CY 200 Chapter 6: Technical Security Management

Questions and Answers

What is the primary purpose of a sandbox in virus-scanning techniques?

• To isolate and run suspected files in a protected area (correct)
• To implement machine learning algorithms in antivirus software
• To detect and remove viruses from the operating system
• To network computers to share virus definitions

What is a 'sheep dip' machine used for in corporate networks?

• To open suspected files in a isolated environment (correct)
• To backup important files to an external drive
• To update antivirus software with new definitions
• To scan email attachments for viruses

How can a virtual machine be used in virus-scanning techniques?

• To scan email attachments for viruses
• To update antivirus software with new definitions
• To open suspected files in a protected environment (correct)
• To run multiple operating systems simultaneously

What is the benefit of using machine learning in antivirus software?

It allows antivirus software to adapt to changing attacks (C)

What is a limitation of the sandbox approach?

It is not 100% effective, but safer than opening files directly (B)

What can be done to a virtual machine to detect logic bombs?

Change the time to trigger the logic bomb (A)

Why is a separate area of memory used in the sandbox approach?

To monitor the behavior of suspected files (D)

What is the primary purpose of machine learning in antivirus software?

To adapt to changing attacks (D)

What is a benefit of using a virtual machine for virus-scanning?

It allows for testing suspected files in a protected environment (C)

Why are some actual virus infections often missed?

Because the sandbox approach is not 100% effective (A)