Chapter 6 practice Questions
Terms in this set (20)
Which of the following types of malware is the MOST difficult to reverse engineer?
A. Logic bomb
C. Armored virus
C. An armored virus uses one or more techniques to make it difficult for antivirus researchers to
reverse engineer it. A logic bomb executes in response to an event, but it is often implemented with
simple code. A Trojan appears to be something beneficial, but it includes a malicious component.
Ransomware takes control of a user's system or data and then demands payment as ransom.
Recently, malware on a company computer destroyed several important files after it detected that
Homer was no longer employed at the company. Which of the following BEST identifies this
A. Logic bomb
A. A logic bomb executes in response to an event. In this scenario, the logic bomb is delivering its
payload when it detects that Homer is no longer employed at the company. A rootkit doesn't respond
to an event. A backdoor provides another method of accessing a system, but it does not delete files.
Adware uses advertising methods, such as pop-up windows.
A recent antivirus scan on a server detected a Trojan. A technician removed the Trojan, but a
security administrator expressed concern that unauthorized personnel might be able to access data on
the server. The security administrator decided to check the server further. Of the following choices,
what is the administrator MOST likely looking for on this server?
B. Logic bomb
A. The security administrator is most likely looking for a backdoor because Trojans commonly
create backdoors, and a backdoor allows unauthorized personnel to access data on the system. Logic
bombs and rootkits can create backdoor accounts, but Trojans don't create logic bombs and would
rarely install a rootkit. The computer might be joined to a botnet, but it wouldn't be a botnet.
After Maggie turned on her computer, she saw a message indicating that unless she made a
payment, her hard drive would be formatted. What does this indicate?
A. Armored virus
B. Ransomware attempts to take control of a user's system or data and then demands ransom to
return control. An armored virus uses one or more techniques to make it more difficult to reverse
engineer. It's possible that Maggie's computer was infected with a Trojan, which created a backdoor.
However, not all Trojans or backdoor accounts demand payment as ransom.
A security administrator recently noticed abnormal activity on a workstation. It is connecting to
computers outside the organization's internal network, using uncommon ports. Using a security toolkit,
the administrator discovered the computer is also running several hidden processes. Which of the
following choices BEST indicates what the administrator has found?
A. A rootkit typically runs processes that are hidden and it also attempts to connect to computers
via the Internet. Although an attacker might have used a backdoor to gain access to the user's
computer and install the rootkit, backdoors don't run hidden processes. Spam is unwanted email and
is unrelated to this question. A Trojan is malware that looks like it's beneficial, but is malicious.
What type of malware uses marketing pop-ups and does not attempt to hide itself?
D. Adware commonly causes pop-up windows to appear with marketing advertisements and
adware doesn't try to hide itself. Many web browsers include pop-up blockers that block these popups.
A rootkit does attempt to hide itself and keep any rootkit processes hidden. Trojans perform
some malicious activity such as creating a backdoor account, and they hide their activity.
Of the following malware types, which one is MOST likely to monitor a user's computer?
B. Spyware monitors a user's computer and activity. Trojans often install backdoor accounts, but
they don't necessarily monitor systems and activity. Adware typically causes pop-up windows for
advertising, and although it might monitor the user to target ads, not all adware monitors users.
Ransomware is primarily concerned with getting the user to make a ransom payment.
Lisa is a database administrator and received a phone call from someone identifying himself as a
technician working with a known hardware vendor. The technician said he's aware of a problem with
database servers they've sold, but it only affects certain operating system versions. He asks Lisa what
operating system the company is running on its database servers. Which of the following choices is
the BEST response from Lisa?
A. Let the caller know what operating system and versions are running on the database servers to
determine if any further action is needed.
B. Thank the caller and end the call, report the call to her supervisor, and independently check the
vendor for issues.
C. Ask the caller for his phone number so that she can call him back after checking the servers.
D. Contact law enforcement personnel.
B. This sounds like a social engineering attack where the caller is attempting to get information on
the servers, so it's appropriate to end the call, report the call to a supervisor, and independently check
the vendor for potential issues. It is not appropriate to give external personnel information on internal
systems from a single phone call. The caller has not committed a crime by asking questions, so it is
not appropriate to contact law enforcement personnel.
A security administrator at a shopping mall discovered two wireless cameras pointing at an
automatic teller machine. These cameras were not installed by mall personnel and are not authorized.
What is the MOST likely goal of these cameras?
B. Dumpster diving
D. Shoulder surfing
D. Shoulder surfing is the practice of peering over a person's shoulder to discover information. In
this scenario, the attacker is using the wireless cameras to discover PINs as users enter them.
Tailgating is the practice of following closely behind someone else without using credentials.
Dumpster diving is the practice of searching trash dumpsters for information. Vishing is a form of
phishing using the phone.
Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked
Lisa to let him follow her when she goes back inside. What does this describe?
A. Spear phishing
D. Tailgating is the practice of following closely behind someone else without using credentials.
In this scenario, Bart might be an employee who forgot his badge, or he might be a social engineer
trying to get in by tailgating. Mantraps prevent tailgating. Spear phishing and whaling are two types of
phishing with email.
An organization's security policy requires employees to incinerate paper documents. Of the
following choices, which type of attack is this MOST likely to prevent?
A. Shoulder surfing
D. Dumpster diving
D. Dumpster diving is the practice of looking for documents in the trash dumpsters, but shredding
or incinerating documents ensures dumpster divers cannot retrieve any paper documents. Shoulder
surfers attempt to view something on a monitor or other screen, not papers. Tailgating refers to
entering a secure area by following someone else. Vishing is a form of phishing using the phone.
While cleaning out his desk, Bart threw several papers containing PII into the recycle bin. Which
type of attack can exploit this action?
B. Dumpster diving
C. Shoulder surfing
B. Dumpster divers look through trash or recycling containers for valuable paperwork, such as
documents that include Personally Identifiable Information (PII). Instead, paperwork should be
shredded or incinerated. Vishing is a form of phishing that uses the phone. Shoulder surfers attempt to
view monitors or screens, not papers. Tailgating is the practice of following closely behind someone
else, without using proper credentials.
Marge reports that she keeps receiving unwanted emails about personal loans. What does this
B. Spear phishing
C. Spam is unwanted emails from any source. Phishing and spear phishing are types of attacks
using email. Vishing is similar to phishing but it uses telephone technology.
A recent spear phishing attack that appeared to come from your organization's CEO resulted in
several employees revealing their passwords to attackers. Management wants to implement a security
control to provide assurances to employees that email that appears to come from the CEO actually
came from the CEO. Which of the following should be implemented?
A. Digital signatures
B. Spam filter
A. A digital signature provides assurances of who sent an email and meets the goal of this
scenario. Although a spam filter might filter a spear phishing attack, it does not provide assurances
about who sent an email. A training program would help educate employees about attacks and would
help prevent the success of these attacks, but it doesn't provide assurances about who sent an email.
Metrics can measure the success of a training program.
Attackers are targeting C-level executives in your organization. Which type of attack is this?
D. Whaling is a type of phishing that targets high-level executives, such as CEOs, CIOs, and
CFOs. Because whaling is more specific than phishing, phishing isn't the best answer. Vishing is
similar to phishing, but it uses the phone instead. Spam is unwanted email, but spam isn't necessarily
You manage a group of computers in an isolated network without Internet access. You need to
update the antivirus definitions manually on these computers. Which of the following choices is the
MOST important concern?
A. Running a full scan of the systems before installing the new definitions
B. Running a full scan of the systems after installing the new definitions
C. Ensuring the definition file hash is equal to the hash on the antivirus vendor's web site
D. Ensuring the update includes all signature definitions
C. When downloading files as important as antivirus definitions, it's important to ensure they do
not lose data integrity, and you can do so by verifying the hashes. It's not necessary to run a full scan
either before or after installing new definitions, but the new definitions will help.
A user wants to reduce the threat of an attacker capturing her personal information while she surfs
the Internet. Which of the following is the BEST choice?
A. Antivirus software
B. Anti-spyware software
C. Pop-up blocker
B. Anti-spyware is the best choice to protect an individual's personal information while online.
Many antivirus software applications include anti-spyware components, but not all of them do. A
pop-up blocker prevents pop-up windows, caused by adware. Whitelisting identifies specific
applications authorized on a system, but does not necessarily prevent the theft of personal
Bart is complaining that new browser windows keep opening on his computer. Which of the
following is the BEST choice to stop these in the future?
C. Pop-up blocker
D. Antivirus software
C. A pop-up blocker is the best choice to stop these windows, which are commonly called popup
windows. They might be the result of malware or adware, but more malware or adware will not
stop them. Some antivirus software may block the pop-ups, but a pop-up blocker is the best choice.
Your organization recently suffered a loss from malware that wasn't previously known by any
trusted sources. Which type of attack is this?
A. Phishing attack
C. Buffer overflow
D. Integer overflow
B. A zero-day exploit is one that isn't known by trusted sources such as antivirus vendors or
operating system vendors. Trusted sources know about many phishing attacks, buffer overflow
attacks, and integer overflow attacks.
Homer received an email advertising the newest version of a popular smartphone, which is not
available elsewhere. It includes a malicious link. Which of the following principles is the email
C. The attacker is using scarcity to entice the user to click the link. A user might realize that
clicking on links from unknown sources is risky, but the temptation of getting the new smartphone
might cause the user to ignore the risk.