Sec+ Certmaster CE Exam Questions and Answers Graded A+
A user used an administrator account to download and install a software application. After the user
launched the .exe extension installer file, the user experienced frequent crashes, slow computer
performance, and strange new services running when turning on the computer. It seems like there are
more and more services running over time. What most likely happened to cause these issues? - Answers
The user installed Trojan horse malware.
A security operations center (SOC) analyst investigates the propagation of a memory-resident virus
across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service
(DoS). What type of virus is this? - Answers A worm
A user purchased a laptop from a local computer shop. After powering on the laptop for the first time,
the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT
security specialist classify these programs? - Answers PUP
A fileless malicious software can replicate between processes in memory on a local host or over network
shares. What other behaviors and techniques would classify malware as fileless rather than a normal
virus? (Select all that apply.) - Answers -Uses lightweight shellcode
-Uses low observable characteristic attacks
An attacker is planning to set up a backdoor that will infect a set of specific computers at an
organization, to inflict a set of other intrusion attacks remotely. Which of the following will support the
attackers' plan? (Select all that apply.) - Answers -Computer Bots
-Command & Control
If a user's computer becomes infected with malware and used as part of a botnet, which of the following
actions can be initiated by the attacker? (Select all that apply.) - Answers -Launch a Distributed Denial of
Service (DDoS) attack
-Launch a mass-mail spam attack
-Establish a connection with a Command and Control server
If a user's device becomes infected with crypto-malware, which of the following would have been the
best way to mitigate this compromise? - Answers Have up-to-date backups.
A security specialist discovers a malicious script on a computer. The script is set to execute if the
administrator's account becomes disabled. What type of malware did the specialist discover? - Answers
A logic bomb
End-users at an organization contact the cybersecurity department and report that, after downloading a
file, they are being redirected to shopping websites to which they did not intend to navigate, and built-in
webcams turn on. The security team confirms the issue as malicious, and notes modified DNS (Domain
, Name System) queries that go to nefarious websites hosting malware. What most likely happened to the
users' computers? - Answers Spyware infected the computers.
An attacker installs Trojan malware that can execute remote backdoor commands, such as the ability to
upload files and install software to a victim PC. What type of Trojan malware is this? - Answers A Remote
Access Trojan (RAT)
A hacker is trying to gain remote access to a company computer by trying brute force password attacks
using a few common passwords in conjunction with multiple usernames. What specific type of password
attack is the hacker most likely performing? - Answers Password spraying attack
An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of
the following methods can an attacker match a hash to, as a means to obtain a means of
authentication? (Select all that apply.) - Answers -Dictionary attack
-Rainbow table
Which of the following attacks do security professionals expose themselves to, if they do not salt
passwords with a random value? - Answers A rainbow table attack
What does an attacker need to do to use acquired user and account details from a user's smart card? -
Answers Clone it.
What type of attack is occurring when a counterfeit card reader is in use? - Answers Skimming
An attacker discovered an input validation vulnerability on a website, crafted a URL with additional
HTML code, and emailed the link to a victim. The victim unknowingly defaced (vandalized) the web site
after clicking on the malicious URL. No other malicious operations occurred outside of the web
application's root directory. This scenario is describing which type of attack? - Answers Cross-site
scripting (XSS)
An attacker escalated privileges to a local administrator and used code refactoring to evade antivirus
detection. The attacker then allowed one process to attach to another and forced the operating system
to load a malicious binary package. What did the attacker successfully perform? - Answers DLL injection
Using an open connection to a small company's network, an attacker submitted arbitrary queries on port
389 to the domain controllers. The attacker initiated the query from a client computer. What type of
injection attack did the attacker perform? - Answers LDAP injection
How can the lack of logic statement tests on memory location variables be detrimental to software in
development? - Answers An incorrectly coded process can alter the execution environment to create a
null pointer, and crash the program.
An attacker gained remote access to a user's computer by exploiting a vulnerability in a piece of
software on the device. The attacker sent data that was able to manipulate the return address that is
A user used an administrator account to download and install a software application. After the user
launched the .exe extension installer file, the user experienced frequent crashes, slow computer
performance, and strange new services running when turning on the computer. It seems like there are
more and more services running over time. What most likely happened to cause these issues? - Answers
The user installed Trojan horse malware.
A security operations center (SOC) analyst investigates the propagation of a memory-resident virus
across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service
(DoS). What type of virus is this? - Answers A worm
A user purchased a laptop from a local computer shop. After powering on the laptop for the first time,
the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT
security specialist classify these programs? - Answers PUP
A fileless malicious software can replicate between processes in memory on a local host or over network
shares. What other behaviors and techniques would classify malware as fileless rather than a normal
virus? (Select all that apply.) - Answers -Uses lightweight shellcode
-Uses low observable characteristic attacks
An attacker is planning to set up a backdoor that will infect a set of specific computers at an
organization, to inflict a set of other intrusion attacks remotely. Which of the following will support the
attackers' plan? (Select all that apply.) - Answers -Computer Bots
-Command & Control
If a user's computer becomes infected with malware and used as part of a botnet, which of the following
actions can be initiated by the attacker? (Select all that apply.) - Answers -Launch a Distributed Denial of
Service (DDoS) attack
-Launch a mass-mail spam attack
-Establish a connection with a Command and Control server
If a user's device becomes infected with crypto-malware, which of the following would have been the
best way to mitigate this compromise? - Answers Have up-to-date backups.
A security specialist discovers a malicious script on a computer. The script is set to execute if the
administrator's account becomes disabled. What type of malware did the specialist discover? - Answers
A logic bomb
End-users at an organization contact the cybersecurity department and report that, after downloading a
file, they are being redirected to shopping websites to which they did not intend to navigate, and built-in
webcams turn on. The security team confirms the issue as malicious, and notes modified DNS (Domain
, Name System) queries that go to nefarious websites hosting malware. What most likely happened to the
users' computers? - Answers Spyware infected the computers.
An attacker installs Trojan malware that can execute remote backdoor commands, such as the ability to
upload files and install software to a victim PC. What type of Trojan malware is this? - Answers A Remote
Access Trojan (RAT)
A hacker is trying to gain remote access to a company computer by trying brute force password attacks
using a few common passwords in conjunction with multiple usernames. What specific type of password
attack is the hacker most likely performing? - Answers Password spraying attack
An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of
the following methods can an attacker match a hash to, as a means to obtain a means of
authentication? (Select all that apply.) - Answers -Dictionary attack
-Rainbow table
Which of the following attacks do security professionals expose themselves to, if they do not salt
passwords with a random value? - Answers A rainbow table attack
What does an attacker need to do to use acquired user and account details from a user's smart card? -
Answers Clone it.
What type of attack is occurring when a counterfeit card reader is in use? - Answers Skimming
An attacker discovered an input validation vulnerability on a website, crafted a URL with additional
HTML code, and emailed the link to a victim. The victim unknowingly defaced (vandalized) the web site
after clicking on the malicious URL. No other malicious operations occurred outside of the web
application's root directory. This scenario is describing which type of attack? - Answers Cross-site
scripting (XSS)
An attacker escalated privileges to a local administrator and used code refactoring to evade antivirus
detection. The attacker then allowed one process to attach to another and forced the operating system
to load a malicious binary package. What did the attacker successfully perform? - Answers DLL injection
Using an open connection to a small company's network, an attacker submitted arbitrary queries on port
389 to the domain controllers. The attacker initiated the query from a client computer. What type of
injection attack did the attacker perform? - Answers LDAP injection
How can the lack of logic statement tests on memory location variables be detrimental to software in
development? - Answers An incorrectly coded process can alter the execution environment to create a
null pointer, and crash the program.
An attacker gained remote access to a user's computer by exploiting a vulnerability in a piece of
software on the device. The attacker sent data that was able to manipulate the return address that is
