CH 8 Quiz Malware itn 261

A Trojan can include which of the following? RAT TCP Nmap Loki

RAT

What is a covert channel? An obvious method of using a system A defined process in a system A backdoor A Trojan on a system

A backdoor

A covert channel or backdoor may be detected using all of the following except __________. Nmap Sniffers An SDK Netcat

An SDK

An overt channel is __________. An obvious method of using a system A defined backdoor process in a system A backdoor A Trojan on a system

An obvious method of using a system

This virus is designed to infect and place its own code into the MBR of a system Logic bomb Multipartite Boot Sector Metamorphic

Boot Sector

These viruses hide in a host file without changing the host file's appearance, so detection becomes difficult. Many viruses that do this also implement stealth techniques Macro Cluster Stealth Cavity

Cavity

What is not a benefit of hardware keyloggers? Easy to hide Difficult to install Difficult to detect Difficult to log

Difficult to install

A polymorphic virus __________. Evades detection through backdoors Evades detection through heuristics Evades detection through rewriting itself Evades detection through luck

Evades detection through rewriting itself

A sparse infector virus __________. Creates backdoors Infects data and executables Infects files selectively Rewrites itself

Infects files selectively

This virus is designed to cause damage only on a certain date Logic bomb Multipartite Sparse sector Metamorphic

Logic bomb

These viruses infect Microsoft applications. Macro Cluster Stealth Encryption

Macro

Which of the following is capable of port redirection? Netstat TCPView Netcat Loki

Netcat

These are designed to change their code and shape to avoid detection by virus scanners, which look for a specific virus code and not the new version. They often employ engines to alter or mutate their code. Logic bomb Multipartite Polymorphic Metamorphic

Polymorphic

This type of malware is designed to replicate and attach itself to other files resident on the system. Virus Worm Trojan Horse Rootkit

Virus

What command is used to listen to open ports with netstat? netstat -an netstat -ports netstat -n netstat -s

netstat -an

This malware functions typically by searching for valuable files or data and encrypting them Ransomware Scareware Encryptionware Adware

Ransomware

What are worms typically known for? Rapid replication Configuration changes Identity theft DDoS

Rapid replication

A remote access Trojan would be used to do all of the following except __________. Steal information Remotely control a system Sniff traffic Attack another system

Sniff traffic

A Trojan relies on __________ to be activated . Vulnerabilities Trickery and deception Social engineering Port redirection

Social engineering