Malware Flashcards
Which scripting language uses a shebang line at the beginning of the script?
A. Bash
B. Python
C. Korn
D. PowerShell
A. Bash.
A shebang line (also called a hashbang) is typically used at the beginning of a script to indicate which interpreter should be used to execute the script. In the case of a Bash script, the shebang line usually looks like this:
#!/bin/bash
This line tells the operating system to use the Bash shell to interpret and execute the script.
What lets attackers know that infected machines are ready to retrieve instructions?
A. Command a control servers
B. DNS TXT queries
C. Host port scans
D. Malware beaconing
D. Malware beaconing.
Malware beaconing is a technique where infected machines regularly send signals (beacons) to a command and control (C&C) server to check if there are any new instructions or commands. This beaconing behavior lets the attackers know that the infected machine is active and ready to receive further instructions, such as performing additional malicious activities or downloading more malware.
Which type of malware appears benign but in fact is not?
A. Trojan
B. Worm
C. Virus
D. Ransomware
A. Trojan.
A Trojan (or Trojan horse) is a type of malware that appears to be benign or useful software, but it actually contains malicious code. Unlike viruses or worms, Trojans do not self-replicate; instead, they deceive users into installing them by masquerading as legitimate programs, files, or software. Once executed, Trojans can perform harmful actions like stealing data, installing additional malware, or giving attackers remote access to the infected system.
Which file extension is commonly used for Python scripts?
A. PY
B. PS1
C. SH
D. BAT
A. PY.
Python scripts commonly use the .py file extension. This extension is used for Python source code files and helps both the operating system and developers recognize the file as containing Python code.
Which regular expression symbol matches any one character?
A. , (comma)
B. ; (semicolon)
C. : (colon)
D. . (dot)
D. . (dot).
In regular expressions, the dot (.) symbol is used to match any single character except for newline characters (depending on the mode). It is a wildcard character in regex that matches a single character in the input string, no matter what that character is.
Which type of attack attempts to trick users with what appears to be a legitimate email message?
A. Reverse shell
B. Ransomware
C. Phishing
D. APT
C. Phishing.
Phishing is a type of attack that attempts to trick users into revealing sensitive information (like passwords, credit card numbers, or personal details) by pretending to be a legitimate email or communication. Phishing emails often look like they come from trusted sources such as banks, online services, or even coworkers, but they contain malicious links or attachments designed to compromise the user’s security.
Which items could indicate malicious application activity? Choose more than one option.
A. Updates applies to hosts
B. Periodic host reboots
C. Missing log entries
D. Changes to user app permissions
C. Missing log entries
D. Changes to user app permissions
C. Missing log entries: If logs that should be generated by an application or system are suddenly missing, it could be an indication that a malicious actor has tampered with or disabled logging to hide their activities. Missing log entries can often point to an attempt to cover up unauthorized actions or infections.
D. Changes to user app permissions: Malicious applications or attackers often alter user app permissions to gain unauthorized access to sensitive data, elevate privileges, or maintain persistence on a system. Changes to these permissions could be an indication of an attacker trying to escalate privileges or manipulate application functionality.
Which file extension is commonly used for PowerShell scripts?
A. PY
B. SH
C. PS1
D. BAT
C. PS1.
The .ps1 file extension is commonly used for PowerShell scripts. These scripts contain commands and functions written in PowerShell that can automate tasks on Windows systems.
What could indicate malicious activity on a host? Choose more than one option.
A. Windows registry changes
B. Web browser home page changes
C. Update applies to hosts
D. Periodic host reboots
A. Windows registry changes
B. Web browser home page changes
A. Windows registry changes: Malicious software often makes unauthorized changes to the Windows registry to ensure persistence, escalate privileges, or alter system configurations. These changes could involve adding malicious startup entries or modifying system settings to hide malicious activity or enable remote access.
B. Web browser home page changes: If a web browser’s home page or search engine is unexpectedly changed, it could be a sign of a browser hijacker, which is often a form of malware. This type of malicious software may redirect the browser to harmful websites, promote unwanted ads, or steal personal information.
Which type of threat actor promotes an ideology and does not normally conceal their malicious activities?
A. Hacktivist
B. Script kiddie
C. Organized crime
D. Nation-state
A. Hacktivist.
Hacktivists are threat actors who use hacking techniques to promote a political or social ideology. Unlike other threat actors, hacktivists often do not conceal their activities, as they are motivated by a desire to bring attention to their cause. They may openly claim responsibility for their actions, often through social media or public statements, to spread their message or protest against perceived injustices.
Which Kali Linux command is used to clone a site in an attempt to harvest user credentials?
A. hydra
B. chmod
C. nc
D. setoolkit
D. setoolkit.
SET (Social Engineering Toolkit) is a powerful tool used in Kali Linux for social engineering attacks, including cloning websites to harvest user credentials. It is commonly used by penetration testers to simulate phishing attacks by creating fake login pages that resemble legitimate websites. Attackers can then capture the credentials entered by unsuspecting users.
Which malware analysis technique contains the malware?
A. Apply updates
B. Configuring a reverse shell
C. Debug the malware
D. Detonate malware in a sandbox
D. Detonate malware in a sandbox.
Detonating malware in a sandbox involves running the malware in a controlled, isolated environment (the “sandbox”) where it can execute without affecting the actual system. This technique allows analysts to observe the behavior of the malware safely, as it is contained within the sandbox and does not spread or cause damage to the host machine.
What do IT security baselines facilitate?
A. The merger of two companies
B. Detection of security anomalies
C. The reduction of security-related costs
D. The performance improvement of slow applications
B. Detection of security anomalies.
IT security baselines are a set of defined security standards or configurations that outline the minimum-security requirements for an organization’s IT systems and infrastructure. They facilitate the detection of security anomalies by providing a known “good” state or configuration for systems. When configurations deviate from this baseline, it can be a sign of a potential security incident or vulnerability, allowing for timely detection and remediation.
