Which of the following is NOT one of the recognized virus or malware phases? Triggering Execution Dormant Stealth Briefly describe what “ blended attack ” means with regard to malware. Match the...

1 answer below »


  1. Which of the following is
    NOT
    one of the recognized virus or malware phases?



  1. Triggering



  2. Execution

  3. Dormant

  4. Stealth



  1. Briefly describe what “blended attack” means with regard to malware.





  1. Match the following with the words that

    best

    describe them.




Rootkit; Social engineering; Spyware; Worm; Malicious mobile code;






Backdoor; Bot/Zombie; Cross-site scripting; Zero-day exploits


  1. An injection of malicious code/script into a vulnerable website so that a visitor’s browser will execute it ____________________

  2. Replicating program that propagates over a network ____________________

  3. Lightweight program that is downloaded from a remote system and executed locally with minimal or no user intervention ____________________

  4. An attack/activity that takes advantage of a previously unknown vulnerability ____________________

  5. Mechanism that bypasses normal security to allow unauthorized access ____________________

  6. Program taking over network attached computers to launch hard to trace attacks ____________________



  1. Identify and briefly describe the key characteristic of any one of the primary anti-virus software approaches/generations/forms.





  1. Which of the following is the advanced characteristic of malware which indicates it uses multiple infection vectors?



  1. Polymorphic

  2. Multipartite

  3. Stealth

  4. Metamorphic




  1. TRUE / FALSE
    The graph that a typical worm propagation model creates is a straight, nearly 45o
    diagonal line similar to this:





  1. What are
    two
    categories of “
    resources
    ” that could be attacked/exhausted as the result of a denial of service attack?





  1. What type of packets could be used for flooding DoS attacks?



  1. ICMP

  2. TCP SYN

  3. UDP

  4. All of the above



  1. Identify and briefly describe an important architectural element/feature that is typically used to make a denial of service attack “
    Distributed
    .”





  1. Which of the following most correctly explains the difference between a

    reflection attack

    and an

    amplification attack
    ?



  1. A reflection attack is a sub-category of amplification attacks that differs in that it sends packets to hosts instead of servers.

  2. Amplification attacks are distributed, and reflection attacks are not.

  3. An amplification attack is a variation of a reflection attack that differs in that it generates multiple response packets for each original packet sent.

  4. They are essentially the same thing.



  1. Identify and briefly describe
    two
    important defensive steps or mechanisms that can be used against DDoS attacks.





  1. Which of the following is
    most
    important in the success of DoS attacks? (3 pts)



  1. Stealth

  2. Control

  3. Message content

  4. Volume



  1. Briefly define what is meant by an “insider” or “inside threat”
    AND
    identify
    two
    things an insider might do on your network or system.





  1. Which of the following is the
    best
    definition of the scanning phase of an attack?



  1. Detecting vulnerabilities

  2. Finding systems

  3. Maintaining access

  4. Exploiting vulnerabilities



  1. Briefly describe the difference between a “
    white hat hacker
    ” and a “
    black hat hacker
    ” in today’s environment.





  1. Which of the following is
    NOT
    a typical IDS component?



  1. Analyzers

  2. Logger

  3. User interface

  4. Sensors



  1. Match the following terms with the words that

    best

    describe them



Anomaly Detection
;

Network based IDS
;

Host based IDS; Signature Detection


  1. Monitors characteristics and events on a single host for suspicious activity ____________________

  2. Observation of events on a system and applying a set of rules to decide if intruder activity is involved ____________________

  3. Monitors network traffic for suspicious activity ____________________

  4. Collection and analysis of data relating to the behavior of legitimate users over a period of time ____________________



  1. Identify any of the “measures that may be used for intrusion detection” (things/events that IDS look for)
    AND
    discuss how monitoring this measure might lead to a “
    false alarm
    ” by your IDS. (2 parts)






  1. TRUE / FALSE
    A honeypot or honeynet is a defensive “sticky” area of your network meant to slow the attacker down by filtering their traffic.



  1. List
    three design goals
    (desired characteristics) for a firewall.





  1. Which of the following is
    NOT
    true with regard to

    Packet Filtering firewalls
    ?



  1. Monitors the status of TCP connections

  2. Examines information in packet headers

  3. Can discard or forward inspected packets

  4. Examines source and destination addresses



  1. Which of the following is
    TRUE
    with regard to

    Stateful Inspection firewalls
    ?



  1. Only reviews header information

  2. Evaluates the data/content of a packet for legality

  3. Does not consider port numbers

  4. Tracks TCP sequence numbers in decision making



  1. How does Unified Threat Management (UTM) differ from a firewall? (3 pts)





  1. Match the following with the words that best describe them.




Bastion Host
;

Application gateway; Circuit-level gateway;





Personal firewall; UTM; DMZ
;

SNORT;


Sandbox;


  1. Network area which provides a protective barrier between external/untrusted sources of traffic and an internal network ____________________

  2. An isolated system area used to quarantine code ____________________

  3. Middle man for TCP connections between an inside user and an outside host


____________________

  1. Controls traffic flow to/from a PC/workstation ____________________

  2. Critical strongpoint in network ____________________

  3. Acts as a relay of application-level traffic ____________________




  1. TRUE / FALSE
    The ordering of firewall rules does not impact the proper operation of a firewall.





  1. In your own layman’s words, explain what a

    buffer overflow

    is
    AND
    identify
    one
    (1) possible immediate impact a buffer overflow can result in (in other words, identify something bad that could happen next).





  1. Which of the following
    best
    describes a key thing that must be identified to successfully implement a buffer overflow attack?



  1. Must understand how a program has been fuzzed

  2. Must identify exactly how many characters of input are expected

  3. Must understand how/where the buffer is stored

  4. Must identify the exact sequence of calls to libraries in a program



  1. Name
    three
    (3) areas of computer memory that overflow attacks can typically target.





  1. Which of the following
    best
    describes why some high-level programming languages are less vulnerable to buffer overflows?



  1. Mandatory use of guard bands in memory

  2. Strong notion of type for variables and valid operations

  3. The mixing of assembly language and graphical interfaces

  4. No buffers are used



  1. Which of the following is
    NOT
    true with regard to the use of

    Shellcode

    in overflow attacks?



  1. Can be saved in buffer being overflowed

  2. Requires only rudimentary knowledge of scripting

  3. Specific to processor and operating system

  4. Used to transfer control to a command line/shell



  1. Name and very briefly describe
    two
    approaches or mechanisms used to defend against buffer overflow attacks.



005_cienajo-4tx5rd2f.docx
Answered Same DayDec 22, 2021

Answer To: Which of the following is NOT one of the recognized virus or malware phases? Triggering Execution...

Robert answered on Dec 22 2021
125 Votes
TSM615 Spring 2013 Exam2
1
1. Which of the following is NOT one of the recognized virus or malware phases?
a) Triggering
b) Execution
c) Dormant
d) Stealth
Answer: d) Stealth
2. Briefly describe what “blended attack” means with regard to malware.
Blended attack consists of package that contains multiple types of malware. They are the kind of
attack that uses multiple ways to infect or transmit by more than one means of propagation.
3. Match the following with the words that best describe them.
Rootkit; Social engineering; Spyware; Worm; Malicious mobile code;
Backdoor; Bot/Zombie; Cross-site scripting; Zero-day exploits
a) An injection of malicious code/script into a vulnerable website so that a visitor’s browser
will execute it Cross-site scripting
b) Replicating program that propagates over a network Worm
c) Lightweight program that is downloaded from a remote system and executed locally with
minimal or no user intervention Malicious mobile code
d) An attack/activity that takes advantage of a previously unknown vulnerability Zero-day
exploits
e) Mechanism that bypasses normal security to allow unauthorized access Backdoor
f) Program taking over network attached computers to launch hard to trace attacks Social
engineering
4. Identify and briefly describe the key characteristic of any one of the primary anti-virus
software approaches/generations/forms.
Answer: AVG antivirus software has following key characteristics:
a) It uses different layers of protection.
b) It scans the system against viruses and kills them
c) AVG social networking protection features are activated on installation of AVG software.
5. Which of the following is the advanced characteristic of malware which indicates it uses
multiple infection vectors?
a) Polymorphic
b) Multipartite
c) Stealth
2
d) Metamorphic
Answer: b) Multipartite
6. TRUE / FALSE The graph that a typical worm propagation model creates is a straight,
nearly 45
o
diagonal line similar to this:
Answer: False
7. What are two categories of “resources” that could be attacked/exhausted as the result of a
denial of service attack?
Answer: Two categories of resources are CPU resources and bandwidth that the network
offered.
8. What type of packets could be used for flooding DoS attacks?
a) ICMP
b) TCP SYN
c) UDP
d) All of the above
Answer d) All of the above
9. Identify and briefly describe an important architectural element/feature that is typically used
to make a denial of service attack “Distributed.”
Answer: In Distributed denial of service attack (DDoS), hacker breaks the system and takes
control of several systems on the internet. An important architectural element that is used to
make DDoS attack are DDoS agent and DDoS handler. Hacker plants software called DDoS
agent and then uses software called DDoS handler to control the agents.
#
inf
ec
te
d
sy
st
e
m
s
time
3
10. Which of the following most correctly explains the difference between a reflection attack
and an amplification attack?
a) A reflection attack is a sub-category of amplification attacks that differs in that it sends
packets to hosts instead of servers.
b) Amplification attacks are distributed, and reflection attacks are not.
c) An amplification attack is a variation of a reflection attack that differs in that it generates
multiple response packets for each original packet sent.
d) They are essentially the same thing.
Answer: C)
11. Identify and briefly...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?