Week 8 Q's

Question 1

What is the difference between a virus and a worm?

A. A virus spreads through networks, while a worm spreads through physical media
B. A virus modifies existing code, while a worm creates its own code
C. A virus is a standalone executable, while a worm is a script
D. A virus hides in plain sight, while a worm is hard to detect

Answer 1

B

Question 2

What is the purpose of a packer in malware?

A. To compress the code to make it smaller
B. To obfuscate the code to make it harder to analyze
C. To encrypt the code to prevent detection
D. To create a backup of the code in case it is lost

Answer 2

B

Question 3

What is steganography in the context of malware?

A. The use of encryption to hide malware code
B. The use of social engineering to trick users into downloading malware
C. The use of a rootkit to hide malware on a system
D. The use of images or other files to hide malware code

Answer 3

D

Question 4

What is a rootkit?

A. A tool used by malware authors to gain root access to a system
B. A type of malware that is difficult to detect and remove
C. A collection of tools used by malware analysts to analyze malware
D. A tool used by system administrators to manage root-level permissions

Answer 4

B

Question 5

What is the purpose of a sandbox in malware analysis?

A. To run malware in a controlled environment to observe its behavior
B. To isolate infected systems from the network
C. To prevent malware from spreading to other systems
D. To test the effectiveness of antivirus software

Answer 5

A

Question 6

What is the difference between static and dynamic analysis of malware?

A. Static analysis examines the behavior of malware, while dynamic analysis examines its code
B. Static analysis examines the code of malware, while dynamic analysis examines its behavior
C. Static analysis involves running malware in a virtual environment, while dynamic analysis involves
examining the system calls made by malware
D. Static analysis involves examining the network traffic generated by malware, while dynamic
analysis involves examining its registry entries

Answer 6

B

Question 7

What is code obfuscation in malware?

A. The process of encrypting malware code
B. The process of hiding malware code from antivirus software
C. The process of making malware code difficult to read and understand
D. The process of compressing malware code to make it smaller

Answer 7

C

Question 8

What is a packer detection tool?

A. A tool used to detect the presence of malware on a system
B. A tool used to detect the presence of a packer on a binary file
C. A tool used to detect the presence of a rootkit on a system
D. A tool used to detect the presence of a sandbox on a system

Answer 8

B

Question 9

What is an anti-debugging technique in malware?

A. A technique used to detect the presence of a debugger on a system
B. A technique used to prevent malware from being analyzed in a debugger
C. A technique used to encrypt the malware code to prevent debugging
D. A technique used to crash the debugger when it is used to analyze malware

Answer 9

B

Question 10

What is a hooking technique in malware?

A. A technique used to modify system calls to redirect them to malicious code
B. A technique used to detect the presence of a debugger on a system
C. A technique used to hide the presence of malware on a system
D. A technique used to encrypt the malware code to prevent detection

Answer 10

A

Question 11

What is a rootkit hook?

A. A technique used by rootkits to intercept system calls and modify their behavior
B. A technique used by rootkits to encrypt their code to prevent detection
C. A technique used by rootkits to hide their presence on a system
D. A technique used by rootkits to spread to other systems on a network

Answer 11

A

Question 12

What is the difference between a keylogger and a backdoor?

A. A keylogger records keystrokes, while a backdoor provides access to a system
B. A keylogger provides access to a system, while a backdoor records keystrokes
C. A keylogger and a backdoor are the same thing
D. A keylogger and a backdoor are both types of worms

Answer 12

A

Question 13

What is a code injection attack?

A. A technique used by malware to inject code into a running process
B. A technique used by malware to inject code into a website
C. A technique used by malware to inject code into a network packet
D. A technique used by malware to inject code into a file on disk

Answer 13

A

Question 14

What is a heap spray attack?

A. A technique used by malware to fill the heap memory with shellcode
B. A technique used by malware to fill the stack memory with shellcode
C. A technique used by malware to fill the CPU cache with shellcode
D. A technique used by malware to fill the disk cache with shellcode

Answer 14

A

Question 15

What is a return-oriented programming (ROP) attack?

A. A technique used by malware to bypass security mechanisms by reusing small pieces of code from legitimate software
B. A technique used by malware to execute arbitrary code on a system
C. A technique used by malware to modify the stack pointer to redirect program flow
D. A technique used by malware to inject code into a running process

Answer 15

A

Question 16

What is a DLL hijacking attack?

A. A technique used by malware to replace a legitimate DLL with a malicious one
B. A technique used by malware to inject code into a DLL
C. A technique used by malware to modify the import table of a DLL
D. A technique used by malware to modify the export table of a DLL

Answer 16

A

Question 17

What is a rootkit detector tool?

A. A tool used to detect the presence of a rootkit on a system
B. A tool used to detect the presence of a sandbox on a system
C. A tool used to detect the presence of a debugger on a system
D. A tool used to detect the presence of a packer on a binary file

Answer 17

A

Question 18

What is a digital signature in the context of malware analysis?

A. A unique identifier that can be used to verify the integrity of a file
B. A type of encryption used to protect files from unauthorized access
C. A technique used to hide the presence of malware on a system
D. A technique used to modify the code of a running process

Answer 18

A

Question 19

What is the difference between a static and a dynamic signature in malware analysis?

A. A static signature is based on file characteristics, while a dynamic signature is based on behavior
B. A static signature is based on behavior, while a dynamic signature is based on file characteristics
C. A static signature is based on the presence of certain strings in the code, while a dynamic
signature is based on system calls made by the malware
D. A static signature is based on the network traffic generated by the malware, while a dynamic
signature is based on the file size of the malware

Answer 19

A

Question 20

What is a YARA rule?

A. A pattern-matching rule used to identify malware based on certain characteristics
B. A technique used by malware to evade detection by antivirus software
C. A type of code injection attack used by malware to modify running processes
D. A technique used by malware to encrypt its code to prevent detection

Answer 20

A