Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives multiple different answers for what the malware package is. What has occurred?

Different vendors used different names for malware packages.

The package contains more than one piece of malware.

The malware is polymorphic and changed while being tested.

Nancy is concerned that there is a software keylogger on the system she's investigating. What best describes data that may have been stolen?

Keyboard and other input from the user

All files the user accessed while the keylogger was active

Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs an antimalware tool's scanner, the system doesn't show any malware. If he has other data that indicates the system is infected, what should his next step be if he wants to determine what malware may be on the system?

Mount the drive on another system and scan it that way.

Disable the system's antivirus because it may be causing a false negative.

The system is not infected and he should move on.

Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this?

Wipe the drive and reinstall from known good media.

Run multiple antimalware tools and use them to remove all detections.

Use the delete setting in her antimalware software rather than the quarantine setting.

There is no way to ensure the system is safe and it should be destroyed.

What is the key difference between a worm and a virus?

What operating system they run on

Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious?

Open the file using a text editor to review the code.

Run a decompiler against it to allow him to read the code.

Test the code using an antivirus tool.

Submit the Python code to a malware testing website.

Which of the following defenses is most likely to prevent Trojan installation?

Preventing downloads from application stores

Installing patches for known vulnerabilities

Preventing the use of USB drives

Disabling autorun from USB drives

Chapter 3: Malicious Code

Quiz

•

Computers

•

University

•

Practice Problem

•

Easy

Fhaa Lossx

Used 4+ times

FREE Resource

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Ryan wants to prevent logic bombs created by insider threats from impacting his organization. What technique will most effectively limit the likelihood of logic bombs being put in place?

Deploying antivirus software

Using a code review process

Deploying endpoint detection and response (EDR) software

Disabling autorun for USB drives

Answer explanation

Key Phrase: "Prevent logic bombs"

Explanation:
Correct Answer (B): A code review process will identify and prevent logic bombs by scrutinizing code before deployment.
Why others are wrong:
A: Antivirus software is not effective against logic bombs embedded in code.
C: EDR tools focus on detecting active malware, but not code-level threats like logic bombs.
D: Disabling autorun for USB drives won't stop insider threats or logic bombs in code.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Yasmine believes that her organization may be dealing with an advanced rootkit and wants to write IoC definitions for it. Which of the following is not likely to be a useful IoC for a rootkit?

File hashes

Command and control domains

Pop-ups demanding a ransom

Behavior-based identifiers

Answer explanation

Key Phrase: "Not useful IoC for a rootkit"

Explanation:
Correct Answer (C): Rootkits are designed to remain stealthy, so pop-up ransom demands would be an anomaly and not useful as an IoC for a rootkit.
Why others are wrong:
A: File hashes are useful for identifying files associated with rootkits.
B: Command and control domains are crucial for tracking rootkit behavior.
D: Behavior-based identifiers help detect rootkit activity, even if it's hidden.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Nathan works at a school and notices that one of his staff appears to have logged in and changed grades for a single student to higher grades, even in classes that staff member is not responsible for. When asked, the staff member says that they did not perform the action. Which of the following is the most likely way that a student could have gotten access to the staff member's password?

A keylogger

A rootkit

Spyware

A logic bomb

Answer explanation

Key Phrase: "Most likely way to get access to password"

Explanation:
Correct Answer (A): A keylogger would capture the staff member's login credentials, allowing the student to access the system without the staff member's knowledge.
Why others are wrong:
B: A rootkit is used to maintain access, not to capture passwords.
C: Spyware collects data but not specifically passwords or keystrokes.
D: A logic bomb is an event-triggered malware, not relevant to password theft.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?

Command and control

Spyware

A worm

A hijacked web browser

Answer explanation

Key Phrase: "Malicious traffic on TCP 6667"

Explanation:
Correct Answer (A): TCP port 6667 is commonly associated with IRC (Internet Relay Chat), which is often used for botnet command and control.
Why others are wrong:
B: Spyware typically uses HTTP/HTTPS for data exfiltration.
C: Worms spread via vulnerabilities and don’t use specific ports like this.
D: A hijacked web browser would typically use standard web ports (80/443).

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware?

A worm

Crypto malware

A Trojan

A backdoor

Answer explanation

Key Phrase: "Remote access software"

Explanation:
Correct Answer (D): A backdoor provides unauthorized remote access to a system, often installed by attackers for later use.
Why others are wrong:
A: A worm is a self-replicating malware that doesn’t necessarily offer remote access.
B: Crypto malware encrypts data, not used for remote access.
C: A Trojan may contain a backdoor, but "backdoor" is the more specific term.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

What is the primary impact of bloatware?

Consuming resources

Logging keystrokes

Providing information about users and devices to third parties

Allowing unauthorized remote access

Answer explanation

Key Phrase: "Impact of bloatware"

Explanation:
Correct Answer (A): Bloatware uses system resources such as disk space, CPU, and memory without providing any meaningful function.
Why others are wrong:
B: Bloatware doesn’t typically log keystrokes.
C: Bloatware doesn't necessarily gather user information for third parties.
D: Bloatware doesn’t provide remote access.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

What type of malware is used to gather information about a user's browsing habits and system?

A Trojan

Bloatware

Spyware

A rootkit

Answer explanation

Key Phrase: "Gathering browsing habits"

Explanation:
Correct Answer (C): Spyware is designed to monitor and collect information about users’ browsing habits, search history, and other personal data.
Why others are wrong:
A: A Trojan appears to be benign but contains malicious code.
B: Bloatware is typically pre-installed software that isn’t malicious.
D: A rootkit hides malicious software and is not designed to gather user data.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

ADB Quiz #1

Quiz

•

University

20 questions

Quiz Harian Gdevelop MPK

Quiz

•

University

15 questions

Computer and Other Human Inventions

Quiz

•

University

15 questions

Robotics Prelim

Quiz

•

University

17 questions

Archivos

Quiz

•

University

20 questions

Digital and Analog transmission

Quiz

•

University

20 questions

Soal AIJ bulan Agustus 2019 kls xii

Quiz

•

University

15 questions

GIS Unit III

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

30 questions

Quiz 1 Review

Quiz

•

University

Chapter 3: Malicious Code

20 questions

Ryan wants to prevent logic bombs created by insider threats from impacting his organization. What technique will most effectively limit the likelihood of logic bombs being put in place?

Yasmine believes that her organization may be dealing with an advanced rootkit and wants to write IoC definitions for it. Which of the following is not likely to be a useful IoC for a rootkit?

Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?

Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware?

What is the primary impact of bloatware?

What type of malware is used to gather information about a user's browsing habits and system?

Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives multiple different answers for what the malware package is. What has occurred?

Nancy is concerned that there is a software keylogger on the system she's investigating. What best describes data that may have been stolen?

A system in Elaine's company has suddenly displayed a message demanding payment in Bitcoin and claiming that the data from the system has been encrypted. What type of malware has Elaine likely encountered?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers