CompTIA Security+ (SY0-701) E5 Malware E

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which type of malware disguises as legitimate software and grants unauthorized access?

Viruses

Ransomware

Worms

Trojans (correct)

What is the method used to infiltrate a victim's machine?

Threat Vector (correct)

Phishing campaigns

USB drive installation

Unpatched software

Which type of malware encrypts user data and demands ransom for decryption?

Viruses

Worms

Trojans

Ransomware (correct)

What type of malware allows unauthorized access and executes malicious actions?

Backdoors and Logic Bombs Signup and view all the answers

Which type of malware monitors and gathers user/system information?

Spyware and Bloatware Signup and view all the answers

What type of malware hides its presence and activities on a computer, operating at the OS level?

Rootkits Signup and view all the answers

Which type of malware captures passwords or sensitive information by recording keystrokes?

Keyloggers Signup and view all the answers

What is the means by which an attacker gains access and infects the system?

Attack Vector Signup and view all the answers

Which type of malware consumes resources without value?

Spyware and Bloatware Signup and view all the answers

When it comes to malware techniques, what has evolved from file-based tactics to modern fileless techniques?

Malware Techniques Signup and view all the answers

What is the primary purpose of ransomware?

To block access to computer systems or data until a ransom is paid Signup and view all the answers

What type of malware is designed to gain administrative control over a computer system without detection?

Rootkits Signup and view all the answers

What is the characteristic of a worm?

Self-replicating malware that can spread throughout networks without user interaction Signup and view all the answers

Which type of malware is described as malicious code that runs without user knowledge?

Viruses Signup and view all the answers

What are common indications of a malware attack?

Documented attacks, inaccessibility, out-of-cycle logging Signup and view all the answers

Which type of malware can be prevented with regular backups, software updates, security awareness training, and Multi-Factor Authentication (MFA)?

Ransomware Signup and view all the answers

What is the primary purpose of botnets?

To conduct Distributed Denial-of-Service (DDoS) attacks Signup and view all the answers

What is the characteristic of a Distributed Denial-of-Service (DDoS) attack?

Occurs when many machines target a single victim simultaneously to break through encryption schemes Signup and view all the answers

Which type of virus is characterized by being able to change its internal structure without changing its external functionality?

Polymorphic virus Signup and view all the answers

What is the highest level of permissions that allows installation of programs, opening/closing ports, and control of device drivers?

Administrator Signup and view all the answers

Which technique is used to run arbitrary code within another process's address space by forcing it to load a DLL?

DLL Injection Signup and view all the answers

What are rootkits designed to do in order to hide from the operating system?

Move from Ring 1 to Ring 0 Signup and view all the answers

What is the main purpose of keyloggers?

Record every keystroke Signup and view all the answers

Which type of software is designed to gather and send information without user knowledge?

Spyware Signup and view all the answers

What is the main characteristic of bloatware?

Comes pre-installed on devices without user request Signup and view all the answers

Which malware attack technique penetrates and infects systems using specific methods?

Malware exploitation Signup and view all the answers

What is the most common method used by modern malware to avoid detection by signature-based security software?

Fileless techniques Signup and view all the answers

What is the primary action of rootkits and backdoors?

Granting unauthorized access Signup and view all the answers

What is the primary function of a stage one dropper or downloader?

To retrieve additional portions of the malware code and trick the user into activating it Signup and view all the answers

What is the specific function of a Shellcode?

Execute an exploit on a given target Signup and view all the answers

Which scenario indicates 'Impossible Travel'?

A user's account accessed from two or more geographically separated locations in an impossibly short period of time Signup and view all the answers

What does the 'Actions on Objectives' phase involve?

Executing primary objectives to meet core objectives like data exfiltration and file encryption Signup and view all the answers

What is ransomware?

A form of malware that encrypts user files to make them inaccessible Signup and view all the answers

What is the purpose of the 'Living off the Land' strategy adopted by threat actors?

Exploiting the standard tools to perform intrusions Signup and view all the answers

What does the term 'Concealment' refer to in the context of cybersecurity?

Hiding tracks, erasing log files, and hiding evidence of malicious activity Signup and view all the answers

What are indications of 'Out-of-Cycle Logging'?

Logs being generated at odd hours or during times when no legitimate activities should be taking place Signup and view all the answers

What does 'Resource Inaccessibility' indicate?

Ransomware encrypting user files Signup and view all the answers

'Missing Logs' can be an indication of what in a cybersecurity context?

'Out-of-Cycle Logging' scenario Signup and view all the answers

What can 'Concurrent Session Utilization' indicate in terms of cybersecurity?

Multiple simultaneous or concurrent sessions open from various geographic locations Signup and view all the answers

Study Notes

Administrator or root account: highest level of permissions, allows installation of programs, opening/closing ports, and control of device drivers (UNIX, Linux, and MacOS call it the root account)
Permissions and access levels: rings of permissions, from user level (Ring 3) to innermost/highest level (Ring 0, aka "kernel mode")
Rootkits: powerful malware, extremely difficult to detect, try to move from Ring 1 to Ring 0 to hide from the operating system, use DLL injection for deeper access
DLL Injection: technique used to run arbitrary code within another process's address space by forcing it to load a DLL
Rootkits and backdoors: similar in granting unauthorized access, originated as backdoors in software, RATs act like modern backdoors
Keyloggers: software or hardware that records every keystroke, can be installed as malware or hardware, difficult to detect and protect against, can waste storage space and slow down performance
Spyware and bloatware:
- Spyware: malicious software designed to gather and send information without user knowledge, can be installed in various ways, protect against it by using reputable antivirus and anti-spyware
- Bloatware: software that comes pre-installed on devices, not specifically requested by user, wastes space, slows down performance, and introduces potential vulnerabilities, remove it manually or use removal tools
Malware attack techniques:
- Malware exploitation: specific methods used by malware to penetrate and infect systems, some malware infects the system's memory to leverage remote procedure calls, most modern malware uses fileless techniques to avoid detection by signature-based security software.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

This study note covers the concept of the Administrator account in computer systems, along with the different rings of permissions. It explains the capabilities of an Administrator account and the levels of permissions in a computer system.