CH 8 - Malware Flashcards

1
Q

In a botnet, what are the systems that tell individual bots what to do called?

A. C2 servers
B. IRC servers
C. HTTP servers
D. ISC2 servers

A

A.
C2 servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the primary difference between a worm and a virus?

A. A worm uses polymorphic code.
B. A virus uses polymorphic code.
C. A worm can self‐propagate.
D. A virus can self-propagate

A

C.
A worm can self‐propagate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is one advantage of static analysis over dynamic analysis of malware?

A. Malware is guaranteed to deploy.
B. Dynamic analysis is untrustworthy.
C. Static analysis limits your exposure to infection.
D. Static analysis can be run in virtual machines.

A

C.
Static analysis limits your exposure to infection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What would you use VirusTotal for?

A. Checking your system for viruses
B. Endpoint protection
C. As a repository of malware research
D. Identifying malware against antivirus engines

A

D.
Identifying malware against antivirus engines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are two sections you would commonly find in a portable executable file?

A. Text and binary
B. Binary and data
C. Addresses and operations
D. Text and data

A

D.
Text and data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What could you use to generate your own malware?

A. Empire
B. Metasploit
C. Rcconsole
D. IDA Pro

A

B.
Metasploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of a packer for malware?

A. To obscure the actual program
B. To ensure that the program is all binary
C. To compile the program into a tight space
D. To remove null characters

A

A.
To obscure the actual program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the primary purpose of polymorphic code for malware programs?

A. Efficiency of execution
B. Propagation of the malware
C. Antivirus evasion
D. Faster compilation

A

C.
Antivirus evasion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What would be one reason not to write malware in Python?

A. The Python interpreter is slow
B. The Python interpreter may not be available.
C. Library support is inadequate.
D. Python is a hard language to learn.

A

B.
The Python interpreter may not be available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What would you use Cuckoo Sandbox for?

A. Static analysis of malware
B. Malware development
C. Dynamic analysis of malware
D. Manual analysis of malware

A

C.
Dynamic analysis of malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If you wanted a tool that could help with both static and dynamic analysis of malware, which would you choose?

A. Cutter
B. IDA
C. PE Explorer
D. MalAlyzer

A

B.
IDA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of using a disassembler?

A. Converting opcodes to mnemonics
B. Converting mnemonics to opcodes
C. Translating mnemonics to operations
D. Removing the need for an assembler

A

A.
Converting opcodes to mnemonics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the malware that is referred to as a dropper do?

A. Drops antivirus operations
B. Drops CPU protections against malicious execution
C. Drops files that may be more malware
D. Drops the malware into the Recycle Bin

A

C.
Drops files that may be more malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why would you use an encoder when you are creating malware using Metasploit?

A. To compile the malware
B. To evade antivirus
C. To evade user detection
D. To compress the malware

A

B.
To evade antivirus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If you were to see the following command in someone’s history, what would you think had happened?

A. A poison pill was created.
B. A malicious program was generated.
C. Existing malware was encoded.
D. Metasploit was started.

A

B.
A malicious program was generated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the difference between a virus and ransomware?

A. Ransomware may be a virus.
B. Ransomware includes Bitcoins.
C. Ransomware is generated only in Russia.
D. A virus runs only on Windows systems.

A

A.
Ransomware may be a virus.

17
Q

Why would someone use a Trojan?

A. It acts as malware infrastructure.
B. It evades antivirus.
C. It pretends to be something else.
D. It’s polymorphic.

A

C.
It pretends to be something else.

18
Q

Which of these tools would be most beneficial when trying to dynamically analyze malware?

A. Cutter
B. OllyDBg
C. Metasploit
D. AV-TEST

A

B.
OllyDBg

19
Q

Which end of a client‐server communication goes on the infected system if it is communicating with infrastructure?

A. Client
B. Satellite
C. Server
D. Master station

A

C.
Server

20
Q

Which of these would be a reason why it is best for communications to originate from inside the infected network?

A. Antivirus
B. Virtual machines
C. Intrusion detection
D. Firewall

A

D.
Firewall

21
Q

What is the tactic of allowing software to continue running across reboots of a system called?

A. Obfuscation
B. Persistence
C. Disassembly
D. Packing

A

B.
Persistence

22
Q

What tool could you use to deeply analyze malicious software?

A. Strings
B. Hashing
C. Ghidra
D. Metasploit

A

C.
Ghidra

23
Q

What practice could an organization use to protect itself against data loss from ransomware?

A. Implement anti‐malware
B. Implement endpoint detection and response
C. Sweep for indicators of compromise
D. Implement good backup practices

A

D.
Implement good backup practices

24
Q

What piece of software could you use to recover from a ransomware attack?

A. Decryptor
B. Encryptor
C. Anti‐malware
D. Endpoint detection and response

A

A.
Decryptor

25
Q

What persistence mechanism might allow malware to protect itself against anti‐malware software?

A. Scheduled tasks
B. WMI event subscriptions
C. Pre‐boot malware
D. HKEY___ LOCAL___ MACHINE Registry key

A

C.
Pre‐boot malware