• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

20 Cards in this Set

  • Front
  • Back

Which of the following types of malware is the MOST difficult to reverse engineer?

A. Logic bomb

B. Trojan

C. Armored virus

D. Ransomware

Correct Answer: C. An armored virus uses one or more techniques to make it difficult for antivirus researchers to reverse engineer it. A logic bomb executes in response to an event, but it is often implemented with simple code. A Trojan appears to be something beneficial, but it includes a malicious component. Ransomware takes control of a user's system or data and then demands payment as ransom.

Recently, malware on a company computer destroyed several important files after it detected that Homer was no longer employed at the company. Which of the following BEST identifies this malware?

A. Logic bomb

B. Rootkit

C. Backdoor

D. Adware

Correct Answer: A. A logic bomb executes in response to an event. In this scenario, the logic bomb is delivering its payload when it detects that Home is no longer employed at the company. A rootkit doesn't respond to an event. A backdoor provides another method of accessing a system, but it does not delete files. Adware uses advertising methods, such as pop-up windows.

A recent antivirus scan on a server detected a Trojan. A technician removed the Trojan, but a security administrator expressed concern that unauthorized personnel might be able to access data on the server. The security administrator decided to check the server further. Of the following choices, what is the administrator MOST likely looking for on this server?

A. Backdoor

B. Logic bomb

C. Rootkit

D. Botnet

Correct Answer: A The security administrator is most likely looking for a backdoor because Trojans commonly create backdoors, and a backdoor allows unauthorized personnel to access data on the system. Logic bombs and rootkits can create backdoor accounts, but Trojans don't create logic bombs and would rarely install a rootkit. The computer might be joined to a botnet, but it wouldn't be a botnet.

After Maggie turned on her computer, she saw a message indicating that unless she made a payment, her hard drive would be formatted. What does this indicate?

A. Armored virus

B. Ransomware

C. Backdoor

D. Trojan

Correct Answer: B. Ransomware attempts to take control of a user's system or data and then demands ransom to return control. An armored virus uses one of more techniques to make it more difficult to reverse engineer. It's possible that Maggie's computer was infected with a Trojan, which created a backdoor. However, not all Trojans or backdoor accounts demand payments as ransom.

A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the organization's internal network, using uncommon ports. Using a security toolkit, the administrator discovered the computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator has found?

A. Rootkit

B. Backdoor

C. Spam

D. Trojan

A rootkit typically runs processes that are hidden and it also attempts to connect to computers via the Internet. Although an attacker might have used a backdoor to gain access to the user's computer and install the rootkit, backdoors don't run hidden processes. Spam is unwanted email and is unrelated to this question. A trojan is malware that looks like it's beneficial, but is malicious.

What type of malware uses marketing pop-ups and does not attempt to hide itself?

A. Blocker

B. Rootkit

C. Trojans

D. Adware

Correct Answer: D. Adware commonly causes pop-up windows to appear with marketing advertisements and adware doesn't try to hide itself. Many web browsers include pop-up blockers that block these pop-ups. A rootkit does attempt to hide itself and keep any rootkit processes kidden. Trojans perform some malicious activity such as creating a backdoor account, and they hide their activity.

Of the following malware types, which one is MOST likely to monitor a user's computer?

A. Trojan

B. Spyware

C. Adware

D. Ransomware

Correct Answer: B. Spyware monitors a user's computer and activity. Trojans often install backdoor accounts, but they don't necessarily monitor systems and activity. Adware typically causes pop-up windows for advertising, and although it might monitor the user to target ads, not all adware monitors users. Ransomware is primarily concerned with getting the user to make a ransom payment.

Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with a known hardware vendor. The technician said he's aware of a problem with database servers they've sold, but it only affects certain operating system versions. He asks Lisa what operating system the company is running on its database servers. Which of the following choices is the BEST response from Lisa?

A. Let the caller know what operating system and versions are running on the database servers to determine if any further action is needed.

B. Thank the caller and end the call, report the call to her supervisor, and independently check the vendor for issues.

C. Ask the caller for his phone number so that she can call him back after checking the servers.

D. Contact law enforcement personnel

Correct Answer: B. This sounds like a social engineering attack where the caller is attempting to get information on the servers, so it's appropriate to end the call, report the call to a supervisor, and independently check the vendor for potential issues. It is not appropriate to give external personnel information on internal systems from a single phone call. The caller has not committed a crime by asking questions, so it is not appropriate to contact law enforcement personnel.

A security administrator at a shopping mall discovered two wireless cameras pointing at an automatic teller machine. These cameras were not installed by mall personnel and are not authorized. What is the MOST likely goal of these cameras?

A. Tailgating

B. Dumpster diving

C. Vishing

D. Shoulder surfing

Correct Answer: D. Shoulder surfing is the practice of peering over a person's shoulder to discover information. In this scenario, the attacker is using the wireless cameras to discover PINs as users enter them. Tailgating is the practice of following closely behind someone else without using credentials. Dumpster diving is the practice of searching trash dumpsters for information. Vishing is a form of phishing using the phone.

Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe?

A. Spear phishing

B. Whaling

C. Mantrap

D. Tailgating

Correct Answer: D. Tailgating is the practice of following closely behind someone else without using credentials. In this scenario, Bart might be an employee who forgot his badge, or he might be a social engineer trying to get in by tailgating. Mantraps prevent tailgating. Spear phishing and whaling are two types of phishing with email.

An organization's security policy requires employees to incinerate paper documents. Of the following choices, which type of attack is this MOST likely to prevent?

A. Shoulder surfing

B. Tailgating

C. Vishing

D. Dumpster diving

Correct Answer: D. Dumpster diving is the practice of looking for documents in the trash dumpsters, but shredding or incinerating documents ensure dumpster divers cannot retrieve any paper documents. Shoulder surfers attempt to view something on a monitor or other screen, not papers. Tailgating refers to entering a secure area by following someone else. Vishing is a form of phishing using the phone.

While cleaning out his desk, Bart threw several papers containing PII into the recycle bin. Which type of attack can exploit this action?

A. Vishing

B. Dumpster diving

C. Shoulder surfing

D. Tailgating

Correct Answer: B. Dumpster divers look through trash or recycling containers for valuable paperwork, such as documents that include Personally Identifiable Information (PII). Instead, paperwork should be shredded or incinerated. Vishing is form of phishing that uses the phones. Shoulder surfers attempt to view monitors or screens, not papers. Tailgating is the practice of following closely behind someone else, without using proper credentials.

Marge reports that she keeps receiving unwanted emails about personal loans. What does this describe?

A. Phishing

B. Spear phishing

C. Spam

D. Vishing

Correct Answer: C. Spam is unwanted emails from any source. Phishing and spear phishing are types of attacks using email. Vishing is similar to phishing but it uses telephone technology.

A recent spear phishing attack that appeared to come from your organization's CEO resulted in several employees revealing their passwords to attackers. Management wants to implement a security control to provide assurances to employees that email that appears to come form the CEO actually came from the CEO. Which of the following should be implemented?

A. Digital signatures.

B. Spam filter

C. Training

D. Metrics

Correct Answer: A. A digital signature provides assurances of who sent an email and meets the goal of this scenario. Although a spam filter might filter a spear phishing attack, it does not provide assurances about who sent an email. A training program would help educate employees about attacks and would help prevent the success of these attacks, but it doesn't provide assurances about who sent an email. Metrics can measure the success of a training program.

Attackers are targeting C-level executives in your organization. Which type of attack is this?

A. Phishing

B. Vishing

C. Spam

D. Whaling

Correct Answer: D. Whaling is a type of phishing that targets high-level executives, such as CEOs, CIOs, and CFOs. Because whaling is more specific than phishing, phishing isn't the best answer. Vishing is similar to phishing, but it uses the phone instead. Spam is unwanted email, but spam isn't necessarily malicious.

You manage a group of computers in an isolated network without internet access. You need to update the antivirus definitions manually on these computers. Which of the following choices is the MOST important concern?

A. Running a full scan of the systems before installing the new definitions.

B. Running a full scan of the systems after installing the new definitions.

C. Ensuring the definition file hash is equal to the hash on the antivirus vendor's web site.

D. Ensuring the update includes all signature definitions.

Correct Answer: C. when downloading files as important as antivirus definitions, it's important to ensure they do not lose data integrity, and you can do so by verifying the hashes. It's not necessary to run a full scan either before or after installing new definitions, but the new definitions will help.

A user wants to reduce the threat of an attacker capturing her personal information while she surfs the Internet. Which of the following is the BEST choice?

A. Antivirus software

B. Anti-spyware software

C. Pop-up blocker

D. Whitelisting

Correct Answer: B. Anti-spyware is the best choice to protect an individual's personal information while online. Many antivirus software applications include anti-spyware components, but not all of them do. A pop-up blocker prevents pop-up windows, caused by adware. Whitelisting identifies specific applications authorized on a system, but does not necessarily prevent the theft of personal information.

Bart is complaining that new browser windows keep opening on his computer. Which of the following is the BEST choice to stop these in the future?

A. Malware

B. Adware

C. Pop-up blocker

D. Antivirus software

Correct Answer: C. A pop-up blocker is the best choice to stop these windows, which are commonly called pop-up windows. They might be the result of malware or adware, but more malware or adware will not stop them. Some antivirus software may block the pop-ups, but a pop-up blocker is the best choice.

Your organization recently suffered a loss from malware that wasn't previously known by any trusted sources. Which type of attack is this?

A. Phishing attack

B. Zero-day

C. Buffer overflow

D. Integer overflow

Correct Answer: B. A zero-day exploit is one that isn't known by trusted sources such as antivirus vendors or operating system vendors. Trusted sources know about many phishing attacks, buffer overflow attacks, and integer overflow attacks.

Homer received an email advertising the newest version of a popular smartphone, which is not available elsewhere. It includes a malicious link. Which of the following principles is the email author using?

A. Authority

B. Intimidation

C. Scarcity

D. Trust

Correct Answer: C. The attacker is using scarcity to entice the user to click the link. A user might realize that clicking on links from unknown sources is risky, but the temptation of getting the new smartphone might cause the user to ignore the risk.