1.
What is a BotNet ?
Correct Answer
B. A network of zombie hosts that provide an attacker with remote control of a compromised system
Explanation
A BotNet is a network of zombie hosts that provide an attacker with remote control of a compromised system. This means that the attacker can use the network to carry out malicious activities without the knowledge or consent of the system owner. The compromised systems, or zombie hosts, are typically infected with malware that allows the attacker to control them remotely. This network can be used for various purposes such as launching DDoS attacks, sending spam emails, stealing sensitive information, or distributing further malware.
2.
Hackers typically control a Botnet using what technology
Correct Answer
A. IRC
Explanation
Hackers typically control a Botnet using IRC (Internet Relay Chat). IRC is a communication protocol that allows users to chat and exchange messages in real-time. It provides a platform for hackers to remotely control a network of compromised computers or "bots" by sending commands through IRC channels. These commands can include instructions to launch DDoS attacks, distribute malware, or perform other malicious activities. IRC offers anonymity and flexibility, making it a popular choice for hackers to coordinate and control their botnets.
3.
This type of keylogger can not be detected by Anti-Virus or Anti-spyware
Correct Answer
D. Hardware Keylogger
Explanation
A hardware keylogger is a type of keylogger that is physically connected to the computer or keyboard, making it difficult to detect by antivirus or anti-spyware software. Unlike software keyloggers, which are installed on the computer's operating system, a hardware keylogger operates externally and does not leave any traces on the computer's hard drive. This makes it highly covert and difficult to detect, as it bypasses any security measures implemented by software-based security programs.
4.
Which of the following urls may indicate a potential Phishing attack
Correct Answer
B. Http://www.cisco.com.co.uk/support.asp
Explanation
The URL "http://www.cisco.com.co.uk/support.asp" may indicate a potential Phishing attack because it contains the domain "cisco.com.co.uk" which is not the official domain for Cisco. Phishing attackers often create URLs that mimic legitimate websites in order to deceive users into providing their personal information. In this case, the presence of "cisco.com.co.uk" suggests that the website may be attempting to impersonate Cisco and trick users into divulging sensitive information.
5.
Which of the following are best practice recommendations for avoiding Phishing & Pharming attacks ?
Pick 2
Correct Answer(s)
C. Enable firefox 3 pHishing filters
D. Use common sense
Explanation
Enabling Firefox 3 Phishing filters is a best practice recommendation for avoiding Phishing & Pharming attacks because these filters can help detect and block known phishing websites, providing an additional layer of protection. Using common sense is also a best practice recommendation as it involves being cautious and skeptical of suspicious emails, links, or websites, and not willingly sharing personal or sensitive information without verifying the legitimacy of the request.
6.
Which of the following piece of Malware is identified as self propagating, standalone code
Correct Answer
C. Worm
Explanation
A worm is a type of malware that is capable of spreading itself without any human intervention. It is a standalone code that can replicate itself and spread to other computers or networks through various means such as email attachments, network vulnerabilities, or removable media. Unlike viruses, worms do not need to attach themselves to other programs or files in order to spread. They can independently execute and propagate, making them highly efficient at infecting multiple systems quickly.
7.
Polymorphic malware can defeat AV because
Correct Answer
B. It changes syntactical code within the binary so that the hash and pattern no longer match
Explanation
Polymorphic malware can defeat antivirus (AV) because it changes the syntactical code within the binary. By altering the code, the malware ensures that the hash and pattern used by the AV software no longer match, making it difficult for the AV to detect and identify the malware. This constant modification of the code allows the malware to evade detection and continue to infect systems without being detected by traditional AV solutions.
8.
What is the average detection rate of Anti-Virus systems
Correct Answer
C. 29%
Explanation
The correct answer is 29%. This suggests that, on average, Anti-Virus systems are able to detect approximately 29% of viruses or malicious software. This detection rate indicates the effectiveness of these systems in identifying and removing threats from a computer or network. A higher detection rate would imply a more reliable and efficient Anti-Virus system, while a lower rate may indicate a need for improvement or updated software.
9.
What functionality does a RAT (Remote Access Trojan) provide to an attacker
Click all that apply
Correct Answer(s)
A. Keylogging
B. Turn on the webcam
C. Track your URL's
E. Capture your screen
Explanation
A Remote Access Trojan (RAT) provides various functionalities to an attacker. Keylogging refers to the ability of the RAT to record and capture keystrokes made by the victim, allowing the attacker to gather sensitive information such as passwords. Turning on the webcam allows the attacker to remotely access and control the victim's webcam, potentially invading their privacy. Tracking URL's enables the attacker to monitor the websites and webpages visited by the victim, providing insights into their online activities. Capturing the screen allows the attacker to remotely view and record the victim's screen, giving them access to any information or activities displayed on it. Turning on a microphone in the TV is not a functionality typically associated with a RAT, as it is specific to TVs and not a general feature of remote access trojans.
10.
Name 3 ways an attacker has to crack your passwords
Correct Answer(s)
A. Comparing your password to ones he has in a dictionary
B. Guessing each different arrangement of upper & lower case letters, number and characters
D. Sniffing the password as it leaves your computer
Explanation
An attacker can crack passwords by comparing them to ones in a dictionary, guessing different arrangements of upper and lower case letters, numbers, and characters, and by sniffing the password as it leaves the user's computer.
11.
Which of the following is considered best practice for the use of passwords
Correct Answer(s)
C. The password must be at least 8 chracters
D. Must be alpHa numeric with special characters
Explanation
The correct answer is that the password must be at least 8 characters long and must be alphanumeric with special characters. This is considered best practice for the use of passwords because it ensures that the password is long enough to be secure and includes a combination of letters, numbers, and special characters, making it harder to guess or crack.
12.
How do you avoid being a victim of Social Engineering
Name 2 ..
Correct Answer(s)
C. Hover over a link with your mouse and see if you can identify the destination of the hyperlink
D. Never pass your account details over the pHone to any organisation
Explanation
Hovering over a link with your mouse and identifying the destination of the hyperlink helps to avoid being a victim of social engineering because it allows you to verify the legitimacy of the website or webpage before clicking on the link. This helps to prevent falling for phishing scams or malicious websites that may try to steal personal information. Similarly, never passing your account details over the phone to any organization is important to avoid falling for phone scams where fraudsters may pose as legitimate organizations to gain access to sensitive information.
13.
What are 2 concerns of Social Networking sites
Correct Answer(s)
A. There is no means to accurately identify a friend is who they say they are
B. Images and applications that are posted to Social Networking sites are created by unknown entities
Explanation
Social networking sites have two concerns: the inability to accurately identify whether a friend is who they claim to be and the fact that images and applications posted on these sites are created by unknown entities. This lack of verification can lead to potential security risks and the spread of false information. Additionally, the privacy measures of social networking sites have been proven to be insufficient, even when configured correctly, which can compromise users' personal information and expose them to privacy breaches.
14.
Which of the following are weaknesses of IP based voice communications - i.e. Unified Communications
Select all that apply
Correct Answer(s)
A. The audio from your call can be captured and replayed without your knowledge
B. Features of the pHone can be turned on remotely
C. Poor password & PIN security mean that anyone can access your message store
Explanation
The weaknesses of IP based voice communications - i.e. Unified Communications - include the ability for the audio from your call to be captured and replayed without your knowledge, the potential for features of the phone to be turned on remotely, and the risk of poor password and PIN security allowing anyone to access your message store. These vulnerabilities highlight the need for enhanced security measures in IP based voice communications systems.
15.
NextiraOne has a series of security policies that define acceptable use of the companies network and computer systems - where are these documents located
Correct Answer
C. On the company intranet, in the HR folder
Explanation
The security policies of NextiraOne are located on the company intranet, specifically in the HR folder.