Chapter 7: Security Flashcards
Which type of virus covers itself with protective code that stops debuggers or disassemblers from examining critical elements of the virus?
A. companion
B. macro
C. armored
D. multipartite
C. armored
An armored virus is designed to make itself difficult to detect or analyze. Armored viruses cover themselves with protective code that stops debuggers or disassemblers from examining critical elements of the virus
What element of a virus that uniquely identifies it?
A. ID
B. signature
C. badge
D. marking
B. signature
A signature is an algorithm or other element of a virus that uniquely identifies it. Because some viruses have the ability to alter their signature, it is crucial that you keep signature files current, whether you choose to manually download them or configure the antivirus engine to do so automatically.
How is a worm is different from a virus?
A. it isn’t malicious
B. doesn’t need a host application to be transported
C. it can replicate itself
D. it is no longer a threat
B. doesn’t need a host application to be transported
A worm is different from a virus in that it can reproduce itself, it’s self-contained, and it doesn’t need a host application to be transported.
Which if the following enter a system or network under the guise of another program?
A. worms
B. trojans
C. viruses
D. rootkits
B. trojans
Trojan horses are programs that enter a system or network under the guise of another program. A Trojan horse may be included as an attachment or as part of an installation program
Which type of virus alters other programs and databases?
A. phage
B. polymorphic
C. multipartite
D. companion
A. phage
A phage virus alters other programs and databases. The virus infects all of these files.
Which of the following is the process of masquerading as another user or device?
A. shadowing
B. spoofing
C. duplicating
D. masking
B. spoofing
Spoofing is the process of masquerading as another user or device. It is usually done for the purpose of accessing a resource to which the hacker should not have access or to get through a security device such as a firewall that may be filtering traffic based on source IP address.
Which if the following is a vulnerability discovered in a live environments before a fix or patch exists?
A. zero day attack
B. day one attack
C. stealth attack
D. botnet attack
A. zero day attack
Vulnerabilities are often discovered in live environments before a fix or patch exists. Such vulnerabilities are referred to as zero-day vulnerabilities.
Which virus type attaches itself to legitimate programs and then creates a program with a different filename extension?
A. companion
B. macro
C. armored
D. multipartite
A. companion
A companion virus attaches itself to legitimate programs and then creates a program with a different filename extension. This file may reside in your system’s temporary directory. When a user types the name of the legitimate program, the companion virus executes instead of the real program
Which of the following is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device?
A. shadowing
B. spoofing
C. tailgating
D. keyriding
C. tailgating
Tailgating is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device. Many social engineering intruders needing physical access to a site will use this method of gaining entry.
Which virus type attacks your system in multiple ways?
A. companion
B. macro
C. armored
D. multipartite
D. multipartite
A multipartite virus attacks your system in multiple ways. It may attempt to infect your boot sector, infect all of your executable files, and destroy your application files