Cybersecurity: Ransomware and Botnets Quiz

Questions and Answers

What is the primary function of ransomware?

To create backups of user data automatically

To encrypt data and demand a ransom for decryption (correct)

To improve system performance by cleaning malware

To prevent unauthorized access by blocking users

Which of the following is NOT a recommended practice to protect against ransomware?

Paying the ransom as soon as possible (correct)

Implementing Multi-Factor Authentication

Always conducting regular backups

Installing software updates regularly

What should you do first if you suspect a ransomware infection on your computer?

Report it to the authorities

Restore from backups immediately

Attempt to pay the ransom

Disconnect it from the network (correct)

What term refers to compromised computers controlled by attackers used to perform malicious tasks?

Zombies

What is a botnet primarily used for?

DDoS attacks, spam distribution, or cryptocurrency mining

Which component is responsible for managing the activities of other devices in a network of zombies?

Command and Control Node

What percentage of a zombie's processing power is typically utilized by attackers?

20-25%

Which of these is an illegal activity often associated with the use of botnets?

Phishing campaigns

What is the purpose of a rootkit in a computer system?

To gain administrative control without detection

Which account is referred to as the Administrator Account in a UNIX or Linux system?

Root Account

What would be the highest permission level in a computer system referred to as?

Kernel Mode

What is the function of Ring 0 in an operating system's permission structure?

Controls access to system hardware and resources

What is a common technique used by rootkits to achieve deeper system access?

DLL injection

When a user logs in with root permissions, what Ring are they considered to be operating at?

Ring 1

What does a Dynamic-Link Library (DLL) allow in software development?

Reuse of code across multiple applications

Which ring in a computer system has user-level permissions?

Ring 3

What is the primary goal of a rootkit?

To seamlessly embed itself into the operating system

What is the recommended method for detecting rootkits?

Utilizing a live boot Linux distribution

Which of the following is a characteristic of backdoors in software?

They allow for unauthorized system access

How do logic bombs operate within programs?

They trigger based on specific conditions being met

What is a keylogger primarily used for?

To capture user keystrokes for sensitive information

What is a notable drawback of easter eggs in software?

They can introduce significant vulnerabilities in code

Which statement about RATs (Remote Access Trojans) is accurate?

They allow threat actors persistent access to systems

Why should backdoors, easter eggs, and logic bombs be avoided in modern applications?

They do not align with secure coding standards

What can trigger multiple failed login attempts resulting in an account lockout?

Malware designed for credential theft

What does 'impossible travel' refer to in cybersecurity?

Logging in from two different geographic locations in a short time

Which scenario is indicative of resource inaccessibility due to ransomware?

Files or systems becoming inaccessible with payment demands

What could indicate potential security issues based on log generation timing?

Logs created at odd hours without activity

What might a noticeable spike in resource consumption indicate?

Potential malware activity

What does a sudden increase in blocked content alerts suggest?

Possible malicious activity or threats

Which sign might indicate an unauthorized access attempt regarding concurrent sessions?

Multiple sessions from several geographic locations

What does the presence of missing logs during a review typically indicate?

Potential unauthorized log clearing or access issues

What is the primary function of a stage one dropper or downloader in malware exploitation?

To retrieve additional portions of the malware code.

How do modern fileless malware techniques primarily avoid detection?

By operating primarily in the system memory.

What do threat actors aim to achieve during the 'Actions on Objectives' phase?

To meet core objectives like data exfiltration.

Which of the following best describes a 'Dropper' in malware context?

Malware type that retrieves and executes other malware.

What does the term 'living off the land' refer to in the context of advanced persistent threats?

Exploiting standard tools to conduct intrusions.

What technique is primarily used by threat actors to prolong unauthorized system access?

Erasing log files and hiding tracks.

What is the key role of a Stage 2 Downloader in malware exploitation?

To install a Remote Access Trojan for control.

Which of the following describes 'shellcode' in malware terms?

Lightweight code meant to exploit a given target.

Which method is NOT a way to remove bloatware from a system?

Running a malware scan for security threats.

What is a common indication of malware attacks?

Unexpected software installations.