8.4 Cover Your Tracks

Ace your homework & exams now with Quizwiz!

Which of the following is also known as ZeroAccess and has virus, Trojan horse, and rootkit components? -Touch -GrayFish -DeepSound -Sirefef

Sirefef

Cameron wants to send secret messages to his friend Brandon, who works at a competitor's company. To secure these messages, he uses a technique to hide a secret message within a video. Which of the following techniques is he using? -Steganography -RSA algorithm -Encryption -Public-key cryptograph

Steganography

The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called: -Rootkits -Steganography -Execution path profiling -NTFS data streaming

Steganography

Which of the following could a hacker use Alternate Data Streams (ADS) for? -Erasing evidence -Tracking evidence -Modifying evidence -Hiding evidence

Hiding evidence

Who would be most likely to erase only parts of the system logs file? -A penetration tester -An everyday user -A black hat hacker -The network admin

A black hat hacker

Which of the following best describes CCleaner? -A command line tool in Windows 2000 that will dump a remote or local event log into a tab-separated text file. It can also be used to filter specific types of events. -A program that searches for carrier files through statistical analysis techniques, scans for data hiding tools, and can crack password-protected data to extract the payload. -A software that can clear cookies, stored data like passwords, browser history, and temporary cached files. It can clear the recycling bin, clipboard data, and recent documents lists as well. -A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.

A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.

Which of the following best describes a rootkit? -Scans the system and compares the current scan to the clean database. -Allows the user to create a password to make the hidden file more secure. -Allows each file an unlimited number of data streams with unlimited size. -Can modify the operating system and the utilities of the target system.

Can modify the operating system and the utilities of the target system.

Jerry runs a tool to scan a clean system to create a database. The tool then scans the system again and compares the second scan to the clean database. Which of the following detection methods is Jerry using? -Behavior-based -Cross view-based -Signature-based -Integrity-based

Integrity-based

Mark is moving files from a device that is formatted using NTFS to a device that is formatted using FAT. Which of the following is he trying to get rid of? -Antivirus and anti-spyware programs. -Software programs that hackers use. -Encrypted steganographic information. -Malicious alternate data streams.

Malicious alternate data streams.

Which of the following best describes the heuristic or behavior-based detection method? -Scans a system's processes and executable files, looking for byte sequences of known malicious rootkit programs. -Runs a tool to scan a clean system and create a database, then scans the system and compares the current scan to the clean database. -Uses an algorithm as it goes through the system files, processes, and registry keys to create a baseline that is compared to the data returned by the operating system's APIs. -Searches for execution path hooking, which allows a function value in an accessible environment to be changed.

Searches for execution path hooking, which allows a function value in an accessible environment to be changed.

You believe your system has been hacked. Which of the following is the first thing you should check? -Modified timestamps -Browser history -Hidden files -System log files

System log files

James, a hacker, has hacked into a Unix system and wants to change the timestamps on some files to hide his tracks. Which of the following timestamp tools would he most likely use? -Meterpreter -Timestomp -Touch -ctime

Touch

Phil, a hacker, has found his way into a secure system. He is looking for a Windows utility he can use to retrieve, set, back up, and restore logging policies. Which of the following utilities should he consider? -auditpol -secedit -gpedit -poledit

8.4 Cover Your Tracks

Related study sets

mastering bio circulatory and respiratory

Economics Exam #1 (Ch 1-4)

SYBEX Book - AWS Cloud Practitioner End of Chapter Questions

Acct. Ch 19, accounting managerial midterm, Review Sheet 101-152

Chapter 5: Product Differentiation

Chapter 40: Management of Patients with Gastric and Duodenal Disorders

Acct- Ch. 9

Ch 7 Legal Dimensions of Nursing Practice

Quizzam 2

MKTG 431 QUIZ #13

Chapter 10: Divorce, Remarriage, and Blended Families

07.01 La Fête Nationale

PNI Quiz 4 Practice Questions

American Literature Final

Sociology Chapter 4 quiz

SIE exam

iggy 61: assessment of endocrine

CH 15 OCE

Renewable Energy

Wonderlic