Chapter 3: Malicious Code University Quiz

1.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Ryan wants to prevent logic bombs created by insider threats from impacting his organization. What technique will most effectively limit the likelihood of logic bombs being put in place?

Deploying antivirus software

Using a code review process

Deploying endpoint detection and response (EDR) software

Disabling autorun for USB drives

Answer explanation

Key Phrase: "Prevent logic bombs"

Explanation:
Correct Answer (B): A code review process will identify and prevent logic bombs by scrutinizing code before deployment.
Why others are wrong:
A: Antivirus software is not effective against logic bombs embedded in code.
C: EDR tools focus on detecting active malware, but not code-level threats like logic bombs.
D: Disabling autorun for USB drives won't stop insider threats or logic bombs in code.

2.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Yasmine believes that her organization may be dealing with an advanced rootkit and wants to write IoC definitions for it. Which of the following is not likely to be a useful IoC for a rootkit?

File hashes

Command and control domains

Pop-ups demanding a ransom

Behavior-based identifiers

Answer explanation

Key Phrase: "Not useful IoC for a rootkit"

Explanation:
Correct Answer (C): Rootkits are designed to remain stealthy, so pop-up ransom demands would be an anomaly and not useful as an IoC for a rootkit.
Why others are wrong:
A: File hashes are useful for identifying files associated with rootkits.
B: Command and control domains are crucial for tracking rootkit behavior.
D: Behavior-based identifiers help detect rootkit activity, even if it's hidden.

3.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Nathan works at a school and notices that one of his staff appears to have logged in and changed grades for a single student to higher grades, even in classes that staff member is not responsible for. When asked, the staff member says that they did not perform the action. Which of the following is the most likely way that a student could have gotten access to the staff member's password?

A keylogger

A rootkit

Spyware

A logic bomb

Answer explanation

Key Phrase: "Most likely way to get access to password"

Explanation:
Correct Answer (A): A keylogger would capture the staff member's login credentials, allowing the student to access the system without the staff member's knowledge.
Why others are wrong:
B: A rootkit is used to maintain access, not to capture passwords.
C: Spyware collects data but not specifically passwords or keystrokes.
D: A logic bomb is an event-triggered malware, not relevant to password theft.

4.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?

Command and control

Spyware

A worm

A hijacked web browser

Answer explanation

Key Phrase: "Malicious traffic on TCP 6667"

Explanation:
Correct Answer (A): TCP port 6667 is commonly associated with IRC (Internet Relay Chat), which is often used for botnet command and control.
Why others are wrong:
B: Spyware typically uses HTTP/HTTPS for data exfiltration.
C: Worms spread via vulnerabilities and don’t use specific ports like this.
D: A hijacked web browser would typically use standard web ports (80/443).

5.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware?

A worm

Crypto malware

A Trojan

A backdoor

Answer explanation

Key Phrase: "Remote access software"

Explanation:
Correct Answer (D): A backdoor provides unauthorized remote access to a system, often installed by attackers for later use.
Why others are wrong:
A: A worm is a self-replicating malware that doesn’t necessarily offer remote access.
B: Crypto malware encrypts data, not used for remote access.
C: A Trojan may contain a backdoor, but "backdoor" is the more specific term.

6.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

What is the primary impact of bloatware?

Consuming resources

Logging keystrokes

Providing information about users and devices to third parties

Allowing unauthorized remote access

Answer explanation

Key Phrase: "Impact of bloatware"

Explanation:
Correct Answer (A): Bloatware uses system resources such as disk space, CPU, and memory without providing any meaningful function.
Why others are wrong:
B: Bloatware doesn’t typically log keystrokes.
C: Bloatware doesn't necessarily gather user information for third parties.
D: Bloatware doesn’t provide remote access.

7.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

What type of malware is used to gather information about a user's browsing habits and system?

A Trojan

Bloatware

Spyware

A rootkit

Answer explanation

Key Phrase: "Gathering browsing habits"

Explanation:
Correct Answer (C): Spyware is designed to monitor and collect information about users’ browsing habits, search history, and other personal data.
Why others are wrong:
A: A Trojan appears to be benign but contains malicious code.
B: Bloatware is typically pre-installed software that isn’t malicious.
D: A rootkit hides malicious software and is not designed to gather user data.

8.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives multiple different answers for what the malware package is. What has occurred?

The package contains more than one piece of malware.

The service is misconfigured.

The malware is polymorphic and changed while being tested.

Different vendors used different names for malware packages.

Answer explanation

Key Phrase: "Different answers from multiple engines"

Explanation:
Correct Answer (D): Antivirus vendors may use different names for the same malware, leading to multiple results.
Why others are wrong:
A: If the package had multiple pieces of malware, each would likely be identified separately.
B: A misconfiguration is unlikely to cause differing results.
C: Polymorphic malware would change during testing, but this is unlikely in this scenario.

9.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Nancy is concerned that there is a software keylogger on the system she's investigating. What best describes data that may have been stolen?

All files on the system

All keyboard input

All files the user accessed while the keylogger was active

Keyboard and other input from the user

Answer explanation

Key Phrase: "Data stolen by a keylogger"

Explanation:
Correct Answer (D): A keylogger captures all input, including keystrokes and potentially other user input (e.g., mouse movements).
Why others are wrong:
A: Not all files are at risk—only input is captured.
B: Only keyboard input is captured, not all file access.
C: Only keyboard input is typically captured, not general file access.

10.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

A system in Elaine's company has suddenly displayed a message demanding payment in Bitcoin and claiming that the data from the system has been encrypted. What type of malware has Elaine likely encountered?

Worms

A virus

Ransomware

Rootkit

Answer explanation

Key Phrase: "Encrypted data, Bitcoin payment"

Explanation:
Correct Answer (C): Ransomware encrypts data and demands payment, usually in cryptocurrency, for its decryption.
Why others are wrong:
A: Worms spread malware, but they do not typically encrypt data for ransom.
B: A virus would infect systems but does not usually involve encryption for ransom.
D: Rootkits hide malicious actions but don’t typically involve encryption for extortion.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground