1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 128
Выбрать главу

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

109. d. Malicious mobile code differs significantly from viruses and worms in that it does not infect files or does not attempt to propagate itself. Instead of exploiting particular vulnerabilities, it often affects systems by taking advantage of the default privileges granted to mobile code. It uses popular languages such as Java, ActiveX, JavaScript, and VBScript. Although mobile code is typically benign, attackers have learned that malicious code can be an effective way of attacking systems, as well as a good mechanism for transmitting viruses, worms, and Trojan horses to users’ workstations.

110. Blended attacks use which of the following?

1. Multiple infection methods

2. Multiple transmission methods

3. Multiple transmission methods simultaneously

4. Multiple infection methods in sequence

a. 1 only

b. 2 only

c. 3 only

d. 1, 2, 3, and 4

110. d. A blended attack is an instance of malware that uses multiple infection or transmission methods. Blended attacks can spread through such services as instant messaging and peer-to-peer (P2P) file sharing. Blended attacks do not have to use multiple methods simultaneously to spread; they can also perform multiple infections in sequence.

111. Backdoors listen for commands on which of the following?

1. Source port

2. Destination port

3. TCP port

4. UDP port

a. 1 only

b. 2 only

c. 1 or 2

d. 3 or 4

111. d. Backdoor is a general term for a malicious program that listens for commands on a certain TCP or UDP port. Most backdoors consist of a client component and a server component. The client resides on the intruder’s remote computer, and the server resides on the infected system. When a connection between client and server is established, the remote intruder has some degree of control over the infected computer. Both source port and destination port are incorrect because they are too generic to be of any use here.

112. A proactive role to protect an organization from computer-related failures, malfunctions, or disasters is to:

a. Train every employee in the emergency procedures.

b. Conduct fire drills regularly every month.

c. Train all IT staff in file rotation procedures.

d. Incorporate recovery requirements into system design.

112. d. Incorporation of recovery requirements into system design can provide automatic backup and recovery procedures. This helps to prepare for disasters in a timely manner. Training every employee in emergency procedures is incorrect because it does not guarantee that they can respond to a disaster in an optimal manner when needed. Conducting fire drills regularly every month is incorrect because the scope of fire drill may not address all possible scenarios. Disaster recovery goes beyond fire drills; although, the fire drill is a good practice. Training all IT staff in file rotation procedures is incorrect because only key people need to be trained.

113. Rootkits are often used to install which of the following attacker tools?

1. Web browser plug-ins

2. E-mail generators

3. Backdoors

4. Keystroke loggers

a. 1 only

b. 2 only

c. 3 only

d. 3 and 4

113. d. A rootkit is a collection of files installed on a system to alter the standard functionality of the system in a malicious and stealthy way. Rootkits are often used to install attacker tools such as backdoors and keystroke loggers on a system.

A Web browser plug-in provides a way for certain types of content to be displayed or executed through a Web browser. Attackers sometimes create malicious plug-ins that act as spyware. An example is the spyware dialer, which uses modem lines to dial phone numbers without the user’s permission or knowledge. Some dialers are in forms other than Web browser plug-ins, such as Trojan horses.

Malware can deliver an e-mail-generating program to a system, which can be used to create and send large quantities of e-mail to other systems without the user’s permission or knowledge. Attackers often configure e-mail generators to send malware, spyware, spam, or other unwanted content to e-mail addresses on a predetermined list.

114. Which of the following are nonmalware threats?

1. Viruses

2. Worms

3. Phishing

4. Virus hoaxes

a. 1 and 2

b. 2 and 3

c. 1 and 3

d. 3 and 4

114. d. There are two forms of nonmalware threats that are often associated with malware. The first is phishing attacks, which frequently place malware or other attacker tools onto systems. The second is virus hoaxes, which are false warnings of new malware threats. Viruses and worms are true forms of malware threats.

115. Which of the following is not an example of a vulnerability mitigation technique for malware?

a. Patch management

b. Antivirus software

c. Least privilege

d. Host hardening measures

115. b. Antivirus software is an example of a threat mitigation technique for malware. Antivirus software, spyware detection and removal utility software, intrusion prevention systems, firewalls and routers, and application settings are security tools that can mitigate malware threats. Malware often attacks systems by exploiting vulnerabilities in operating systems, services, and applications. Vulnerability can usually be mitigated by patch management, least privilege, and host hardening measures.

116. Which of the following application settings used to prevent malware incidents will not stop phishing and spyware delivery?

a. Filtering spam

b. Filtering website content

c. Restricting macro use

d. Blocking Web browser pop-up windows

116. c. Applications such as word processors and spreadsheets often contain macro languages; macro viruses take advantage of this. Most common applications with macro capabilities offer macro security features that permit macros only from trusted locations or prompt the user to approve or reject each attempt to run a macro. Restricting macro use cannot stop phishing and spyware delivery.

Filtering spam is incorrect because spam is often used for phishing and spyware delivery (for example, Web bugs often are contained within spam), and it sometimes contains other types of malware. Using spam-filtering software on e-mail servers or clients or on network-based appliances can significantly reduce the amount of spam that reaches users, leading to a corresponding decline in spam-triggered malware incidents.

Filtering website content is incorrect because website content-filtering software contains lists of phishing websites and other sites that are known as hostile (i.e., attempting to distribute malware to visitors). The software can also block undesired file types, such as by file extension.

~ 128 ~