This question was on the test. Taken Jan 24, 2020
I picked the provided answers; but depending on whether it's a Virus hoax or a Scam hoax, option D is also a strong indicator.
The question says BEST.
Agreeing with Duraino, I think given answers are correct because a HOAX will ALWAYS contain some type of link and will ALWAYS not have a valid digital signature from a known security organisation.
That is not true at all. A hoax may tell you to delete a file on your computer or to send bitcoin to a certain address, or ask you to share the email. It may just be an email to scare you. It doesn't always have a link, and why would it have a digital signature? Most emails don't. Also Hoaxes are not all coming from emails, it can come from other sources, like social media.
At the end of the day, this is an awful question be COMPTIA
My opinion is this, it is one message which contain 2 items from provided list. Based on that I would go with B and E... Why? Because B is monetary loss (something which is not happened) and E, embedded URL(for full filing online form for help, paying, something )... Both are pointed to hoax from my pov
From the Comptia Book the definition of Hoax:
An email-based, IM-based, or web-based attack that is intended to trick the user into performing unnecessary or undesired actions, such as deleting important system files in an attempt to remove a virus, or sending money or important information via email or online forms.
Hoaxes, such as security alerts or chain emails, are another common social engineering technique, often combined with phishing or pharming attacks.
So after reading that the provided answer seems to be correct.
You read the answer and still picked the wrong choices. Hoaxes are not exclusive to emails, and they don't always have links. A hoax may simply be aimed to scare you or believe something that is not real, then ask you to share it. So, makes B and D make the most sense, as they are unique to hoaxes
If the received message was legit, it would have valid digital signature. The fact that it doesn't have one raises a red flag - an indication that something isnt right (IOC). Throw an embedded URL into the mix and together, these 2 red flags point towards a hoax.
I totally agree with you. The answer really depends on how we interpret the word "indicator". If the author means IoC (Indicator of Compromise), then CE will be a better answer. If the author means characteristics, then BD might be a more appropriate answer.
hoax
An email-based, IM-based, or web-based attack that is intended to trick the user into
performing unnecessary or undesired actions, such as deleting important system files
in an attempt to remove a virus, or sending money or important information via email
or online forms.
It seems the given answers are correct. First - after i read the definition at Gibson's book - i decided on B & D. Then i made some search and found these:
... No real warning message from a credible source will tell you to send this to everyone you know. ... (https://espace.cern.ch/winservices-help/NICESecurityAndAntivirus/VirusHoaxesAndSpyware/AboutHoaxes/Pages/HowToRecognizeAHoax.aspx)
... A number of customers have reported receiving a hoax ANZ SMS asking them to click on a link and log on to their account. ... (https://www.anz.com.au/security/fraud-detection/latest-security-alerts/)
There may be warnings of monetary loss, claims of possible damage or any other stuff in the body to make you believe or get you into a panic BUT URLs and digital signatures are concrete indicators.
Ok, so, if a Facebook user created a post warning other users that there is a hacker on Facebook and anyone who doesn't share their post will be hacked. The post gets millions of shares. What would you call that? A hoa...x. Yes, that is a hoax. A threat that isn't real.
But where is the email? No digital signature to check. Where is the link? This is just meant to scare others. Not all hoaxes have links, and not all come from emails.
This was on my exam (5 Aug 2020).
An hoax is "A message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist." (from Darril Gibson's Get Certified Get Ahed). Basing on this definition the answers B and D seem to match better with the definition of hoax.
Anyway many sources point out that the aim of an hoax attack is to convince the victim to click on a link, so it's true that an embedded URL is probably always present in a hoax message; and, of course, if the message is an hoax it's almost sure that it won't have any "valid digital signature from a known security organization".
I was very hesitant: at first I picked B and D which in my opinion are more closer to the definition of an hoax for what concern the CONTENT of a typical hoax message; but at the very end I changed my mind with this reasoning: if AFTER reading a message about a possible monetary loss or a damage to your computer you have some doubts about the fact that the content is true or it's a fake, what are the OBJECTIVE CLUES ("indicators"), unrelated with the argument of the message, that can confirm your doubts? Surely the presence of a suspicious link AND the absence of a valid digital signature might be the best "indicators".
Congratulations to CompTIA authors for another "coin-flip" production...
Alternatively, embedded url can be any number of different attacks like csrf. Whereas a message indicating monetary loss or computer damage is practically always a hoax. I will go with B and D, but thank you for your insight, oh great one
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Disguy
Highly Voted 5 years, 3 months agolara95
4 years, 11 months agocaps
4 years, 10 months agoMelvinJohn
Highly Voted 5 years, 1 month agoStickyMac231
Most Recent 3 years, 10 months ago[Removed]
4 years, 1 month agoFigekioki
3 years, 10 months agoFigekioki
3 years, 10 months agobubikaj
4 years, 1 month ago4554
4 years, 2 months agoFigekioki
3 years, 10 months agoDimitricl
4 years, 3 months agonakres64
4 years, 2 months agoFigekioki
3 years, 10 months agovi2
4 years, 3 months agoLaposky
4 years, 4 months agoDisgia
4 years, 4 months agoMichaelLangdon
4 years, 5 months agoMichaelLangdon
4 years, 5 months agoPokah
4 years, 6 months agoPokah
4 years, 6 months agomonkeyyyyy
3 years, 10 months agobabati
4 years, 9 months agovaxakaw829
4 years, 9 months agoFigekioki
3 years, 10 months agoDuranio
4 years, 9 months agointegral
4 years, 5 months agoDuranio
4 years, 9 months agoexiledwl
4 years, 4 months agoaymenfarah
4 years, 9 months ago