Practice questions 9.1.12
Which of the following laws is designed to regulate emails? CFAA HIPAA CAN-SPAM Act USA Patriot Act
CAN-SPAM Act
Which of the following virus types is shown in the code below?
Logic bomb logic bomb is triggered by an event, such as specific date and time or a program being executed. A direct action virus infects a program. It runs when the infected program runs and stops when the program closes. A cavity virus fills in the empty space in a file or program. This virus preserves the file's functionality and does not increase its length. A metamorphic virus rewrites itself completely each time it infects a new file. References
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using? Spyware Virus Worm Trojan horse
Trojan horse
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action? Ransomware Adware Spyware Scarewar
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action? answer Ransomware Adware Spyware Scarewar
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using? Worm Virus Trojan horse Spyware
A worm : is a standalone malware program that can replicate without user interaction throughout a network. A virus is a self-replicating malware that attaches itself inside a legitimate program. A hacker can define what they want the virus to do and how it will replicate. Spyware is a type of malware that is designed to collect and forward information regarding a victim's activities to someone else. A Trojan horse is a malware program that is hidden inside a legitimate program. When the user runs that program, the Trojan horse runs in the background without the user's knowledge, giving the hacker remote access.
Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using? Sheep dipping Host integrity monitoring Static analysis Malware disassembly
Host integrity monitoring is part of the dynamic analysis process. The analyzer takes a snapshot of the testing computer before executing the malware. After the malware runs, the analyzer uses the same tools to take another snapshot and looks for any changes in the system. Static analysis involves going through the actual code of the malware without executing it to understand what it does and its purpose using a variety of tools and techniques. The process of analyzing emails, suspect files, and systems for malware is known as sheep dipping. Malware disassembly is a technique used in static analysis. Disassembling the malware allows the analyzer to learn everything about the program and what its designed to do.
Which of the following best describes an anti-virus sensor system? answer Analyzing malware by running and observing its behavior and effects. A collection of software that detects and analyzes malware. Analyzing the code of malware to understand its purpose without running it. Software that is used to protect a system from malware infections.
A collection of software that detects and analyzes malware.
The program shown is a crypter. Which of the following best defines what this program does? A crypter compresses the malware to reduce its size and help hide it from anti-malware software. A crypter takes advantage of a bug or vulnerability to execute the malware's payload. A crypter is the main piece of the malware, the part of the program that performs the malware's intended activity.
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
Patrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus? Webroot JPS TCPView ProRat
JPS Virus Maker is a common program that can perform many different tasks, including creating viruses and running a custom script. ProRat is a popular creation kit that creates Trojan horses. Webroot is an anti-virus program. TCPView is a tool you can run on Windows to quickly and easily discover which network ports are in use on the local machine.
A virus has replicated itself throughout the infected systems and is executing its payload. Which of the following phases of the virus lifecycle is the virus in? Incorporation Design Replication Launch
Launch; is the third phase of the virus life cycle. The virus is launched and executes its payloads in this phase. The second phase in the virus life cycle is replication. In this phase, the virus replicates and spreads within the victim machine. Incorporation is the fifth phase of the virus life cycle. In this phase, antivirus software developers design defenses against viruses. Design is the first phase of the virus life cycle. This is the phase where the virus is created.
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine? Dropper Construction kit Wrapper Server
The dropper is the part of the Trojan horse that installs the malicious code onto the target machine. Creating the dropper is the second step in the process. A construction kit is the software tool a hacker can use to create and customize a Trojan horse. The server is the file in the Trojan horse that is dropped into the victim's machine and is what the hacker connects to. The wrapper is the program that combines the server and dropper into a genuine application file.
Analyzing emails, suspect files, and systems for malware is known as which of the following? answer Sheep dipping Dynamic analysis Integrity checking Static analysis
The process of analyzing emails, suspect files, and systems for malware is called sheep dipping. The term comes from the process sheep farmers use to dip sheep in chemical solutions to clear them of parasites. Static analysis is also known as code analysis. This involves going through the malware's code using a variety of tools and techniques to understand its purpose, but does not involve executing the code. Dynamic analysis is the process of analyzing the malware by running it and observing its behavior and its effects on the system. Integrity checking establishes a system baseline and alerts the user if any suspicious system changes occur.
