3 - Malicious Code Flashcards

Given scenarios, analyze potential indicators to determine type of attack - and potential indicators associated with network attacks

1
Q

A system has been compromised via insider. If a developer’s access was terminated and the org does not believe that they would have had access to any systems or code after they left the org, what type of malware should a SECOFF look for?

A

Logic Bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Naomi believes that an attacker has compromised a Windows workstation using a file-less malware package. What Windows scripting tool was most likely used to download and execute the malware?

A

PowerShell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Scott notices that one of the systems on his net contacted a number of systems via encrypted web traffic, downloaded some files, and then uploaded a large amount of data to a remote system. What type of infection should he look for?

A

Bot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Amanda notices traffic between her system and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?

A

Command and Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Mike discovers that attackers have left software that allows them remote access to systems on a pc in his company’s net. How should he describe or classify this malware?

A

Backdoor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Naomi wants to provide guidance on how to keep her organization’s new machine learning tools secure. What are the common means of securing machine learning algorithms?

A

Use high-quality source data, secure your work environment, and review/test any changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of malware is adware typically classified as?

A

PUP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives several different answers for what the malware package is. What has occurred?

A

Different vendors use different name for malware packages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Nancy is concerned that there is a software keylogger on the system she is investigating. What data has been stolen?

A

Keyboard and other inputs from the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Crypto malware is a type of what sort of malware?

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Rick runs a virus scan to attempt to find a rootkit, but he finds nothing. If he has other data that indicates the system is infected, what should his next step be if he wants to determine the malware used?

A

Mount the drive on another system (in read-only) and scan it that way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tracy is concerned about attacks against the machine learning algorithm that her org is using to access their network. What step should she take to ensure her baseline data is not tainted?

A

She should run the ML algorithm on the network only if she believes it is secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Selah wants to ensure the malware is completely removed from a system. What should she do to ensure this?

A

Wipe the drive and reinstall from known good media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of malware is frequently called stalkerware because of its use by those in intimate relationships to spy on their partners?

A

RAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious?

A

Open the file using a text editor to review the code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of malware is VBA code most likely to show up in?

A

Macro Virus

17
Q

Angela wants to limit the potential impact of malicious Bash scripts. What is the most effective technique she can use to do so without significant usability impact for MOST users?

A

Use Bash’s restricted mode

18
Q

Fred receives a call to respond to a malware-infected pc. He sees this message on-screen: “Send .5 Bitcoin to the following address to recover your files.” What is the most effective way for Fred to return the system to normal ops?

A

Restore from a backup, if available

19
Q

What type of malware connects to a C2 system, allowing hackers to manage, control, and update remotely?

A

Bot

20
Q

James notices that a macro virus has been detected on a workstation in his org. What is the most likely path (origin) for the infection?

A

A user intentionally enabled macros for an infected file - because Microsoft Office has fail safes against macro-based malware