IS3340 CHAPTER 5 Flashcards Preview

IS3340 SEC. STRAT. IN WINDOWS PLATFORM & APPS. > IS3340 CHAPTER 5 > Flashcards

Flashcards in IS3340 CHAPTER 5 Deck (29):
1

Software that intercepts all incoming (and optionally outgoing) information, scanning each message or file for malware content is called ___?

ANTI-MALWARE SHIELD

2

Software designed to detect and mitigate spyware is called ___?

ANTI-SPYWARE SOFTWARE

3

Software designed to detect and mitigate some types of malware, including mainly viruses, worms, and Trojan horses is called ___?

ANTIVIRUS SOFTWARE

4

A condition in which a running program stores data that is larger than the memory location set aside for the data is called ___?
The extra data spills spills over into adjacent memory, causing other data and possibly instructions to be overwritten. An attacker can place specific data in this area to change the instructions a program executes.

BUFFER OVERFLOW

5

The practice of identifying malware based on previous experience is called ___?

HEURISTICS

6

Software that is designed to infiltrate a target computer and make it do something the attacker has instructed it to do is called ___?

MALICIOUS SOFTWARE

7

A common term used to describe malicious software, including viruses, worms, and Trojan horses, especially in combinations is called ___?

MALWARE

8

Software that modifies or replaces one or more existing programs, often part of the operating system, to hide the fact a computer has been compromised is called a ___?

ROOTKIT

9

The unique set of instructions that make up an instance of malware and distinguish it from other malware is called ___?

SIGNATURE

10

An organized collection of malware signatures used by antivirus or anti-spyware (or other anti-malware) software to identify malware is called ___?

SIGNATURE DATABASE

11

Software that covertly monitors and records pieces of information such as Web surfing activities and all data process by the browser is called ___?

SPYWARE

12

Software that masquerades as an apparently harmless program or data file but contains malware instructions is called ___?

TROJAN HORSE

13

A software program that attaches itself to, or copies itself into, another program for the purpose of causing the computer to follow instructions that were not intended by the original program developer is called ___?

VIRUS

14

Active malware that either exploits an unknown vulnerability or one for which no fix has yet been released is called ___?

ZERO-DAY ATTACK

15

1. Which type of malware is a standalone program that replicates and sends itself to other computers?

1. Worm
2. Virus
3. Rootkit
4. Trojan

Worm

16

2. Which type of malware modifies or replaces parts of the operating system to hide the fact that the computer has been compromised?

1. Worm
2. Virus
3. Rootkit
4. Trojan

Rootkit

17

3. Which type of malware disguises itself as a useful program?

1. Worm
2. Virus
3. Rootkit
4. Trojan

Trojan

18

4. Which term describes a unique set of instructions that identify malware code?

1. Fingerprint
2. Signature
3. Rule set
4. Heuristic

Signature

19

5. Which of the following terms means identifying the malware based on past experience?

1. Heuristic analysis
2. Log file analysis
3. Signature analysis
4. Historical analysis

Heuristic analysis

20

6. A signature database that is one month old may potentially expose that computer to how many new threats?

1. 200
2. 1400
3. 3000
4. 6000

6000

21

7. Which of the following terms describes a secure location to store identified malware?

1. Safe
2. Vault
3. Signature database
4. Secure Storage

Vault

22

8. Which of the following anti-malware components is also referred to as a real-time scanner?

1. Shield
2. Scanner
3. Heuristic engine
4. Antivirus software

Shield

23

9. Which anti-malware tool is included with Windows 7?

1. Windows AntiVirus
2. Windows Doctor
3. Windows Defender
4. Windows Sweeper

Windows Defender

24

10. Which of the following best describes a zero-day attack?

1. Malware that no longer is a threat
2. Malware that can exploit a vulnerability but has not yet been released
3. Malware that is actively exploiting vulnerabilities on computers that have not applied the latest patches
4. Malware that is actively exploiting an unknown vulnerability

Malware that is actively exploiting an unknown vulnerability

25

11. What is the best first step to take when malware is discovered soon after installing new software?

1. Uninstall the new software
2. Scan for malware
3. Update the new software
4. Install additional anti-malware software

Uninstall the new software

26

12. What is the best first step to take if initial actions to remove malware are not successful?

1. Install additional anti-malware software
2. Rescan for malware
3. Update the signature database
4. Disconnect the computer from the network

Disconnect the computer from the network

27

13. The Morris worm exploited this vulnerability:
____?

Buffer overflow

28

14. Which type of malware covertly primarily collects pieces of information?

1. Spyware
2. Trojan
3. Virus
4. Rootkit

Spyware

29

15. Why is a rootkit so difficult to detect?

1. Most anti-malware tools don't scan for rootkits
2. A rootkit gives administrator privileges to an attacker
3. A rootkit does not run in memory
4. A rootkit may have modified the tools used to detect it

A rootkit may have modified the tools used to detect it