Analyze Indicators of Malware-Based Attacks - CompTIA Security+ Performance Based Question

Рет қаралды 13,797

Күн бұрын

Пікірлер: 29

@htwingnut Жыл бұрын

Thank you. These are the kinds of questions that drive me nuts. I don't feel that I ever really learn anything. Just more questions.

@odnahc Ай бұрын

studying for 701 and even though some of these pbqs might not be on the 701 since there all 601, it’s definitely still nice to go over concepts i don’t fully understand and maybe it would help me with questions and filtering answers. thank you

@andyinsdca 9 ай бұрын

I think that O365 being mentioned in the first question means that there's nothing blocking malicious email (O365=Exchange/Email/Outlook)

@druzzzzzz 3 ай бұрын

I think the important distinction is O365 *security misconfigurations* here which would imply a weak spam/phishing protection in my mind.

@dostovovocigan2797 Жыл бұрын

I just got back from passing my Sec+ exam. Thanks for doing these! They really helped me with my PBQ’s and the thought process to answer them.

@cyberkraft1 Жыл бұрын

Congratulations on passing your exam!

@wetodd3879 5 ай бұрын

I really hate these types of questions. So easy to go a few other routes that seem to make sense in the scenario, but then sometimes their justifications include information that was never given to us in the first place. Let alone the fact that you will never be doing these things all on your own or without being able to research. It's just a bit over the top. But then again it's their game so you either learn to play or don't play at all.

@gaby9517 3 ай бұрын

As a cyber analyst with 10+ years of experience, I would fail this questions big time..

@scottsmith6861 8 ай бұрын

Some of these pbqs are so open ended.. It just seems pretty unreasonable to only have one right answer in some of these cases...

@eswalls 9 ай бұрын

The explanation at 17:45 mentions a real-world case study; Professor Messer went into a lot of detail about the Target and Capital One attacks, so maybe check those out? Vincent Humble got a 4 or 5 on this. I think some of these are just luck.

@JoshuaMcGowan-h9c Жыл бұрын

Thank you for putting out good content

@pillboxgaming4144 3 ай бұрын

I think the email icon could symbolize as well a network packet going over the web. Possibly spear phishing for the second scenario for the purpose of extorting financial gain from those with access to the funds. It's like hitting the restaurant manager to open their safe instead of wasting time on the employees.

@dondups1543 Жыл бұрын

Luv yr labs, yr explainations ar awesome, u xplain everything, gives me insute to real life situations😊 tx

@pohi6428 4 ай бұрын

Why do u type like that

@josephgarceau6753 Жыл бұрын

For the first question, I think the reason that they mention Microsoft Office 365 having security misconfigurations is that they do not have a DLP(Data Loss Prevention) settings configured to block the malicious email or prevent data exfiltration.

@migueldiego8819 Жыл бұрын

@cyberkaft you say to focus on the questions themselves yet for the delivery method you focused on the imagery. There, I was convinced the best choice for both would be Appliciation vulnerabilities since in both cases there's an issue with application patch vulnerabilities. Also in scenario 1, given that the malicious actor intends on exploit WFH I was convinced that the best payload option would be RAT or spyware. I was wrong obviously but hard to wrap my head around it. it still seems to me that you read much more into it than I did (I don't even get where you came up with the keylogger) when I was inferring less and pulling from the literal information given

@druzzzzzz 3 ай бұрын

Yeah, I don't see how you pull intellectual property with just a keylogger when it mentioned MFA is set up, the answer even admits that it would only work if you can figure a way to get around the MFA, seriously? RAT alone would allow for data extraction from the device and a keylogger for anything else. A keylogger alone would be detected just as fast as a RAT so there is no benefit of using it with zero way to exfiltrate IP. Spear phishing in the second question makes little sense either. Either it is the best way to have someone open a malicious file or it isn't, if it was then the first question would also be spear phishing because why not? Spear Phishing is always better if you can gather the information to do it, neither scenario shows you have a method to do it though.

@ironsilk6634 Жыл бұрын

Thank was tricky! 🤔

@seanknight9808 Жыл бұрын

Yes, it was! This question does not make sense!

@Lmoro00 5 ай бұрын

good content , anyone passed sec+ and had these exact pbqs on test ???

@LUKSTUFF Жыл бұрын

I am concerned with the amount of time it might take to answer these multi-answer PBQs. Does the actual exam consider this 1 question and therefore I only have 1 minute to answer or it is more like 8 questions and I can take longer to go through the variables?

@jfpasky Жыл бұрын

I recommend just skipping the PBQs at the beginning of the test and do the multiple choice first. You get 90 minutes total for the whole test so you should wait until the end to do PBQs because they take longer. Each question does not have a set amount of time.

@R-IloT4.0 9 ай бұрын

Moreover, you might get 3 or four of those

@wetodd3879 5 ай бұрын

@jfpasky I agree on doing the PBQs last. I took Net+ exam a few months ago and the PBQs really threw me for a loop (failed the exam btw). CompTia's own practice exam didn't come close to what was on the real exam. All new scenarios that were never touched on in their study material. Then again I only had access to their practice exam and the quiz modules (which is a terrible way of teaching). But yeah save them for last bc you'll spend way more time trying to parse everything out and when you're through the PBQs you have less than an hour to get through at least 85 more questions.