threat any more than surfing the Web is. Most Bluetooth devices have security options such as passwords and device trust lists. You cannot change the “boot order” on a cell phone like you can on a computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is defined as the transmission of unwelcome bulk messages?

Worm

Ping of death

Spam

A

Spam

Spam affects business productivity by consuming enormous amounts of bandwidth and storage space for unsolicited messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which technology separates storage from the server?

Router

Switch

NAS

A

NAS

Network attached storage (NAS) devices are network appliances that contain disks. Client and server operating systems can access this NAS using various protocols such as TCP/IP or Network File System (NFS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You are responsible for determining what technologies will be needed in a new office space. Employees will need a single network to share data, traditional voice calls, VoIP calls, voice mailboxes, and other services such as call waiting and call transfer. What type of service provides this functionality?

Ethernet switch

PBX

NAS

A

PBX

A private branch exchange (PBX) offers telecommunication and data networking services in the form of hardware or software. PBXs may exist at the customer’s or provider’s premises

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Botnets can be used to set what type of coordinated attack in motion?

DDoS

Cross-site scripting

Privilege escalation

A

DDoS

Botnets (groups of computers under singular control) can be used to dispatch distributed denial-of-service (DDoS) attacks against hosts or other networks

17
Q

As a Windows administrator, you configure a Windows networking service to run with a specially created account with limited rights. Why would you do this?

To prevent computer worms from entering the network.

To prevent a hacker from receiving elevated privileges because of a compromised network service.

Windows networking services will not run with administrative rights.

A

To prevent a hacker from receiving elevated privileges because of a compromised network service.

In the event that the Windows networking service is compromised, it is important that the service not have full rights to the system

18
Q

Discovered in 1991, the Michelangelo virus was said to be triggered to overwrite the first 100 hard disk sectors with null data each year on March 6, the date of the Italian artist’s birthday. What type of virus is Michelangelo?

Zero day

Worm

Logic bomb

A

Logic bomb

Logic bombs trigger malicious code when specific conditions are satisfied, such as a date

19
Q

The Stuxnet attack was discovered in June 2010. Its primary function was to hide its presence while reprogramming industrial computer systems (called PLCs), specifically nuclear centrifuges in an Iranian nuclear power plant. The malware was spread through USB flash drives, with which it transmits copies of itself to other hosts. Which of the following apply to Stuxnet? (Choose two.)

Rootkit

Spam

Worm

Adware

A

Rootkit

Worm

Stuxnet replicates itself, like worms do, and masks itself while running, like rootkits do

20
Q

A piece of malicious code uses dictionary attacks against computers to gain access to administrative accounts. The code then links compromised computers together for the purpose of receiving remote commands. What term best applies to this malicious code?

Exploit

Botnet

Logic bomb

A

Botnet

Botnets are collections of computers under the sole control of the attacker

21
Q

Windows 8 User Account Control (UAC) enables users to change Windows settings but displays prompts when applications attempt to configure the operating system. Which of the following is addressed by UAC?

Privilege escalation

Adware

Spyware

A

Privilege escalation

UAC limits software to having only standard user rights and requires authorization for code needing elevated rights

22
Q

Which of the following items are affected by spyware? (Choose two.)

Memory

IP address

Computer name

Network bandwidth

A

Memory

Network bandwidth

Spyware is software that gets installed covertly and gathers user information without the user’s knowledge. In some cases, users may suspect it is being installed, such as when free software is being installed. Spyware consumes memory resources because it is normally running all the time. Network bandwidth is used when the spyware sends data to an external source

23
Q

Juanita uses the Firefox web browser on her Linux workstation. She reports that her browser home page keeps changing to web sites offering savings on consumer electronic products. Her virus scanner is running and is up to date. What is causing this problem?

Firefox on Linux automatically changes the home page every two days.

Juanita is experiencing a denial-of-service attack.

Juanita’s browser configuration is being changed by adware.

A

Juanita’s browser configuration is being changed by adware.

Adware attempts to expose users to advertisements in various ways, including by displaying pop-ups or by changing the web browser home page. Spyware often analyzes user habits so that adware displays relevant advertisements. Some antivirus software also scans for spyware, but not in this case

24
Q

Which of the following is true regarding Trojan software?

It secretly gathers user information.

It is self-replicating.

It can be propagated through peer-to-peer file-sharing networks.

A

It can be propagated through peer-to-peer file-sharing networks.

A Trojan is malicious code that appears to be useful software. For example, a user might use a peer-to-peer file-sharing network on the Internet to download pirated software illegally. The software may install and function correctly, but a Trojan may also get installed. This Trojan could create a backdoor method for attackers to gain access to the system

25
Q

While attempting to access documents in a folder on your computer, you notice all of your files have been replaced with what appear to be random filenames. In addition, you notice a single text document containing payment instructions that will result in the decryption of your files. What type of malicious software is described in this scenario?

Malware

Criminalware

Ransomware

A

Ransomware

Ransomware makes data or an entire system inaccessible until a ransom is paid

26
Q

What type of malware dynamically alters itself to avoid detection?

Chameleon malware

Polymorphic malware

Changeling malware

A

Polymorphic malware

Polymorphic malware dynamically adjusts itself to avoid detection while maintaining its original functionality

27
Q

Which of the following actions would not reduce the likelihood of malware infection? (Choose all that apply.)

Keeping virus definitions up to date

Scanning removable media

Encrypting hard disk contents

Using NAT-capable routers

A

Encrypting hard disk contents

Using NAT-capable routers

Encrypting hard disk contents maintains data confidentiality but does not prevent malware infections. Network address translation (NAT) routers send all internal network traffic to a public network after translating the source IP address to match that of the NAT router’s public interface address. This does not prevent malware infections

28
Q

A user complains that his system has suddenly become unresponsive and ads for various products and services are popping up on the screen and cannot be closed. Which user actions could have led to this undesirable behavior? (Choose all that apply.)

Clicking a web search result

Viewing a web page

Watching a movie in AVI file format

Inserting a USB flash drive

A

Clicking a web search result

Viewing a web page

Watching a movie in AVI file format

Inserting a USB flash drive

All listed items have the potential of infecting a computer. Certain controls might be in place, such as which web sites can be viewed or which files can execute, but this type of preventative measure must have existed in place first

29
Q

A server at your place of work has had all of its files encrypted after an attacker compromised a device on the network. Which attack has taken place?

Virus

Worm

Crypto-malware

A

Crypto-malware

Crypto-malware gains access to a computer system and encrypts all files

30
Q

After installing a new piece of software from an online web site and then reviewing system logs, you notice that programs have been running without your consent. You also realize that files have also been added and removed at times when you were not using the computer. Which of the following items were most likely used to result in these logged messages? (Choose two.)

Remote administration tool

Adware

Logic bomb

Backdoor

A

Remote administration tool

Backdoor

A remote administration tool (RAT) enables an attacker to use the victim’s machine as if the attacker had physical access to it. Most modern backdoors have RAT functionality built into them