MIST 356 EXAM SCRIPT UPDATED QUESTIONS AND
ANSWERS GRADED A+
✔✔Viruses - ✔✔a code that runs on a computer typically without the user's knowledge;
Disguised as legitimate programs; Can be embedded within legitimate software; Usually
requires user input.
✔✔Boot Sector Virus - ✔✔Loads into the first sector of the hard drive, when the
computer boots, the virus is loaded into memory and gets executed
✔✔Macro Virus - ✔✔usually embedded or bundled in documents requiring the user to
execute
✔✔Program-based Virus - ✔✔usually embedded within a program
✔✔Encrypted Virus - ✔✔uses self-encryption to hide detection by ant-virus software
✔✔Polymorphic Virus - ✔✔a virus that changes or updates its code to avoid detection
by any-viruses
✔✔Metamorphic Virus - ✔✔Polymorphic on steroids. A virus completely changes itself
regularly as it infects new files. These are very difficult to write.
✔✔Armored Virus - ✔✔Makes false obvious copies of itself to trick anti-viruses to go
after the copies instead of the original virus
✔✔Worms - ✔✔similar to a virus, except it self-replicates, meaning, once the worm is
executed it can spread from system to system across the network without any user
input; Very dangerous and takes advantage of network security vulnerabilities.
✔✔Ransomware - ✔✔software that restricts access to a computer system or data until
a pre-defined "ransom" is paid to the attacker. Typically done to gain money
✔✔Trojans (Trojan Horse) - ✔✔malicious programs that disguise themselves as
legitimate programs but are actually doing bad stuff behind the scenes. They are not
viruses, but operate in a similar manner.
✔✔Trojan Downloader - ✔✔downloads malicious programs onto a computer without the
user's knowledge or input
✔✔Spyware - ✔✔a type of malicious software that is usually installed alongside of third-
party software. Usually runs silently in the background, unnoticed by the user. Collects
information, ranging from websites you like to access to recording your keystrokes
, ✔✔Rootkits - ✔✔a program that is designed to gain administrative or "root" privileges
over a system without being detected. Rootkits are typically very small, and are often
undetected by many anti-virus or anti-malware software
✔✔Spamware - ✔✔software that hipjacks your email client or your email address itself
to further propagate spam messages
✔✔RATs (Remote Access Trojans) - ✔✔elevates privileges to allow an attacker to gain
administrative or elevated control of a system
✔✔DDOS Trojan - ✔✔tries to overload a computer's processor by placing requests or
commands at a high frequency
✔✔Malware Delivery Methods - ✔✔- Via software, messaging, and media
- Botnets and zombies
- Active interception
- Privilege escalation
- Backdoors
- Logic Bombs
✔✔Botnets - ✔✔are groups of compromised computers that have been taken over by a
master computer that sends out malicious software to unsuspecting individuals.
Computers taken over by botnets are called 'Zombies'.
✔✔Privilege Escalation - ✔✔exploiting a bug or flaw in the operating system or system
firmware to gain access over resources
✔✔Logic Bomb - ✔✔code that has been either injected or pre-placed into software that
is meant to incur a malicious event
✔✔OS Firewalls - ✔✔a good first line of defense. Not perfect. Network firewalls are very
important too.
✔✔Data Segregation - ✔✔most systems have the operating systems installed to a
single drive. If data is important, try to segment to a different driver, either a physical
local drive or network drive
✔✔HIDS - ✔✔loaded on an individual computer. Analyses and monitors what happens
inside that computer
✔✔NIDS - ✔✔can be loaded on individual computers, or it can be loaded on network
appliances. Or it can be a physical stand-alone network device itself
✔✔In-Line - ✔✔all network traffic flows through the NIDS
ANSWERS GRADED A+
✔✔Viruses - ✔✔a code that runs on a computer typically without the user's knowledge;
Disguised as legitimate programs; Can be embedded within legitimate software; Usually
requires user input.
✔✔Boot Sector Virus - ✔✔Loads into the first sector of the hard drive, when the
computer boots, the virus is loaded into memory and gets executed
✔✔Macro Virus - ✔✔usually embedded or bundled in documents requiring the user to
execute
✔✔Program-based Virus - ✔✔usually embedded within a program
✔✔Encrypted Virus - ✔✔uses self-encryption to hide detection by ant-virus software
✔✔Polymorphic Virus - ✔✔a virus that changes or updates its code to avoid detection
by any-viruses
✔✔Metamorphic Virus - ✔✔Polymorphic on steroids. A virus completely changes itself
regularly as it infects new files. These are very difficult to write.
✔✔Armored Virus - ✔✔Makes false obvious copies of itself to trick anti-viruses to go
after the copies instead of the original virus
✔✔Worms - ✔✔similar to a virus, except it self-replicates, meaning, once the worm is
executed it can spread from system to system across the network without any user
input; Very dangerous and takes advantage of network security vulnerabilities.
✔✔Ransomware - ✔✔software that restricts access to a computer system or data until
a pre-defined "ransom" is paid to the attacker. Typically done to gain money
✔✔Trojans (Trojan Horse) - ✔✔malicious programs that disguise themselves as
legitimate programs but are actually doing bad stuff behind the scenes. They are not
viruses, but operate in a similar manner.
✔✔Trojan Downloader - ✔✔downloads malicious programs onto a computer without the
user's knowledge or input
✔✔Spyware - ✔✔a type of malicious software that is usually installed alongside of third-
party software. Usually runs silently in the background, unnoticed by the user. Collects
information, ranging from websites you like to access to recording your keystrokes
, ✔✔Rootkits - ✔✔a program that is designed to gain administrative or "root" privileges
over a system without being detected. Rootkits are typically very small, and are often
undetected by many anti-virus or anti-malware software
✔✔Spamware - ✔✔software that hipjacks your email client or your email address itself
to further propagate spam messages
✔✔RATs (Remote Access Trojans) - ✔✔elevates privileges to allow an attacker to gain
administrative or elevated control of a system
✔✔DDOS Trojan - ✔✔tries to overload a computer's processor by placing requests or
commands at a high frequency
✔✔Malware Delivery Methods - ✔✔- Via software, messaging, and media
- Botnets and zombies
- Active interception
- Privilege escalation
- Backdoors
- Logic Bombs
✔✔Botnets - ✔✔are groups of compromised computers that have been taken over by a
master computer that sends out malicious software to unsuspecting individuals.
Computers taken over by botnets are called 'Zombies'.
✔✔Privilege Escalation - ✔✔exploiting a bug or flaw in the operating system or system
firmware to gain access over resources
✔✔Logic Bomb - ✔✔code that has been either injected or pre-placed into software that
is meant to incur a malicious event
✔✔OS Firewalls - ✔✔a good first line of defense. Not perfect. Network firewalls are very
important too.
✔✔Data Segregation - ✔✔most systems have the operating systems installed to a
single drive. If data is important, try to segment to a different driver, either a physical
local drive or network drive
✔✔HIDS - ✔✔loaded on an individual computer. Analyses and monitors what happens
inside that computer
✔✔NIDS - ✔✔can be loaded on individual computers, or it can be loaded on network
appliances. Or it can be a physical stand-alone network device itself
✔✔In-Line - ✔✔all network traffic flows through the NIDS
