malicious software

Malware prevention

application attack

injection vulnerability

Exploiting web application vulnerabilities

Application security controls

Secure coding practices

Understand the spreading techniques used by viruses. Viruses use 4 main propagation techniques to infiltrate systems and deliver malicious payloads: file infection viruses, service injection viruses, master boot record viruses, and macro viruses. These techniques need to be understood to effectively secure systems on the network from malicious code.

Explain the threat posed by ransomware. Ransomware uses traditional malware techniques to infect a system and then encrypts the data on that system using a key known only to the attacker. The attacker then demands that the victim pay a ransom in exchange for the decryption key.

Know how antivirus packages detect known viruses. Most antivirus programs use signature detection algorithms to look for known viruses. To protect against new viruses, virus definition files must be updated regularly. Behavior-based detection monitors target users and systems for unusual activity and blocks or flags them for subsequent investigation.

Explain the capabilities of User and Entity Behavior Analytics (UEBA). The UEBA tool generates documentation of individual behavior and then monitors user behavior for deviations from those documented, which could indicate malicious activity and/or account compromise.

Become familiar with the types of application attacks that attackers use to attack poorly written software. Application attacks are one of the biggest threats to modern computing. Attackers also exploit buffer overflows, backdoors, TOC/TOU vulnerabilities, and rootkits to gain unauthorized access to systems. Security professionals must have a clear understanding of each attack and associated countermeasures.

Understand common web application vulnerabilities and countermeasures. As many applications move to the web, developers and security professionals must understand the new types of attacks that exist in today's environment and how to protect against them. The two most common examples are cross-site scripting (XSS) attacks and SQL injection attacks.

1. Dylan is reviewing the security controls currently in use by his organization and realizes that they lack a tool that can identify anomalous end-user actions. What type of tool best meets this need? A.EDR B. Integrity Monitoring C. Feature detection D.UEBA

2. Tim is improving the organization's anti-malware defenses in hopes of reducing the operational burden on the security team. Which of the following solutions best meets his needs? A.UEBA B.MDR C.EDR D.NGEP

3. Carl works for a government agency that suffered a ransomware attack and lost access to critical data, but did have access to backup data. Which of the following actions would restore access while minimizing the risk to the organization? A. Pay the ransom B. Rebuild the system from scratch C restore backup D Install anti-virus software

4. What attack techniques are commonly utilized by APT groups but are typically unavailable to other attackers? A. Zero-day attacks B. Social Engineering C.Trojan horse D. SQL injection

5. John found a vulnerability in his code that allows an attacker to enter a very large amount of content and then force the system to run the code to execute the target command. What type of vulnerability did John find? A.TOC/TOU B. Buffer overflow C. XSS D. XSRF

6. Mary discovered a vulnerability in her code that made it impossible to check the user's permissions during a session. Xingji was revoked. What type of vulnerability is this? A. Backdoor B.TOC/TOU C. Buffer overflow D. SQL injection

7. What programming language constructs are commonly used to perform error handling? A. if...then B. case…..when C.do...while D. try...catch

8. Fred discovered this request while reviewing the logs on the web server for malicious activity: http://www.mycompany.com/./././etc/passwd. What type of attack is this most likely? A. SOL injection B. Session Hijacking C. Directory traversal D.File upload

9. The developer added a subroutine to the web application to check if the date is April 1st and, if so, randomly change the user's account balance. What type of malicious code is this? A. Logic bomb B. Worms C.Trojan horse D.Virus

10. Francis is reviewing the source code of a database-driven web application his company plans to deploy. He pays special attention to whether input validation is used adequately in the application. Of the characters listed below, which one is most commonly used for SQL injection? A.! B.& C * D. '

11. Katie is concerned that her organization may be vulnerable to SQL injection attacks. She has established a web application firewall and conducted a review of the organization's web application source code. She wants to add an additional control at the database level. What database technology can further limit potential SQL injection attacks? A. Trigger B. Parameterized queries C. Column encryption D. Concurrency control

12. What type of malware specifically exploits stolen computing power to financially benefit the attacker? A.RAT B.PUP C. Cryptomalware D.worm

13. David is responsible for reviewing a range of web applications for cross-site scripting vulnerabilities. What highly sensitive characteristics should he be aware of that indicate this type of attack? A. Reflective input B. Database-driven content C..NET Technology D. CGI script

14. You are the IT security manager for a retail organization that has just launched an e-commerce website. You hire several programmers to write the code, which is the backbone of the online sales system. However, you are concerned that while the new code may function well, it may not be secure. You start looking at the code to track down issues and concerns. Which of the following would you like to find in order to prevent or defend against XSS? (Select all that apply.) A. Input validation B. Defensive Coding C. Allow script input D, escape metacharacter

15. Sharon believes that a web application developed by her organization contains a script vulnerability, and she wants to correct the problem. Which of the following is the most effective defense Sharon can use against cross-site scripting attacks? A. Limit account privileges B. Input validation C. User identity authentication D. Encryption

16. While browsing the web server logs, Beth finds the following form input: <SCRIPT>alert ('Enter your password') </SCRIPT> What types of attacks might she have detected? A. XSS B. SQL injection C. XSRF D. TOCTTOU

17. Ben’s system was infected with malicious code that modified the operating system to allow the malicious code’s author access His files, what type of attack techniques did this attacker use? A. Privilege elevation B. Backdoor C. rootkit D. Buffer overflow

18. Karen wants to configure a new application to automatically grow and release resources as demand rises and falls. Which term best describes her goals? A.Scalability B. Load balancing C.Fault tolerance D. Flexibility

19.Which of the following HTML tags is commonly used as part of a cross-site scripting (XSS) attack? A. ‹HI> B. <HEAD> C. <XSS> D. <SCRIPT>

20. Recently, a piece of malicious code was spread on the Internet in the form of software that claimed to allow users to play Xbox games on their personal computers. The software actually attempts to launch malicious code on the machine where it is executed. What type of malicious code does this describe? A. Logic bomb B. Viruses C.Trojan horse D.worm