CYBER 366 EXAM 1 QUESTIONS & ANSWERS
Malware Analysis - Answers -Is the art of studying, examining, investigating, and
analyzing malware to understand (how to identify it, how it works, how to measure the
damage, how to eliminate it)
Threat Analysis - Answers -What is the damage/impact? What are the host/network
based malware signatures (indicators)
Host-based signature - Answers -Identify files created or modified or changes to the
computer registry
Network-based signature - Answers -detect malicious code by monitoring network
traffic (website links, donwload files, etc)
Malware - Answers -a type of software designed to take over or damage a computer
without the user's knowledge or approval
Different types of malware include: - Answers -viruses, worms, Trojans, rootkits, logic
bombs, spyware, adware, crimeware, RAT, Botnet
Virus - Answers -string of code that gets attached to a file and is designed to spread
from file to file; attaches itself to programs and require human interaction for intitiation;
cannot be executed unless told to do so by a user
3 key characteristics of a virus - Answers -a replication mechanism, an activation
mechanism, an objective
Virus-replication mechanism - Answers -a file that it uses as a host; when the host is
distributed, the virus is also distributed (.doc, .exe, .bat)
The virus only replicates when an _________ mechanism is triggered - Answers -
activation
The virus is programmed with an _____________, which is usually to destroy,
compromise, or corrupt data - Answers -objective
Polymorphic virus - Answers -a computer virus that can create modified version of itself
to avoid detection yet retain the same basic functionality after every infection
Boot sector virus - Answers -infects the boot sector of floppy disks or the Master Boot
Record (MBR) of hard disks
Macro Virus - Answers -Exploits applications such as Microsoft Office that use macros
, Macro - Answers -a program that's designed to help automate repetitive functions with
an application such as Microsoft Word
Worm - Answers -a type of malicious software that travels across computer networks,
automatically replicating itself
Unlike a virus, a _______ can propagate itself without a file - Answers -worm
________ usually take advantage of unpatched vulnerabilities in computer systems -
Answers -Worms
How to avoid a worm infection - Answers -make sure that your systems have been
patched and that they have anti-malware software installed
Trojan horse - Answers -appears to be some type of legitimate software; contains
malicious code embedded within an apparently useful application; can cause a lot of
damage; could create a backdoor in the system
Backdoors - Answers -provide an attacker with remote access to a victim's machine;
often implements a full set of capabilities
__________are the most common types of malware - Answers -Backdoors
Backdoors communicate over the Internet using ________ on port ____ or ________
on port ________ - Answers -HTTP, 80, HTTPS, 443
Common capabilities of backdoors - Answers -Manipulate registry, enumerate display
windows, create directories, search files
Reverse shell - Answers -a connection that originates from an infected machine and
provides attackers shell access to that machine
Reverse shells are found as both ______________ malware and as __________ of
more sophisticated backdoors - Answers -stand-alone, components
Rootkits - Answers -a form of malware that targets operating systems - it can be hidden
within the core components of a system and stay undetected
Rootkits are installed within the _____ sector of the infected computer's hard drive -
Answers -boot
Rootkits are difficult to detect because the rootkit is often ______ - Answers -loaded
before the operating system was booted, making it invisible to anti-malware
Malware Analysis - Answers -Is the art of studying, examining, investigating, and
analyzing malware to understand (how to identify it, how it works, how to measure the
damage, how to eliminate it)
Threat Analysis - Answers -What is the damage/impact? What are the host/network
based malware signatures (indicators)
Host-based signature - Answers -Identify files created or modified or changes to the
computer registry
Network-based signature - Answers -detect malicious code by monitoring network
traffic (website links, donwload files, etc)
Malware - Answers -a type of software designed to take over or damage a computer
without the user's knowledge or approval
Different types of malware include: - Answers -viruses, worms, Trojans, rootkits, logic
bombs, spyware, adware, crimeware, RAT, Botnet
Virus - Answers -string of code that gets attached to a file and is designed to spread
from file to file; attaches itself to programs and require human interaction for intitiation;
cannot be executed unless told to do so by a user
3 key characteristics of a virus - Answers -a replication mechanism, an activation
mechanism, an objective
Virus-replication mechanism - Answers -a file that it uses as a host; when the host is
distributed, the virus is also distributed (.doc, .exe, .bat)
The virus only replicates when an _________ mechanism is triggered - Answers -
activation
The virus is programmed with an _____________, which is usually to destroy,
compromise, or corrupt data - Answers -objective
Polymorphic virus - Answers -a computer virus that can create modified version of itself
to avoid detection yet retain the same basic functionality after every infection
Boot sector virus - Answers -infects the boot sector of floppy disks or the Master Boot
Record (MBR) of hard disks
Macro Virus - Answers -Exploits applications such as Microsoft Office that use macros
, Macro - Answers -a program that's designed to help automate repetitive functions with
an application such as Microsoft Word
Worm - Answers -a type of malicious software that travels across computer networks,
automatically replicating itself
Unlike a virus, a _______ can propagate itself without a file - Answers -worm
________ usually take advantage of unpatched vulnerabilities in computer systems -
Answers -Worms
How to avoid a worm infection - Answers -make sure that your systems have been
patched and that they have anti-malware software installed
Trojan horse - Answers -appears to be some type of legitimate software; contains
malicious code embedded within an apparently useful application; can cause a lot of
damage; could create a backdoor in the system
Backdoors - Answers -provide an attacker with remote access to a victim's machine;
often implements a full set of capabilities
__________are the most common types of malware - Answers -Backdoors
Backdoors communicate over the Internet using ________ on port ____ or ________
on port ________ - Answers -HTTP, 80, HTTPS, 443
Common capabilities of backdoors - Answers -Manipulate registry, enumerate display
windows, create directories, search files
Reverse shell - Answers -a connection that originates from an infected machine and
provides attackers shell access to that machine
Reverse shells are found as both ______________ malware and as __________ of
more sophisticated backdoors - Answers -stand-alone, components
Rootkits - Answers -a form of malware that targets operating systems - it can be hidden
within the core components of a system and stay undetected
Rootkits are installed within the _____ sector of the infected computer's hard drive -
Answers -boot
Rootkits are difficult to detect because the rootkit is often ______ - Answers -loaded
before the operating system was booted, making it invisible to anti-malware
