Domain 1.1 - Given a scenario, analyze indicators of compromise and determine the type of malware.

Question 1

Describe an Armored Virus

Answer 1

Armored viruses cover themselves with protective code that stops debuggers or disassemblers from examining critical elements of the virus.

Question 2

Describe a Companion Virus

Answer 2

A companion virus attaches itself to legitimate programs and then creates a program with a different filename extension.

Question 3

What does a Macro Virus affect?

Answer 3

Affects Microsoft office products (Word, Excel, etc.)

Question 4

What does a Multipartite Virus infect?

Answer 4

It may attempt to infect your boot sector, infect all of your executable files, and destroy your application files

Question 5

How do you remove a Phage Virus?

Answer 5

The only way to remove this virus is to reinstall the programs that are infected.

Question 6

Describe a Polymorphic Virus

Answer 6

Polymorphic viruses and polymorphic malware of any type change form in order to avoid detection.

Question 7

What does Retrovirus attack?

Answer 7

A retrovirus attacks or bypasses the antivirus software installed on a computer

Question 8

A stealth virus attempts to avoid detection by ________ itself from applications.

Answer 8

Masking

It may attach itself to the boot sector of the hard drive.

Question 9

What does Ransomware Do?

Answer 9

RansomWare encrypts your hard drive. Then a third party requests payment to decrypt it. Usually through Bitcoin.

Question 10

What is the key feature of a worm?

Answer 10

A worm is Self-Replicating

Question 11

What is a Trojan?

Answer 11

A virus disguised as a legitimate program.

Question 12

What is a RAT?

Answer 12

A Remote Access Trojan.

Question 13

What is the goal of a RootKit?

Answer 13

The goal of a rootkit is to gain root access to a computer. In order to gain Escalated Privileges.

Question 14

What does a Key logger do?

Answer 14

It logs every key stroke and mouse click on an infected system. It then sends that info to the threat actor.

Question 15

What does Spyware do?

Answer 15

monitors your activity then sends it back to whoever created the software.

Question 16

DoS stands for

Answer 16

Denial of service

Question 17

How is a DoS attach different from a DDoS?

Answer 17

DoS is done with a single computer. A distributed Denial of service or DDoS is a denial of service using multiple computers to attack the target.

Question 18

What triggers a Logic Bomb?

Answer 18

Either a specific action, or timer.

For instance: Open a spreadsheet and go to the internet.

Question 19

What is a BackDoor?

Answer 19

The person who wrote the software intentionally or accidentally left a way for them to get back into the Kernel/Core of the software.

Question 20

An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?

A. DoS
B. DDoS
C. Backdoor
D. Social engineering

Answer 20

An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?

C. Backdoor

Question 21

You’re explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they’ve heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to?

A. Armored virus
B. Malevolent virus
C. Worm
D. Stealth virus

Answer 21

You’re explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they’ve heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to?

A. Stealth virus

Question 22

Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred?

A. Logic bomb
B. Worm
C. Virus
D. ACK attack

Answer 22

Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred?

A. Logic bomb

Question 23

What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?

A. Trojan horse virus
B. Stealth virus
C. Worm
D. Polymorphic virus

Answer 23

What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?

B. Stealth virus