Chapter 8
A Trojan can include which of the following? A. RAT B. TCP C. Nmap D. Loki
RAT
What is a covert channel? A. An obvious method of using a system B. A defined process in a system C. A backdoor D. A Trojan on a system
A backdoor
A logic bomb is activated by which of the following? A. Time and date B. Vulnerability C. Actions D. Events
A. Time and date C. Actions D. Events
A covert channel or backdoor may be detected using all of the following except __________. A. Nmap B. Sniffers C. An SDK D. Netcat
An SDK
An overt channel is __________. A. An obvious method of using a system B. A defined backdoor process in a system C. A backdoor D. A Trojan on a system
An obvious method of using a system
What is not a benefit of hardware keyloggers? A. Easy to hide B. Difficult to install C. Difficult to detect D. Difficult to log
Difficult to install
A virus does not do which of the following? A. Replicate with user interaction B. Change configuration settings C. Exploit vulnerabilities D. Display pop-ups
Display pop-ups
A polymorphic virus __________. A. Evades detection through backdoors B. Evades detection through heuristics C. Evades detection through rewriting itself D. Evades detection through luck
Evades detection through rewriting itself
A sparse infector virus __________. A. Creates backdoors B. Infects data and executables C. Infects files selectively D. Rewrites itself
Infects files selectively
Which of the following is capable of port redirection? A. Netstat B. TCPView C. Netcat D. Loki
Netcat
What command is used to listen to open ports with netstat? A. netstat -an B. netstat -ports C. netstat -n D. netstat -s
netstat -an
What are worms typically known for? A. Rapid replication B. Configuration changes C. Identity theft D. DDoS
Rapid replication
A remote access Trojan would be used to do all of the following except __________. A. Steal information B. Remotely control a system C. Sniff traffic D. Attack another system
Sniff traffic
A Trojan relies on __________ to be activated. A. Vulnerabilities B. Trickery and deception C. Social engineering D. Port redirection
Social engineering
Which of the following is not a Trojan? A. BO2K B. LOKI C. Subseven D. TCPTROJAN
TCPTROJAN
Which utility will tell you in real time which ports are listening or in another state? A. Netstat B. TCPView C. Nmap D. Loki
TCPView
A logic bomb has how many parts, typically? A. One B. Two C. Three D. Four
Two
Which is/are a characteristic of a virus? A. A virus is malware. B. A virus replicates on its own. C. A virus replicates with user interaction. D. A virus is an item that runs silently.
A. A virus is malware C. A virus replicates with user interaction
Which of the following is/are true of a worm? A. A worm is malware. B. A worm replicates on its own. C. A worm replicates with user interaction. D. A worm is an item that runs silently.
A. A worm is malware B. A worm replicates on its own
Which statement(s) defines malware most accurately? A. Malware is a form of virus. B. Trojans are malware. C. Malware covers all malicious software. D. Malware only covers spyware.
B. Trojans are malware C. Malware covers all malicious software
