Question 1

What is the difference between a virus and a worm?

Accepted Answer

Unlike a virus, a worm can propagate itself without a file.

A worm can replicate itself, while a virus requires a host for distribution.

Both viruses and worms can cause damage to data and systems, and both spread from system to system, although a worm can spread itself while a virus attaches itself to a host for distribution.

Question 2

Malware

Accepted Answer

Software designed to take over or damage a computer without the user's knowledge or approval.

Question 3

Virus

Accepted Answer

A program that attempts to damage a computer system and replicate itself to other computer systems.

Question 4

Worm

Accepted Answer

A self-replicating program.

is a type of malicious software that travels across computer networks, automatically replicating itself

- Does not require a host file to propagate.
- Automatically replicates itself without an activation mechanism. A worm can travel across computer networks without requiring any user assistance.
-Infects one system and spreads to other systems on the network.

Question 5

Trojan Horse

Accepted Answer

A malicious program that is disguised as legitimate or desirable software.
•	Cannot replicate itself.
•	Does not need to be attached to a host file.
•	Often contains spying functions (such as a packet sniffer) or backdoor functions 
•	Often is hidden in useful software, such as screen savers or games. A wrapper is a program that is used legitimately, but has a Trojan attached to it that will infiltrate whichever computer runs the wrapper software.
•	Relies on user decisions and actions to spread.

Question 6

Zombie

Accepted Answer

A computer that is infected with malware that allows remote software updates and control by a command and control center called a zombie master.
•	also known as a bot
•	Commonly uses Internet Relay Chat (IRC) channels (also known as chat rooms) to communicate with the zombie master.
•	used to aid spammers.
•	Is used to commit click fraud. The internet uses a form of advertising called pay-per-click, 
•	Is used for performing denial-of-service attacks.

Question 7

Botnet

Accepted Answer

A group of zombie computers that are commanded from a central control infrastructure.

Question 8

Rootkit

Accepted Answer

are installed within the boot sector of the infected computer's hard drive. 

A set of programs that allows attackers to maintain permanent, administrator-level, hidden access to a computer.
•	almost invisible software
•	Resides below regular antivirus software detection
•	Requires administrator privileges to install and then maintains those privileges to allow subsequent access
•	Might not be malicious
•	Often replaces operating system files with alternate versions that allow hidden access

Question 9

Logic Bomb

Accepted Answer

Malware designed to execute only under predefined conditions that lays dormant until the predefined condition is met.

As such, the malware will actually lay dormant until those conditions occur, then it's going to execute

•	Uses a trigger activity such as a specific date and time, the launching of a specific program, or the processing of a specific type of activity
•	Does not self-replicate
•	Is also known as an asynchronous attack

Question 10

Spyware

Accepted Answer

Software that is installed without the user's consent or knowledge and is designed to intercept or take partial control over the user's interaction with the computer.

Spyware may also install additional software. It may change computer settings or it may redirect the web browser to unwanted websites

Question 11

Adware

Accepted Answer

Malware that monitors actions that denote personal preferences and sends pop-ups and ads that match those preferences.

•	Is usually passive
•	Is privacy-invasive software
•	Is installed on your machine by visiting a particular website or running an application
•	Is usually more annoying than harmful

Question 12

Ransomware

Accepted Answer

Malware that denies access to a computer system until the user pays a ransom.

Question 13

Scareware

Accepted Answer

A scam to fool users into thinking they have some form of malware on their system.

Question 14

Crimeware

Accepted Answer

Malware designed to perpetrate identity theft to allow access to online accounts at financial services, such as banks and online retailers.

•	Use keystroke loggers, which capture keystrokes, mouse operations, or screenshots and transmits those actions back to the attacker to obtain passwords
•	Redirect users to fake sites
•	Steal cached passwords
•	Conduct transactions in the background after logon

Question 15

Crypto-Malware

Accepted Answer

Ransomware that encrypts files until a ransom is paid.

Question 16

Remote Access Trojan (RAT)

Accepted Answer

includes a back door that allows administrative control over the target computer.  Usually downloaded invisibly with a user-requested program, RAT can: 
•	Use keystroke loggers, which capture keystrokes, mouse operations, or screenshots and transmits those actions back to the attacker to obtain passwords
•	Access confidential information,
•	Format drives
•	Activate a system's webcam and record video
•	Delete, download, or alter files and file systems
•	Distribute viruses and other malware

Question 17

Hacker

Accepted Answer

A person that commits computer and cyber crimes by gaining unauthorized access to computer systems.

Question 18

Cracker

Accepted Answer

A person that is actively engaged in developing and distributing worms, 

-greatest threat to information resources
 -Developing and distributing worms, Trojans, and viruses
- Engaging in probing and reconnaissance activities
    Creating toolkits so that others can hack known vulnerabilities
-  Cracking the protective measures included with commercial application software by using reverse engineering

Question 19

Script Kiddy

Accepted Answer

A less-skilled (usually younger) hacker that often relies on automated tools or scripts written by crackers to scan systems at random to find and exploit weaknesses.

Question 20

3 key Characteristics of a virus?

Accepted Answer

1.	replication mechanism
2.	an activation mechanism
3.	some objective 
-requires a replication mechanism,  a file that it uses as a host.  Viruses typically attach to files with execution capabilities such as .doc, .exe, and .bat extensions. Many viruses are distributed via email and go to everyone in your address book.
-The virus only replicates when an activation mechanism is triggered. 
-The virus is programmed with an objective, which is usually to destroy, compromise, or corrupt data.

Question 21

Characteristics of a stealth virus

Accepted Answer

Masks its self and will attempt to hide.

Question 22

Macro Virus

Accepted Answer

A macro virus exploits applications such as Microsoft Office that use macros.

A macro virus can take advantage of this feature and embed itself into a Word file. Then when that file is opened and that macro is activated, it runs and it could then potentially cause significant damage and spread itself to other machines.

Question 23

Polymorphic Virus

Accepted Answer

A polymorphic virus can change form to avoid detection

It can actually mutate its code
mutates while keeping the original algorithm intact.

Question 24

Retro Virus

Accepted Answer

attacks the antivirus software 

tries to destroy virus countermeasures by deleting key files that antivirus programs use.

Question 25

armored virus

Accepted Answer

is designed to make itself difficult to detect or analyze by covering itself with protective code.
makes itself difficult to detect by covering itself with a type of protective code.

Question 26

Companion Virus

Accepted Answer

A computer virus attaches itself to some legitimate program. Then it creates a second program with a different file name extension and when users try to run the legitimate program, the companion virus activates and executes the second program instead of the legitimate one

Question 27

What is the most effective way to prevent computer virus form spreading?

Accepted Answer

Anti-malware software

Question 28

What does real-time protection do?

Accepted Answer

will alert you when it detects malware as it's attempting to install itself on your system

Question 29

How to worms infect a system?

Accepted Answer

usually take advantage of unpatched vulnerabilities in computer systems

Question 30

How do you avoid worm infections

Accepted Answer

you need to make sure that your systems have been patched and that they have anti-malware software installed

Question 31

Zombie master

Accepted Answer

The attackers computer that in controlling the zombie or bot

Question 32

bot

Accepted Answer

a zombied computer

Question 33

bot herder

Accepted Answer

The person (system) that is controlling the botnet

Question 34

How do you discover that you have a Trojan or you are a zombie

Accepted Answer

you can examine your computer's firewall log to see if it's been acting as a zombie. In the log, you should see the out-bound traffic from the zombie going through the firewall to the zombie master.

Question 35

How to defend against a Trojan

Accepted Answer

Install anti-malware on the system to detect a Trojan.

Question 36

UEFI

Accepted Answer

Unified Extensible Firmware Interface  is a specification for a software program that connects a computer's firmware to its operating system (OS)

Question 37

What are the strategies that you can use to prevent rootkit infections

Accepted Answer

•	first one is to install some type of anti-rootkit software. 
•	However, a better solution is to actually upgrade to a computer system that uses UEFI firmware instead of the traditional BIOS.

Question 38

How does windows prevent rootkits on newer versions.

Accepted Answer

On newer versions of Windows, this is done using the secure boot feature.

Question 39

What is the best defense against spyware and adware

Accepted Answer

use a pop-up blocker as well as to install anti-malware software.

Question 40

phage virus

Accepted Answer

rewrites programs and infects all the files associated with that program. Its objective is usually to delete or destroy every program it infects.

Question 41

Wrapper

Accepted Answer

is a program that is used legitimately, but has a Trojan attached to it that will infiltrate whichever computer runs the wrapper software.

Question 42

asynchronous attack

Accepted Answer

Same as a logic bomb

Question 43

White hat hackers

Accepted Answer

are ethical people who have the ability to find vulnerabilities in computer systems.

Question 44

Black hat hackers

Accepted Answer

are people who unethically test or exploit the vulnerabilities of computer systems.

Question 45

Grey hat hackers

Accepted Answer

(also referred to as wannabes or whackers) apply loose ethics in their application of their abilities to exploit vulnerabilities in computer systems. They are not consistently malicious or non-malicious in the use of their skills.

Question 46

Click Kiddy

Accepted Answer

term used to refer to script kiddies who use GUI-based point-and-click software instead of scripts.

Question 47

Phreaker

Accepted Answer

is a term used to refer to people who break into telecommunications networks to illegally use the provider's services.

Question 48

Stoned

Accepted Answer

The 1987 Stoned virus was one of the very first viruses, and was very common and widespread in the early 1990s. The virus infects the master boot record of a hard drive and floppy disks.

Question 49

Michelangelo

Accepted Answer

The 1991 Michelangelo virus was designed to infect MS-DOS systems and remain dormant until March 6, the birthday of Renaissance artist Michelangelo. The virus infects the master boot record of a hard drive. Once a system becomes infected, any floppy disk inserted into the system becomes immediately infected, as well.

Question 50

CIH/Chernobyl Virus

Accepted Answer

The 1999 Chernobyl virus was the first computer virus that affected computer hardware. It infected executable files, then spread after the file was executed. After it was initiated, CIH would continue until the entire hard drive was erased. Then it would overwrite the system BIOS, causing machines to crash.

Question 51

Melissa

Accepted Answer

The 1999 Melissa worm was the first widely distributed macro virus which was propagated in the form of an email message containing an infected Word document as an attachment.

Question 52

I Love You

Accepted Answer

The 2000 ILOVEYOU worm was propagated in the form of an email message containing an infected VBScript (Microsoft Visual Basic Scripting) attachment. When executed, the VBScript would alter the registry keys to allow the malware to start up at every boot. It would also search for and replace *.jpg, *.jpeg, *.vbs, *.vbe, *.js, *.jse, *.css, *.wsh, *.sct, *.doc *.hta files with copies of itself while appending the file name with a .vbs extension.

Question 53

Code Red

Accepted Answer

The 2001 Code Red worm was designed to attack and exploit vulnerabilities within Microsoft Web IIS servers. It replicated from port to port with remarkable speed, infecting over 250,000 systems in under 9 hours.

Question 54

Nimda

Accepted Answer

The 2001 Nimda worm took advantage of weaknesses found in the Windows platform and propagated itself in several ways, including email, infected websites, and network shares. It also left multiple back doors to allow for additional attacks.

Question 55

Klez

Accepted Answer

The 2001-2002 Klez worm propagated through email by infecting executables through creating a hidden copy of the original host file, then overwriting the original file with itself. It attacked unpatched versions of Outlook and Outlook Express to allow attackers to control the system.

Question 56

A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent?

Accepted Answer

Botnet

Question 57

Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously?

Accepted Answer

Trojan horse

A Trojan horse is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously. Trojan horses are very common on the internet.

Question 58

Which of the following is undetectable software that allows administrator-level access?

Accepted Answer

Rootkit

A rootkit is a set of programs that allows attackers to maintain permanent, administrator-level, hidden access to a computer. A rootkit:
•	Is almost invisible software
•	Resides below regular antivirus software detection
•	Requires administrator privileges for installation, then maintains those privileges to allow subsequent access
•	Might not be malicious
•	Often replaces operating system files with alternate versions that allow hidden access

Question 59

What are characteristics of a rootkit?

Accepted Answer

A rootkit is a set of programs that allows attackers to maintain hidden, permanent, administrator-level access to a computer. A rootkit:
•	Is almost invisible software
•	Resides below regular antivirus software detection
•	Requires administrator privileges for installation, then maintains those privileges to allow subsequent access
•	Might not be malicious
•	Often replaces operating system files with alternate versions that allow hidden access

Question 60

You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer.

Which of the following terms best describes this software?

Accepted Answer

Rootkit

This program is an example of a rootkit. A rootkit is a set of programs that allow attackers to maintain permanent, administrator-level, and hidden access to a computer. Rootkits require administrator access for installation and typically gain this access using a Trojan horse approach--masquerading as a legitimate program to entice users to install the software.

Question 61

Which of the following best describes spyware?

Accepted Answer

It monitors the actions you take on your machine and sends the information back to its originating source.

Question 62

What is the primary distinguishing characteristic between a worm and a logic bomb?

Accepted Answer

Self-replication

The primary distinguishing characteristic between a 
worm and a logic bomb is self-replication. 

Worms are designed to replicate and spread as quickly and as broadly as possible.

Logic bombs do not self-replicate. They are designed for a specific single system or type of system. Once planted on a system, it remains there until it is triggered.

Question 63

You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems.

You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software.

What has happened to the file?

Accepted Answer

It has been moved to a secure folder on your computer.

Quarantine moves the infected file to a secure folder where it cannot be opened or run normally. By configuring the software to quarantine any problem files, you can view, scan, and possibly repair those files. 
Quarantine does not automatically repair files. Deleting a file is one possible action to take, but this action removes the file from your system.

Question 64

What is another name for a logic bomb?

Accepted Answer

Asynchronous attack

A logic bomb is a specific example of an asynchronous attack. An asynchronous attack is a form of malicious attack where actions taken at one time do not cause their intended, albeit negative, action until a later time.

Term & Qustions

Term & Qustions

Term & Qustions

TestOut ITSec C7.1

TestOut Security Pro Terms Def / Q&A Chapter 7.1 Maleware

Term & Qustions	Def & Answers
What is the difference between a virus and a worm?	Unlike a virus, a worm can propagate itself without a file. A worm can replicate itself, while a virus requires a host for distribution. Both viruses and worms can cause damage to data and systems, and both spread from system to system, although a worm can spread itself while a virus attaches itself to a host for distribution.
Which types of malware can be spread through email?
How are Trojans and botnets related?
What does it mean for software to be quarantined?
Why is it a good practice to show file extensions?
In addition to implementing virus scanning software, what must you do to ensure that you are protected from the latest virus variations?
Malware	Software designed to take over or damage a computer without the user's knowledge or approval.
Virus	A program that attempts to damage a computer system and replicate itself to other computer systems.
Worm	A self-replicating program. is a type of malicious software that travels across computer networks, automatically replicating itself - Does not require a host file to propagate. - Automatically replicates itself without an activation mechanism. A worm can travel across computer networks without requiring any user assistance. -Infects one system and spreads to other systems on the network.
Trojan Horse	A malicious program that is disguised as legitimate or desirable software. • Cannot replicate itself. • Does not need to be attached to a host file. • Often contains spying functions (such as a packet sniffer) or backdoor functions • Often is hidden in useful software, such as screen savers or games. A wrapper is a program that is used legitimately, but has a Trojan attached to it that will infiltrate whichever computer runs the wrapper software. • Relies on user decisions and actions to spread.
Zombie	A computer that is infected with malware that allows remote software updates and control by a command and control center called a zombie master. • also known as a bot • Commonly uses Internet Relay Chat (IRC) channels (also known as chat rooms) to communicate with the zombie master. • used to aid spammers. • Is used to commit click fraud. The internet uses a form of advertising called pay-per-click, • Is used for performing denial-of-service attacks.
Botnet	A group of zombie computers that are commanded from a central control infrastructure.
Rootkit	are installed within the boot sector of the infected computer's hard drive. A set of programs that allows attackers to maintain permanent, administrator-level, hidden access to a computer. • almost invisible software • Resides below regular antivirus software detection • Requires administrator privileges to install and then maintains those privileges to allow subsequent access • Might not be malicious • Often replaces operating system files with alternate versions that allow hidden access
Logic Bomb	Malware designed to execute only under predefined conditions that lays dormant until the predefined condition is met. As such, the malware will actually lay dormant until those conditions occur, then it's going to execute • Uses a trigger activity such as a specific date and time, the launching of a specific program, or the processing of a specific type of activity • Does not self-replicate • Is also known as an asynchronous attack
Spyware	Software that is installed without the user's consent or knowledge and is designed to intercept or take partial control over the user's interaction with the computer. Spyware may also install additional software. It may change computer settings or it may redirect the web browser to unwanted websites
Adware	Malware that monitors actions that denote personal preferences and sends pop-ups and ads that match those preferences. • Is usually passive • Is privacy-invasive software • Is installed on your machine by visiting a particular website or running an application • Is usually more annoying than harmful
Ransomware	Malware that denies access to a computer system until the user pays a ransom.
Scareware	A scam to fool users into thinking they have some form of malware on their system.
Crimeware	Malware designed to perpetrate identity theft to allow access to online accounts at financial services, such as banks and online retailers. • Use keystroke loggers, which capture keystrokes, mouse operations, or screenshots and transmits those actions back to the attacker to obtain passwords • Redirect users to fake sites • Steal cached passwords • Conduct transactions in the background after logon
Crypto-Malware	Ransomware that encrypts files until a ransom is paid.
Remote Access Trojan (RAT)	includes a back door that allows administrative control over the target computer. Usually downloaded invisibly with a user-requested program, RAT can: • Use keystroke loggers, which capture keystrokes, mouse operations, or screenshots and transmits those actions back to the attacker to obtain passwords • Access confidential information, • Format drives • Activate a system's webcam and record video • Delete, download, or alter files and file systems • Distribute viruses and other malware
Hacker	A person that commits computer and cyber crimes by gaining unauthorized access to computer systems.
Cracker	A person that is actively engaged in developing and distributing worms, -greatest threat to information resources -Developing and distributing worms, Trojans, and viruses - Engaging in probing and reconnaissance activities Creating toolkits so that others can hack known vulnerabilities - Cracking the protective measures included with commercial application software by using reverse engineering
Script Kiddy	A less-skilled (usually younger) hacker that often relies on automated tools or scripts written by crackers to scan systems at random to find and exploit weaknesses.
3 key Characteristics of a virus?	1. replication mechanism 2. an activation mechanism 3. some objective -requires a replication mechanism, a file that it uses as a host. Viruses typically attach to files with execution capabilities such as .doc, .exe, and .bat extensions. Many viruses are distributed via email and go to everyone in your address book. -The virus only replicates when an activation mechanism is triggered. -The virus is programmed with an objective, which is usually to destroy, compromise, or corrupt data.
Characteristics of a stealth virus	Masks its self and will attempt to hide.
Macro Virus	A macro virus exploits applications such as Microsoft Office that use macros. A macro virus can take advantage of this feature and embed itself into a Word file. Then when that file is opened and that macro is activated, it runs and it could then potentially cause significant damage and spread itself to other machines.
Polymorphic Virus	A polymorphic virus can change form to avoid detection It can actually mutate its code mutates while keeping the original algorithm intact.
Retro Virus	attacks the antivirus software tries to destroy virus countermeasures by deleting key files that antivirus programs use.
armored virus	is designed to make itself difficult to detect or analyze by covering itself with protective code. makes itself difficult to detect by covering itself with a type of protective code.
Companion Virus	A computer virus attaches itself to some legitimate program. Then it creates a second program with a different file name extension and when users try to run the legitimate program, the companion virus activates and executes the second program instead of the legitimate one
What is the most effective way to prevent computer virus form spreading?	Anti-malware software
What does real-time protection do?	will alert you when it detects malware as it's attempting to install itself on your system
How to worms infect a system?	usually take advantage of unpatched vulnerabilities in computer systems
How do you avoid worm infections	you need to make sure that your systems have been patched and that they have anti-malware software installed
Zombie master	The attackers computer that in controlling the zombie or bot
bot	a zombied computer
bot herder	The person (system) that is controlling the botnet
How do you discover that you have a Trojan or you are a zombie	you can examine your computer's firewall log to see if it's been acting as a zombie. In the log, you should see the out-bound traffic from the zombie going through the firewall to the zombie master.
How to defend against a Trojan	Install anti-malware on the system to detect a Trojan.
UEFI	Unified Extensible Firmware Interface is a specification for a software program that connects a computer's firmware to its operating system (OS)
What are the strategies that you can use to prevent rootkit infections	• first one is to install some type of anti-rootkit software. • However, a better solution is to actually upgrade to a computer system that uses UEFI firmware instead of the traditional BIOS.
How does windows prevent rootkits on newer versions.	On newer versions of Windows, this is done using the secure boot feature.
What is the best defense against spyware and adware	use a pop-up blocker as well as to install anti-malware software.
phage virus	rewrites programs and infects all the files associated with that program. Its objective is usually to delete or destroy every program it infects.
Wrapper	is a program that is used legitimately, but has a Trojan attached to it that will infiltrate whichever computer runs the wrapper software.
asynchronous attack	Same as a logic bomb
White hat hackers	are ethical people who have the ability to find vulnerabilities in computer systems.
Black hat hackers	are people who unethically test or exploit the vulnerabilities of computer systems.
Grey hat hackers	(also referred to as wannabes or whackers) apply loose ethics in their application of their abilities to exploit vulnerabilities in computer systems. They are not consistently malicious or non-malicious in the use of their skills.
Click Kiddy	term used to refer to script kiddies who use GUI-based point-and-click software instead of scripts.
Phreaker	is a term used to refer to people who break into telecommunications networks to illegally use the provider's services.
Stoned	The 1987 Stoned virus was one of the very first viruses, and was very common and widespread in the early 1990s. The virus infects the master boot record of a hard drive and floppy disks.
Michelangelo	The 1991 Michelangelo virus was designed to infect MS-DOS systems and remain dormant until March 6, the birthday of Renaissance artist Michelangelo. The virus infects the master boot record of a hard drive. Once a system becomes infected, any floppy disk inserted into the system becomes immediately infected, as well.
CIH/Chernobyl Virus	The 1999 Chernobyl virus was the first computer virus that affected computer hardware. It infected executable files, then spread after the file was executed. After it was initiated, CIH would continue until the entire hard drive was erased. Then it would overwrite the system BIOS, causing machines to crash.
Melissa	The 1999 Melissa worm was the first widely distributed macro virus which was propagated in the form of an email message containing an infected Word document as an attachment.
I Love You	The 2000 ILOVEYOU worm was propagated in the form of an email message containing an infected VBScript (Microsoft Visual Basic Scripting) attachment. When executed, the VBScript would alter the registry keys to allow the malware to start up at every boot. It would also search for and replace .jpg, .jpeg, .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .doc *.hta files with copies of itself while appending the file name with a .vbs extension.
Code Red	The 2001 Code Red worm was designed to attack and exploit vulnerabilities within Microsoft Web IIS servers. It replicated from port to port with remarkable speed, infecting over 250,000 systems in under 9 hours.
Nimda	The 2001 Nimda worm took advantage of weaknesses found in the Windows platform and propagated itself in several ways, including email, infected websites, and network shares. It also left multiple back doors to allow for additional attacks.
Klez	The 2001-2002 Klez worm propagated through email by infecting executables through creating a hidden copy of the original host file, then overwriting the original file with itself. It attacked unpatched versions of Outlook and Outlook Express to allow attackers to control the system.
A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent?	Botnet
Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously?	Trojan horse A Trojan horse is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously. Trojan horses are very common on the internet.
Which of the following is undetectable software that allows administrator-level access?	Rootkit A rootkit is a set of programs that allows attackers to maintain permanent, administrator-level, hidden access to a computer. A rootkit: • Is almost invisible software • Resides below regular antivirus software detection • Requires administrator privileges for installation, then maintains those privileges to allow subsequent access • Might not be malicious • Often replaces operating system files with alternate versions that allow hidden access
What are characteristics of a rootkit?	A rootkit is a set of programs that allows attackers to maintain hidden, permanent, administrator-level access to a computer. A rootkit: • Is almost invisible software • Resides below regular antivirus software detection • Requires administrator privileges for installation, then maintains those privileges to allow subsequent access • Might not be malicious • Often replaces operating system files with alternate versions that allow hidden access
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following terms best describes this software?	Rootkit This program is an example of a rootkit. A rootkit is a set of programs that allow attackers to maintain permanent, administrator-level, and hidden access to a computer. Rootkits require administrator access for installation and typically gain this access using a Trojan horse approach--masquerading as a legitimate program to entice users to install the software.
Which of the following best describes spyware?	It monitors the actions you take on your machine and sends the information back to its originating source.
What is the primary distinguishing characteristic between a worm and a logic bomb?	Self-replication The primary distinguishing characteristic between a worm and a logic bomb is self-replication. Worms are designed to replicate and spread as quickly and as broadly as possible. Logic bombs do not self-replicate. They are designed for a specific single system or type of system. Once planted on a system, it remains there until it is triggered.
You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file?	It has been moved to a secure folder on your computer. Quarantine moves the infected file to a secure folder where it cannot be opened or run normally. By configuring the software to quarantine any problem files, you can view, scan, and possibly repair those files. Quarantine does not automatically repair files. Deleting a file is one possible action to take, but this action removes the file from your system.
What is another name for a logic bomb?	Asynchronous attack A logic bomb is a specific example of an asynchronous attack. An asynchronous attack is a form of malicious attack where actions taken at one time do not cause their intended, albeit negative, action until a later time.
How often should anti-virus software definitions files up updated?	Anti-virus software should be configured to download updated virus definition files as soon as they become available. Anti-virus software is only effective against new viruses if it has the latest virus definition files installed. You should configure your anti-virus software to automatically download updated virus definition files as soon as they become available.
If your anti-virus software does not detect and remove a virus, what should you try first?	Update your virus detection software.
You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.) -Disable UAC -Schedule regular full system scans -Enable chassis intrusion detection -Enable account lockout -Educate users about malware	-Schedule regular full system scans -Educate users about malware You should schedule regular full system scans to look for any malware. In addition, educate users about the dangers of downloading software and the importance of anti-malware protections.
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. What could you do to help prevent this?	Configure the software to automatically download the virus definition files as soon as they become available
Which type of virus conceals its presence by intercepting system requests and altering service outputs?	Stealth Stealth viruses reside in low-level system service functions where they intercept system requests and alter service outputs to conceal their presence. The term rootkit is often used to describe a malicious program that can hide itself and prevent its removal from the system.

"Know" box contains:
Time elapsed:
Retries: