Mod 03 Threats and Attacks on Endpoints PDF

ITSY1400 Mod 03: Threats and Attacks on Endpoints 1. What does ransomware do to an endpoint device? a. Ransomware infects the endpoint devices and launches attacks on the infected endpoint and other devices connected to the network. b. Ransomware attacks the endpoint device without the consent of the user or the device, discreetly collecting and transmitting information, causing harm to the end user. c. Ransomware gets accidentally installed in the endpoint device as software along with other programs during the installation process. This happens when the user's installation and download options are overlooked, thus affecting the user application adversely. d. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded. 2. The files in James's computer were found spreading within the device without any human action. As an engineer, you were requested to identify the problem and help James resolve it. During file code inspection, you noticed that certain types of files in the computer have similar codes. You found that the problem is coming from a set of codes that are not part of the actual files, appended at the bottom of the file. You also noticed a transfer control code written at the beginning of the files giving control to the code at the bottom of the file. Which type of infection is this a characteristic of? a. This is a typical characteristic of a spyware infection in the endpoint device. b. This is a typical characteristic of an endpoint device infected with a file-based virus attack. c. This is a typical characteristic exhibited by files attacked by ransomware in the device. d. This is a typical characteristic of files infected by keystrokes in an endpoint. 3. Juan, a cybersecurity expert, has been hired by an organization whose networks have been compromised by a malware attack. After analyzing the network systems, Juan submits a report to the company mentioning that the devices are infected with malware that uses a split infection technique on files. Which malware attack is Juan reporting? a. Cryptomalware b. Virus c. Spyware d. RAT 4. Which of the following is a feature of a fileless virus? a. Fileless viruses grant limited control. b. Fileless viruses are easy to detect. c. Fileless viruses are persistent. d. Fileless viruses are easy to defend. 5. Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as? a. Zombie b. Payload c. Bot herder d. Botnet 6. Which of the following statements correctly describes the disadvantage of a hardware-based keylogger? a. A hardware-based keylogger can easily be detected in a network by an antivirus. Page 1 b. A hardware-based keylogger can be detected by an antivirus when it scans for ports. c. A hardware-based keylogger must be physically installed and removed without detection. d. A hardware-based keylogger's data can be easily erased by the antimalware software installed in the device. 7. Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here? a. Kate has installed a Trojan. b. Kate has installed a backdoor. c. Kate has installed a potentially unwanted program (PUP). d. Kate has installed an injection. 8. Shanise is an IT security professional for a large private bank. She got an alert that the bank website received a funds transfer request that was correctly credentialed but flagged as being out of the account owner's usual pattern. If the alert is correct, what type of attack has likely occurred? a. CSRF attack b. Replay attack c. XSS attack d. SQL injection 9. Kia recently noticed that when she browses her favorite online shopping site, she is immediately redirected to a competitor's site. What is happening here, and what is the best option for Kia to fix this situation? a. Kia has installed spyware, and she has to close the browser and reboot the system to correct the problem. b. Kia has accidentally installed a virus. She must close the browser and run a good antivirus program before browsing the website for shopping again. c. Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser. d. Kia must reinstall a fresh copy of the operating system and all applications. 10. Which of the following is an example of a request forgery malware? a. CSRF b. DLL injection c. Ransomware d. SQL injection 11. While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid. What is Andel likely a victim of? a. Keyloggers b. Spyware c. CSRF d. RAT 12. Which of the following is a form of malware attack that uses specialized communication protocols? ITSY1400 Mod 03: Threats and Attacks on Endpoints a. RAT b. Keylogger c. Spyware d. Bot 13. Which of the following describes the action of an SQL injection into a database server? a. The SQL injection inserts specially created extensible markup language to manipulate the database taking control of the database giving control to the attacker to manipulate the database. b. The SQL injection inserts specially created structured query language statements to manipulate the database server, giving control of the database to the attacker, who can then manipulate the database. c. The SQL injection inserts code into the DLL running process, causing the program to function differently than intended. d. The SQL injection is specially created code inserted into a legitimate program, which then lies dormant unless a special logical event triggers it. 14. What is a risk to data when training a machine learning (ML) application? a. ML algorithm security b. Tainted training data for machine learning c. API attack on the device d. Improper exception handling in the ML program 15. Which of the following is a subset of artificial intelligence? a. Machine learning b. Data science c. Artificial intelligence algorithm d. Machine intelligence 16. What is the name of the process where a website validates user input before the application uses the input? a. Tokening b. Sanitizing c. Authorizing d. Eliminating 17. Which of the following is a characteristic of a potentially unwanted program (PUP)? a. A PUP interferes and obstructs the user with web browsing and pop-up windows. b. A PUP pretends to perform natural activities while also performing malicious activities. c. A PUP gives the threat agent remote access to the user's device using specially configured communication protocols. d. A PUP gives access to the computer, program, or a service, circumventing the system's normal security protections. 18. Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database: 'whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection? Page 3 a. The attacker accessed the data of specific users. b. The attacker accessed the entirety of email address data from all users in the database. c. The attacker has used the SQL injection to delete the table in the database. d. The attacker has determined the names of different types of fields in the database. 19. Which of the following describes a memory leak attack? a. Memory leak attacks take advantage of the token generated and sent to the user's browser by the website as part of the authentication. b. In a memory leak attack, an attacker changes the variable's value to something outside the range the programmer had intended. c. A memory leak occurs when a process attempts to store data beyond a fixed-length storage buffer's boundaries. d. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack. 20. What is another term commonly used to define cross-site request forgery (CSRF): a. Server-side request forgery b. Client-side request forgery c. Client-server request forgery d. Cross-server request forgery 21. An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack? a. The attacker is using an integer overflow attack that will change the state of the local drive's memory. b. The attacker is using a buffer overflow to initiate an integer overflow attack that can allow access to private data on the local drive. c. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine. d. The attacker is using a buffer overflow to initiate an integer overflow attack that will give them access to the machine's OS code. 22. William downloaded some free software to help him with photo editing. A few days later, William noticed several personal photographs were modified and posted to various social media pages with obscene comments. He also noticed that there were videos of him that were morphed and circulated on adult websites. The videos were obviously taken using his webcam. What should William do to fix his problem and prevent it from happening again in the future? a. William should run an antivirus program and scan for all known backdoor viruses, then remove the infected file(s). To prevent this in the future, he should run the backdoor check every time he installs a new program. b. William should run an antimalware program and scan for all known RATs, then quarantine and remove the infected file(s). To prevent this in the future, he should only download software from trusted websites. c. William should run an antivirus program and scan for all known worms, then download a worm- removal program to ensure all infected files are fully removed from his system. To prevent this in the future, he should run the backdoor check every time he installs a new program. d. William should disable his network devices, then run an antimalware program to scan for keyloggers while his computer is not connected to the internet and delete all infected files. To prevent this in the future, William should never download free software off the internet. ITSY1400 Mod 03: Threats and Attacks on Endpoints 23. Terrence, an executive VP of IT at Sigma Bank, noticed that yesterday, there was a major attack on several thousands of bank employees' computers located at geographically different locations where files and data from the computers got deleted. It was also noticed that several confidential files containing customer data were deleted from the bank's server in multiple locations, and the CEO's emails were deleted from the mail server. Since the bank was compliant with cybersecurity measures, Terrence suspects an internal hand in this activity. While going through the records of all employees working in the IT security of the bank, both past and present, he notices that there is an employee, Chris, who has enough experience to launch this attack, was unhappy with his annual review last year, and had left the bank three months ago. If Terrence were able to single Chris out as the one responsible for the attack, what kind of an attack would this be? a. Keylogger b. Spyware c. Logic-bomb d. Backdoor 24. Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system: On booting the computer, the following message was flashing on the computer screen with the IRS logo: "This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of the law. You may make a secure payment by clicking on the following link. If you face any issues, you may reach out to us at [email protected]." The message will not close, nor is there access to applications or files on the computer; however, James can open shared files and folders on Smitha's computer through the network. What is your inference about the problem faced by Smitha on her computer? a. Smitha's computer is compromised by spyware. b. Smitha's computer is compromised by cryptomalware. c. Smitha's computer is compromised by ransomware. d. Smitha's computer is compromised by a PUP. 25. Ian, a systems administrator, was checking systems on Monday morning when he noticed several alarms on his screen. He found many of the normal settings in his computer and programs changed, but he was sure no one had physically entered his room since Friday. If Ian did not make these changes, which of the events below is the most likely reason for the anomalies? a. The power went out over the weekend and caused the programs to move back to their default settings. b. A backdoor was installed previously and utilized over the weekend to access the computer and the programs. c. A firewall scan that was run over the weekend shut down the computer and the programs. d. The security administrator ran a penetration test over the weekend and did not tell anyone. 26. A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the Page 5 threat actor. Which of the following is correct, based on the evaluation of the above observation? a. This is a software keylogger attack, as it is sharing the information every three hours to the attacker. b. This is a hardware keylogger attack; it is only periodically sharing the information and is a manual transfer of information by a human agent. c. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared. d. This is a hardware keylogger attack, as video capture functionality and periodic transfer of data are not possible with a software keylogger. 27. Which type of malware can hide its agenda inside other processes, making it undetectable, and what is it usually used for? a. RAT, an executable program that gives unauthorized remote access to a user's computer b. Trojan, an executable program that pretends to perform a harmless activity while doing something malicious c. Rootkit, a malware that uses the lower layers of the operating system or undocumented functions to make alterations to the operating system's processes d. Backdoor, which gives access to a computer, program, or service that overrides any normal security protections 28. What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user? a. Replay b. Trojan c. Buffer overflow d. Device driver manipulation 29. A web application with an SQL server database is found to be compromised by an attacker. On examination, the email IDs of the database have been found modified. This was due to improper validation in the input fields exploited by the attacker. What is the probable attack in the above scenario? a. XML Injection b. SQL Injection c. XSS d. SSRF 30. Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators' solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications. What type of attack is this? a. This is an API attack. b. This is a device driver manipulation attack. c. This is a backdoor attack. d. This is an AI attack.

Mod 03 Threats and Attacks on Endpoints PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue