TestOut Lab Sim Chapter 2|2023 LATEST UPDATE|GUARANTEED SUCCESS

An employee stealing company data could be an example of which kind of threat actor? Internal Threat Which of the following is the BEST definition of the term hacker? A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. 00:33 04:17 Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? Hacktivist The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal includes the following: Create and follow onboarding and off-boarding procedures. Employ the principal of least privilege. Have appropriate physical security controls in place. Which type of threat actor do these steps guard against? Insider A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the BEST defense against script kiddie attacks? Keep systems up to date and use standard security practices. A hacker scans hundreds of IP addresses randomly on the internet until they find an exploitable target. What kind of attack is this? Opportunistic Attack Match the general attack strategy on the left with the appropriate description on the right. (Each attack strategy may be used once, more than once, or not all.) Stealing information. Exploitation Preparing a computer to perform additional tasks in the attack. Staging Crashing systems. Exploitation Gathering system hardware information. Reconnaissance Penetrating system defenses to gain unauthorized access. Breaching Configuring additional rights to do more than breach the system. Escalating privileges Match the general defense methodology on the left with the appropriate description on the right. (Each methodology may be used once, more than once, or not all.) The constant change in personal habits and passwords to prevent anticipated events and exploitation. Randomness Diversifying layers of defense. Variety Giving users only the access they need to do their job and nothing more. Principle of least privilege Implementing multiple security measures to protect the same asset. Layering Eliminating single points of failure. Layering Giving groups only the access they need to do their job and nothing more. Principle of least privilege Which of the following is the BEST example of the principle of least privilege? Wanda has been given access to the files that she needs for her job. In which phase of an attack does the attacker gather information about the target? Reconnaissance A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent? Botnet Which kind of virus operates only in memory and usually exploits a trusted application like PowerShell to circumvent traditional endpoint security solutions? Fileless Virus 00:00 04:17 Which of the following describes a logic bomb? A program that performs a malicious activity at a specific time or after a triggering event. A type of malware that prevents the system from being used until the victim pays the attacker money is known as what? Ransomware Which kind of malware provides an attacker with administrative control over a target computer through a backdoor? Remote Access Trojan (RAT) Which of the following are characteristics of a rootkit? (Select two.) Requires administrator-level privileges for installation. Resides below regular antivirus software detection. Which of the following best describes spyware? It monitors the actions you take on your machine and sends the information back to its originating source.