01:57 26/03/2023 IAM302-Part1 IAM302-Part1 1. __________ virus uses an executable file as a host. 1 point Mark only one oval. a. File b. Prefix c. Suffix d. None of the other 2. What is a Trojan Horse? 1 point Mark only one oval. A. A program designed to take down the computer system while performing an inoffensive task. B. A hollow wooden statue of a horse in which the Greeks concealed themselves in order to enter Troy. C. A different type of horse. D. A chess piece. 3. Rootkits are 1 point Mark only one oval. A. Malicious software designed to gain unauthorized access to a computer system B. Physical devices used to measure plant growth C. Software used to optimize computer performance D. A set of software tools that enable an unauthorized user to gain control of a computer https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 1/17 01:57 26/03/2023 4. IAM302-Part1 Covert channels work over _______ 1 point Mark only one oval. a. unknown channels b. old channels c. new channels d. known channels 5. Which of the following is most likely to make your computer stop working? 1 point Mark only one oval. a. Virus b. Adware c. Keylogger d. Botnet 6. REMnux is _______ 1 point Mark only one oval. All of the other choices 7. _______________ generally does not limit the impact of worms. 1 point Mark only one oval. a. Install OS updates and software patches. b. Use firewall c. Use antivirus software d. Rebooting your system https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 2/17 01:57 26/03/2023 8. IAM302-Part1 _________ is antivirus that has predefined rulesets that is used to detect 1 point the malicious software or malware Mark only one oval. a. ClamAV b. IDA Pro c. ProDiscover d. InetSIM 9. _____________________________ is a characteristic of adware. 1 point Mark only one oval. a. Redirecting the website b. Displaying popup c. Block user's files d. None of the other 10. ____ is a self-contained program that does not integrate itself with other programs to spread. 1 point Mark only one oval. A. Trojan horse B. None of the other choices C. Logic bomb D. Worm E. Virus 11. Trojans can be used to open backdoors on a system. 1 point Mark only one oval. a. True b. False https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 3/17 01:57 26/03/2023 12. IAM302-Part1 Wireshark is___________ 1 point Mark only one oval. a. a network packet analyzer b. an antivirus c. an analyzer d. a recovery tool 13. Which of the following refers to software designed to harm your computer 1 point or computer security, engage in criminal activity, or compromise resources on some way? Mark only one oval. a. ransomware b. adware c. malware d. spyware 14. We can customize clamAV signature by using ________ 1 point Mark only one oval. a. Hash based Signatures b. All of the mentioned c. ASCII Signatures d. Binary Signatures https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 4/17 01:57 26/03/2023 15. IAM302-Part1 What form of analysis involves running the possibly infected file? 1 point Mark only one oval. a. Static Analysis b. Dynamic Analysis c. Virtual Analysis d. Malware Analysis 16. Name a type of malware 1 point Mark only one oval. a. Ransomware b. Horse c. Trojan War d. Tiger 17. There is only one type of Keylogger: Sofware Keylogger 1 point Mark only one oval. True False 18. What are the purpose of sandbox analysis? 1 point Mark only one oval. a. To determine the nature and purpose of the malware b. To determine the interaction with the network c. To determine the interaction with the file system d. All of the mentioned https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 5/17 01:57 26/03/2023 19. IAM302-Part1 Which tool allows you to analyze botnet malware without contacting a real 1 point C&C server? Mark only one oval. a. Wireshark b. INetSim c. Regshot d. Task Manager 20. Which of the following is best describing botnets? 1 point Mark only one oval. a. None of the other choices b. A botnet is a group of honeypots made to simulate a real live network, but isolated from it. c. A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware. d. A botnet is a type of malware that primarily infects executable programs. e. A botnet is a type of malware that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus. 21. VirusTotal is _______ 1 point Mark only one oval. a. Dynamic analysis b. Periodic analysis c. Static analysis d. None of the other https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 6/17 01:57 26/03/2023 22. IAM302-Part1 Which of the following type of malware secretly gathers and transmits system information, often for advertising purposes? 1 point Mark only one oval. a. Adware b. Spyware c. Keylogger d. Ransomware 23. On Ubuntu. which of the following command can be used to install Wireshark? 1 point Mark only one oval. a. # apt-get install wireshark b. # sudo apt-get install wireshark c. # sudo apt-get setup wireshark c. # apt-get uninstall wireshark 24. __________ and ___________ are two command line packet sniffer tools 1 point Mark only one oval. a. netstat / tshark b. inetstat / wireshark c. tcpdump / tshark d. wireshark / netflix https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 7/17 01:57 26/03/2023 25. IAM302-Part1 _____________ is 32 bit assembler level analyzing debugger for Microsoft 1 point Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. Mark only one oval. a. Snort b. Eclipse c. Claimav d. OllyDbg 26. What is used to define a block of code in Python? 1 point Mark only one oval. a. Parenthesis b. Curly braces c. Quotation d. Indentation 27. Which of the following commands can be used to get extended information about a file? 1 point Mark only one oval. a. blk b. rm c. ifind d. istat https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 8/17 01:57 26/03/2023 28. IAM302-Part1 It's not a good idea to indiscriminately forward all traffic that reaches your controller to the intended servers on the Internet. 1 point Mark only one oval. True False 29. Wireshark is an open source antivirus engine owned by Sourcefire, the makers of the Snort intrusion-detection engine. 1 point Mark only one oval. True False 30. ln python, the statement using and operator results True if _________ 1 point Mark only one oval. a. first operand is True b. either of the operands is True c. both operands are False d. both operands are True 31. Crossview-based rootkit detection tools generate information about a 1 point system in two or more ways and then look for discrepancies in the results. Mark only one oval. True False https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 9/17 01:57 26/03/2023 32. IAM302-Part1 it is inevitable that you will need to perform behavioral analysis on service 1 point DLLs Mark only one oval. a. True b. False 33. __________ is used to intercept user information 1 point Mark only one oval. a. Adware b. Spyware c. Malware d. Trojan 34. Backdoors are an example of covert channels. 1 point Mark only one oval. True False 35. What is an antivirus? 1 point Mark only one oval. a. Computer software is used to prevent, detect and remove malicious software b. Small programs or scripts that damage a computer system c. Program used to exploit security holes found in software applications d. None of the other https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 10/17 01:57 26/03/2023 36. IAM302-Part1 The registry composed of binary data files is also called _______ 1 point Mark only one oval. a. record b. hive c. metadata d. Binary data 37. Why does alternate data streams (ADS) cause risk to our computer? 1 point Mark only one oval. a. None of the other choices b. It can remove data arbitrarily c. It allows malware to hide files from anyone who doesn't have special tools to view them d. It can edit data arbitrarily 38. Assembly language programs are written using 1 point Mark only one oval. a. None of the other choices b. ASCII code c. Hex code d. Mnemonics https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 11/17 01:57 26/03/2023 39. IAM302-Part1 __________ can extract a dll from a process memory space and dump it to disk for analysis. 1 point Mark only one oval. a. memdump b. hibr2bin c. dlldump d. pstree 40. Which the following tools are developed to memory forensics? 1 point Mark only one oval. a. Memoryze b. All of the other choices c. Windows Memory Toolkit d. MoonSols 41. _________ GUI tool for Windows that you can use to detect packers 1 point Mark only one oval. A. Runtime packer B. a data file C. No-runtime packer D. None of the other choices 42. Software in the main registry stores: 1 point Mark only one oval. a. None of the other choices b. the window and program configuration c. the system security settings d. user's and system security settings https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 12/17 01:57 26/03/2023 43. IAM302-Part1 How many types of SRE? 1 point Mark only one oval. a. Data Reverse Engineering only b. Code, Data and Information Reverse Engineering c. Code and Data Reverse Engineering d. Code Reverse Engineering only 44. rip.pl -r /mnt/forensics/Documents\ and\ Settings/Mr.\Evi/NTUSER.DAT -p typedurls 1 point Mark only one oval. a. In order to deterrnine suspect's web-browsing history b. In onder to deterrnine the information of user c. In order to detennine the information of running program d. In order to deterrnine the inforrnation of all files on Documents 45. win64dd -d /f c:\memory.dmp 1 point Mark only one oval. a. Create a memory dump file in C b. Erase the information of main memory c. None of the other choices d. Obtain the information of disk 46. perl rip.pl -r /mnt/forensics/WINDOWS/system32/config/software -p userinit 1 point Mark only one oval. a. To determine the information of all apllications b. To determine the version of operating system c. To determine the value of the "userinit" registry key d. To determine the information of administrator https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 13/17 01:57 26/03/2023 47. IAM302-Part1 rip.pl -r /mnt/forensics/WINDOWS/system32/configisoftware -p winver 1 point Mark only one oval. a. In order to determine the operating system installed on this computer b. In order to determine the version of Windows installed on this computer c. None of the other choices d. In order to determine all programs installed on this computer 48. In order to view "hidden" ADS file on window OS, we type the command 1 point Mark only one oval. a. dir /R b. dir c. rm /R d. ls /R 49. _____________can print list of loaded DLLs for each process 1 point Mark only one oval. A. pstree B. win64dd C. dllist D. pslist 50. Which of the following answers are true about use of Reverse Engineering? 1 point Mark only one oval. a. All of the other choices. b. To check the limitations of the existing program c. To increase security of the existing program d. To create documentation of the product https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 14/17 01:57 26/03/2023 51. IAM302-Part1 _________________ is forensic analysis of a computer's memory dump 1 point Mark only one oval. a. Malware forensics b. Computer forensics c. Malware analysis d. Memory forensics 52. Can extract all memory resident pages in a process into an individual file 1 point Mark only one oval. a. dlldump b. memdump c. procdump d. tcpdump 53. regripper/rip -r G:\Windows\System32\config\SYSTEM -f info 1 point Mark only one oval. a. we are preparing to edit data from the SYSTEM registry hive located on drive G b. we are recovering data from the SYSTEM registry hive located on drive G c. we are delete data from the SYSTEM registry hive located on drive G d. we are moving data from the SYSTEM registry hive located on drive G to F 54. ____________ can dump a process's executable 1 point Mark only one oval. a. dlldump b. memdump c. hibr2bin d. procdump https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 15/17 01:57 26/03/2023 55. IAM302-Part1 rip.pl -r /mnt/forensics/WINDOW/system32/config/software -p uninstall 1 point Mark only one oval. a. To determining all installed applications b. To determining all uninstalled applications c. To determine the information of switch d. To determine the information of operating system 56. Which is the following tool that allows us to detect ADS in a file 1 point Mark only one oval. a. yara b. vwareworkstation c. fog d. stream.exe 57. _________ can be considered a self-extracting archive, where compressed data is packaged along with the relevant decompression code in an executable file 1 point Mark only one oval. a. dlldump b. dir /R c. runtime packer d. RISC https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 16/17 01:57 26/03/2023 58. IAM302-Part1 Which of the following is not a stand-alone program? 1 point Mark only one oval. a. Virus b. Worm c. Adware d. Antivirus 59. Which of the following is most likely to send spam emails from your 1 point computer? Mark only one oval. a. Worm b. Adware c. Spyware d. Keylogger 60. Which of the following is least likely to be detected with standard antivirus software? 1 point Mark only one oval. a. Spyware b. Adware c. Ransomware d. Trojan This content is neither created nor endorsed by Google. Forms https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit 17/17