17-C

Question 1

What is malware?

Answer 1

Software that does something bad from the perspective of the system owner

Question 2

What are the main categories of malware according to vector?

Answer 2

• Viruses
• Boot sector viruses
• Trojans
• Worms
• Fileless malware

Question 3

What is a virus?

Answer 3

Concealed within the code of an executable process image stored as a file on disk

Question 4

What do boot sector viruses infect?

Answer 4

The boot sector code or partition table on a disk drive

Question 5

Define a Trojan.

Answer 5

Malware concealed within an installer package for software that appears to be legitimate

Question 6

How do worms spread?

Answer 6

By replicating between processes in system memory and exploiting vulnerable client/server software

Question 7

What is fileless malware?

Answer 7

Malicious code that uses the host’s scripting environment to create new processes in memory

Question 8

What is a backdoor in the context of malware?

Answer 8

A method allowing a threat actor to access a PC and upload/exfiltrate data files

Question 9

What are the primary functions of spyware?

Answer 9

• Perform browser reconfigurations
• Monitor local application activity
• Take screenshots
• Activate recording devices

Question 10

What is a keylogger?

Answer 10

Spyware that records keystrokes to steal confidential information

Question 11

What is a rootkit?

Answer 11

Malware that operates with high privileges, often concealing its presence

Question 12

What is ransomware?

Answer 12

A type of malware that tries to extort money from the victim

Question 13

What is crypto-ransomware?

Answer 13

Ransomware that encrypts files, making them inaccessible without a decryption key

Question 14

What is cryptojacking?

Answer 14

The hijacking of a host’s resources to perform cryptocurrency mining

Question 15

List some performance symptoms of malware infection.

Answer 15

• Computer fails to boot
• Slow performance at startup
• Inability to access network or internet

Question 16

What are common application symptoms of malware?

Answer 16

• Security-related applications stop working
• OS updates fail
• Applications crash frequently

Question 17

What file system errors might indicate malware infection?

Answer 17

• Missing or renamed files
• Additional executable files with similar names to system files
• Altered file permissions

Question 18

What does redirection in a browser indicate?

Answer 18

When a user is sent to a different page than intended, often mimicking the target page

Question 19

What causes certificate warnings in a browser?

Answer 19

• Self-signed certificates
• FQDN mismatch
• Expired or revoked certificates

Question 20

What is the first step in the best practices for malware removal?

Answer 20

Investigate and verify malware symptoms

Question 21

Fill in the blank: A key component of malware removal is to _______ infected systems.

Answer 21

[quarantine]

Question 22

True or False: Most malware is discovered via manual inspection rather than automated scanning.

Answer 22

False

Question 23

What should be done after remediating infected systems?

Answer 23

Enable System Restore and create a restore point in Windows

Question 24

What is the purpose of enabling System Restore in Windows?

Answer 24

To create restore points that allow users to revert their system to a previous state.

Question 25

What are potentially unwanted applications (PUAs)?

Answer 25

Applications classified by Windows Defender Antivirus that may not be malware but can still pose risks.

Question 26

What are malware encyclopedias?

Answer 26

Comprehensive databases maintained by antivirus vendors containing information about viruses, worms, Trojans, and rootkits.

Question 27

What is the first action to take if a system is suspected to be infected with malware?

Answer 27

Quarantine the infected system.

Question 28

What does quarantining a host entail?

Answer 28

Preventing it from communicating on the main network to reduce the risk of malware spreading.

Question 29

Fill in the blank: After detecting malware symptoms, you should disable _______.

Answer 29

System Restore.

Question 30

What is the main tool used for malware remediation?

Answer 30

Antivirus software.

Question 31

True or False: Antivirus and anti-malware are synonymous terms.

Answer 31

True.

Question 32

What should you do if your antivirus software does not detect a virus?

Answer 32

Use a different suite of malware removal tools.

Question 33

List the steps required for manual removal of advanced malware.

Answer 33

* Terminate suspicious processes using Task Manager * Execute commands in command prompt * Manually remove registry items * Boot into Safe Mode * Use recovery media to run commands from a clean environment * Scan the disk from another system

Question 34

What is a complete system restore?

Answer 34

Reformatting the disk, reinstalling the OS, and restoring data files from a clean backup.

Question 35

What should be configured to prevent malware reinfection?

Answer 35

* On-access scanning * Scheduled scans * Regular updates of antivirus definitions

Question 36

Why is it necessary to re-enable System Restore after cleaning a system?

Answer 36

To create fresh restore points and ensure backup systems are operational again.

Question 37

What is DNS spoofing?

Answer 37

A technique that allows attackers to redirect users to fake websites.

Question 38

What role does effective user training play in malware prevention?

Answer 38

It reduces vulnerability to social engineering and phishing attacks.

Question 39

What topics should be covered in security-awareness training?

Answer 39

* Password management * Common malware threats * Secure software use * Anti-phishing training

Question 40

Why might a PC infected with malware display no obvious symptoms?

Answer 40

Some malware is sophisticated enough to evade detection.

Question 41

Why might you need to use a virus encyclopedia?

Answer 41

To verify symptoms against known malware indicators.

Question 42

Is it likely that multiple users reporting slow performance indicates a malware infection?

Answer 42

Yes, it could be a sign of a malware infection.

Question 43

If a user is stuck on a web page with a pop-up message, is her computer likely infected with malware?

Answer 43

Not necessarily; further investigation is needed.

Question 44

If a browser reports an invalid certificate when signing into online banking, what should be suspected?

Answer 44

Another cause besides the bank updating its certificate.

Question 45

Why is DNS configuration important in the malware remediation process?

Answer 45

To prevent attackers from redirecting users to malicious sites.