1.1 Compromise & Malware

Question 1

spyware

Answer 1

• spawn browser pop-up windows

- modify DNS (Domain Name System) queries attempting to direct user to other websites, often of dubious provenance

Question 2

ransomware

Answer 2

type of Trojan malware that tries to extort money from victim

Question 3

adware

Answer 3

browser plug-in displays commercial offers and deals

• some adware may exhibit spyware-like behavior, by tracking the websites a user visits and displaying targeted ads

Question 4

crypto-malware

Answer 4

• class of ransomware that attempts to encrypt data files

- user will be unable to access files without obtaining the private encryption key, which is held by the attacker

Question 5

botnet

Answer 5

set of computers that has been infected by a control program called a bot, that enables attackers to exploit the computers to mount attacks

Question 6

Remote Access Trojan (RAT)

Answer 6

functions as a backdoor, and allows attacker to access PC, upload files, and install software on it

Question 7

spyware

Answer 7

program that monitors user activity and sends info to someone else

• can occur with or without user’s knowledge

Question 8

rootkit

Answer 8

backdoor malware that changes core system files and programming interfaces, so that local shell processes no longer reveal their presence

Question 9

logic bomb

Answer 9

malicious program or script that is set to run under particular circumstances or in response to defined event, such as admin’s account becoming disabled

Question 10

worm

Answer 10

type of virus that spreads through memory and network connections, rather than infecting files

Question 11

mine

Answer 11

• scripted trap that runs in the event an account is deleted or disabled
• anti-virus software is unlikely to detect this kind of malicious script or program, so the security specialist would not be able to discover the script during an investigation
• mine would become known once it gets executed and causes damage

Question 12

Remote Access Trojan

Answer 12

• functions as a backdoor
• allows attacker to access PC, upload files, and install software on it
• allow user to use computer in a botnet to launch Distributed Denial of Service (DoS) attacks
• can allow user to use computer in a botnet to launch mass-mail spam attacks
• must establish connection from compromised host to a Command and Control (C2 or C&C) host or network operated by attacker

Question 13

tailgating

Answer 13

social engineering technique to gain access to a building by following someone else (or persuading them to “hold the door”)

Question 14

T or F. While viruses can be removed with antivirus, if the files are encrypted, chances are they will not be recoverable

Answer 14

True

Question 15

T or F. Keeping operating systems and applications up-to-date before an infection is vital to prevent getting infected in the first place

Answer 15

True

Question 16

mitigate effects of keylogging

Answer 16

use a keyboard that encrypts the keystroke signals before they are sent to the system unit

Question 17

logic bomb

Answer 17

malicious program or script that is set to run under particular circumstances or in response to a defined event

Question 18

shoulder surfing

Answer 18

refers to stealing a password or PIN (or other secure information) by watching user type it

Question 19

What type of malware could remove Explorer, Task Manager, and PowerShell from a user’s Windows computer?

Answer 19

rootkit

Question 20

A support specialist runs a virus scan and finds a user’s computer to be compromised with a Trojan. The user suspects that the Trojan got installed while shopping online, and the specialist feels that the attacker likely captured transaction information. The specialist suggests which method to mitigate this type of attack in the future?

Answer 20

use keystroke encryption software

Question 21

If a user’s computer becomes infected with a botnet, which of the following can this compromise allow the attacker to do? (Select more than one)

Answer 21

• launch a mass-mail spam attack
• launch a Distributed Denial of Service (DDoS) attack
• establish a connection with a Command and Control server

Question 22

For an attacker to perform a Distributed Denial of Service (DDoS) attack, which of the following control programs would allow the hacker to compromise devices and turn them into zombies?

Answer 22

bot

Question 23

An IT staff member used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user received pop-up ads, frequent crashes, slow computer performance, and strange services running when the staff member turns on the computer. What most likely happened to cause these issues?

Answer 23

The user installed Trojan horse malware

Question 24

A few end-users contacted the cyber security department about browser pop-ups on their computer, and explained that some websites they visit redirect them to other sites they did not intend to navigate to. The security team confirmed the pop-ups and noted modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users’ computers?

Answer 24

spyware infected computers

Question 25

An end-user installed an application and began receiving pop-up ads, frequent crashes, slow computer performance, and strange services running. Which of the following most likely describes what occurred to cause these problems?

Answer 25

The user installed Trojan horse malware

Question 26

An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user’s Windows computer. What type of malware did the attacker install on the victim host?

Answer 26

rootkit

Question 27

During an internal investigation, a security specialist discovered a malicious backdoor script on a system administrator’s machine that executes if the admin’s account becomes disabled. What type of malware did the specialist discover?

Answer 27

logic bomb

Question 28

An attacker used a phishing email to successfully install a keylogger Trojan onto a victim’s computer, to steal confidential information when the user types information into the webform of a website. How can the user mitigate this threat?

Answer 28

use a keyboard that encrypts keystrokes

Question 29

A script kiddie installed a backdoor on a victim’s computer that enabled the attacker to remotely access the PC, upload files, and install software on it. What kind of malware did the script kiddie install?

Answer 29

A Remote Access Trojan (RAT)

Question 30

If a user’s device becomes infected with crypto-malware, which of the following is the best way to mitigate this compromise?

Answer 30

Have up-to-date backups of the encrypted files.

Question 31

What is the difference between a virus and a worm?

Answer 31

Viruses replicate by infecting applications, worms are self-contained.

Question 32

An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user’s Windows computer. What type of malware did the attacker install on the victim host?

Answer 32

Rootkit

Question 33

An attacker compromised a series of computers with a botnet and installed Remote Access Trojans (RATs) on them. What else can the attacker now do with this type of malicious network? (Select more than one)

Answer 33

• Launch a mass-mail spam attack
• Establish a connection with a Command and Control server
• Launch a Distributed Denial of Service (DDoS) attack

Question 34

A cyber security department received alerts about browser pop-ups on users’ computers. After further investigation, the security analysts discovered that websites they visit on the compromised machines redirect them to malicious websites due to modified DNS (Domain Name System) queries. Which of the following did the computers most likely get infected with?

Answer 34

Spyware