TestOut Flashcards – 13.8 Security

Which of the following are likely symptoms of malware infection? (Select two.)

A. Renamed system files.
B. Cookies placed by a web site recently visited.
C. Operating system updates that were installed without your knowledge.
D. Receipt of phishing e-mails in your inbox.
E. Changed file permissions.

A. Renamed system files. & E. Changed file permissions.
Explanation: Common symptoms of a malware infection include the following:

• Slow computer performance
• Internet connectivity issues
• Operating system lock ups
• Windows update failures
• Renamed system files
• Disappearing files
• Changed file permissions
• Access denied errors

Cookies are commonly placed by legitimate web sites and aren’t considered a major security threat. Windows operating systems automatically install updates by default. Receiving phishing e-mails doesn’t necessarily indicate that the system is infected with malware. It’s more likely your e-mail address has been picked up and Included on a list.

Which of the following identify the key differences between a worm and a virus? (Select two.)

A. Worms usually destroy data while viruses gather sensitive information.
B. Worms must be launched by some other process on the system.
C. Worms independently replicate themselves.
D. Viruses must be launched by some other process on the system.
E. A virus relies on a host for replication.

C. Worms independently replicate themselves. & E. A virus relies on a host for replication.

Explanation: A worm can independently replicating itself. It uses an available network connection to send copies of itself to other computers. A virus, on the other hand, must infect a file for it to be replicated. The virus is replicated when the infected file is copied to another computer. Worms and viruses are not always dependent upon other processes to launch them. Both worms and virus are capable of destroying data or gathering sensitive information.

Several employees have forwarded you an e-mail indicating that your company’s health insurance provider has just launched a new benefits management web site that all employees must start using. The employees are told in the e-mail to click a link to access the site. Once there, they are required to provide their Social Security number. However, you have discovered that your company’s insurance provider did not send this e-mail. What kind of attack just occurred?

A. Piggybacking
B. Denial of Service
C. Phishing
D. Trojan Horse

C. Phishing

Explanation: A phishing attack has occurred. In a phishing attack, a spoofed e-mail containing a link to a bogus web site is used to trick users into revealing sensitive Information, such as a username, password, or social security number. Both the e-mail and the web site used in the attack appear to be legitimate on the surface. Piggybacking occurs when an unauthorized person follows behind an authorized person to enter a secured area. Denial of Service (DoS) attacks flood a target host with so many bogus requests that it can no longer respond to legitimate network requests. A trojan horse is a type of malware that pretends to be a legitimate application.

Which techniques are used in a pharming attack to redirect legitimate web traffic to malicious web sites? (Select two.)

A. Exploiting DHCP servers to deliver the IP address of poisoned DNS servers.
B. Dictionary attack.
C. Search engine results poisoning.
D. Man-in-the-middle attack.
E. Changing the host’s file of a user’s computer.

A. Exploiting DHCP servers to deliver the IP address of poisoned DNS servers. & E. Changing the host’s file of a user’s computer.

Explanation: Pharming redirects one website’s traffic to another, bogus website that is designed to look like the real web site. Once there, the attacker tricks the user into supplying personal information, such as bank account and PIN numbers. Pharming works by resolving legitimate URLs to the IP address of malicious web sites. This is typically done using one of the following techniques:

• Changing the hosts file of a user’s computer
• Poisoning a DNS server
• Exploiting DHCP servers to deliver the IP address of malicious DNS servers In DHCP leases.

Search engine results poisoning is not typically associated with pharming attacks. A man-in-the-middle attack occurs when the attacker intercepts legitimate network traffic and then poses as one of the parties involved in the network communication. A dictionary attack is used to crack passwords by guessing the password from a list of likely words.

While browsing the Internet, a pop-up browser window is displayed warning you that your system is infected with a virus. You are directed to click a link to scan for and remove the virus. What should you do? (Select two.)

A. Use a search engine on the Internet to learn how to manually remove the virus.
B. Run a full system scan using the anti-virus software installed on your system.
C. Update the virus definitions for your locally-installed anti-virus software.
D. Click on the link provided to scan for and remove the virus.
E. Close the pop-up window and ignore the warning.

B. Run a full system scan using the anti-virus software installed on your system. & C. Update the virus definitions for your locally-installed anti-virus software.

Explanation: This is an example of a rogue anti-virus attack. As such, you should assume that your system may have been infected by some kind of malware, possibly by one of the sites you visited recently.

You should first close your browser window and then update the virus definitions for your locally-installed anti-virus software. Once done, you should run a full system scan using the anti-virus software installed on your system.

Clicking the link provided would be the worst choice as it will most likely install a host of malware on your system. Ignoring the message is unwise as your system has probably been infected with malware that should be removed. You shouldn’t try to manually remove the virus as the message displayed by the rogue anti-virus attack is probably fictitious.