14.4 Practice Quiz
Which of the following best describes an antivirus sensor system?
A collection of software that detects and analyzes malware. A collection of software that detects and analyzes malware is called an antivirus sensor system. This system is used along with the sheep dip computer to perform malware analysis. Anti-malware software is used to protect a system from malware infections. Static analysis is also known as code analysis. It involves going through malware's code using a variety of tools and techniques to understand its purpose, but does not involve executing the code. Dynamic analysis is the process of analyzing malware by running it and observing its behavior and its effects on a system.
The program shown is a crypter. Which of the following options best defines what this program does?
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect. The crypter is a shell around the malware code that keeps the malware from being analyzed and reverse-engineered. The program uses different techniques to encrypt and obfuscate the malware to help prevent detection by anti-malware programs. The payload is the main piece of the malware, the part of the program that performs the malware's intended activity. The exploit takes advantage of a bug or vulnerability to execute the malware's payload. The packer compresses the malware to reduce its size and help hide it from anti-malware software.
Which of the following laws regulates emails?
CAN-SPAM Act
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine?
Dropper
Rudy is analyzing a piece of malware discovered in a penetration test. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterward and monitor different components, such as ports, processes, and event logs, and note changes. Which of the following processes is he using?
Host integrity monitoring
A virus has replicated itself throughout systems it has infected and is executing its payload. Which of the following phases of the virus life cycle is this virus in?
Launch
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action?
Scareware Scareware shows the user signs of potential harm that could happen if the user doesn't take some sort of action, such as purchasing a specific program to clean the system. Spyware collects and forwards information about the victim's activities to someone else. Ransomware encrypts system files and folders and requires the victim to pay for the decryption key. Adware causes an increase in pop-up and pop-under advertisements.
Analyzing emails, suspect files, and systems for malware is known as which of the following?
Sheep dipping
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?
Trojan horse
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using?
Worm