Question 61: Which of the following describes a self-replicating malware that spreads by duplicating itself in order to infect other devices without user interaction?
A. Malicious link
B. Botnet
C. Worm
D. Hybrid virus
Correct Answer:
C. Worm
Explanation:
A worm is a type of malware that does not need a host program to self-replicate and typically spreads without any human intervention or commands from the malware authors.
Question 62: Once installed, which collection of software tools is used to gain remote access to and control over a computer or system?
A. Rootkit
B. Penetration test
C. Virus
D. Logic bomb
Correct Answer:
A. Rootkit
Explanation:
A rootkit is a collection of tools that, once installed, attackers can use to create backdoors in a victim’s system and introduce other types of malware to the network for further attacks.
Question 63: A hybrid virus infects both files and system sectors and may incorporate which of the following?
A. Characteristics of macro viruses
B. Characteristics of file infectors
C. Characteristics of system infectors
D. Any combination of the above
Correct Answer:
D. Any combination of the above
Explanation:
A hybrid virus combines multiple characteristics from the three types of viruses — macro viruses, file infectors and system infectors — to maximize damage and thwart removal efforts.
Question 64: Which of the following is not true of a logic bomb?
A. Lies dormant, typically undetected, until trigger occurs
B. Its level of destruction is always the same
C. Commonly orchestrated by malicious insiders to sabotage the organization
D. Logic bomb triggers are categorized as either positive or negative
Correct Answer:
B. Its level of destruction is always the same
Explanation:
Commonly attributed to malicious, privileged users, a logic bomb is a line of malicious code within a system or other malware that “explodes” when triggered by a certain event. The explosion may occur when a condition is met, known as a positive trigger, or when a condition is not met, known as a negative trigger.
Question 65: Fill in the blanks: ______ is used legitimately in free versions of applications to display advertisements while a program is running but can be classified as ______ if the code records users’ information or browsing habits without their consent and authorization.
A. Social engineering; malvertising
B. Adware; spyware
C. Shareware; malware
D. Adware; ransomware
Correct Answer:
B. Adware; spyware
Explanation:
Adware may collect user or browsing information to display customized banners or popup advertisements while the program is running. However, if this data is collected or sold to third parties without the user’s knowledge and authorization, it is classified as spyware, also known as malvertising.
Question 66: Which of the following is not true of a keylogger?
A. This surveillance technology is sometimes hardware-based.
B. It monitors and records keystrokes typed on a keyboard.
C. It can require physical access to the target’s device for installation.
D. Task managers are enough to detect it.
Correct Answer:
D. Task managers are enough to detect it.
Explanation:
Both hardware-based keyloggers and keylogger software programs are used to surveil targets by monitoring and recording keystrokes on their device. Because there are varying types of keyloggers and capabilities, detection by a task manager alone is unlikely to be successful.
Question 67: Fill in the blank: Phishing, spear phishing, vishing, scareware and watering hole attacks are all types of ______.
A. Probes
B. Insider threats
C. Social engineering
D. Ransomware
Correct Answer:
C. Social engineering
Explanation:
Malicious actors use social engineering to disguise themselves as trusted individuals and manipulate targets into falling for cyber attacks such as phishing, spear phishing, vishing, scareware, watering hole attacks and more.
Question 68: Which of the following is not an indicator of a DoS attack?
A. Degradation of network performance
B. Specific website is unavailable
C. Lower than usual volume of spam email
D. Inability to access any website
Correct Answer:
C. Lower than usual volume of spam email
Explanation:
According to the U.S. Computer Emergency Readiness Team, the most common indicators of a DoS attack include degradation of network performance, a specific website is unavailable, inability to access any network and a higher than usual volume of spam email.
Question 69: Choose the term that describes the dangerous malware that takes over a victim’s machine and abuses compute resources to mine digital currency and transfer it to the criminal’s digital wallet.
A. Bitcoin
B. Cryptominer
C. Monero
D. Graceful degradation
Correct Answer:
B. Cryptominer
Explanation:
Commonly indicated by graceful degradation, cryptominers such as WannaMine hijack control of compute resources on a victim’s machine to mine and deposit cryptocurrency such as bitcoin or Monero into the attacker’s digital wallet.
Question 70: Which of the following attacks uses a botnet to overwhelm a server or other network resource with fraudulent traffic, thus triggering the system to deny access to legitimate users?
A. DDoS
B. DoS
C. IoT
D. Command and control
Correct Answer:
A. DDoS
Explanation:
In a DDoS attack, an attacker creates a botnet to deny legitimate users access to a server or network by slowing down and even crashing a system with a flood of fraudulent traffic.
