Review Questions

1. 

This is considered a type of virus that can replicate itself. However, it does not attach to other programs. It can remain resident in memory and keep in contact with other segmented pieces of itself until triggered. What type of virus is it?

1. Zoo.

2. Boot sector.

3. Macro.

4. Worm.

5. Trojan.

6. All of the above.

7. None of the above.

2. 

This is used to describe viruses that are not contained within controlled environments. It describes viruses that commonly attack networks and systems that are used at home and in businesses on a regular daily basis. What is being described?

1. In the Zoo.

2. In the Trojan.

3. In the wild.

4. In the Worm.

5. None of the above.

3. 

These types of viruses associate themselves with .com and .exe files. What are they?

1. File infectors.

2. System or boot infectors.

3. Retroviruses.

4. Spyware.

5. Payload viruses.

6. None of the above.

4. 

This term represents unwanted or unwelcome code such as Trojans, viruses, and worms. What is this term?

1. Macro viruses.

2. Freeware.

3. Shareware.

4. Malware.

5. All of the above.

5. 

Which type of threat can cause mass damage to a network or system by combining the characteristics of several types of viruses and other malicious code?

1. VWT threat.

2. Variant threat.

3. Blended threat.

4. Stealth threat.

5. None of the above.

6. 

This is something commonly left behind by disgruntled programmers, developers, or network administrators who have a grudge or a score to settle. What is it?

1. Keys.

2. Virus threat rating.

3. Logic bomb.

4. Stealth bomb.

5. None of the above.

7. 

Which of the following refers to mass-mailer worms that are attached to mail messages and can use a contact list or address book to widely be distributed?

1. .enc.

2. .dr.

3. @mm.

4. .mmm.

5. @enc.

6. @mdr.

7. None of the above.

8. 

Which of the following is a mass-mailer worm whose payload is triggered on the 13th of most months?

1. W32.Nimda.A@mm.

2. Chernobyl.

3. W97M.Melissa.A .

4. W32.Kriz.

5. W32.Klez.A@mm.

6. All of the above.

7. None of the above.

9. 

Which of the following are considered to be Trojan horse remote administrative threats that exist in the wild? (Choose three)

1. NetBus.

2. Nimda.

3. Backdoor.Subseven.

4. ILOVEYOU.

5. Back Orifice.

6. None of the above.

10. 

Where are unencrypted passwords stored in UNIX?

1. /etc/shadow file.

2. C:\winnt\system32\drivers\etc.

3. /etc/passwd file.

4. /dev.

5. /tmp.

6. None of the above.

11. 

Which command is used for backup purposes in UNIX and Linux?

1. Backup.

2. Archive.

3. tar.

4. kill.

5. rlogin.

6. None of the above.

12. 

What is the administrator account called in Windows?

1. A security weakness.

2. Admin.

3. Supervisor.

4. root.

5. Administrator.

6. None of the above.

1. 

Correct answer = D

A worm is a type of virus that gets its name from its inherent ability to spread itself to other networked systems, remain resident in memory and keep in contact with other segmented pieces of itself until triggered by a certain event to the duplicate and spread itself. A Zoo virus threat is a threat that only exists in contained, controlled antivirus lab. System or boot infectors are viruses that are commonly known to attach themselves to and damage system files such as a hard drives Master Boot Record (MBR) or the boot sector on a floppy disk. A macro virus is virus that utilizes another applications, such as Microsoft Word or Excel. You were warned! It is very important to understand that while Worms and viruses duplicate themselves Trojans do not.

2. 

Correct answer = C

Viruses that are “in the wild” exist and spread on systems and in networks that are commonly used on a daily basis. Virus that are wild are also viruses that exist outside of contained and controlled environments, such as registered scientific antivirus research systems. All other choices are invalid.

3. 

Correct answer = A

File infectors are viruses that attach themselves to files that can typically be executed. They associate themselves with .exe and .com files. System or boot infectors are viruses that are commonly known to attach themselves to and damage system files, such as a hard drives, the Master Boot Record (MBR), or the boot sector on a floppy disk. A retrovirus is a virus that is designed to first attack antivirus software programs with the intent of passing through undetected. Spyware is a program or piece of software that resides hidden on a system that monitors and logs the systems or another systems activities. All other choices are invalid.

4. 

Correct answer = D

Malware is shorthand for malicious code. Malware can be viruses, Trojans, or worms. Macro viruses utilize applications such as Microsoft Word or Excel, macro code, or programming language to be distributed. Freeware is software that is distributed by its copyright owner for free. The copyright owner usually retains the right to be the freeware’s sole distributor. Shareware is software that is distributed freely by its owner. If you like it, you are supposed to pay for it.

5. 

Correct answer = C

Blended threats are viruses that combine the most lethal characteristics of viruses, worms, and Trojans in order to cause mass destruction. All other choices are invalid.

6. 

Correct answer = C

Disgruntled former employees with a grudge or a score to settle often leave behind logic Bombs. Although many folks are required to leave their office or other work related keys behind, this is not the appropriate answer to this question. A virus threat or risk rating is a calculated value that represents the possible level of severity or threat that an identified virus or piece of malicious code represents to a computer system. Answers D and E are invalid.

7. 

Correct answer = C

@mm refers to mass-mailer worms—viruses that attach themselves to malicious mail and are sent to contacts in an address or distribution list automatically. The . enc refers to a file that has been encrypted or encoded. The .dr refers to files that are considered to be dropper files. These are programs that drop a virus or worm onto a victim’s computer system. All other choices are invalid.

8. 

Correct answer = E

W32.Klez.A@mm is a mass-mailing e-mail worm threat that exploits known weaknesses associated with Microsoft Outlook Express and Microsoft Outlook. (Remember what the “mm” means?) The virus in known to release itself when the system date reached the 13th in January, March, May, July, September, and November. W32.Nimda.A@mm proliferates through e-mail attachments and uses the Unicode Web Traversal exploit. It is not specifically triggered on the 13th of most months. Chernobyl or W98.CIH or just CIH, is an older space filler virus that targets earlier versions of operating systems such as Microsoft Windows 95 and Windows 98. It is triggered on April 26th. The Melissa (W97M.Melissa.A) virus is a macro virus that spreads very quickly when its payload is released or executed. The W32.Kriz virus is a virus similar to the Chernobyl virus, which typically resides in computer systems memory. Its payload is triggered on December 25th of most years.

9. 

Correct answers = A, C, and E

The Backdoor.Subseven, Back Orifice, and NetBus are considered to be Trojan horse remote administrative threats that exist in the wild. All other choices are invalid.

10. 

Correct answer = C

By default, unencrypted passwords are stored in the /etc/passwd file using UNIX or Linux. Encrypted passwords are stored in the /etc/shadow file. C:\winnt\system32\drivers\etc is a location used to hold files in Windows operating Systems. The /dev area contains files that point to the physical devices that are attached to the system using UNIX or Linux. The /tmp directory stores temporary files and is referred to as the scratch area.

11. 

Correct answer = C

In UNIX or Linux, tar is similar to the DOS copy command; it is used for archival and backup purposes. The kill command is used to terminate application processes. The rlogin command is used to initiate remote access sessions. All other choices are invalid.

12. 

Correct answer = E

In Windows, the default account with administrative privileges is called Administrator. Older Novell operating system versions use Supervisor as the administrative account. In UNIX or Linux, root is the administrator equivalent.