IS Quiz 2
A group of compromised computers that have software installed by a worm or Trojan is known as which of the following? A) Botnet B) Virus C) Honeypot D) Zombie
A) Botnet
You have been given the task of scanning for viruses on a PC. What is the best of the following methods? A) Recovery environment B) Dual-boot into Linux C) Command Prompt only D) Boot into Windows normally
A) Recovery environment
One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive-by download of unwanted software occurred. What does the download most likely contain? A) Spyware B) DDoS C) Smurf D) Backdoor E) Logic bomb
A) Spyware
Which of the following would be considered detrimental effects of a virus hoax? (Select the two best answers.) A) Technical support resources are consumed by increased user calls. B) Users are at risk for identity theft. C) Users are tricked into changing the system configuration. D) The e-mail server capacity is consumed by message traffic.
A) Technical support resources are consumed by increased user calls and C) Users are tricked into changing the system configuration
Which of these is true for active interception? A) When a computer is put between a sender and receiver B) When a person overhears a conversation C) When a person looks through files D) When a person hardens an operating system
A) When a computer is put between a sender and receiver
Which type of malware does not require a user to execute a program to distribute the software? A) Worm B) Virus C) Trojan horse D) Stealth
A) Worm
Which of the following defines the difference between a Trojan horse and a worm? (Select the best answer.) A) Worms self-replicate but Trojan horses do not. B) The two are the same. C) Worms are sent via e-mail; Trojan horses are not. D) Trojan horses are malicious attacks; worms are not.
A) Worms self-replicate but Trojan horse do not.
You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst finds hidden processes that are running on the server. Which of the following has most likely been installed on the server? A) Spam B) Rootkit C) Backdoor D) Logic bomb E) Ransomware
B) Rootkit
Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat? A) Spyware B) Spam C) Viruses D) Botnets
B) Spam
How do most network-based viruses spread? A) By optical disc B) Through e-mail C) By USB flash drive D) By floppy disk
B) Through e-mail
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason? A) Virus B) Worm C) Zombie D) PHP script
B) Worm
Which of the following types of scanners can locate a rootkit on a computer? A) Image scanner B) Barcode scanner C) Malware scanner D) Adware scanner
C) Malware Scanner
A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened? A) The computer is infected with spyware. B) The computer is infected with a virus. C) The computer is now part of a botnet. D) The computer is now infected with a rootkit.
C) The computer is now part of a botnet
Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user's computer? A) Worm B) Virus C) Trojan D) Spam
C) Trojan
Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.) A) Virus B) Worm C) Zombie D) Malware
C) Zombie
You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers' performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem? A) Antivirus B) Anti-spyware C) Host-based firewalls D) Anti-spam
D) Anti-spam
Which of the following is not an example of malicious software? A) Rootkits B) Spyware C) Viruses D) Browser
D) Browser
Which type of attack uses more than one computer? A) Virus B) DoS C) Worm D) DDoS
D) DDoS Distributed denial-of-service, attack uses multiple computers to make its attack, usually perpetuated on a server. None of the other answers use multiple computers.
What is a malicious attack that executes at the same time every week? A) Virus B) Worm C) Ransomware D) Logic bomb
D) Logic bomb
Which of the following is a common symptom of spyware? A) Infected files B) Computer shuts down C) Applications freeze D) Pop-up windows
D) Pop-up windows They are common to spyware. The rest of the answers are more common symptoms of viruses
One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user's computer? A) Worm B) Logic bomb C) Spyware D) Trojan
D) Trojan
Which of the following types of viruses hides its code to mask itself? A) Stealth virus B) Polymorphic virus C) Worm D) Armored virus
D. Armored virus An armored virus attempts to make disassembly difficult for an antivirus software program. It thwarts attempts at code examination. Stealth viruses attempt to avoid detection by antivirus software altogether. Polymorphic viruses change every time they run. Worms are not viruses.