Podcast
Questions and Answers
Ryan wants to prevent logic bombs created by insider threats from impacting his organization. What technique will most effectively limit the likelihood of logic bombs being put in place?
Ryan wants to prevent logic bombs created by insider threats from impacting his organization. What technique will most effectively limit the likelihood of logic bombs being put in place?
- Deploying endpoint detection and response (EDR) software
- Disabling autorun for USB drives
- Deploying antivirus software
- Using a code review process (correct)
Yasmine believes that her organization may be dealing with an advanced rootkit and wants to write IoC definitions for it. Which of the following is not likely to be a useful IoC for a rootkit?
Yasmine believes that her organization may be dealing with an advanced rootkit and wants to write IoC definitions for it. Which of the following is not likely to be a useful IoC for a rootkit?
- Pop-ups demanding a ransom (correct)
- Behavior-based identifiers
- File hashes
- Command and control domains
Nathan works at a school and notices that one of his staff appears to have logged in and changed grades for a single student to higher grades, even in classes that staff member is not responsible for. When asked, the staff member says that they did not perform the action. Which of the following is the most likely way that a student could have gotten access to the staff member's password?
Nathan works at a school and notices that one of his staff appears to have logged in and changed grades for a single student to higher grades, even in classes that staff member is not responsible for. When asked, the staff member says that they did not perform the action. Which of the following is the most likely way that a student could have gotten access to the staff member's password?
- A keylogger (correct)
- A rootkit
- Spyware
- A logic bomb
Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?
Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?
Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware?
Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware?
What is the primary impact of bloatware?
What is the primary impact of bloatware?
What type of malware is used to gather information about a user's browsing habits and system?
What type of malware is used to gather information about a user's browsing habits and system?
Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives multiple different answers for what the malware package is. What has occurred?
Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives multiple different answers for what the malware package is. What has occurred?
Nancy is concerned that there is a software keylogger on the system she's investigating. What best describes data that may have been stolen?
Nancy is concerned that there is a software keylogger on the system she's investigating. What best describes data that may have been stolen?
A system in Elaine's company has suddenly displayed a message demanding payment in Bitcoin and claiming that the data from the system has been encrypted. What type of malware has Elaine likely encountered?
A system in Elaine's company has suddenly displayed a message demanding payment in Bitcoin and claiming that the data from the system has been encrypted. What type of malware has Elaine likely encountered?
Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs an antimalware tool's scanner, the system doesn't show any malware. If he has other data that indicates the system is infected, what should his next step be if he wants to determine what malware may be on the system?
Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs an antimalware tool's scanner, the system doesn't show any malware. If he has other data that indicates the system is infected, what should his next step be if he wants to determine what malware may be on the system?
A recently terminated developer from Jaya's organization has contacted the organization claiming that they left code in an application that they wrote that will delete files and bring the application down if they are not employed by the company. What type of malware is this?
A recently terminated developer from Jaya's organization has contacted the organization claiming that they left code in an application that they wrote that will delete files and bring the application down if they are not employed by the company. What type of malware is this?
Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this?
Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this?
What is the key difference between a worm and a virus?
What is the key difference between a worm and a virus?
Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious?
Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious?
Which of the following defenses is most likely to prevent Trojan installation?
Which of the following defenses is most likely to prevent Trojan installation?
Jason's security team reports that a recent WordPress vulnerability seems to have been exploited by malware and that their organization's entire WordPress service cluster has been infected. What type of malware is most likely involved if a vulnerability in the software was exploited over the network?
Jason's security team reports that a recent WordPress vulnerability seems to have been exploited by malware and that their organization's entire WordPress service cluster has been infected. What type of malware is most likely involved if a vulnerability in the software was exploited over the network?
Hui's organization recently purchased new Windows computers from an office supply store. The systems have a number of unwanted programs on them that load at startup that were installed by the manufacturer. What type of software is this?
Hui's organization recently purchased new Windows computers from an office supply store. The systems have a number of unwanted programs on them that load at startup that were installed by the manufacturer. What type of software is this?
What type of malware connects to a command and control system, allowing attackers to manage, control, and update it remotely?
What type of malware connects to a command and control system, allowing attackers to manage, control, and update it remotely?
Randy believes that a system that he is responsible for was infected after a user picked up a USB drive and plugged it in. The user claims that they only opened one file on the drive to see who might own it. What type of malware is most likely involved?
Randy believes that a system that he is responsible for was infected after a user picked up a USB drive and plugged it in. The user claims that they only opened one file on the drive to see who might own it. What type of malware is most likely involved?
Flashcards
Code Review
Code Review
Process to review code can minimize logic bomb threats.
Rootkit IoC
Rootkit IoC
Pop-ups demanding a ransom aren't usually hidden like rootkits.
Keylogger
Keylogger
Gaining access to the staff member's password by logging their keys.
Command and Control (C2)
Command and Control (C2)
Signup and view all the flashcards
Backdoor
Backdoor
Signup and view all the flashcards
Bloatware
Bloatware
Signup and view all the flashcards
Spyware
Spyware
Signup and view all the flashcards
Malware Naming
Malware Naming
Signup and view all the flashcards
Keylogger Data
Keylogger Data
Signup and view all the flashcards
Ransomware
Ransomware
Signup and view all the flashcards
Rootkit Detection
Rootkit Detection
Signup and view all the flashcards
Logic Bomb
Logic Bomb
Signup and view all the flashcards
Malware Removal
Malware Removal
Signup and view all the flashcards
Worm vs. Virus
Worm vs. Virus
Signup and view all the flashcards
Analyze Python Code
Analyze Python Code
Signup and view all the flashcards
Preventing Trojan
Preventing Trojan
Signup and view all the flashcards
Worm
Worm
Signup and view all the flashcards
Bloatware
Bloatware
Signup and view all the flashcards
Bot
Bot
Signup and view all the flashcards
Virus
Virus
Signup and view all the flashcards
