Review 2

Question 1

Malware is software designed to infiltrate a computer system without the user’s consent.

Answer 1

True—Malware is software designed to intrude upon a computer system without that user’s knowledge or consent.

Question 2

The love bug is an example of a rootkit.

Answer 2

False—The love bug is an example of a virus, not a rootkit.

Question 3

Viruses self-replicate, whereas worms do not.

Answer 3

False—It is the opposite. Worms self-replicate, whereas viruses do not. A user needs to execute the virus for it to replicate.

Question 4

A RAT is an example of a Trojan horse.

Answer 4

True RAT stands for remote access Trojan and is an example of a Trojan horse attack.

Question 5

Active interception is the act of exploiting a bug or design flaw in software.

Answer 5

False—Active interception usually includes a computer placed between the sender and the receiver to capture and possibly modify information. Privilege escalation is the act of exploiting a bug or design flaw in software.

Question 6

Back Orifice is an example of a backdoor.

Answer 6

True—Back Orifice is an example of a backdoor program and is commonly installed by a Trojan horse.

Question 7

Logic bombs are platonic.

Answer 7

. False—Logic bombs are malicious and can cause damage to computers. They are related to the platonic Easter egg but can definitely cause damage when they are set off.

Question 8

A master computer controls a botnet

Answer 8

True—A botnet is controlled by a master computer, which sends out instructions to many other computers that have been compromised, known as zombies.

Question 9

By turning on the phishing filter, a person can prevent spyware.

Answer 9

True—The phishing filter in Internet Explorer can help to prevent spyware. This can be turned on by clicking Turn on Automatic Website Checking.

Question 10

Opening mail relays can decrease the amount of spam that an organization receives on its email server.

Answer 10

False—Mail relays should be closed on SMTP servers. If the mail relay is open, anyone on the Internet can send email through the SMTP server.

Question 11

Which of the following can help to prevent spam? (Select the two best answers.)
A. Use a spam filter.
B. Run a Trojan scan.
C. Close open mail relays.
D. Consider technologies that discourage spyware.

Answer 11

A and C. Closing open mail relays and using spam filters are two ways to help prevent spam. Other ways include configuring whitelists and blacklists, and train your users.

Question 12

Which of the following is an example of a personal software firewall? 
A. Proxy server 
B. ZoneAlarm 
C. Microsoft ISA server 
D. Antivirus software

Answer 12

B. ZoneAlarm is an example of a personal software firewall. Other examples include Windows Firewall and ipfirewall. A proxy server is a computer placed between the LAN and the Internet that acts as a go-between; it usually caches HTTP requests. Microsoft ISA server is a corporate version of a software-based firewall. Antivirus software might have a built-in firewall, but it might not. Its primary function is to search for and quarantine viruses.

Question 13

Which of the following is an inline device that checks all packets?
A. Host-based intrusion detection system
B. Statistical anomaly
C. Network intrusion detection system
D. Personal software firewall

Answer 13

C. A network intrusion detection system (NIDS) is an inline device that checks all the packets that flow through it. It is meant to detect attacks and intrusions for the entire network. A host-based intrusion detection system analyzes what happens on that individual computer but not the rest of the network. Statistical anomaly monitoring establishes a performance baseline on an IDS. Personal software firewalls attempt to prevent access to the network.

Question 14

Which of the following occurs when an IDS identifies legitimate activity as something malicious? 
A. False-negative 
B. False-positive 
C. Monitoring positive 
D. Misidentification

Answer 14

B. A false positive is when an IDS identifies legitimate activity as something malicious. It is a type of misidentification. False negatives are when the IDS lets an attack intruder on the network thinking it is legitimate. Monitoring positive is another name for an event that was monitored that is known to be true, but this terminology is not often used when referring to an IDS.

Question 15

Which of the following can help to secure the BIOS of a computer? (Select the two best answers.) 
A. Use a case lock. 
B. Use a BIOS supervisor password. 
C. Configure a user password. 
D. Disable USB ports.

Answer 15

A and B. By using a case lock or other type of locking mechanism for the computer case, a person cannot open the system and reconfigure the BIOS jumper. By configuring a BIOS supervisor password, only people who know the password can access the BIOS. User passwords can be configured for the BIOS, but these passwords are used only to prevent people who do not know the password from accessing the operating system. Disabling USB ports might be a good idea and will prevent persons from booting the system by way of a USB flash drive or other similar device but will not help to secure the BIOS.

Question 16

Which of the following is an example of whole disk encryption? 
A. Windows Vista Ultimate 
B. AES 
C. Bluesnarfing 
D. BitLocker

Answer 16

D. BitLocker is a program available on Windows Vista Ultimate, Enterprise, and versions of Windows 7. It encrypts an entire disc. The Advanced Encryption Standard (AES) is a symmetric key encryption algorithm; it is used within BitLocker to encrypt the data on the disk. Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection.

Question 17

What are two ways of discouraging bluesnarfing? (Select the two best answers.)
A. Select a difficult-to-guess pairing key.
B. Turn off the device.
C. Use infrared.
D. Set the device to undiscoverable.

Answer 17

A and D. When selecting a pairing key for the Bluetooth-enabled device, it should be difficult to guess, and don’t use the default key. Also, by setting the device to undiscoverable, new devices cannot connect or pair to the Bluetooth-enabled device; however, devices that have already been connected and paired can continue to function. Turning off the device is not the best answer because the user will lose functionality. Using infrared as drawbacks including limited distance data can send information. In addition, this doesn’t necessarily mean that Bluetooth has been turned off.

Question 18

Which of the following type of virus can change every time it is executed in an attempt to avoid antivirus detection? 
A. Macro 
B. Polymorphic 
C. Armored 
D. Boot sector

Answer 18

B. Polymorphic viruses can change every time they are executed. Macro-based viruses are usually placed in documents and then emailed to users. Armored viruses protect themselves from antivirus programs by tricking the program into thinking that they are located in a different place. Boot sector viruses load into the first sector of the hard drive; afterward, the virus loads into memory when the computer boots.

Question 19

Which of the following methods of malware delivery is used in computer programs to bypass normal authentication? 
A. Privilege escalation 
B. Active interception 
C. Backdoor 
D. Rootkit

Answer 19

C. Backdoors bypass normal authentication. They are used by attackers to make changes to network devices, websites, or other programs. Privilege escalation is the act of exploiting a bug or design flaw in software. Active interception is the capturing of information by a computer placed between the sender and the receiver. A rootkit is software designed to gain administrator-level control over a computer system without being detected.

Question 20

Which of the following is the best option to use to prevent spyware? 
A. Personal software firewall 
B. Whitelists 
C. Antivirus software 
D. Windows Defender

Answer 20

D. Windows Defender is an example of antispyware software. Personal software firewalls prevent intrusions to the individual computer. Whitelists can prevent spam. Antivirus software can prevent viruses; however, many antivirus program suites include antispyware software as well.