malware types
Which action should a system administrator take to prevent further infection of computers on a network from being infected with keylogger software or hardware?
Distribute keystroke-encrypting keyboards to all users
Which of the following is an example of evidence that a system has been infected with some type of malware?
Unsolicited pop-up advertisements
A user has contracted a virus that an anti-virus program detects but cannot remove or quarantine. After investigating further, a system administrator notes that the virus is very large but impossible to remove. With which type of virus is the administrator likely dealing?
armored
boot sector virus remove
boot from a clean source and rewrite the master boot
A network administrator suspects that several computers on the network have been compromised by malware because of the large numbers of TCP connections to a single IP address. Upon checking the IP address' origin, the administrator finds that it belongs to a major political action committee. Which type of malware has infected this network?
botnet
anti-malware software has evolved to combat various types of malware. For example, pure signature-based anti-malware is no longer used. Which type of virus has been eradicated from the attack surface due to these more sophisticated detection and removal techniques?
camouflage
Although malware programmers are blamed for the increase of widespread malware infections, which of the following is perhaps the number one factor contributing to malware infections?
careless computer users
Viruses and worms both self-replicate (self-propagate) but worms distinguish themselves from viruses in that a worm's purpose is to do what to an infected network?
disrupt by crippling network bandwidth
The Mydoom worm is considered to be the worst worm incident of its type in virus history. Which method do worms, such as Mydoom, commonly use to rapidly spread themselves to millions of computers?
In addition to a lockout screen, ransomware can deny a user access to files by using which of the following methods?
encryption
Which of the following is a type of a classic virus that infects executable files, and upon execution of an infected file, infects other files?
file-infecting
Keyloggers appear in two different forms or types. Identify the two types of keyloggers.
hardware and software
A user on a corporate laptop discovers that their bank account and social media accounts have all been hacked. The user has highly secure passwords and has never accessed the accounts on a another device. The user brings their laptop to the company's system administrator for review. What does the system administrator find out about the user's computer?
keylogger
malware not typically part of malware campaign or attack
logic bomb
user not there and emails are coming from the computer
malware
what action determines if a system has malware
positive results from malware scan
What is the initial goal for an attacker who wants to access a network via backdoor attack?
to gain command and control of the target network
email actor trying to control of those systems and establish a presence inside the network
trojan horse
A network administrator had their entire network converted into a botnet. Which type of malware infection did the network administrator find during an investigation?
worm
A rootkit is a particularly dangerous type of malware. What makes it so dangerous?
It takes control of a system at the lowest levels while attempting to hide from detection.
Which feature makes logic bomb malware very difficult to detect and to prevent?
Logic bomb code is inserted during program development and is part of the standard program code.
What is the major benefit to an attacker using a so-called backdoor attack
The backdoor can help the attacker break into a target's infrastructure without being discovered.
Which vulnerability can make hardware backdoors especially difficult to protect from an attacker?
They only use passwords for access
A user has created a help desk ticket stating that they are unable to open any files on their computer. The user also states that a message is being displayed on the computer demanding the user pay money in order to access the computer files. Which type of malware has infected this user's computer?
ransomware
how to cleanup rootkit infection
reinstall from scratch
How is a remote access Trojan (RAT) different from a regular Trojan horse?
remote access control of computer
A user experiences an unusual and noticeable slowness when connecting to the Internet and other network resources, such as file shares and printers. What course of action does an administrator take in order to investigate further?
scan with anti malware program
A system administrator has just spent three full days fighting a significant virus infestation on the network. One computer after another became infected during this time. Which virus feature caused multiple computers to become infected?
self-replicating
A user found that their personal data had been exfiltrated from their computer by a malicious program that they clicked on several weeks ago. Which type of malware infected the user's system?
spyware
