631 Flashcards
the steps in the malware removal process are as follows —
ID Malware
Quarantine
Disable system restore
Remediate infected system.
Update or install anti-malware software.
Scan and use removal techniques (safe mode, pre-installation environment). Schedule scans, and run updates.
Enable System Restore, create a restore point
Educate the end user.
Antivirus software should be installed, but must also be kept —
up-to-date with virus definition files.
Most antivirus applications protect against viruses, worms, and Trojan horses. Some antivirus applications also have integrated —
antimalware and antispyware software.
You should only have one anti-virus application installed and —
running on your computer.
Antimalware software should also be installed and kept up-to-date. Like antivirus applications, antimalware applications require periodic —
updates to the malware definition files.
For antispyware software, follow the same guidelines as with antivirus and antimalware software. Unlike antivirus application, you can install multiple —
antispyware applications.
Hyperlink spoofing, which is also referred to as Web spoofing, is used by an attacker to persuade the Internet browser to connect to a —
fake server that appears as a valid session.
The primary purpose of hyperlink spoofing is to gain access to confidential information, such as —
PIN numbers, credit card numbers, and bank details of users.
The link from hyperlink spoofing as it appears on this page is often correct. However, the actual underlying link is usually to the —
spoofed site.
Hyperlink spoofing takes advantage of people using hyperlinks instead of DNS addresses. In most scenarios, the DNS addresses are not visible, and the user is redirected to another fake — .
Web site after clicking a hyperlink
A land attack involves sending a spoofed TCP SYN packet with the target host’s IP address and an open —
port acting both as a source and a destination to the target host on an open port.
The land attack causes the system to either freeze or crash because the machine —-
continuously replies to itself.
ICMP packet spoofing is used by a smurf attack to conduct a
denial-of-service (DoS) attack.
A smurf is a DoS attack that uses spoofed broadcast ping messages to
flood a target host.
In such an attack, the attacker sends a large number of ICMP echo packets with a spoofed source IP address similar to that of the target host to IP broadcast addresses. This results in the target host being —
flooded with echo replies from the entire network. This also causes the system to either freeze or crash.
Network address hijacking allows the attacker to reroute data traffic from a —
network device to a personal computer.
Network address hijacking, which is also referred to as session hijacking, enables an attacker to —
capture and analyze the data addressed to a target system.
The attacker can gain access to critical resources and user credentials, such as passwords, and unauthorized access to the —
critical systems of an organization.
Session hijacking involves taking control of an existing connection after the —
user has successfully created an authenticated session.
Automated System Recovery in not an option listed in the
Advanced Boot Options menu.
The options for the advanced boot options menu are as follows: —
Safe Mode Safe Mode with Networking Safe Mode with Command Prompt Enable Boot Logging Enable low-resolution video 640x480 Last Known Good Configuration Directory Services Restore Mode Debugging Mode Disable automatic restart on system failure Disable Drive Signature Enforcement
____________________uses a minimal set of device drivers and services when Windows boots. All three variants of _________________ use vga.sys as the video device driver. —
Safe Mode
uses a minimal set of device drivers and services when Windows boot, but includes device drivers to enable networking. —
Safe Mode with Networking
is the same as Safe Mode, except it only boots to the command prompt. This mode does NOT provide a GUI interface. —
Safe Mode with Command Prompt -
