1_2_7 Section 1 – Attacks, Threats, and Vulnerabilities - 1.2 – Attack Types - Bots and Botnets

Questions and Answers

What is one way to stop a botnet from infecting a system?

Ensuring operating system and applications have the latest security patches (correct)

Disabling the firewall

Removing the antivirus software

Having outdated signatures for antivirus software

What is the main purpose of a botnet?

To control operating systems

To spread Trojan horses

To create a Distributed Denial of Service (DDoS) (correct)

To install malware alongside applications

How can an active infection be identified?

Performing an on-demand anti-malware scan (correct)

Disconnecting from the network

Disabling the antivirus software

Not updating the security patches

How does bot malware typically enter a system?

Through vulnerabilities in an operating system or an application

What could be a sign of an active infection on a network?

Unusual traffic patterns

How can the command and control network flows of a botnet be blocked?

Using a firewall or IPS at the workstation level

What is the function of a Command and Control server in a botnet?

Controlling multiple infected computers

What type of service can be provided by very large botnets to third parties?

Creating DDoS attacks

What can be seen on map.lookingglasscyber.com related to botnets?

Live attacks and number of botnet infections per second

How do systems infected with bot malware cooperate to perform malicious tasks?

By forming a botnet

What kind of tasks can systems in a botnet perform under the control of a C&C server?

Sending out commands

How can a botnet infection be prevented in the first place?

Regularly updating security patches

What can be done to identify an active infection in a network?

Scanning with on-demand anti-malware software

What action can be taken at the workstation level to block botnet command and control flows?

Using an IPS or firewall

What information is available on map.lookingglasscyber.com related to botnets?

Number of infections per second

How can the latest signatures in antivirus software help with preventing botnet infections?

Identifying new types of malware

How does bot malware usually infect a system?

By exploiting a vulnerability in an application or operating system

What is the main purpose of a Command and Control (C&C) server in a botnet?

To receive commands and control the botnet

What is a common function of systems in a botnet under the control of a C&C server?

Generating spam emails

How can a botnet contribute to a Distributed Denial of Service (DDoS) attack?

By using infected systems to flood a target with traffic

What is one method through which bot malware can be installed on a computer?

Via a Trojan horse

What is one effect that a large botnet can have when rented out to third parties?

Providing Distributed Denial of Service as a service

What is a recommended way to prevent a botnet infection in the first place?

Monitoring network traffic for unusual patterns

How can an active botnet infection be identified?

By scanning the network for unusual traffic patterns

What is the purpose of blocking command and control network flows of a botnet?

To prevent communication between infected systems and the botnet controller

What type of malware prevention can be achieved by having the latest antivirus signatures?

Enhanced protection against evolving threats

How can systems protect against botnet malware at the workstation level?

By installing the latest security patches and running updated antivirus software

What does 'bot' stand for in the context of malware?

None of the above

How can bot malware be commonly installed on a system?

By clicking on a suspicious email link

What is the main function of a Command and Control (C&C) server in a botnet?

Control the infected systems

What type of attacks can a large botnet contribute to, based on the text?

Denial of Service

What is the primary method through which systems infected with bot malware cooperate?

Communication through the C&C server

How can a botnet potentially affect network traffic, as mentioned in the text?

Redirect network packets to malicious servers