1.
Payloads include those used by viruses, worms, and trojans.
Correct Answer
B. False
Explanation
This statement is false. Payloads do not exclusively include those used by viruses, worms, and trojans. Payload refers to the part of malware that performs malicious actions on the victim's computer. While viruses, worms, and trojans can have payloads, there are also other types of malware that can have payloads, such as ransomware or spyware. Therefore, it is incorrect to say that payloads only include those used by viruses, worms, and trojans.
2.
Malicious software constitutes one of the most significant categories of threats to computer systems.
Correct Answer
A. True
Explanation
Malicious software, also known as malware, poses a significant threat to computer systems. It includes various types of harmful programs such as viruses, worms, Trojans, ransomware, and spyware. These malicious programs can cause damage to computer systems, steal sensitive information, disrupt operations, and compromise security. Therefore, it is true that malicious software constitutes one of the most significant categories of threats to computer systems.
3.
Propagation mechanisms include system corruption, bots, phishing, spyware, and rootkits
Correct Answer
B. False
Explanation
The statement is false because the given list of propagation mechanisms is incorrect. The correct propagation mechanisms include system corruption, bots, phishing, spyware, and worms, not rootkits.
4.
A backdoor is any mechanism that bypasses a normal security check.
Correct Answer
A. True
Explanation
A backdoor refers to any mechanism that allows unauthorized access to a system or bypasses normal security checks. It provides an alternative entry point for attackers to gain control over a system without going through the usual authentication processes. This can pose a significant threat to the security of a system or network as it allows malicious actors to exploit vulnerabilities and gain unauthorized access. Therefore, the statement that a backdoor is any mechanism that bypasses a normal security check is true.
5.
Usually, a downloader is sent in an e-mail.
Correct Answer
A. True
Explanation
A downloader is a type of software or program that is used to download files from the internet. It is commonly sent as an attachment in an email, allowing the recipient to download and install the software on their device. Therefore, the statement "Usually, a downloader is sent in an e-mail" is true.
6.
A zombie is a program activated on an infected machine that is activated to launch attacks on other machines.
Correct Answer
A. True
Explanation
A zombie is a type of malicious software or malware that is installed on an infected computer without the user's knowledge. Once activated, it can be remotely controlled by an attacker to launch various types of attacks on other machines or networks. These attacks can include sending spam emails, launching distributed denial of service (DDoS) attacks, or spreading malware to other vulnerable systems. Therefore, the statement "A zombie is a program activated on an infected machine that is activated to launch attacks on other machines" is true.
7.
Malware can be put into two broad categories, based first on how it spreads or propagates to reach the desired targets and then on the actions or payloads it performs once a target is reached.
Correct Answer
A. True
Explanation
The statement is true because malware can indeed be categorized into two broad categories based on how it spreads and the actions it performs. The first category is based on the method of propagation, such as through email attachments, infected websites, or network vulnerabilities. The second category is based on the actions or payloads it carries out once it infects a target, such as data theft, system damage, or unauthorized access.
8.
A virus, although attached to an executable program, cannot do anything that the program is permitted to do
Correct Answer
B. False
Explanation
A virus, although attached to an executable program, can indeed do things that the program is permitted to do. Viruses are malicious software designed to replicate and spread, often causing harm to a computer system or stealing sensitive information. Once a virus is executed, it can perform various actions such as modifying or deleting files, corrupting data, disrupting system operations, and even spreading to other programs or systems. Therefore, the statement that a virus cannot do anything that the program is permitted to do is false.
9.
Microsoft Word, Excel files, and Adobe PDF are document files that are safe from being infected by viruses.
Correct Answer
B. False
Explanation
This statement is false. Microsoft Word, Excel files, and Adobe PDF files are not completely safe from being infected by viruses. While these file formats have built-in security features to protect against viruses, they can still be susceptible to malware attacks. It is important to have antivirus software installed and regularly update it to minimize the risk of virus infections in these types of files.
10.
Viruses often morph to evade detection.
Correct Answer
A. True
Explanation
Viruses have the ability to mutate and change their genetic makeup, allowing them to evade detection by the immune system or antivirus software. This ability to morph is one of the reasons why viruses can be difficult to control and eradicate. By constantly changing their appearance, viruses can continue to infect and spread without being recognized by the immune system or antivirus programs. Therefore, the statement "Viruses often morph to evade detection" is true.
11.
Many forms of infection can be blocked by denying normal users the right to modify programs on the system
Correct Answer
A. True
Explanation
Denying normal users the right to modify programs on the system can help prevent many forms of infection. This is because when users are not able to modify programs, they are unable to make unauthorized changes that could introduce vulnerabilities or malicious code. By restricting user privileges, the system can maintain a higher level of security and reduce the risk of infections caused by user actions.
12.
A polymorphic virus creates copies during replication that are functionally equivalent but have distinctly different bit patterns, in order to defeat programs that scan for viruses.
Correct Answer
A. True
Explanation
A polymorphic virus is a type of computer virus that has the ability to change its code and appearance while maintaining its original function. This allows the virus to create copies that have different bit patterns, making it difficult for antivirus programs to detect and remove them. By constantly changing its code, the virus can evade detection and continue to infect systems. Therefore, the statement that a polymorphic virus creates functionally equivalent but distinct copies to defeat virus scanning programs is true.
13.
Worms cannot spread through shared media, such as USB drives or CD and DVD data disks.
Correct Answer
B. False
Explanation
Worms can indeed spread through shared media such as USB drives or CD and DVD data disks. Worms are a type of malware that can replicate themselves and spread from one device to another, often using removable media as a means of transmission. Therefore, the statement that worms cannot spread through shared media is false.
14.
To replicate itself, a worm uses some means to access remote systems.
Correct Answer
A. True
Explanation
A worm is a type of malware that is capable of replicating itself and spreading to other systems without any human intervention. In order to achieve this, a worm needs to access remote systems through various means such as exploiting vulnerabilities in network protocols or using social engineering techniques. Therefore, the statement "To replicate itself, a worm uses some means to access remote systems" is true.
15.
Newer worms are limited to Windows machines
Correct Answer
B. False
Explanation
The statement suggests that newer worms are limited to Windows machines. However, this statement is not true. Newer worms can target various operating systems, including Windows, Mac, and Linux. Therefore, the correct answer is False.
16.
A ________ lies dormant until a predefined condition is met; the program then triggers an unauthorized act.
Correct Answer
C. Logic bomb
Explanation
A logic bomb is a type of malicious code that remains inactive until a specific condition is met. Once triggered, it can execute unauthorized actions, such as deleting files or causing system failures. Unlike a rootkit, which hides itself on a system, or a worm, which replicates itself, a logic bomb is designed to stay dormant until its predefined condition is fulfilled, making it a suitable answer for the given question. A keylogger, on the other hand, is a type of software that records keystrokes, and while it can be used for unauthorized purposes, it does not specifically match the description provided.
17.
_________ is software (macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.
Correct Answer
A. Mobile code
Explanation
Mobile code refers to software or instructions that can be transported to different platforms and executed with the same meaning. It is designed to be portable and capable of running on various systems without modification. This allows for flexibility and interoperability across different platforms, making it easier to distribute and execute code across heterogeneous environments. Examples of mobile code include Java applets, JavaScript, and Adobe Flash.
18.
- A__________ is a program that installs other items on a machine that is under attack.
Correct Answer
C. Downloader
Explanation
A downloader is a program that is designed to install other items on a machine that is under attack. It is typically used by attackers to download and install malicious software or malware onto the compromised machine. This allows the attacker to gain control over the system and carry out further malicious activities. Downloaders are often used as a first step in a larger attack, as they enable the installation of additional tools or malware that can be used to exploit the compromised system.
19.
- _________ is software that collects information from a computer and transmits it to another system.
Correct Answer
A. Spyware
Explanation
Spyware is a type of software that secretly collects information from a computer and sends it to another system without the user's knowledge or consent. It is designed to gather sensitive data such as browsing habits, passwords, and personal information, which can then be used for malicious purposes. Unlike other types of malware, spyware operates covertly and aims to remain undetected in order to continue stealing data over an extended period of time.
20.
_________ can result in pop-up ads or redirection of a browser to a commercial site.
Correct Answer
C. Adware
Explanation
Adware is a type of malicious software that is designed to display unwanted advertisements on a user's device. It can cause pop-up ads to appear or redirect the user's browser to commercial websites without their consent. Adware is often bundled with free software or downloaded from untrusted sources, and it can significantly disrupt the user's browsing experience by interrupting their activities and slowing down their device.
21.
The _________ is the event or condition that determines when the payload is activated or delivered.
Correct Answer
B. Trigger
Explanation
The trigger is the event or condition that determines when the payload is activated or delivered. It acts as a signal or stimulus that initiates the execution of the payload. In the context of this question, the trigger is the crucial component that sets off the activation or delivery of the payload, making it the correct answer.
22.
During the __________ phase the virus places a copy of itself into other programs or into certain system areas on the disk.
Correct Answer
C. Propagation
Explanation
Propagation is the correct answer because during this phase, the virus spreads or replicates itself by inserting a copy of its code into other programs or specific areas on the disk. This allows the virus to infect other files or systems, increasing its reach and potential to cause harm.
23.
A(n) _________ virus is a form of virus explicitly designed to hide itself from detection by antivirus software.
Correct Answer
C. Stealth
Explanation
A stealth virus is a form of virus explicitly designed to hide itself from detection by antivirus software. Unlike other types of viruses, a stealth virus actively tries to evade detection by disguising its presence and altering its code. It achieves this by modifying its own code or the code of the files it infects, making it difficult for antivirus software to identify and remove it. This allows the virus to remain undetected and continue its malicious activities without being detected by security measures.
24.
A __________ virus is a virus that mutates with every infection, making detection by the “signature” of the virus impossible.
Correct Answer
C. Polymorphic
Explanation
A polymorphic virus is a type of virus that changes its code or signature with each infection, making it difficult to detect using traditional virus signature-based detection methods. This constant mutation allows the virus to evade detection by antivirus software that relies on identifying specific patterns or signatures of known viruses.
25.
A Worm typically uses the __________.
Correct Answer
D. All of the above
Explanation
A worm typically uses all of the above phases. During the dormant phase, the worm remains inactive and hides in the system to avoid detection. In the execution phase, the worm carries out its malicious activities, such as replicating itself and spreading to other systems. The triggering phase refers to the event or condition that activates the worm's malicious behavior. Therefore, all of these phases are utilized by a worm to propagate and carry out its malicious actions.
26.
As an alternative to just destroying data, some malware encrypts the user’s data and demands payment in order to access the key needed to recover this information. This is sometimes known as _________ .
Correct Answer
C. Ransomware
Explanation
Ransomware refers to a type of malware that encrypts a user's data and then demands payment in order to provide the key needed to decrypt and recover the information. It essentially holds the user's data hostage until a ransom is paid. This type of attack has become increasingly common in recent years, causing significant disruption and financial loss for individuals and organizations.
27.
A _________ attack is an attack on a computer system or network that causes a loss of service to users.
Correct Answer
C. DDoS
Explanation
A DDoS (Distributed Denial of Service) attack is an attack on a computer system or network that overwhelms it with a flood of internet traffic, rendering it unable to provide services to its users. This attack is typically carried out by multiple compromised devices, such as botnets, which flood the target system with a high volume of requests, causing it to become overloaded and inaccessible to legitimate users.
28.
The _________ method uses information contained on an infected victim machine to find more hosts to scan.
Correct Answer
B. Topological
Explanation
The topological method uses information contained on an infected victim machine to find more hosts to scan. This method involves analyzing the network topology, such as the relationships between different hosts and their connections, to determine the most efficient path for spreading the infection. By leveraging this information, the attacker can identify potential targets that are likely to be connected to the infected machine and continue the scanning process.
29.
There are _________ generations of antivirus software.
Correct Answer
C. Four
Explanation
The correct answer is four because antivirus software can generally be categorized into four generations based on their development and capabilities. The first generation focused on simple signature-based detection, the second introduced heuristics and behavior analysis, the third included cloud-based scanning and machine learning, and the fourth generation incorporates advanced technologies like artificial intelligence and deep learning. Therefore, there are four generations of antivirus software.
30.
In a ________ attack the attacker is able to implant zombiesoftware on a number of sites distributed throughout the Internet.
Correct Answer
D. Direct DDoS
Explanation
In a direct DDoS attack, the attacker is able to implant zombiesoftware on a number of sites distributed throughout the Internet. This allows the attacker to launch a coordinated and simultaneous attack on the targeted system or network from multiple sources, overwhelming it with a flood of traffic. Unlike other types of DDoS attacks, such as reflector DDoS where the attacker uses third-party servers to amplify the attack, in a direct DDoS attack the attacker directly controls the compromised machines to carry out the attack.
31.
- A _________ is malware that, when executed, tries to replicate itself into other executable code; when it succeeds the code is said to be infected.
Correct Answer
Virus
Explanation
A virus is a type of malware that is designed to replicate itself within other executable code. Once executed, it attempts to spread and infect other files or programs on the system. This replication process allows the virus to spread and potentially cause harm to the infected system. Therefore, the correct answer is "Virus."
32.
- A _________ is a computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network.
Correct Answer
Worm
Explanation
A worm is a type of computer program that is capable of operating autonomously and spreading itself to other computers on a network. Unlike viruses, worms do not require a host file to attach themselves to, as they are able to propagate a complete and functional copy of their program onto other machines. This allows worms to rapidly spread and infect multiple systems, often causing significant damage and disruption.
33.
- A ________ is a computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms.
Correct Answer
trojan horse
Explanation
A trojan horse is a type of computer program that disguises itself as a useful software but contains a hidden and harmful function. It is designed to bypass security measures and can cause damage to the user's computer or steal sensitive information. Like the ancient Greek story of the Trojan Horse, which was a wooden horse used to sneak Greek soldiers into the city of Troy, a trojan horse program tricks users into installing it, allowing unauthorized access or control over their system.
34.
- ___________ programs are used to send large volumes of unwanted e-mail.
Correct Answer
Spam
Explanation
Spam programs are specifically designed to send out large quantities of unwanted emails to multiple recipients. These emails are typically unsolicited and often contain advertisements, scams, or malicious content. Spamming is considered unethical and can be illegal in many jurisdictions.
35.
_________ capture keystrokes on a compromised system.
Correct Answer
Keylogger
Explanation
A keylogger is a type of malicious software that captures and records keystrokes on a compromised system. This means that it can track and record everything that a user types on their keyboard, including passwords, credit card details, and other sensitive information. This information can then be accessed and used by attackers for malicious purposes. Therefore, a keylogger is the correct answer for the question.
36.
- A __________ is a set of hacker tools used after an attacker has broken into a computer system and gained root-level access.
Correct Answer
Rootkit
Explanation
A rootkit is a set of hacker tools used after an attacker has gained unauthorized access to a computer system and obtained root-level privileges. This allows the attacker to maintain control over the compromised system while remaining undetected by traditional security measures. Rootkits are typically used to hide malicious activities, such as backdoors, keyloggers, and other malware, making it difficult for the system owner or security software to detect and remove them.
37.
- A __________ uses multiple methods of infection or propagation, to maximize the speed of contagion and the severity of the attack.
Correct Answer
Blended Attack
Explanation
A blended attack is a type of cyber attack that combines multiple methods of infection or propagation in order to maximize the speed of contagion and the severity of the attack. This means that the attacker may use various techniques such as email attachments, social engineering, and exploiting software vulnerabilities to spread malware or gain unauthorized access to systems. By combining different methods, the attacker can increase the chances of success and cause more damage to the targeted system or network.
38.
- ________ viruses infect scripting code used to support active content in a variety of user document types.
Correct Answer
Macro viruses
Explanation
Macro viruses are a type of virus that specifically infect scripting code used to support active content in different user document types. These viruses exploit the macros present in documents such as Word, Excel, and PowerPoint to execute malicious actions. By infecting these macros, the virus can spread to other documents and potentially cause harm to the user's system. Therefore, the given answer "Macro viruses" accurately describes the type of viruses that infect scripting code in various user document types.
39.
- The first function in the propagation phase for a network worm is for it to search for other systems to infect, a process known as scanning or __________.
Correct Answer
Finger Printing
Explanation
The first function in the propagation phase for a network worm is for it to search for other systems to infect, a process known as scanning. This scanning process involves the worm performing a series of actions to identify potential vulnerable systems that can be exploited. One of the actions involved in scanning is finger printing, where the worm gathers information about the target system's characteristics and vulnerabilities. This information is then used to determine the best method to infect the system and propagate further.
40.
- The earliest significant worm infection was released onto the Internet by
_________ in 1988.
Correct Answer
Robert Morris
Explanation
The correct answer is Robert Morris. In 1988, Robert Tappan Morris, a computer scientist, released the Morris Worm, which was one of the earliest and most notable instances of a worm infection on the Internet. The worm spread rapidly, affecting thousands of computers and causing significant disruption. Morris's intention was not to cause harm but to gauge the size of the Internet. However, the worm's unintended consequences led to his prosecution and the development of early computer security measures.
41.
- Another approach to exploiting software vulnerabilities exploits
browser vulnerabilities so that when the user views a Web page controlled by the attacker, it contains code that exploits the browser bug to download and install malware on the system without the user’s knowledge or consent. This is known as a __________ and is a common exploit in recent attack kits.
Correct Answer
Drive by download
Explanation
In this approach, the attacker takes advantage of vulnerabilities in web browsers. When the user visits a webpage controlled by the attacker, the webpage contains malicious code that exploits a bug in the browser. This allows the attacker to download and install malware on the user's system without their knowledge or consent. This technique is commonly known as a "drive-by download" and is frequently used in recent attack kits.
42.
Unsolicited bulk e-mail, commonly known as ________, imposes significant costs on both the network infrastructure needed to relay this traffic and on users who need to filter their legitimate e-mails out of this flood.
Correct Answer
Spam
Explanation
Unsolicited bulk e-mail, commonly known as spam, refers to the practice of sending large quantities of unwanted and often malicious emails to a wide range of recipients. This type of email causes significant costs for the network infrastructure as it requires resources to relay and handle the high volume of traffic. Additionally, users are burdened with the task of filtering out these unwanted emails from their legitimate ones, leading to wasted time and potential security risks.
43.
A _________ attack exploits social engineering to leverage a user’s trust by masquerading as communications from a trusted source.
Correct Answer
Phishing
Explanation
A phishing attack is a type of cyber attack that uses social engineering techniques to deceive users into believing that they are interacting with a trusted source, such as a legitimate website or email. The attacker typically sends fake emails or creates fake websites that mimic the appearance of trusted organizations, tricking users into providing sensitive information such as passwords, credit card numbers, or personal data. By exploiting the user's trust in the supposed trusted source, the attacker can gain unauthorized access to sensitive information or carry out other malicious activities.
44.
A _________ , also known as a trapdoor, is a secret entry point into a program that allows someone who is aware of the door to gain access without going through the usual security access procedures.
Correct Answer
Backdoor
Explanation
A backdoor, also known as a trapdoor, is a secret entry point into a program that allows someone who is aware of the door to gain access without going through the usual security access procedures. It is a hidden vulnerability intentionally created by the developer or an unauthorized modification that bypasses normal authentication processes, granting unauthorized access to the system. This can be used for various purposes, such as debugging, maintenance, or malicious activities like unauthorized data access or control.
45.
- A _________ is a set of programs installed on a system to maintain covert access to that system with administrator privileges, while hiding evidence of its presence to the greatest extent possible.
Correct Answer
rootkit
Explanation
A rootkit is a set of programs that are installed on a system with the purpose of maintaining covert access and administrator privileges. It is designed to hide any evidence of its presence to the greatest extent possible. Rootkits are often used by hackers or malicious actors to gain unauthorized access to a system and carry out malicious activities without being detected. They can be difficult to detect and remove, making them a significant threat to the security and integrity of a system.
46.
Is a malicious hacker tools used to break into machines remotely
Correct Answer
auto rooter
Explanation
An auto rooter is a type of malicious hacker tool that is used to remotely break into machines. It is designed to automatically exploit vulnerabilities in computer systems, gaining unauthorized access and control over them. This tool enables hackers to remotely gain root or administrator access to compromised machines, allowing them to carry out various malicious activities such as stealing sensitive information, installing malware, or causing damage to the targeted system.
47.
Set of tools for generating new virus automatically
Correct Answer
kit
Explanation
The term "kit" refers to a set of tools or equipment that are used for a specific purpose. In this context, the term "kit" is used to describe a set of tools for generating new viruses automatically. This implies that the tools in the kit can be used to create viruses without manual intervention.
48.
_________program activated on an infected machine that is activated to lunch attack on other machines
Correct Answer
zombie
Explanation
A zombie program refers to a malicious software that has infected a machine and is programmed to launch attacks on other machines. Once activated, this program can operate autonomously and carry out various malicious activities without the user's knowledge or consent. It typically forms part of a larger network of compromised machines, known as a botnet, which can be controlled remotely by an attacker. The term "zombie" is used metaphorically to describe the infected machine, as it is essentially under the control of the attacker and can be used to launch coordinated attacks on other targets.