Chapter 2 - Computer Systems Security Flashcards
A group of compromised computers that have software installed by a worm is known as which of the following? A.Botnet B.Virus C.Honeypot D.Zombie
A.A botnet is a group of compromised computers, usually working together, with malware that was installed by a worm or a Trojan horse.
What are some of the drawbacks to using HIDS instead of NIDS on a server? (Select the two best answers.)
A.A HIDS may use a lot of resources that can slow server performance.
B.A HIDS cannot detect operating system attacks.
C.A HIDS has a low level of detection of operating system attacks.
D.A HIDS cannot detect network attacks.
A and D.Host-based intrusion detection systems (HIDS) run within the operating system of a computer. Because of this, they can slow a computer’s performance. Most HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating system attack and will usually have a high level of detection for those attacks.
Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.) A.Virus B.Worm C.Zombie D.Malware
C.Zombies (also known as zombie computers) are systems that have been compromised without the knowledge of the owner. A prerequisite is the computer must be connected to the Internet so that the hacker or malicious attack can make its way to the computer and be controlled remotely. Multiple zombies working in concert often form a botnet. See the section “Computer Systems Security Threats” earlier in this chapter for more information.
Which of the following is the best mode to use when scanning for viruses? A.Safe Mode B.Last Known Good Configuration C.Command Prompt only D.Boot into Windows normally
A.Safe Mode should be used (if your AV software supports it) when scanning for viruses.
Which of the following is a common symptom of spyware? A.Infected files B.Computer shuts down C.Applications freeze D.Pop-up windows
D.Pop-up windows are common to spyware. The rest of the answers are more common symptoms of viruses.
What are two ways to secure the computer within the BIOS? (Select the two best answers.)
A.Configure a supervisor password.
B.Turn on BIOS shadowing.
C.Flash the BIOS.
D.Set the hard drive first in the boot order.
A and D.Configuring a supervisor password in the BIOS disallows any other user to enter the BIOS and make changes. Setting the hard drive first in the BIOS boot order disables any other devices from being booted off, including floppy drives, optical drives, and USB flash drives. BIOS shadowing doesn’t have anything to do with computer security, and although flashing the BIOS may include some security updates, it’s not the best answer.
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason? A.Virus B.Worm C.Zombie D.PHP script
B.A worm is most likely the reason that the server is being bombarded with information by the clients; perhaps it is perpetuated by a botnet. Because worms self-replicate, the damage can quickly become critical.
Which of the following is not an example of malicious software? A.Rootkits B.Spyware C.Viruses D.Browser
D.A web browser (for example, Internet Explorer) is the only one listed that is not an example of malicious software. Although a browser can be compromised in a variety of ways by malicious software, the application itself is not the malware.
Which type of attack uses more than one computer? A.Virus B.DoS C.Worm D.DDoS
D.A DDoS, or distributed denial of service, attack uses multiple computers to make its attack, usually perpetuated on a server. None of the other answers use multiple computers.
What are the two ways that you can stop employees from using USB flash drives? (Select the two best answers.) A.Utilize RBAC. B.Disable USB devices in the BIOS. C.Disable the USB root hub. D.Enable MAC filtering.
B and C.By disabling all USB devices in the BIOS, a user cannot use his flash drive. Also, the user cannot use the device if you disable the USB root hub within the operating system.
Which of the following does not need updating? A.HIDS B.Antivirus software C.Pop-up blockers D.Antispyware
C.Pop-up blockers do not require updating to be accurate. However, host-based intrusion detection systems, antivirus software, and antispyware all need to be updated to be accurate.
Which of the following are Bluetooth threats? (Select the two best answers.) A.Bluesnarfing B.Blue bearding C.Bluejacking D.Distributed denial of service
A and C.Bluesnarfing and bluejacking are the names of a couple Bluetooth threats. Another attack could be aimed at a Bluetooth device’s discovery mode. To date there is no such thing as blue bearding, and a distributed denial of service attack uses multiple computers attacking one host.
What is a malicious attack that executes at the same time every week? A.Virus B.Worm C.Bluejacking D.Logic bomb
D.A logic bomb is a malicious attack that executes at a specific time. Viruses normally execute when a user inadvertently runs them. Worms can self-replicate at will. And bluejacking deals with Bluetooth devices.
Which of these is true for active inception?
A.When a computer is put between a sender and receiver
B.When a person overhears a conversation
C.When a person looks through files
D.When a person hardens an operating system
A.Active inception (aka active interception) normally includes a computer placed between the sender and the receiver to capture information.
Tim believes that his computer has a worm. What is the best tool to use to remove that worm? A.Antivirus software B.Antispyware software C.HIDS D.NIDS
A.Antivirus software is the best option when removing a worm. It may be necessary to boot into Safe Mode to remove this worm when using antivirus software.
Which of the following types of scanners can locate a rootkit on a computer? A.Image scanner B.Barcode scanner C.Malware scanner D.Adware scanner
C.Malware scanners can locate rootkits and other types of malware. These types of scanners are often found in antimalware software from manufacturers such as McAfee, Norton, Vipre, and so on. Adware scanners (often free) can scan for only adware. Always have some kind of antimalware software running on live client computers!
Which type of malware does not require a user to execute a program to distribute the software? A.Worm B.Virus C.Trojan horse D.Stealth
A.Worms self-replicate and do not require a user to execute a program to distribute the software across networks. All the other answers do require user intervention. Stealth refers to a type of virus.
Which of these is not considered to be an inline device? A.Firewall B.Router C.CSU/DSU D.HIDS
D.HIDS or host-based intrusion detection systems are not considered to be an inline device. This is because they run on an individual computer. Firewalls, routers, and CSU/DSUs are inline devices.
Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat? A.Spyware B.Spam C.Viruses D.Botnets
B.Closing open relays, whitelisting, and blacklisting are all mitigation techniques that address spam. Spam e-mail is a serious problem for all companies and must be filtered as much as possible.
How do most network-based viruses spread? A.By CD and DVD B.Through e-mail C.By USB flash drive D.By floppy disk
B.E-mail is the number one reason why network-based viruses spread. All a person needs to do is double-click the attachment within the e-mail, and the virus will do its thing, which is most likely to spread through the user’s address book. Removable media such as CDs, DVDs, USB flash drives, and floppy disks can spread viruses but are not nearly as common as e-mail.
Which of the following defines the difference between a Trojan horse and a worm? (Select the best answer.)
A.Worms self-replicate but Trojan horses do not.
B.The two are the same.
C.Worms are sent via e-mail; Trojan horses are not.
D.Trojan horses are malicious attacks; worms are not.
A.The primary difference between a Trojan horse and a worm is that worms will self-replicate without any user intervention; Trojan horses do not self-replicate.
Which of the following types of viruses hides its code to mask itself? A.Stealth virus B.Polymorphic virus C.Worm D.Armored virus
D.An armored virus attempts to make disassembly difficult for an antivirus software program. It thwarts attempts at code examination. Stealth viruses attempt to avoid detection by antivirus software altogether. Polymorphic viruses change every time they run. Worms are not viruses.
Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user’s computer? A.Worm B.Virus C.Trojan D.Spam
C.A Trojan, or a Trojan horse, appears to be legitimate and looks like it’ll perform desirable functions, but in reality it is designed to enable unauthorized access to the user’s computer.
Which of the following would be considered detrimental effects of a virus hoax? (Select the two best answers.)
A.Technical support resources are consumed by increased user calls.
B.Users are at risk for identity theft.
C.Users are tricked into changing the system configuration.
D.The e-mail server capacity is consumed by message traffic.
A and C.Because a virus can affect many users, technical support resources can be consumed by an increase in user phone calls and e-mails. This can be detrimental to the company because all companies have a limited amount of technical support personnel. Another detrimental effect is that unwitting users may be tricked into changing some of their computer system configurations. The key term in the question is “virus hoax.” If the e-mail server is consumed by message traffic, that would be a detrimental effect caused by the person who sent the virus and by the virus itself but not necessarily by the hoax. Although users may be at risk for identity theft, it is not one of the most detrimental effects of the virus hoax.
