ch 2 malicous actvity

Question 1

macro virus

Answer 1

Usually placed in documents and e-mailed to users in the hopes that
the users will open the document, thus executing the virus.

Question 2

Polymorphic

Answer 2

Can change every time it is executed in an attempt to avoid antivirus
detection.

Question 3

Armored:

Answer 3

tricking the program

into thinking that it is located in a different place from where it actually resides.

Question 4

Multipartite:

Answer 4

hybrid of boot and program viruses

Question 5

virus

Answer 5

code that runs on a computer without the user’s knowledge; it infects
the computer when the code is accessed and execute

Question 6

worm

Answer 6

program that self replicates itself

Question 7

rootkit

Answer 7

gain administrator w/o user knowledge

BIOS, boot loader, kernel, and more

Question 8

threat vector .

Answer 8

threat uses to access a target

Question 9

attack vector .

Answer 9

attacker gains access to a computer in order to deliver

malicious software

Question 10

botnet

Answer 10

group of compromised computers,
individual compromised computers in
the botnet are called zombies

Question 11

Privilege escalation

Answer 11

bugging a pc to gain resources .

Question 12

logic bomb

Answer 12

code that has, in some way, been inserted into software

meant to do malicious stuff

Question 13

Security Applications

Answer 13

host-based
intrusion detection system (HIDS
installed directly within an operating system, so it is NOT considered to be an
“INLINE” device,

Question 14

ADV HIDS

Answer 14

interpret encrypted traffic.

Question 15

DIS HIDS

Answer 15

price, storage, amount resources and something happens to computer thae database is UNAVA

Question 16

NIDS):

Answer 16

can be loaded or stand alone
checks packets for more than 1 pc
INLINE device

Question 17

adv nids

Answer 17

cheaper, less resources,

Question 18

dis nids

Answer 18

cannot monitor for

things that happen within an operating system

Question 19

IDS mopnitoring Statistical anomaly:

Answer 19

establishes a performance baseline if dont match up it sends an alarm to admin

Question 20

IDS mopnitoring Signature-based

Answer 20

Network traffic is analyzed for predetermined attack patterns,

Question 21

False positive:

Answer 21

dentifies legitimate activity as something malicious.

ex good would be bad traffic

Question 22

False negative:

Answer 22

identifies an attack as legitimate activity

common if it dont have an updated attack signature’

Question 23

content filtering

Answer 23

block external files that use JavaScript or images

Question 24

Securing the BIOS

Answer 24

BIOS PASSWORD
FLASH THE BIOS (UPDATING IT)
CHANGE THE BIOS ORDER