1.1 Compromise & Malware Flashcards

1
Q

spyware

A
  • spawn browser pop-up windows

- modify DNS (Domain Name System) queries attempting to direct user to other websites, often of dubious provenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ransomware

A

type of Trojan malware that tries to extort money from victim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

adware

A

browser plug-in displays commercial offers and deals

  • some adware may exhibit spyware-like behavior, by tracking the websites a user visits and displaying targeted ads
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

crypto-malware

A
  • class of ransomware that attempts to encrypt data files

- user will be unable to access files without obtaining the private encryption key, which is held by the attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

botnet

A

set of computers that has been infected by a control program called a bot, that enables attackers to exploit the computers to mount attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Remote Access Trojan (RAT)

A

functions as a backdoor, and allows attacker to access PC, upload files, and install software on it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

spyware

A

program that monitors user activity and sends info to someone else

  • can occur with or without user’s knowledge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

rootkit

A

backdoor malware that changes core system files and programming interfaces, so that local shell processes no longer reveal their presence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

logic bomb

A

malicious program or script that is set to run under particular circumstances or in response to defined event, such as admin’s account becoming disabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

worm

A

type of virus that spreads through memory and network connections, rather than infecting files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

mine

A
  • scripted trap that runs in the event an account is deleted or disabled
  • anti-virus software is unlikely to detect this kind of malicious script or program, so the security specialist would not be able to discover the script during an investigation
  • mine would become known once it gets executed and causes damage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Remote Access Trojan

A
  • functions as a backdoor
  • allows attacker to access PC, upload files, and install software on it
  • allow user to use computer in a botnet to launch Distributed Denial of Service (DoS) attacks
  • can allow user to use computer in a botnet to launch mass-mail spam attacks
  • must establish connection from compromised host to a Command and Control (C2 or C&C) host or network operated by attacker
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

tailgating

A

social engineering technique to gain access to a building by following someone else (or persuading them to “hold the door”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

T or F. While viruses can be removed with antivirus, if the files are encrypted, chances are they will not be recoverable

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

T or F. Keeping operating systems and applications up-to-date before an infection is vital to prevent getting infected in the first place

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

mitigate effects of keylogging

A

use a keyboard that encrypts the keystroke signals before they are sent to the system unit

17
Q

logic bomb

A

malicious program or script that is set to run under particular circumstances or in response to a defined event

18
Q

shoulder surfing

A

refers to stealing a password or PIN (or other secure information) by watching user type it

19
Q

What type of malware could remove Explorer, Task Manager, and PowerShell from a user’s Windows computer?

A

rootkit

20
Q

A support specialist runs a virus scan and finds a user’s computer to be compromised with a Trojan. The user suspects that the Trojan got installed while shopping online, and the specialist feels that the attacker likely captured transaction information. The specialist suggests which method to mitigate this type of attack in the future?

A

use keystroke encryption software

21
Q

If a user’s computer becomes infected with a botnet, which of the following can this compromise allow the attacker to do? (Select more than one)

A
  • launch a mass-mail spam attack
  • launch a Distributed Denial of Service (DDoS) attack
  • establish a connection with a Command and Control server
22
Q

For an attacker to perform a Distributed Denial of Service (DDoS) attack, which of the following control programs would allow the hacker to compromise devices and turn them into zombies?

A

bot

23
Q

An IT staff member used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user received pop-up ads, frequent crashes, slow computer performance, and strange services running when the staff member turns on the computer. What most likely happened to cause these issues?

A

The user installed Trojan horse malware

24
Q

A few end-users contacted the cyber security department about browser pop-ups on their computer, and explained that some websites they visit redirect them to other sites they did not intend to navigate to. The security team confirmed the pop-ups and noted modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users’ computers?

A

spyware infected computers

25
Q

An end-user installed an application and began receiving pop-up ads, frequent crashes, slow computer performance, and strange services running. Which of the following most likely describes what occurred to cause these problems?

A

The user installed Trojan horse malware

26
Q

An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user’s Windows computer. What type of malware did the attacker install on the victim host?

A

rootkit

27
Q

During an internal investigation, a security specialist discovered a malicious backdoor script on a system administrator’s machine that executes if the admin’s account becomes disabled. What type of malware did the specialist discover?

A

logic bomb

28
Q

An attacker used a phishing email to successfully install a keylogger Trojan onto a victim’s computer, to steal confidential information when the user types information into the webform of a website. How can the user mitigate this threat?

A

use a keyboard that encrypts keystrokes

29
Q

A script kiddie installed a backdoor on a victim’s computer that enabled the attacker to remotely access the PC, upload files, and install software on it. What kind of malware did the script kiddie install?

A

A Remote Access Trojan (RAT)

30
Q

If a user’s device becomes infected with crypto-malware, which of the following is the best way to mitigate this compromise?

A

Have up-to-date backups of the encrypted files.

31
Q

What is the difference between a virus and a worm?

A

Viruses replicate by infecting applications, worms are self-contained.

32
Q

An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user’s Windows computer. What type of malware did the attacker install on the victim host?

A

Rootkit

33
Q

An attacker compromised a series of computers with a botnet and installed Remote Access Trojans (RATs) on them. What else can the attacker now do with this type of malicious network? (Select more than one)

A
  • Launch a mass-mail spam attack
  • Establish a connection with a Command and Control server
  • Launch a Distributed Denial of Service (DDoS) attack
34
Q

A cyber security department received alerts about browser pop-ups on users’ computers. After further investigation, the security analysts discovered that websites they visit on the compromised machines redirect them to malicious websites due to modified DNS (Domain Name System) queries. Which of the following did the computers most likely get infected with?

A

Spyware