Core 2: Malware

Question 1

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

Adware
Malware
Ransomware
Spyware

Answer 1

Malware

Question 2

Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is known as:

Grayware
Adware
Ransomware
Spyware

Answer 2

Ransomware

Question 3

Which of the following terms refers to an example of crypto-malware?

Backdoor
Ransomware
Keylogger
Rootkit

Answer 3

Ransomware

Question 4

A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program is known as a Trojan horse. This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.

True
False

Answer 4

True

Question 5

Which of the following is an example of spyware?

Keylogger
Vulnerability scanner
Computer worm
Packet sniffer

Answer 5

Keylogger

Question 6

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:

Rootkit
Spyware
Backdoor
Trojan

Answer 6

Rootkit

Question 7

Which of the following statements apply to the definition of a computer virus? (Select 3 answers)

A self-replicating computer program containing malicious segment

Requires its host application to be run to make the virus active

A standalone malicious computer program that replicates itself over a computer network

Can run by itself without any interaction

Attaches itself to an application program or other executable component

A self-contained malicious program or code that does need a host to propagate itself

Answer 7

A self-replicating computer program containing malicious segment

Requires its host application to be run to make the virus active

Attaches itself to an application program or other executable component

Question 8

A malware-infected networked host under remote control of a hacker is commonly referred to as a:

Trojan
Worm
Bot
Honeypot

Answer 8

Bot

Question 9

Which of the following terms is used to describe a collection of intermediary compromised systems that are used as a platform for a DDoS attack?

Honeynet
Botnet
Quarantine network
Malware

Answer 9

Botnet

Question 10

What is the name of a standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth?

Spyware
Worm
Trojan
Spam

Answer 10

Worm

Question 11

Malicious software collecting information about users without their knowledge/consent is known as:

Crypto-malware
Adware
Ransomware
Spyware

Answer 11

Spyware

Question 12

Which of the following enables troubleshooting a malware-infected system that doesn’t boot up?

Anti-malware application
Recovery console
AV software
Backup/restore options

Answer 12

Recovery console

Question 13

Which of the following methods can be used to launch Windows Recovery Environment (WinRE) in Windows 8/8.1/10?

Boot from installation media
In Power menu, hold down the Shift key and select Restart
Boot from Recovery Drive
Perform system restart from the Settings menu
All of the above

Answer 13

All of the above

Question 14

Restoring the entire system from a known good backup copy is the most reliable method for effective malware removal.

True
False

Answer 14

True

Question 15

Which of the following would be the best malware-prevention method/tool?

 An up-to-date antivirus application
 Software firewall
 An up-to-date anti-malware application
 End user education
 System restore from a known good backup

Answer 15

End user education

Question 16

The term “Unified Threat Management” (UTM) refers to a network security solution, commonly in the form of a dedicated device (called a UTM appliance or a web security gateway), which combines the functionality of a firewall with additional safeguards such as URL filtering, content inspection, spam filtering, gateway antivirus protection, IDS/IPS functionality, or malware inspection.

True
False

Answer 16

True

Question 17

Which of the following can be used by system administrators to selectively block access to known malware sites?

DHCP settings
DNS configuration
Port security
DLP software

Answer 17

DNS configuration

Question 18

According to the CompTIA’s best practice procedures for malware removal, putting a malware-infected Windows-based system into a quarantine should be the next step after:

Creating a restore point
Identifying and researching malware symptoms
Disabling System Restore
Updating the anti-malware software

Answer 18

Identifying and researching malware symptoms

Question 19

According to the CompTIA’s best practice procedures for malware removal, disabling System Restore on a malware-infected Windows-based system should be performed as the next step after:

Isolating the infected system
Removing malware from the infected system
Identifying and researching malware symptoms
Scheduling scans and running updates

Answer 19

Isolating the infected system

Question 20

Which of the following locations in MS Windows provide access to an interface containing options for configuring restore settings, managing disk space, and deleting restore points? (Select 2 answers)

Control Panel (Icon view) -> Security and Maintenance -> Change Security and Maintenance Settings -> System Protection -> Configure…

Windows Run dialog box -> type in sysdm.cpl + press Enter -> System Protection -> Configure…

Control Panel (Icon view) -> Recovery -> Configure System Restore -> Configure…

Windows Run dialog box -> type in wscui.cpl + press Enter -> Change Security and Maintenance Settings -> System Protection -> Configure…

Control Panel (Category view) -> System and Security -> Configure System Restore -> Configure…

Answer 20

Windows Run dialog box -> type in sysdm.cpl + press Enter -> System Protection -> Configure…

Control Panel (Icon view) -> Recovery -> Configure System Restore -> Configure…

Question 21

According to the CompTIA’s best practice procedures for malware removal, removing malicious software on a Windows-based system should be performed as the next step after:

Disabling System Restore
Isolating the infected system
Scheduling scans and running updates
Creating a restore point

Answer 21

Disabling System Restore

Question 22

According to the CompTIA’s best practice procedures for malware removal, scheduling scans and running updates on a Windows-based system should be performed as the next step after:

Enabling System Restore
Isolating the infected system
Removing malware from the system
Creating a restore point

Answer 22

Removing malware from the system

Question 23

According to the CompTIA’s best practice procedures for malware removal, enabling System Restore and creating a restore point in Windows should be performed as the next step after:

Removing malware from the system
Scheduling scans and running updates
Identifying and researching malware symptoms
Isolating the infected system

Answer 23

Scheduling scans and running updates

Question 24

According to the CompTIA’s best practice procedures for malware removal, user education should be the final step of the malware removal process.

True
False

Answer 24

True