Nextiraone Security Awareness Quiz

1. Hackers typically control a Botnet using what technology

IRC

Yahoo chat

Black magic

Msn network

Hackers typically control a Botnet using IRC (Internet Relay Chat). IRC is a communication protocol that allows users to chat and exchange messages in real-time. It provides a platform for hackers to remotely control a network of compromised computers or "bots" by sending commands through IRC channels. These commands can include instructions to launch DDoS attacks, distribute malware, or perform other malicious activities. IRC offers anonymity and flexibility, making it a popular choice for hackers to coordinate and control their botnets.

Explanation

Hackers typically control a Botnet using IRC (Internet Relay Chat). IRC is a communication protocol that allows users to chat and exchange messages in real-time. It provides a platform for hackers to remotely control a network of compromised computers or "bots" by sending commands through IRC channels. These commands can include instructions to launch DDoS attacks, distribute malware, or perform other malicious activities. IRC offers anonymity and flexibility, making it a popular choice for hackers to coordinate and control their botnets.

2. What is a BotNet ?

A collection of semi-intelligent robotic systems that can be used to create malicious software

A network of zombie hosts that provide an attacker with remote control of a compromised system

A woven bag used to collect insects

An infection of the lower colon

A BotNet is a network of zombie hosts that provide an attacker with remote control of a compromised system. This means that the attacker can use the network to carry out malicious activities without the knowledge or consent of the system owner. The compromised systems, or zombie hosts, are typically infected with malware that allows the attacker to control them remotely. This network can be used for various purposes such as launching DDoS attacks, sending spam emails, stealing sensitive information, or distributing further malware.

Explanation

A BotNet is a network of zombie hosts that provide an attacker with remote control of a compromised system. This means that the attacker can use the network to carry out malicious activities without the knowledge or consent of the system owner. The compromised systems, or zombie hosts, are typically infected with malware that allows the attacker to control them remotely. This network can be used for various purposes such as launching DDoS attacks, sending spam emails, stealing sensitive information, or distributing further malware.

3. Polymorphic malware can defeat AV because

It changes it's file name periodically every 9 days

It changes syntactical code within the binary so that the hash and pattern no longer match

It blocks access to web scanning sites

It prevents windows from booting cleanly

Polymorphic malware can defeat antivirus (AV) because it changes the syntactical code within the binary. By altering the code, the malware ensures that the hash and pattern used by the AV software no longer match, making it difficult for the AV to detect and identify the malware. This constant modification of the code allows the malware to evade detection and continue to infect systems without being detected by traditional AV solutions.

Explanation

Polymorphic malware can defeat antivirus (AV) because it changes the syntactical code within the binary. By altering the code, the malware ensures that the hash and pattern used by the AV software no longer match, making it difficult for the AV to detect and identify the malware. This constant modification of the code allows the malware to evade detection and continue to infect systems without being detected by traditional AV solutions.

4. Which of the following piece of Malware is identified as self propagating, standalone code

Virus

Trojan

Worm

Backdoor

A worm is a type of malware that is capable of spreading itself without any human intervention. It is a standalone code that can replicate itself and spread to other computers or networks through various means such as email attachments, network vulnerabilities, or removable media. Unlike viruses, worms do not need to attach themselves to other programs or files in order to spread. They can independently execute and propagate, making them highly efficient at infecting multiple systems quickly.

Explanation

A worm is a type of malware that is capable of spreading itself without any human intervention. It is a standalone code that can replicate itself and spread to other computers or networks through various means such as email attachments, network vulnerabilities, or removable media. Unlike viruses, worms do not need to attach themselves to other programs or files in order to spread. They can independently execute and propagate, making them highly efficient at infecting multiple systems quickly.

5. NextiraOne has a series of security policies that define acceptable use of the companies network and computer systems - where are these documents located

In an off site safe located in Doncaster

Held by the Inland revenue, only to be disclosed in the event of malpractice

On the company intranet, in the HR folder

On a hacking warez site because the company was owned by Korean Hacktivists

The security policies of NextiraOne are located on the company intranet, specifically in the HR folder.

Explanation

The security policies of NextiraOne are located on the company intranet, specifically in the HR folder.

6. This type of keylogger can not be detected by Anti-Virus or Anti-spyware

Software keylogger

Stealth Keylogger

Covert Keylogger

Hardware Keylogger

A hardware keylogger is a type of keylogger that is physically connected to the computer or keyboard, making it difficult to detect by antivirus or anti-spyware software. Unlike software keyloggers, which are installed on the computer's operating system, a hardware keylogger operates externally and does not leave any traces on the computer's hard drive. This makes it highly covert and difficult to detect, as it bypasses any security measures implemented by software-based security programs.

Explanation

A hardware keylogger is a type of keylogger that is physically connected to the computer or keyboard, making it difficult to detect by antivirus or anti-spyware software. Unlike software keyloggers, which are installed on the computer's operating system, a hardware keylogger operates externally and does not leave any traces on the computer's hard drive. This makes it highly covert and difficult to detect, as it bypasses any security measures implemented by software-based security programs.

7. How do you avoid being a victim of Social Engineering
Name 2 ..

Only click on the links which offer free security software or device scans

Hover over a link with your mouse and see if you can identify the destination of the hyperlink

Never pass your account details over the phone to any organisation

Hovering over a link with your mouse and identifying the destination of the hyperlink helps to avoid being a victim of social engineering because it allows you to verify the legitimacy of the website or webpage before clicking on the link. This helps to prevent falling for phishing scams or malicious websites that may try to steal personal information. Similarly, never passing your account details over the phone to any organization is important to avoid falling for phone scams where fraudsters may pose as legitimate organizations to gain access to sensitive information.

Explanation

Hovering over a link with your mouse and identifying the destination of the hyperlink helps to avoid being a victim of social engineering because it allows you to verify the legitimacy of the website or webpage before clicking on the link. This helps to prevent falling for phishing scams or malicious websites that may try to steal personal information. Similarly, never passing your account details over the phone to any organization is important to avoid falling for phone scams where fraudsters may pose as legitimate organizations to gain access to sensitive information.

Submit

8. Which of the following is considered best practice for the use of passwords

Ensure the password is found within a dictionary

Where the letters E or I are used, substitute these for a 3 and a 1

The password must be at least 8 chracters

Must be alpha numeric with special characters

The correct answer is that the password must be at least 8 characters long and must be alphanumeric with special characters. This is considered best practice for the use of passwords because it ensures that the password is long enough to be secure and includes a combination of letters, numbers, and special characters, making it harder to guess or crack.

Explanation

The correct answer is that the password must be at least 8 characters long and must be alphanumeric with special characters. This is considered best practice for the use of passwords because it ensures that the password is long enough to be secure and includes a combination of letters, numbers, and special characters, making it harder to guess or crack.

Submit

9. Name 3 ways an attacker has to crack your passwords

Comparing your password to ones he has in a dictionary

Guessing each different arrangement of upper & lower case letters, number and characters

Using a distributed global cracking engine called zevious9

Sniffing the password as it leaves your computer

An attacker can crack passwords by comparing them to ones in a dictionary, guessing different arrangements of upper and lower case letters, numbers, and characters, and by sniffing the password as it leaves the user's computer.

Explanation

An attacker can crack passwords by comparing them to ones in a dictionary, guessing different arrangements of upper and lower case letters, numbers, and characters, and by sniffing the password as it leaves the user's computer.

Submit

10. Which of the following are weaknesses of IP based voice communications - i.e. Unified Communications
Select all that apply

The audio from your call can be captured and replayed without your knowledge

Features of the phone can be turned on remotely

Poor password & PIN security mean that anyone can access your message store

The weaknesses of IP based voice communications - i.e. Unified Communications - include the ability for the audio from your call to be captured and replayed without your knowledge, the potential for features of the phone to be turned on remotely, and the risk of poor password and PIN security allowing anyone to access your message store. These vulnerabilities highlight the need for enhanced security measures in IP based voice communications systems.

Explanation

The weaknesses of IP based voice communications - i.e. Unified Communications - include the ability for the audio from your call to be captured and replayed without your knowledge, the potential for features of the phone to be turned on remotely, and the risk of poor password and PIN security allowing anyone to access your message store. These vulnerabilities highlight the need for enhanced security measures in IP based voice communications systems.

Submit

11. Which of the following urls may indicate a potential Phishing attack

Http://www.demon.net/3l33thax0r/index.html

Http://www.cisco.com.co.uk/support.asp

Http://www.facebook.com

Http://www.microsoft.co.uk/owned.txt

The URL "http://www.cisco.com.co.uk/support.asp" may indicate a potential Phishing attack because it contains the domain "cisco.com.co.uk" which is not the official domain for Cisco. Phishing attackers often create URLs that mimic legitimate websites in order to deceive users into providing their personal information. In this case, the presence of "cisco.com.co.uk" suggests that the website may be attempting to impersonate Cisco and trick users into divulging sensitive information.

Explanation

The URL "http://www.cisco.com.co.uk/support.asp" may indicate a potential Phishing attack because it contains the domain "cisco.com.co.uk" which is not the official domain for Cisco. Phishing attackers often create URLs that mimic legitimate websites in order to deceive users into providing their personal information. In this case, the presence of "cisco.com.co.uk" suggests that the website may be attempting to impersonate Cisco and trick users into divulging sensitive information.

12. What is the average detection rate of Anti-Virus systems

35%

30%

29%

24%

The correct answer is 29%. This suggests that, on average, Anti-Virus systems are able to detect approximately 29% of viruses or malicious software. This detection rate indicates the effectiveness of these systems in identifying and removing threats from a computer or network. A higher detection rate would imply a more reliable and efficient Anti-Virus system, while a lower rate may indicate a need for improvement or updated software.

Explanation

The correct answer is 29%. This suggests that, on average, Anti-Virus systems are able to detect approximately 29% of viruses or malicious software. This detection rate indicates the effectiveness of these systems in identifying and removing threats from a computer or network. A higher detection rate would imply a more reliable and efficient Anti-Virus system, while a lower rate may indicate a need for improvement or updated software.

13. Which of the following are best practice recommendations for avoiding Phishing & Pharming attacks ?
Pick 2

When you have clicked on the link and landed on the new web page, check for spelling mistakes

Submit your account details to the online form and await their security info page

Enable firefox 3 Phishing filters

Use common sense

Enabling Firefox 3 Phishing filters is a best practice recommendation for avoiding Phishing & Pharming attacks because these filters can help detect and block known phishing websites, providing an additional layer of protection. Using common sense is also a best practice recommendation as it involves being cautious and skeptical of suspicious emails, links, or websites, and not willingly sharing personal or sensitive information without verifying the legitimacy of the request.

Explanation

Enabling Firefox 3 Phishing filters is a best practice recommendation for avoiding Phishing & Pharming attacks because these filters can help detect and block known phishing websites, providing an additional layer of protection. Using common sense is also a best practice recommendation as it involves being cautious and skeptical of suspicious emails, links, or websites, and not willingly sharing personal or sensitive information without verifying the legitimacy of the request.

Submit

14. What functionality does a RAT (Remote Access Trojan) provide to an attacker
Click all that apply

Keylogging

Turn on the webcam

Track your URL's

Turn on a microphone in your TV

Capture your screen

A Remote Access Trojan (RAT) provides various functionalities to an attacker. Keylogging refers to the ability of the RAT to record and capture keystrokes made by the victim, allowing the attacker to gather sensitive information such as passwords. Turning on the webcam allows the attacker to remotely access and control the victim's webcam, potentially invading their privacy. Tracking URL's enables the attacker to monitor the websites and webpages visited by the victim, providing insights into their online activities. Capturing the screen allows the attacker to remotely view and record the victim's screen, giving them access to any information or activities displayed on it. Turning on a microphone in the TV is not a functionality typically associated with a RAT, as it is specific to TVs and not a general feature of remote access trojans.

Explanation

A Remote Access Trojan (RAT) provides various functionalities to an attacker. Keylogging refers to the ability of the RAT to record and capture keystrokes made by the victim, allowing the attacker to gather sensitive information such as passwords. Turning on the webcam allows the attacker to remotely access and control the victim's webcam, potentially invading their privacy. Tracking URL's enables the attacker to monitor the websites and webpages visited by the victim, providing insights into their online activities. Capturing the screen allows the attacker to remotely view and record the victim's screen, giving them access to any information or activities displayed on it. Turning on a microphone in the TV is not a functionality typically associated with a RAT, as it is specific to TVs and not a general feature of remote access trojans.

Submit

15. What are 2 concerns of Social Networking sites

There is no means to accurately identify a friend is who they say they are

Images and applications that are posted to Social Networking sites are created by unknown entities

The privacy measures of Social Networking sites have proven to be insufficient even when configured correctly

Social networking sites have two concerns: the inability to accurately identify whether a friend is who they claim to be and the fact that images and applications posted on these sites are created by unknown entities. This lack of verification can lead to potential security risks and the spread of false information. Additionally, the privacy measures of social networking sites have been proven to be insufficient, even when configured correctly, which can compromise users' personal information and expose them to privacy breaches.

Explanation

Social networking sites have two concerns: the inability to accurately identify whether a friend is who they claim to be and the fact that images and applications posted on these sites are created by unknown entities. This lack of verification can lead to potential security risks and the spread of false information. Additionally, the privacy measures of social networking sites have been proven to be insufficient, even when configured correctly, which can compromise users' personal information and expose them to privacy breaches.

Submit