Chapter 11
3. Which of the following is the definition of botnet? A. A botnet is a type of virus that primarily infects executable programs. B. A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware. C. A botnet is a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus. D. A botnet is a group of honeypots made to simulate a real live network, but isolated from it.
B. A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.
24. Which of the following is the definition of logic bomb? A. A type of virus that infects other files and spreads in multiple ways. B. A program that executes a malicious function of some kind when it detects certain conditions. C. A type of virus that typically infects a data file and injects malicious macro commands. D. A type of virus that attacks document files containing embedded macro programming capabilities.
B. A program that executes a malicious function of some kind when it detects certain conditions.
16. _____________ are the main source of distributed denial of service (DDoS) attacks and spam. A. Logic bombs B. Botnets C. Stealth viruses D. Trojans
B. Botnets
5. ________ are viruses that target computer hardware and software startup functions. A. File infectors B. System infectors C. Data infectors D. Stealth virus
B. System infectors
14. Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________. A. worm B. Trojan C. logic bomb D. DoS
B. Trojan
13. Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________. A. worm B. Trojan C. logic bomb D. DoS
A. worm
25. What is meant by multipartite virus? A. A type of virus that typically infects a data file and injects malicious macro commands. B. A type of virus that uses a number of techniques to conceal itself from the user or detection software. C. A type of virus that infects other files and spreads in multiple ways. D. A type of virus that primarily infects executable programs.
C. A type of virus that infects other files and spreads in multiple ways.
10. ________ include a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus. A. Retro viruses B. Stealth viruses C. Polymorphic viruses D. Multipartite viruses
C. Polymorphic viruses
21. As of 2013, Cisco estimated that there were more than ________ devices connected to the Internet. A. 700 million B. 1.7 billion C. 3.5 billion D. 7 billion
D. 7 billion
17. In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond. A. smurf attack B. phishing attack C. DoS attack D. SYN flood attack
D. SYN flood attack
12. ________ counter the ability of antivirus programs to detect changes in infected files. A. Retro viruses B. Stealth viruses C. Polymorphic viruses D. Slow viruses
D. Slow viruses
11. ________ attack countermeasures such as antivirus signature files or integrity databases. A. Retro viruses B. Stealth viruses C. Polymorphic viruses D. Slow viruses
A. Retro viruses
6. A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files). A. file infector B. system infector C. data infector D. stealth virus
A. file infector
8. A ________ is a type of virus that primarily infects executable programs. A. file infector B. system infector C. data infector D. program infector
A. file infector
23. Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like, consuming computing resources and reducing user productivity. These are known as ________. A. attacks against confidentiality and privacy B. attacks against productivity and performance C. attacks against data integrity D. attacks that damage reputation
B. attacks against productivity and performance
1. Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is ________. A. confidentiality B. integrity C. availability D. security
B. integrity
20. Whether software or hardware based, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker. A. botnet B. keystroke logger C. file infector D. logic bomb
B. keystroke logger
7. A ____ enables the virus to take control and execute before the computer can load most protective measures. A. file infector B. system infector C. data infector D. program infector
B. system infector
22. One of the ways that malicious code can threaten businesses is by causing economic damage or loss due to the theft, destruction, or unauthorized manipulation of sensitive data. These are known as ________. A. attacks against confidentiality and privacy B. attacks against productivity and performance C. attacks against data integrity D. attacks that create legal liability
C. attacks against data integrity
2. Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________. A. confidentiality B. integrity C. availability D. security
C. availability
4. What term is used to describe a type of virus that attacks document files containing embedded macro programming capabilities? A. file infector B. multipartite virus C. data infector D. logic bomb
C. data infector
15. A ___________ is a program that executes a malicious function of some kind when it detects certain conditions. A. worm B. Trojan C. logic bomb D. DoS
C. logic bomb
19. A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information. A. smurf attack B. DDoS attack C. phishing attack D. Trojan
C. phishing attack
9. Malware developers often use _____________ to write boot record infectors. A. C programming language B. C++ programming language C. Java D. assembly language
D. assembly language
26. What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus? A. multipartite virus B. data infector C. stealth virus D. polymorphic virus
D. polymorphic virus
18. In a _________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks. A. phishing attack B. SYN flood attack C. polymorphic virus D. smurf attack
D. smurf attack
27. What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software? A. polymorphic virus B. data infector C. multipartite virus D. stealth virus
D. stealth virus