CY 200 Chapter 6: Technical Security Management

Questions and Answers

What is the primary purpose of a sandbox in virus-scanning techniques?

To isolate and run suspected files in a protected area

What is a 'sheep dip' machine used for in corporate networks?

To open suspected files in a isolated environment

How can a virtual machine be used in virus-scanning techniques?

To open suspected files in a protected environment

What is the benefit of using machine learning in antivirus software?

It allows antivirus software to adapt to changing attacks

What is a limitation of the sandbox approach?

It is not 100% effective, but safer than opening files directly

What can be done to a virtual machine to detect logic bombs?

Change the time to trigger the logic bomb

Why is a separate area of memory used in the sandbox approach?

To monitor the behavior of suspected files

What is the primary purpose of machine learning in antivirus software?

To adapt to changing attacks

What is a benefit of using a virtual machine for virus-scanning?

It allows for testing suspected files in a protected environment

Why are some actual virus infections often missed?

Because the sandbox approach is not 100% effective