Cybersecurity: Ransomware and Botnets Quiz

Questions and Answers

What is the primary function of ransomware?

• To create backups of user data automatically
• To encrypt data and demand a ransom for decryption (correct)
• To improve system performance by cleaning malware
• To prevent unauthorized access by blocking users

Which of the following is NOT a recommended practice to protect against ransomware?

• Paying the ransom as soon as possible (correct)
• Implementing Multi-Factor Authentication
• Always conducting regular backups
• Installing software updates regularly

What should you do first if you suspect a ransomware infection on your computer?

• Report it to the authorities
• Restore from backups immediately
• Attempt to pay the ransom
• Disconnect it from the network (correct)

What term refers to compromised computers controlled by attackers used to perform malicious tasks?

Zombies (C)

What is a botnet primarily used for?

DDoS attacks, spam distribution, or cryptocurrency mining (C)

Which component is responsible for managing the activities of other devices in a network of zombies?

Command and Control Node (A)

What percentage of a zombie's processing power is typically utilized by attackers?

20-25% (B)

Which of these is an illegal activity often associated with the use of botnets?

Phishing campaigns (C)

What is the purpose of a rootkit in a computer system?

To gain administrative control without detection (B)

Which account is referred to as the Administrator Account in a UNIX or Linux system?

Root Account (B)

What would be the highest permission level in a computer system referred to as?

Kernel Mode (B)

What is the function of Ring 0 in an operating system's permission structure?

Controls access to system hardware and resources (D)

What is a common technique used by rootkits to achieve deeper system access?

DLL injection (D)

When a user logs in with root permissions, what Ring are they considered to be operating at?

Ring 1 (B)

What does a Dynamic-Link Library (DLL) allow in software development?

Reuse of code across multiple applications (A)

Which ring in a computer system has user-level permissions?

Ring 3 (A)

What is the primary goal of a rootkit?

To seamlessly embed itself into the operating system (B)

What is the recommended method for detecting rootkits?

Utilizing a live boot Linux distribution (C)

Which of the following is a characteristic of backdoors in software?

They allow for unauthorized system access (A)

How do logic bombs operate within programs?

They trigger based on specific conditions being met (D)

What is a keylogger primarily used for?

To capture user keystrokes for sensitive information (D)

What is a notable drawback of easter eggs in software?

They can introduce significant vulnerabilities in code (A)

Which statement about RATs (Remote Access Trojans) is accurate?

They allow threat actors persistent access to systems (A)

Why should backdoors, easter eggs, and logic bombs be avoided in modern applications?

They do not align with secure coding standards (A)

What can trigger multiple failed login attempts resulting in an account lockout?

Malware designed for credential theft (D)

What does 'impossible travel' refer to in cybersecurity?

Logging in from two different geographic locations in a short time (D)

Which scenario is indicative of resource inaccessibility due to ransomware?

Files or systems becoming inaccessible with payment demands (A)

What could indicate potential security issues based on log generation timing?

Logs created at odd hours without activity (A)

What might a noticeable spike in resource consumption indicate?

Potential malware activity (C)

What does a sudden increase in blocked content alerts suggest?

Possible malicious activity or threats (A)

Which sign might indicate an unauthorized access attempt regarding concurrent sessions?

Multiple sessions from several geographic locations (C)

What does the presence of missing logs during a review typically indicate?

Potential unauthorized log clearing or access issues (D)

What is the primary function of a stage one dropper or downloader in malware exploitation?

To retrieve additional portions of the malware code. (C)

How do modern fileless malware techniques primarily avoid detection?

By operating primarily in the system memory. (B)

What do threat actors aim to achieve during the 'Actions on Objectives' phase?

To meet core objectives like data exfiltration. (C)

Which of the following best describes a 'Dropper' in malware context?

Malware type that retrieves and executes other malware. (B)

What does the term 'living off the land' refer to in the context of advanced persistent threats?

Exploiting standard tools to conduct intrusions. (B)

What technique is primarily used by threat actors to prolong unauthorized system access?

Erasing log files and hiding tracks. (C)

What is the key role of a Stage 2 Downloader in malware exploitation?

To install a Remote Access Trojan for control. (B)

Which of the following describes 'shellcode' in malware terms?

Lightweight code meant to exploit a given target. (D)

Which method is NOT a way to remove bloatware from a system?

Running a malware scan for security threats. (B)

What is a common indication of malware attacks?

Unexpected software installations. (B)

Flashcards are hidden until you start studying