2.3

Question 1

How does a trojan horse work ?

Answer 1

Software that pretends to be something else.

Question 2

Does a Trojan horse replicate ?

Answer 2

Typically, no.

Question 3

What does a rootkit do ?

Answer 3

Modifies core system files

Question 4

What makes rootkits particulary dangerous ?

Answer 4

Invisible to the OS and therefore can be invisible to standard AV suites.

Question 5

What is the standard way to remove a rootkit ?

Answer 5

Use a removal tool specifically designed for the Rootkit in questions.

Question 6

What is a virus ?

Answer 6

Malware that can replicate itself

Question 7

What prevention method can stop unasigned software from running during the boot process ?

Answer 7

Secure Boot found in most modern UEFI.

Question 8

How is Spyware typically installed ?

Answer 8

Peer to Peer or fake software ads.

Question 9

What are some examples of Spyware ?

Answer 9

Browser monitor and Keyloggers.

Question 10

Why are keyloggers particulary dangerous ?

Answer 10

Your keystrokes are in the clear i.e. not encrypted.

Question 11

How does Ransomware work ?

Answer 11

Malware encrypts your data files. You must then pay for the decryption key.

Question 12

How do crypto miners work ?

Answer 12

Hijack some of your CPU for usage in mining crypto currencies.

Question 13

What is the last ditch method for recovery when resolving a malware issue ?

Answer 13

Windows Recovery Environment.

Question 14

Why is the Windows Recovery Environment a very powerful tool for resolving Malware issues ?

Answer 14

Offers complete control before the system can boot.
Enable/disable services, remove from the cmd prompt or even wipe if necessary.

Question 15

What is the best antiphishing tool ?

Answer 15

(Educating) The User.

Question 16

Give an example of testing end users against phishing attempts ?

Answer 16

Send a phishing email. Find out who clicks and gives up information.

Question 17

When reinstalling the OS, what’s the quickest way to install the new system ?

Answer 17

Recover from a prebuilt image.

Question 18

What option provides the most effective means for malware removal?

Answer 18

OS reinstallation.

Question 19

What type of virus infects the storage drive area containing the necessary data and code used to start the OS ?

Answer 19

Boot sector virus.

Question 20

What is the likely cause of system slow down, files disappearing, or loss disk space ?

Answer 20

A virus

Question 21

What is WinRE ?

Answer 21

Windows recovery enviroment.

Question 22

What does the Reset This PC option in Windows recovery enviroment do ?

Answer 22

OS reinstall, keeps files.

Question 23

What type of malware is designed to provide unauthorized access to a system by creating a backdoor?

Answer 23

Trojan

Question 24

What type of malware is designed to modify a system’s operating system to hide its presence and evade detection?

Answer 24

Rootkit

Question 25

What type of malware is designed to cause physical damage to a system, such as destroying hardware or erasing data?

Answer 25

Virus

Question 26

What type of malware is designed to activate at a specific time or date to perform a malicious action?

Answer 26

Logic bomb

Question 27

Does a virus require human interaction to spread ?

Answer 27

Yes.

Question 28

What is a common first tool technique you can utilize to detect rootkits ?

Answer 28

Secure boot There are other validation techniques but Secure boot is the easiest to access.

Question 29

What does spyware do ?

Answer 29

Obtains information about an individual, organization, or system and then sends it to a malicious actor.

Question 30

In short what is Windows RE ?

Answer 30

A simplified, scaled-back version of the Windows operating system.

Question 31

How do you access WinRE ?

Answer 31

You'd load up WinPE and select the WinRE option.