CompTIA Security+ Question H-87

A review of the company’s network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose?

A. ACL
B. IDS
C. UTM
D. Firewall

Answer: C

Explanation:
An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those that you should be familiar with for the exam fall under the categories of providing URL filtering, content inspection, or malware inspection.

Malware inspection is the use of a malware scanner to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/or trigger an alert.

CompTIA Security+ Question H-53

The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection.
Which of the following has happened on the workstation?

A. Zero-day attack
B. Known malware infection
C. Session hijacking
D. Cookie stealing

Answer: A

Explanation:
The vulnerability was unknown in that the full antivirus scan did not detect it. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

CompTIA Security+ Question D-77

The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response?

A. Recovery
B. Follow-up
C. Validation
D. Identification
E. Eradication
F. Containment

Answer: D

Explanation:
To be able to respond to the incident of malware infection you need to know what type of malware was used since there are many types of malware around. This makes identification critical in this case.

CompTIA Security+ Question B-59

During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?

A. Lessons Learned
B. Preparation
C. Eradication
D. Identification

Answer: B

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. It is important to stop malware before it ever gets hold of a system –thus you should know which malware is out there and take defensive measures – this means preparation to guard against malware infection should be done.

CompTIA A+ Core 2 Question H-10

Peter, a user, reports that each time his laptop is logged in to the company’s headquarters, his system time changes. After Peter returns home, he adjusts the clock, which stays set correctly until the computer is again at the company’s headquarters. No other users have reported any issues. Which of the following is MOST likely occurring?

A. The domain time controller is incorrect
B. The laptop firmware needs to be updated
C. The laptop has a malware infection
D. The laptops time zone is incorrectly set

Correct Answer: D

CompTIA A+ Core 2 Question F-88

A user receives an unsolicited call from a technician claiming to be from a Microsoft certified partner. The technician tricks the user into allowing them access to their PC because of malware alerts that were being broadcasted. Which of the following attacks is this user a victim of?

A. Shoulder surfing
B. Phishing attack
C. Social engineering
D. Malware infection

Correct Answer: C

Explanation:
http://www.social-engineer.org/

CompTIA A+ Core 2 Question B-38

After several passes with a malware removal program, the program keeps detecting the same malware infection after a reboot. Which of the following should be done to attempt to remove the offending malware?

A. Run the malware removal program while disconnected from the Internet
B. Run the malware removal program in Windows Safe Mode
C. Reinstall the malware removal program from a trusted source
D. Set the malware removal program to run each time the computer is rebooted

CompTIA A+ Core 2 Question A-92

A user, Jane, receives a phone call from the company’s mail administrator who indicates her email account has been disabled due to high volumes of emails being sent in a very short period of time. Which of the following types of attack has the user experienced?

A. Virus infection
B. Man-in-the-middle attack
C. Phishing attack
D. Malware infection

Correct Answer: A

CompTIA A+ Core 2 Question A-54

A user reports unexpected icons appearing on the desktop. The technician identifies that the symptoms point to a malware infection. Which of the following procedures would be performed NEXT?

A. Quarantine infected system
B. Schedule scans and run updates
C. Report the issue to the information security officer
D. Disable System Restore (in Windows)
E. Educate end user

Correct Answer: A

CompTIA A+ Simulation 6

A technician has verified that a user has a malware infection on his desktop. Drag and drop the following malware remediation techniques in the correct order to alleviate this issue.

Correct Answer: