B is correct. This was most likely an advanced persistent threat (APT) because it was a sophisticated attack and originated from a foreign country. A hacktivist launches attacks to further a cause, but the scenario didn’t mention any cause. Competitors might launch attacks, but they would typically focus on proprietary data rather than customer data. An insider would not launch attacks from a foreign country.

B is correct. A script kiddie will typically obtain a ready-made exploit rather than code it himself. An insider would cause damage from within the network or use inside knowledge when attacking. A competitor is unlikely to purchase a single item at a lower price but would be more interested in gaining proprietary data. Hacktivists launch attacks as part of an activist movement, not to get a better price on an item. An advanced persistent threat (APT) is typically a state actor sponsored by a nation-state and will use advanced tools to launch sophisticated attacks, rather than just lowering a price for an item.

A is correct. The caller is using the social engineering tactic of pretexting by setting up a scenario that has a better chance of getting someone to give him information. If he just asked for the operating system versions on the servers without a prepended scenario, his chance of success would be diminished. Tailgating is the practice of one person following closely behind another without showing credentials. A pharming attack attempts to manipulate the DNS name resolution process. Smishing is a form of phishing using text messages.

B is correct. A zero-day attack takes advantage of an undocumented exploit or an exploit that is unknown to the public. A buffer overflow attack sends unexpected data to a system to access system memory or cause it to crash. Although some buffer overflow attacks are unknown, others are known. If the server isn’t kept up to date with patches, it can be attacked with a known buffer overflow attack. A man-in-the-browser attack is a type of proxy Trojan horse that takes advantage of vulnerabilities in web browsers, not web servers. An integer overflow attack attempts to use or create a numeric value that is too big for an application to handle.

B is correct. Ransomware attempts to take control of user’s system or data and then demands payment (ransom) to return control. Keyloggers capture a user’s keystrokes and store them in a file. This file can be automatically sent to an attacker or manually retrieved depending on the keylogger. It’s possible that Bart’s computer was infected with a Trojan, which created a backdoor. However, not all Trojans or backdoor accounts demand payment as ransom.

A is correct. A logic bomb executes in response to an event. In this scenario, the logic bomb is delivering its payload when it detects that Homer is no longer employed at the company. A rootkit doesn’t respond to an event. A backdoor provides another method of accessing a system, but it does not delete files. Spyware is software installed on user systems without their awareness or consent.

C is correct. A backdoor provides someone an alternative way of accessing a system or application, which is what Maggie created in this scenario. It might seem as though she’s doing so with good intentions, but if attackers discover a backdoor, they can exploit it. A virus is malicious code that attaches itself to an application and executes when the application runs, not code that is purposely written into the application. A worm is selfreplicating malware that travels throughout a network without the assistance of a host application or user interaction. A Trojan is software that looks like it has a beneficial purpose but includes a malicious component.