9.1 Malware
Which of the following best describes an anti-virus sensor system? -Software that is used to protect a system from malware infections. -Analyzing malware by running and observing its behavior and effects. -Analyzing the code of malware to understand its purpose without running it. -A collection of software that detects and analyzes malware.
A collection of software that detects and analyzes malware.
The program shown is a crypter. Which of the following best defines what this program does? -A crypter is the main piece of the malware, the part of the program that performs the malware's intended activity. -A crypter takes advantage of a bug or vulnerability to execute the malware's payload. -A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect. -A crypter compresses the malware to reduce its size and help hide it from anti-malware software.
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine? -Wrapper -Dropper -Server -Construction kit
Dropper
Patrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus? -Webroot -JPS -TCPView -ProRat
JPS
Which of the following laws is designed to regulate emails? -USA Patriot Act -HIPAA -CAN-SPAM Act -CFAA
CAN-SPAM Act
A virus has replicated itself throughout the infected systems and is executing its payload. Which of the following phases of the virus lifecycle is the virus in? -Launch -Incorporation -Replication -Design
Launch
Which of the following virus types is shown in the code below? if Day(date) > 25 then ... -Direct action -Logic bomb -Cavity -Metamorphic
Logic bomb
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action? -Scareware -Adware -Ransomware -Spyware
Scareware
Analyzing emails, suspect files, and systems for malware is known as which of the following? -Dynamic analysis -Integrity checking -Sheep dipping -Static analysis
Sheep dipping
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using? -Trojan horse -Worm -Virus -Spyware
Trojan horse
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using? -Virus -Spyware -Worm -Trojan horse
Worm
Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using? -Host integrity monitoring -Static analysis -Sheep dipping -Malware disassembly
Host integrity monitoring
