1_2_8 Section 1 – Attacks, Threats, and Vulnerabilities - 1.2 – Attack Types - Logic Bombs

Questions and Answers

What type of attack occurs when a separate event triggers a logic bomb?

• Logic bomb attack (correct)
• Man-in-the-middle attack
• Social engineering attack
• Phishing attack

In what country did a time-based logic bomb incident occur on March 19, 2013?

• Japan
• China
• North Korea
• South Korea (correct)

What is one common trigger for a logic bomb to execute?

• Turning on or off a computer (correct)
• Updating software
• Placing a file on a USB drive
• Running antivirus software

Why is it difficult to identify if a logic bomb has been placed in a system?

It doesn't follow any known signature (B)

What type of organizations in South Korea were targeted by the time-based logic bomb in 2013?

Media organizations and banks (A)

What happens to many logic bombs after they execute?

They delete themselves (A)

What type of networks were affected by the logic bomb in Ukraine on December 17th, 2016?

SCADA networks (D)

How did systems without a master boot record respond after the attack?

Showing a 'boot device not found' error (B)

What is one recommendation for preventing logic bombs from being installed?

Implementing formal processes and controls for environment changes (A)

What are SCADA networks used for?

Managing electrical systems (A)

What method can be used to detect unauthorized changes on a server?

Host-based intrusion prevention (C)

Why is it important to have constant auditing of alert systems and computer systems?

To ensure authorized changes are being made (B)

What can be a trigger for a logic bomb to execute, based on the text?

Opening a specific email attachment (A)

Why is it challenging to detect a logic bomb in a system according to the text?

They delete themselves after execution (B)

What is commonly used as a trigger for a logic bomb in addition to time-based triggers?

Placing a file in a specific folder (C)

How did the time-based logic bomb incident in South Korea on March 19, 2013, get activated?

It self-activated once the date and time were reached (D)

What can be a potential trigger for a logic bomb to execute based on the text?

Placing a file in a specified folder (D)

Why are logic bombs hard to identify with traditional security solutions according to the text?

They mimic regular system activities (B)

What effect did the logic bomb in Ukraine on December 17th, 2016, have on high voltage substations?

Disabling electrical circuits and bringing down electrical connections (D)

Why is it challenging to detect when a logic bomb has been installed in a system?

There are no known signatures that can alert to the presence of a logic bomb (C)

What type of networks were targeted by the malware customized to work with SCADA networks?

Supervisory control and data acquisition networks (C)

Why is having a formal set of processes and controls important when making changes in an environment?

To deter any unauthorized modifications (D)

What is one suggested method for detecting unauthorized changes on a server?

Configuring host-based intrusion prevention (B)

Why is constant auditing of alert systems and computer systems important?

To ensure all changes are authorized and track any unauthorized attempts (D)