1_2_7 Section 1 – Attacks, Threats, and Vulnerabilities - 1.2 – Attack Types - Bots and Botnets

Questions and Answers

What is one way to stop a botnet from infecting a system?

• Ensuring operating system and applications have the latest security patches (correct)
• Disabling the firewall
• Removing the antivirus software
• Having outdated signatures for antivirus software

What is the main purpose of a botnet?

• To control operating systems
• To spread Trojan horses
• To create a Distributed Denial of Service (DDoS) (correct)
• To install malware alongside applications

How can an active infection be identified?

• Performing an on-demand anti-malware scan (correct)
• Disconnecting from the network
• Disabling the antivirus software
• Not updating the security patches

How does bot malware typically enter a system?

Through vulnerabilities in an operating system or an application (C)

What could be a sign of an active infection on a network?

Unusual traffic patterns (A)

How can the command and control network flows of a botnet be blocked?

Using a firewall or IPS at the workstation level (C)

What is the function of a Command and Control server in a botnet?

Controlling multiple infected computers (B)

What type of service can be provided by very large botnets to third parties?

Creating DDoS attacks (B)

What can be seen on map.lookingglasscyber.com related to botnets?

Live attacks and number of botnet infections per second (B)

How do systems infected with bot malware cooperate to perform malicious tasks?

By forming a botnet (C)

What kind of tasks can systems in a botnet perform under the control of a C&C server?

Sending out commands (B)

How can a botnet infection be prevented in the first place?

Regularly updating security patches (A)

What can be done to identify an active infection in a network?

Scanning with on-demand anti-malware software (D)

What action can be taken at the workstation level to block botnet command and control flows?

Using an IPS or firewall (D)

What information is available on map.lookingglasscyber.com related to botnets?

Number of infections per second (B)

How can the latest signatures in antivirus software help with preventing botnet infections?

Identifying new types of malware (D)

How does bot malware usually infect a system?

By exploiting a vulnerability in an application or operating system (C)

What is the main purpose of a Command and Control (C&C) server in a botnet?

To receive commands and control the botnet (B)

What is a common function of systems in a botnet under the control of a C&C server?

Generating spam emails (C)

How can a botnet contribute to a Distributed Denial of Service (DDoS) attack?

By using infected systems to flood a target with traffic (C)

What is one method through which bot malware can be installed on a computer?

Via a Trojan horse (B)

What is one effect that a large botnet can have when rented out to third parties?

Providing Distributed Denial of Service as a service (B)

What is a recommended way to prevent a botnet infection in the first place?

Monitoring network traffic for unusual patterns (C)

How can an active botnet infection be identified?

By scanning the network for unusual traffic patterns (A)

What is the purpose of blocking command and control network flows of a botnet?

To prevent communication between infected systems and the botnet controller (A)

What type of malware prevention can be achieved by having the latest antivirus signatures?

Enhanced protection against evolving threats (B)

How can systems protect against botnet malware at the workstation level?

By installing the latest security patches and running updated antivirus software (D)

What does 'bot' stand for in the context of malware?

None of the above (D)

How can bot malware be commonly installed on a system?

By clicking on a suspicious email link (B)

What is the main function of a Command and Control (C&C) server in a botnet?

Control the infected systems (C)

What type of attacks can a large botnet contribute to, based on the text?

Denial of Service (B)

What is the primary method through which systems infected with bot malware cooperate?

Communication through the C&C server (A)

How can a botnet potentially affect network traffic, as mentioned in the text?

Redirect network packets to malicious servers (D)