,EEL4806 Final Exam Prep and Review –
Malware, Network Analysis, Spoofing, Social
Engineering, and Tools (Chapters 8–14).
In a botnet, what are the systems that tell individual bots what to do called?
A C2 servers
B IRC servers
C HTTP servers
D ISC2 servers
C2 servers
What is the primary difference between a worm and a virus?
A A worm uses polymorphic code
B A virus uses polymorphic code
C A worm can self-propagate
D A virus can self-propagate
A worm can self-propagate
What is one advantage of static analysis over dynamic analysis of malware?
A Malware is guaranteed to deploy
B Dynamic analysis is untrustworthy
C Static analysis limits your exposure to infection
D Static analysis can be rune in virtual machines
Static analysis limits your exposure to infection
What would you use VirusTotal for?
A Checking your system for viruses
B Endpoint protection
C As a repository of malware research
D Identifying malware against antivirus engines
Identifying malware against antivirus engines
What are two sections you would commonly find in a portable executable file?
A Text and binary
B Binary and data
C Addresses and operations
D Text and data
Text and data
What could you use to generate your own malware?
A Empire
,B Metasploit
C Rcconsole
D IDA pro
Metasploit
What is the purpose of a packer for malware?
A To obscure the actual program
B To ensure that the program is all binary
C To compile the program into a tight space
D To remove all characters
To obscure the actual program
What is the primary purpose of polymorphic code for malware programs?
A Efficiency of execution
B Propagation of the malware
C Antivirus evasion
D Faster compilation
Antivirus evasion
What would be one reason not to write malware in Python?
A Python interpreter is slow
B Python interpreter may not be available
C Library support is inadequate
D Python is a hard language to learn
Python interpreter may not be available
What would you use Cuckoo Sandbox for?
A Static analysis of malware
B Malware development
C Dynamic analysis of malware
D Manual analysis of malware
Dynamic analysis of malware
If you wanted a tool that could help with both static and dynamic analysis of malware, which would
you choose?
A Cutter
B IDA
C PE Explorer
D MalAlyzer
IDA
What is the purpose of using a disassembler?
A Converting opcodes to mnemonics
B Converting mnemonics to opcodes
, C Translating mnemonics to operations
D Removing the need for an assembler
Converting opcodes to mnemonics
What does the malware that is referred to as a dropper do?
A Drops the antivirus operations
B Drops the CPU protections against malicious execution
C Drops files that may be more malware
D Drops the malware into the Recycle Bin
Drops files that may be more malware
Why would you use an encoder when you are creating malware using Metasploit?
A To compile the malware
B To evade antivirus
C To evade user detection
D To compress the malware
To evade antivirus
If you were to see the following command in someone's history, what would you think had
happened?
msfvenom -i 5 -p windows/x64/shell_reverse_tcp -o program
A A poison pill was created
B A malicious program was generated
C Existing malware was encoded
D Metasploit was started
A malicious program was generated
What is the difference between a virus and ransomware?
A Ransomware may be a virus
B Ransomware includes Bitcoins
C Ransomware is only generated in Russia
D A virus only runs on windows systems
Ransomware may be a virus
Why would someone use a Trojan?
A It acts as malware infrastructure
B It evades antivirus
C Its pretends to be something else
D Its polymorphic
It pretends to be something else
Which of these tools would be most beneficial when trying to dynamically analyze malware?
A Cutter
B OllyDbg
Malware, Network Analysis, Spoofing, Social
Engineering, and Tools (Chapters 8–14).
In a botnet, what are the systems that tell individual bots what to do called?
A C2 servers
B IRC servers
C HTTP servers
D ISC2 servers
C2 servers
What is the primary difference between a worm and a virus?
A A worm uses polymorphic code
B A virus uses polymorphic code
C A worm can self-propagate
D A virus can self-propagate
A worm can self-propagate
What is one advantage of static analysis over dynamic analysis of malware?
A Malware is guaranteed to deploy
B Dynamic analysis is untrustworthy
C Static analysis limits your exposure to infection
D Static analysis can be rune in virtual machines
Static analysis limits your exposure to infection
What would you use VirusTotal for?
A Checking your system for viruses
B Endpoint protection
C As a repository of malware research
D Identifying malware against antivirus engines
Identifying malware against antivirus engines
What are two sections you would commonly find in a portable executable file?
A Text and binary
B Binary and data
C Addresses and operations
D Text and data
Text and data
What could you use to generate your own malware?
A Empire
,B Metasploit
C Rcconsole
D IDA pro
Metasploit
What is the purpose of a packer for malware?
A To obscure the actual program
B To ensure that the program is all binary
C To compile the program into a tight space
D To remove all characters
To obscure the actual program
What is the primary purpose of polymorphic code for malware programs?
A Efficiency of execution
B Propagation of the malware
C Antivirus evasion
D Faster compilation
Antivirus evasion
What would be one reason not to write malware in Python?
A Python interpreter is slow
B Python interpreter may not be available
C Library support is inadequate
D Python is a hard language to learn
Python interpreter may not be available
What would you use Cuckoo Sandbox for?
A Static analysis of malware
B Malware development
C Dynamic analysis of malware
D Manual analysis of malware
Dynamic analysis of malware
If you wanted a tool that could help with both static and dynamic analysis of malware, which would
you choose?
A Cutter
B IDA
C PE Explorer
D MalAlyzer
IDA
What is the purpose of using a disassembler?
A Converting opcodes to mnemonics
B Converting mnemonics to opcodes
, C Translating mnemonics to operations
D Removing the need for an assembler
Converting opcodes to mnemonics
What does the malware that is referred to as a dropper do?
A Drops the antivirus operations
B Drops the CPU protections against malicious execution
C Drops files that may be more malware
D Drops the malware into the Recycle Bin
Drops files that may be more malware
Why would you use an encoder when you are creating malware using Metasploit?
A To compile the malware
B To evade antivirus
C To evade user detection
D To compress the malware
To evade antivirus
If you were to see the following command in someone's history, what would you think had
happened?
msfvenom -i 5 -p windows/x64/shell_reverse_tcp -o program
A A poison pill was created
B A malicious program was generated
C Existing malware was encoded
D Metasploit was started
A malicious program was generated
What is the difference between a virus and ransomware?
A Ransomware may be a virus
B Ransomware includes Bitcoins
C Ransomware is only generated in Russia
D A virus only runs on windows systems
Ransomware may be a virus
Why would someone use a Trojan?
A It acts as malware infrastructure
B It evades antivirus
C Its pretends to be something else
D Its polymorphic
It pretends to be something else
Which of these tools would be most beneficial when trying to dynamically analyze malware?
A Cutter
B OllyDbg
