Comptia Security + SY/ 2024 Exam| Questions and Verified Answers with Rationales| 100% Correct| Grade A

Comptia Security + SY0-601 2023/ 2024

Exam| Questions and Verified Answers with

Rationales| 100% Correct| Grade A

Q: You have heard about a new malware program that presents itself to users as a virus scanner.

When users run the software, it installs itself as a hidden program that has administrator access to

various operating system components. The program then tracks system activity and allows an

attacker to remotely gain administrator access to the computer.

Which of the following terms best describes this software?

A. Privilege escalation

B. Trojan horse

C. Rootkit

D. Spyware

E. Botnet

Answer:

C. Rootkit

This program is an example of a rootkit. A rootkit is a set of programs that allow attackers to

maintain permanent, administrator-level, and hidden access to a computer. Rootkits require

administrator access for installation and typically gain this access using a Trojan horse approach-

-masquerading as a legitimate program to entice users to install the software.

While this program is an example of a Trojan horse that also performs spying activities

(spyware), the ability to hide itself and maintain administrator access makes rootkit a better

description for the software. A botnet is a group of zombie computers that are commanded from

a central control infrastructure.

Q: While browsing the internet, you notice that the browser displays ads that are targeted

towards recent keyword searches you have performed.

What is this an example of?

A. Zombie

B. Worm

C. Adware

D.Logic bomb


Answer:

C. Adware

Adware monitors actions that denote personal preferences, then sends pop-ups and ads that

match those preferences. Adware:

• Is usually passive

• Is privacy-invasive software

• Is installed on your machine by visiting a particular website or running an application

• Is usually more annoying than harmful

A logic bomb is designed to execute only under predefined conditions and lays dormant until the

predefined condition is met. A worm is a self-replicating virus. A zombie is a computer that

is infected with malware that allows remote software updates and control by a command and

control center called a zombie master.

Q: Which of the following best describes spyware?

A. It monitors the actions you take on your machine and sends the information back to its

originating source.

B. It is a malicious program disguised as legitimate software.

C. It is a program that attempts to damage a computer system and replicate itself to other

computer systems.

D. It monitors user actions that denote personal preferences, then sends pop-ups and ads to the

user that match their tastes.

Answer:

A. It monitors the actions you take on your machine and sends the information back to its

originating source.

Spyware monitors the actions you take on your machine and sends the information back to its

originating source.

Adware monitors the actions of the user that denote their personal preferences, then sends popups and ads to the user that match their tastes. A virus is a program that attempts to damage a

computer system and replicate itself to other computer systems. A Trojan horse is a malicious

program disguised as legitimate software.

Q: What is the common name for a program that has no useful purpose, but attempts to spread

itself to other systems and often damages resources on the systems where it is found?

A. Virus

B. Trojan horse


C. Java applet

D. Windows Messenger

Answer:

A. Virus

A virus is the common name for a program that has no useful purpose, but attempts to spread

itself to other systems and often damages resources on the systems where it is found. Viruses are

a serious threat to computer systems, especially if they are connected to the internet. It is often a

minimal requirement to have an antivirus scanner installed on every machine of a secured

network to protect against viruses.

Trojan horses are programs that claim to serve a useful purpose but hide a malicious purpose or

activity. Windows Messenger is an instant message chat utility. Java applets are web applications

that operate within a security sandbox.

Q: What is the primary distinguishing characteristic between a worm and a logic bomb?

A. Masquerades as a useful program

B. Self-replication

C. Spreads via email

D. Incidental damage to resources

Answer:

B. Self-replication

The primary distinguishing characteristic between a worm and a logic bomb is self-replication.

Worms are designed to replicate and spread as quickly and as broadly as possible. Logic bombs

do not self-replicate. They are designed for a specific single system or type of system. Once

planted on a system, it remains there until it is triggered.

Both worms and logic bombs can be spread via email, and both may cause incidental damage to

resources. While either may be brought into a system as a parasite on a legitimate program or file

or as the payload of a Trojan horse, the worm or logic bomb itself does not masquerade as a

useful program.

Q: What is another name for a logic bomb?

A. Asynchronous attack

B. Trojan horse

C. DNS poisoning

D. Pseudo flaw


Answer:

A. Asynchronous attack

A logic bomb is a specific example of an asynchronous attack. An asynchronous attack is a form

of malicious attack where actions taken at one time do not cause their intended, albeit negative,

action until a later time.

A pseudo flaw is a form of IDS that detects when an intruder attempts to perform a common but

potentially dangerous administrative task. DNS poisoning is the act of inserting incorrect domain

name or IP address mapping information into a DNS server or a client's cache. A Trojan horse is

any malicious code embedded inside of a seemingly benign carrier. None of these three terms is

a synonym for logic bomb.

Q: You have installed anti-malware software that checks for viruses in email attachments. You

configure the software to quarantine any files with problems.

You receive an email with an important attachment, but the attachment is not there. Instead, you

see a message that the file has been quarantined by the anti-malware software

What has happened to the file?

A. The file extension has been changed to prevent it from running.

B. The infection has been removed, and the file has been saved to a different location.

C. It has been moved to a secure folder on your computer.

D. It has been deleted from your system.

Answer:

C. It has been moved to a secure folder on your computer.

Quarantine moves the infected file to a secure folder where it cannot be opened or run normally.

By configuring the software to quarantine any problem files, you can view, scan, and possibly

repair those files.

Quarantine does not automatically repair files. Deleting a file is one possible action to take, but

this action removes the file from your system.

Q: Which of the following measures are you most likely to implement to protect against a

worm or Trojan horse?

A. IPsec

B. Password policy

C. Anti-virus software

D. Firewall

No comments found.
Login to post a comment
This item has not received any review yet.
Login to review this item
No Questions / Answers added yet.
Price $12.00
Add To Cart

Buy Now
Category Exams and Certifications
Comments 0
Rating
Sales 0

Buy Our Plan

We have

The latest updated Study Material Bundle with 100% Satisfaction guarantee

Visit Now
Processing