Which of the following is a persistence technique commonly used by Windows malware?

Adding a malicious entry to HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Disabling Address Space Layout Randomization (ASLR)

Broadcasting gratuitous ARP replies

Injecting SQL commands via HTTP POST

Excessive Access Denied events targeting a confidential share MOST LIKELY indicate:

A blocked-content indicator of attempted data theft

Successful privilege escalation

Pulling network cabling from an HVAC controller to disrupt cooling in a server room is an example of which PHYSICAL attack class?

Brute-force environmental attack

Cloned RFID badges may be detected by which anomalous access pattern?

Impossible travel between entry doors

Multiple 404 responses in web logs

Which pair of symptoms BEST indicates an ARP-poisoning on-path attack?

Gratuitous ARP replies seen in packet captures, duplicate gateway MACs in clients’ ARP tables

Firewall CPU at 100 %, repeated 503 errors

Multiple failed logins, account lockouts

502 Bad Gateway responses with large payload sizes

Which sign MOST clearly indicates a server-side request forgery (SSRF) attempt?

Web server logs show requests to http://169.254.169.254/latest/meta-data/

Repeated 404 errors for /admin/

DNS queries to non-existent TLDs

High number of POST requests with large bodies

Attackers leverage percent encoding (%2e%2e%2f) in a URL primarily to:

Bypass WAF input filters during directory traversal

Which application-layer exploit goal is achieved when malicious code inserts itself into the stack to overwrite a function’s return address?

Buffer overflow arbitrary code execution

Logs show TLS connections continuously renegotiated to SSL 3.0 despite server support for TLS 1.3. What is this symptomatic of?

Cipher-block chaining padding oracle

Which privilege-escalation indicator would appear FIRST on a Windows host after a successful kernel-level exploit?

Process running as SYSTEM that is unsigned and unknown

New scheduled task in HKCU Run key

Excessive outbound DNS requests

Which of the following is the MOST reliable indicator of a logic bomb planted by a departing administrator?

Scheduled PowerShell script set to run upon account deletion

New admin user created the day after termination

Disabled antivirus service on multiple endpoints

Unusual HTTP GET flood from internal IPs

When monitoring outbound traffic, which pattern BEST indicates data exfiltration over DNS tunneling?

Numerous DNS queries for single-character subdomains with large TXT replies

Consistent 80 % CPU usage on domain controllers

Periodic ARP broadcasts from a printer

Continuous TLS 1.3 handshakes to known CDN addresses

Lesson 13

Authored by Benjamin Fenton

Other

University

Used 4+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which vector-based malware type hides inside an otherwise legitimate installer package?

Worm

Trojan

Fileless malware

Logic bomb

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A virus that executes when a computer boots from an infected USB drive is classified as which virus type?

Memory-resident

Script/macro

Boot sector

Multipartite

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which behavior best characterizes fileless malware?

Encrypts user files for ransom

Persists entirely in system memory and uses PowerShell commands

Infects executable files on disk

Mass-mails copies of itself through email

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Capturing keystrokes to steal passwords is the primary purpose of which malware payload?

Rootkit

Keylogger

Adware

Crypto-miner

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security team detects outbound connections from several hosts to an IRC server on port 6667. What is the MOST likely explanation?

Legitimate file transfer

Botnet command-and-control traffic

SYN flood generation

DNS tunneling

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which indicator most strongly suggests ransomware has executed on a workstation?

Browser homepage changed without user input

High CPU utilization and elevated fan speed

Numerous files suddenly renamed with a new extension and become inaccessible

Repeated logon failures in the security log

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

During malware triage, analysts place a suspicious executable in an isolated VM to observe changes. This technique is called:

Threat hunting

Sheep-dip analysis

Credential dumping

Live forensics

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

PRI 430 CHAPTER 1: INTRODUCTION TO RUBBER CULTIVATION

Quiz

•

University

25 questions

Ujian Tengah Semester (E-Commerce | Selasa, 25 Maret 2025)

Quiz

•

University

25 questions

REVIEW

Quiz

•

University

25 questions

MBAA Trivia

Quiz

•

University

25 questions

Intro to Cust Serv Quiz 4

Quiz

•

11th Grade - Professi...

25 questions

CAD3113P/TOU3124N: ENTREPRENUERSHIP

Quiz

•

University

25 questions

EVS (World Water Day)

Quiz

•

University

25 questions

Present Vegetable Dishes Quiz

Quiz

•

10th Grade - University

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Other

18 questions

Valentines Day Trivia

Quiz

•

3rd Grade - University

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

5 questions

What is Presidents' Day?

Interactive video

•

10th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

20 questions

Mardi Gras History

Quiz

•

6th Grade - University

10 questions

The Roaring 20's Crash Course US History

Interactive video

•

11th Grade - University

17 questions

Review9_TEACHER

Quiz

•

University

Lesson 13

Which vector-based malware type hides inside an otherwise legitimate installer package?

A virus that executes when a computer boots from an infected USB drive is classified as which virus type?

Which behavior best characterizes fileless malware?

Capturing keystrokes to steal passwords is the primary purpose of which malware payload?

A security team detects outbound connections from several hosts to an IRC server on port 6667. What is the MOST likely explanation?

Which indicator most strongly suggests ransomware has executed on a workstation?

During malware triage, analysts place a suspicious executable in an isolated VM to observe changes. This technique is called:

Consistently high outbound traffic to unfamiliar cryptocurrency addresses BEST indicates the presence of:

Which of the following is a persistence technique commonly used by Windows malware?

Excessive Access Denied events targeting a confidential share MOST LIKELY indicate:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other