1C

Question 1

___ ___ is software or scripts written to intentionally cause undesired effects such as security breaches or damage to a system.

Answer 1

Malicious Code

Question 2

Malicious code includes a broad category of related terms including…?

Answer 2

Attack Scripts
Viruses
Worms
Trojan Horses
Backdoors

Question 3

____ is software designed to infiltrate or damage a computer system without the owner’s informed consent.

Answer 3

Malware

Question 4

Many computer users are unfamiliar with the term, and often use the term, “___ ___” for all types of malware, including viruses.

Answer 4

computer virus

Question 5

____ is considered malware because of the perceived intent of the creator rather than any features of the ____ itself. Malicious ____ and infectious programs created with malicious intent have been
present from the time ____ came into existence.

Answer 5

Software

Question 6

Malware is not the same as ____ ____. ____ ____ is software which has a legitimate purpose but incidentally contains harmful
program bugs.

Answer 6

Defective software

Question 7

The most common pathways that malware takes from criminals to users (known as attack vectors) are through ___ and ___.

Answer 7

email and World Wide Web

Question 8

___ ___ are bits of computer programming, or code, that hide in computer programs or on the boot sector of storage devices

Answer 8

Computer viruses

Question 9

The primary purpose of a ____ is to reproduce itself as often as possible and thereby disrupt the operation of the infected
computer or program. Once activated, a ___ can range from being simply annoying to catastrophic.

Answer 9

virus

Question 10

Viruses are written by people with intent to do ___ and can be classified into many categories, based on how they propagate themselves and the nature of their behavior.

Answer 10

harm

Question 11

What are the four types of viruses?

Answer 11

1. Boot Sector Virus
2. File Infector Virus
3. Macro Virus
4. Logic Bomb

Question 12

The first type, called a “boot-sector virus,” resides in the first sector of a…?

Answer 12

disk or USB drive

Question 13

The following describes which type of virus?

The virus executes when the computer is booted. It controls the boot sequence and determines which partition the computer boots from. A ___ ___virus is extremely dangerous. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory, the boot virus can spread to every disk that the system reads. A common method of transmitting viruses from one computer to another is through the distribution of removable media like compact disc (CD) or USB drive. Each time the infected media gets used on a new device; the virus replicates itself onto the new drive. Any disk can cause infection if it is in the drive when the computer boots up. The virus can also be spread across networks
from file downloads and e-mail file attachments.

Answer 13

Boot Sector Virus

Question 14

The following describes which type of virus?

The second type of virus is the “____ ____,” also known as an executable virus or parasitic virus. ____ ____ operate in memory and infect executable files. Such a virus attaches itself to a file or program and activates any time the file is used. When the program loads, the virus is loaded as well. Other ____ ____ viruses arrive as wholly contained programs or scripts sent as an attachment to an e-mail. Various subcategories of file infectors exist.

Answer 14

File Infector Virus

Question 15

The following describes which type of virus?

Most applications today support ____, which are used to automate a task within the software application. A ____ virus is code written using a ____ language which performs a malicious action, such as deleting files or e-mailing everyone in your address book. The ____ is usually created within a file and triggered automatically when someone opens the file. ____ viruses infect files, not entire host computers or networks.

Answer 15

Macro Virus

Question 16

The following describes which type of virus?

A ___ ___ is a type of virus planted on the system by installing a piece of software that contains some code that will not execute until a certain event occurs, such as a specific date.

Answer 16

Logic Bomb

Question 17

One infected computer in an organization could easily infect all the computers in the organization by a single user passing around a
copy of the latest program. ___ ___ are often the primary means for convenient file transfers.

Answer 17

Flash drives

Question 18

One of the most common methods of spreading a virus is through ___.

Answer 18

email

Question 19

A ___ ___ is a program that a user is tricked into installing. The software that the user intended to download works exactly as expected. But there is additional software embedded inside the legitimate code that the user does not know about and would not give permission to install if they knew. ___ ___ allow unauthorized access to an infected host by opening a back door on the infected machine which allows a hacker to connect to the system remotely and take control of it.

Answer 19

Trojan horse

Question 20

A ___ is like a virus except that ___ require no user intervention to self-replicate. ___ can infect a network in several ways, such as by using certain vulnerable network ports/protocols, by opening infected e-mail messages, and by inserting infective flash drives into the host computer.

Answer 20

worm

Question 21

The effect of viruses may cause data loss, but some viruses are designed specifically to delete files or issue a physically harmful
series of instructions to hard drives. Such viruses are termed ____.

Answer 21

destructive

Question 22

What are common symptoms of computer virus infection?

Answer 22

• The computer will not boot.
• The data is scrambled or corrupted.
• The computer operates erratically.
• A partition is lost.
• The hard drive is reformatted.
• Programs suddenly open and close without your input.
• Warnings and error messages are displayed at unusual times.

Question 23

The most common symptom of an infection on a network is one or more workstations with ___ ___.

Answer 23

erratic errors

Question 24

What are some other types of malware that you should be aware of?

Answer 24

1. Ransomware
2. Spyware
3. Adware
4. Rootkit

Question 25

___ is a type of malware that prevents or limits users from accessing their system. Attackers can encrypt a victim’s entire system, specific files, or they may lock the system’s screen until the victim pays a specified ransom to have their data unencrypted or unlocked by the attacker.

Answer 25

Ransomware

Question 26

___ is hidden software that monitors and collects information about a user and their activities and then sends that information to a remote system for a hacker to review. For example, ____ could collect information about the websites you visit. ____ has also been known to make changes to computer systems such as redirecting browsers and slowing down network connections.

Answer 26

Spyware

Question 27

___ is software that automatically loads advertisements on the screen, typically in the form of pop-up windows.

Answer 27

Adware

Question 28

A ___ is software, typically hidden from the administrator, that is installed on a system by a hacker to give that hacker privileged access to the system.

Answer 28

Rootkit

Question 29

___ ___ stop unauthorized users (also known as intruders) from accessing any part of a computer system.

Answer 29

Preventative measures

Question 30

What are the different types of preventative measures?

Answer 30

1. Vulnerability Scanning
2. Software patching
3. User-awareness training
4. Firewalls
5. Anti-spyware
6. Proxy Servers/Web Content Filters
7. Mail Gateway

Question 31

___ ___ mimics malicious network activity that hosts could encounter on a network. Routine scanning results identify hosts that are vulnerable to attacks. System administrators should remediate these vulnerabilities by patching or otherwise changing system configurations.

Answer 31

Vulnerability scanning

Question 32

___ is the process of repairing a vulnerability or a flaw that is identified after the release of an application. Newly released ___ can fix bugs, help to enhance applications with new features, and
fix security vulnerabilities

Answer 32

Software patching

Question 33

All users of the Air Force Network are required to complete ___ ___ ___ upon initial account creation and annually after that. This training informs users of common pitfalls that can cause system vulnerabilities and what they can do to mitigate them.

Answer 33

User-awareness training

Question 34

A ____ restricts data communication traffic to and from a network it’s connected to. ____ protect network resources from outside threats

Answer 34

Firewalls

Question 35

Any software that covertly gathers user information through the user’s Internet connection without their knowledge, usually for advertising purposes, is spyware. Spyware does not intend to cause damage to the system but rather presents a privacy threat. ___ ____ prevents spyware from collecting information about the user.

Answer 35

Anti-spyware

Question 36

A ____ resides between a user’s computer and the Internet. It provides security, privacy, and web filtering. ____ servers are often used as part of a firewall.

Answer 36

Proxy Servers/Web Content Filters

Question 37

A ___ ___ is a server within an organization’s demilitarized zone (DMZ) that sends and receives email for the organization. The ___ ___ can be set up to scan and filter out files with problematic file extensions, viruses, and spam. The gateway then forwards email to the internal email server to be distributed to internal clients.

Answer 37

Mail gateway

Question 38

___ ___ determine whether someone attempted to break into a system and if the intrusion was successful. If so, it shows what the attacker may have done.

Answer 38

Detection Measures

Question 39

What are the two types of detection measures?

Answer 39

Anti-virus software
Monitor Logs

Question 40

___ software is your system’s protection against viruses. Your system can contract viruses from websites, e-mail attachments, etc. ___ programs inspect the contents of each file. They search for a virus signature, that is, specific patterns that match a malicious profile of something known to be harmful. For each file that matches a signature, the ___ program provides options on how to respond, such as removing the offending patterns, quarantining the file, or deleting the file.

Answer 40

Anti-virus software

Question 41

Administrators should check logs daily for signs of security compromise. Logs from firewalls, IDSs/IPSs, DNS servers, and proxy servers can be centralized using a syslog host, which collects logs
from various devices and systems.

Answer 41

Monitor Logs

Question 42

What is a counter measure?

Answer 42

Response

Question 43

___ involves knowing the value of your data and the impact upon day-to-day operations if specific systems become unavailable or compromised. Recovery actions may run the gamut from simple
upgrade of protective appliances to notification of legal authorities, counterattacks, and the like.

Answer 43

Response

Question 44

Steps of the response phase of an attack may include tasks such as…?

Answer 44

1. Defining the attack
2. Informing users of the attack
3. Contain the intrusion
4. Identifying the source
5. Notifying all interested parties
6. Compiling detailed repair reports

Question 45

___ are standardized technical processes, techniques, checklists, and
forms. Anyone in an organization responding to an incident should follow the organization’s ___.

Answer 45

SOP

Question 46

What does SOP stand for?

Answer 46

Standard Operating Procedures

Question 47

An SOP should be comprehensive and detailed, and following it should minimize errors. For an SOP to be useful, it must be developed ___ an incident occurs and should be updated as required. Finally, an SOP should be tested to validate its usefulness.

Answer 47

before