Malware

Question 1

What is malware?

Answer 1

Malicious software designed to infiltrate computer systems and potentially damage them without user consent

Malware can take various forms and is categorized into types such as viruses, worms, and ransomware.

Question 2

Name three categories of malware.

Answer 2

• Viruses
• Worms
• Ransomware

Question 3

What is a threat vector?

Answer 3

Method used to infiltrate a victim’s machine

Examples include unpatched software and phishing campaigns.

Question 4

What is an attack vector?

Answer 4

Means by which the attacker gains access and infects the system

It combines both the infiltration method and the infection process.

Question 5

What are the characteristics of viruses?

Answer 5

Attach to clean files, spread, and corrupt host files

Question 6

Describe worms.

Answer 6

Standalone programs replicating and spreading to other computers

Question 7

What defines a Trojan?

Answer 7

Disguises as legitimate software, granting unauthorized access

Question 8

What is ransomware?

Answer 8

Encrypts user data, demands ransom for decryption

Question 9

What are zombies and botnets?

Answer 9

Compromised computers remotely controlled in a network for malicious purposes

Question 10

Define rootkits.

Answer 10

Hide presence and activities on a computer, operate at the OS level

Question 11

What are backdoors?

Answer 11

Allow unauthorized access to a system

Question 12

What is a logic bomb?

Answer 12

Malicious code that executes when certain conditions are met

Question 13

What is a keylogger?

Answer 13

Records keystrokes, captures passwords or sensitive information

Question 14

How does spyware function?

Answer 14

Monitors and gathers user/system information

Question 15

What is bloatware?

Answer 15

Software that comes pre-installed on devices that users did not specifically request

Question 16

Fill in the blank: A _______ is a piece of malicious software that can replicate itself without user interaction.

Answer 16

worm

Question 17

True or False: Ransomware guarantees data recovery if the ransom is paid.

Answer 17

False

Question 18

What is a botnet?

Answer 18

Network of compromised computers or devices controlled remotely by malicious actors

Question 19

What is a command and control node?

Answer 19

Computer responsible for managing and coordinating activities of other nodes within a network

Question 20

What is the purpose of a rootkit?

Answer 20

Gain administrative level control over a computer system without being detected

Question 21

What is DLL injection?

Answer 21

Technique used to run arbitrary code within the address space of another process

Question 22

What is a stage one dropper?

Answer 22

Piece of malware created as a lightweight shellcode that can be executed on a system

Question 23

What does ‘living off the land’ mean in cybersecurity?

Answer 23

Exploiting standard tools to perform intrusions

Question 24

What are common indicators of malware attacks? Name two.

Answer 24

• Account lockouts
• Concurrent session utilization

Question 25

What is a common indicator of malware attacks related to user accounts?

Answer 25

Account Lockouts ## Footnote Malware designed for credential theft or brute force attacks can trigger multiple failed login attempts resulting in account lockouts.

Question 26

What does Concurrent Session Utilization indicate in malware detection?

Answer 26

Multiple simultaneous or concurrent sessions from various geographic locations for a single user account ## Footnote This may suggest unauthorized access to the account.

Question 27

What does an increase in Blocked Content alerts signify?

Answer 27

A sudden increase in blocked content alerts from security tools ## Footnote This may indicate potential malware activity or attempts to access restricted content.

Question 28

Define Impossible Travel in the context of malware attacks.

Answer 28

Accessing a user's account from geographically separated locations in an impossibly short period of time ## Footnote This scenario suggests that the account may have been compromised.

Question 29

What is Resource Consumption in relation to malware indicators?

Answer 29

Unusual spikes in CPU, memory, or network bandwidth utilization not linked to legitimate tasks ## Footnote Such spikes may indicate malware activity consuming system resources.

Question 30

What is Ransomware?

Answer 30

A form of malware that encrypts user files to make them inaccessible ## Footnote Ransomware may demand payment to decrypt the affected data.

Question 31

What does Resource Inaccessibility indicate?

Answer 31

A large number of files or critical systems suddenly becoming inaccessible ## Footnote Users may receive messages demanding payment to regain access.

Question 32

What does Out-of-Cycle Logging suggest in malware detection?

Answer 32

Logs generated at odd hours or during times with no legitimate activities ## Footnote This may indicate unauthorized access or activities occurring outside normal operating hours.

Question 33

What does Missing Logs indicate during a log review?

Answer 33

Gaps in logs or cleared logs without authorized reason ## Footnote This may suggest tampering or an attempt to hide malicious activities.

Question 34

What does Published or Documented Attacks refer to?

Answer 34

Reports showing that an organization's network has been infected as part of a botnet or malware-based attack ## Footnote This information can be critical for assessing the security posture of an organization.