Uploaded by Le Ha Tan Cuong (K16_HCM)

IAM302

advertisement
01:57 26/03/2023
IAM302-Part1
IAM302-Part1
1.
__________ virus uses an executable file as a host.
1 point
Mark only one oval.
a. File
b. Prefix
c. Suffix
d. None of the other
2.
What is a Trojan Horse?
1 point
Mark only one oval.
A. A program designed to take down the computer system while performing an
inoffensive task.
B. A hollow wooden statue of a horse in which the Greeks concealed themselves
in order to enter Troy.
C. A different type of horse.
D. A chess piece.
3.
Rootkits are
1 point
Mark only one oval.
A. Malicious software designed to gain unauthorized access to a computer
system
B. Physical devices used to measure plant growth
C. Software used to optimize computer performance
D. A set of software tools that enable an unauthorized user to gain control of a
computer
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
1/17
01:57 26/03/2023
4.
IAM302-Part1
Covert channels work over _______
1 point
Mark only one oval.
a. unknown channels
b. old channels
c. new channels
d. known channels
5.
Which of the following is most likely to make your computer stop working?
1 point
Mark only one oval.
a. Virus
b. Adware
c. Keylogger
d. Botnet
6.
REMnux is _______
1 point
Mark only one oval.
All of the other choices
7.
_______________ generally does not limit the impact of worms.
1 point
Mark only one oval.
a. Install OS updates and software patches.
b. Use firewall
c. Use antivirus software
d. Rebooting your system
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
2/17
01:57 26/03/2023
8.
IAM302-Part1
_________ is antivirus that has predefined rulesets that is used to detect
1 point
the malicious software or malware
Mark only one oval.
a. ClamAV
b. IDA Pro
c. ProDiscover
d. InetSIM
9.
_____________________________ is a characteristic of adware.
1 point
Mark only one oval.
a. Redirecting the website
b. Displaying popup
c. Block user's files
d. None of the other
10.
____ is a self-contained program that does not integrate itself with other
programs to spread.
1 point
Mark only one oval.
A. Trojan horse
B. None of the other choices
C. Logic bomb
D. Worm
E. Virus
11.
Trojans can be used to open backdoors on a system.
1 point
Mark only one oval.
a. True
b. False
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
3/17
01:57 26/03/2023
12.
IAM302-Part1
Wireshark is___________
1 point
Mark only one oval.
a. a network packet analyzer
b. an antivirus
c. an analyzer
d. a recovery tool
13.
Which of the following refers to software designed to harm your computer
1 point
or computer security, engage in criminal activity, or compromise resources
on some way?
Mark only one oval.
a. ransomware
b. adware
c. malware
d. spyware
14.
We can customize clamAV signature by using ________
1 point
Mark only one oval.
a. Hash based Signatures
b. All of the mentioned
c. ASCII Signatures
d. Binary Signatures
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
4/17
01:57 26/03/2023
15.
IAM302-Part1
What form of analysis involves running the possibly infected file?
1 point
Mark only one oval.
a. Static Analysis
b. Dynamic Analysis
c. Virtual Analysis
d. Malware Analysis
16.
Name a type of malware
1 point
Mark only one oval.
a. Ransomware
b. Horse
c. Trojan War
d. Tiger
17.
There is only one type of Keylogger: Sofware Keylogger
1 point
Mark only one oval.
True
False
18.
What are the purpose of sandbox analysis?
1 point
Mark only one oval.
a. To determine the nature and purpose of the malware
b. To determine the interaction with the network
c. To determine the interaction with the file system
d. All of the mentioned
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
5/17
01:57 26/03/2023
19.
IAM302-Part1
Which tool allows you to analyze botnet malware without contacting a real
1 point
C&C server?
Mark only one oval.
a. Wireshark
b. INetSim
c. Regshot
d. Task Manager
20.
Which of the following is best describing botnets?
1 point
Mark only one oval.
a. None of the other choices
b. A botnet is a group of honeypots made to simulate a real live network, but
isolated from it.
c. A botnet consists of a network of compromised computers that attackers use
to launch attacks and spread malware.
d. A botnet is a type of malware that primarily infects executable programs.
e. A botnet is a type of malware that includes a separate encryption engine that
stores the virus body in encrypted format while duplicating the main body of the
virus.
21.
VirusTotal is _______
1 point
Mark only one oval.
a. Dynamic analysis
b. Periodic analysis
c. Static analysis
d. None of the other
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
6/17
01:57 26/03/2023
22.
IAM302-Part1
Which of the following type of malware secretly gathers and transmits
system information, often for advertising purposes?
1 point
Mark only one oval.
a. Adware
b. Spyware
c. Keylogger
d. Ransomware
23.
On Ubuntu. which of the following command can be used to install
Wireshark?
1 point
Mark only one oval.
a. # apt-get install wireshark
b. # sudo apt-get install wireshark
c. # sudo apt-get setup wireshark
c. # apt-get uninstall wireshark
24.
__________ and ___________ are two command line packet sniffer tools
1 point
Mark only one oval.
a. netstat / tshark
b. inetstat / wireshark
c. tcpdump / tshark
d. wireshark / netflix
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
7/17
01:57 26/03/2023
25.
IAM302-Part1
_____________ is 32 bit assembler level analyzing debugger for Microsoft
1 point
Windows. Emphasis on binary code analysis makes it particularly useful in
cases where source is unavailable.
Mark only one oval.
a. Snort
b. Eclipse
c. Claimav
d. OllyDbg
26.
What is used to define a block of code in Python?
1 point
Mark only one oval.
a. Parenthesis
b. Curly braces
c. Quotation
d. Indentation
27.
Which of the following commands can be used to get extended information
about a file?
1 point
Mark only one oval.
a. blk
b. rm
c. ifind
d. istat
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
8/17
01:57 26/03/2023
28.
IAM302-Part1
It's not a good idea to indiscriminately forward all traffic that reaches your
controller to the intended servers on the Internet.
1 point
Mark only one oval.
True
False
29.
Wireshark is an open source antivirus engine owned by Sourcefire, the
makers of the Snort intrusion-detection engine.
1 point
Mark only one oval.
True
False
30.
ln python, the statement using and operator results True if _________
1 point
Mark only one oval.
a. first operand is True
b. either of the operands is True
c. both operands are False
d. both operands are True
31.
Crossview-based rootkit detection tools generate information about a
1 point
system in two or more ways and then look for discrepancies in the results.
Mark only one oval.
True
False
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
9/17
01:57 26/03/2023
32.
IAM302-Part1
it is inevitable that you will need to perform behavioral analysis on service
1 point
DLLs
Mark only one oval.
a. True
b. False
33.
__________ is used to intercept user information
1 point
Mark only one oval.
a. Adware
b. Spyware
c. Malware
d. Trojan
34.
Backdoors are an example of covert channels.
1 point
Mark only one oval.
True
False
35.
What is an antivirus?
1 point
Mark only one oval.
a. Computer software is used to prevent, detect and remove malicious software
b. Small programs or scripts that damage a computer system
c. Program used to exploit security holes found in software applications
d. None of the other
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
10/17
01:57 26/03/2023
36.
IAM302-Part1
The registry composed of binary data files is also called _______
1 point
Mark only one oval.
a. record
b. hive
c. metadata
d. Binary data
37.
Why does alternate data streams (ADS) cause risk to our computer?
1 point
Mark only one oval.
a. None of the other choices
b. It can remove data arbitrarily
c. It allows malware to hide files from anyone who doesn't have special tools to
view them
d. It can edit data arbitrarily
38.
Assembly language programs are written using
1 point
Mark only one oval.
a. None of the other choices
b. ASCII code
c. Hex code
d. Mnemonics
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
11/17
01:57 26/03/2023
39.
IAM302-Part1
__________ can extract a dll from a process memory space and dump it to
disk for analysis.
1 point
Mark only one oval.
a. memdump
b. hibr2bin
c. dlldump
d. pstree
40.
Which the following tools are developed to memory forensics?
1 point
Mark only one oval.
a. Memoryze
b. All of the other choices
c. Windows Memory Toolkit
d. MoonSols
41.
_________ GUI tool for Windows that you can use to detect packers
1 point
Mark only one oval.
A. Runtime packer
B. a data file
C. No-runtime packer
D. None of the other choices
42.
Software in the main registry stores:
1 point
Mark only one oval.
a. None of the other choices
b. the window and program configuration
c. the system security settings
d. user's and system security settings
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
12/17
01:57 26/03/2023
43.
IAM302-Part1
How many types of SRE?
1 point
Mark only one oval.
a. Data Reverse Engineering only
b. Code, Data and Information Reverse Engineering
c. Code and Data Reverse Engineering
d. Code Reverse Engineering only
44.
rip.pl -r /mnt/forensics/Documents\ and\ Settings/Mr.\Evi/NTUSER.DAT -p
typedurls
1 point
Mark only one oval.
a. In order to deterrnine suspect's web-browsing history
b. In onder to deterrnine the information of user
c. In order to detennine the information of running program
d. In order to deterrnine the inforrnation of all files on Documents
45.
win64dd -d /f c:\memory.dmp
1 point
Mark only one oval.
a. Create a memory dump file in C
b. Erase the information of main memory
c. None of the other choices
d. Obtain the information of disk
46.
perl rip.pl -r /mnt/forensics/WINDOWS/system32/config/software -p userinit
1 point
Mark only one oval.
a. To determine the information of all apllications
b. To determine the version of operating system
c. To determine the value of the "userinit" registry key
d. To determine the information of administrator
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
13/17
01:57 26/03/2023
47.
IAM302-Part1
rip.pl -r /mnt/forensics/WINDOWS/system32/configisoftware -p winver
1 point
Mark only one oval.
a. In order to determine the operating system installed on this computer
b. In order to determine the version of Windows installed on this computer
c. None of the other choices
d. In order to determine all programs installed on this computer
48.
In order to view "hidden" ADS file on window OS, we type the command
1 point
Mark only one oval.
a. dir /R
b. dir
c. rm /R
d. ls /R
49.
_____________can print list of loaded DLLs for each process
1 point
Mark only one oval.
A. pstree
B. win64dd
C. dllist
D. pslist
50.
Which of the following answers are true about use of Reverse
Engineering?
1 point
Mark only one oval.
a. All of the other choices.
b. To check the limitations of the existing program
c. To increase security of the existing program
d. To create documentation of the product
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
14/17
01:57 26/03/2023
51.
IAM302-Part1
_________________ is forensic analysis of a computer's memory dump
1 point
Mark only one oval.
a. Malware forensics
b. Computer forensics
c. Malware analysis
d. Memory forensics
52.
Can extract all memory resident pages in a process into an individual file
1 point
Mark only one oval.
a. dlldump
b. memdump
c. procdump
d. tcpdump
53.
regripper/rip -r G:\Windows\System32\config\SYSTEM -f info
1 point
Mark only one oval.
a. we are preparing to edit data from the SYSTEM registry hive located on drive
G
b. we are recovering data from the SYSTEM registry hive located on drive G
c. we are delete data from the SYSTEM registry hive located on drive G
d. we are moving data from the SYSTEM registry hive located on drive G to F
54.
____________ can dump a process's executable
1 point
Mark only one oval.
a. dlldump
b. memdump
c. hibr2bin
d. procdump
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
15/17
01:57 26/03/2023
55.
IAM302-Part1
rip.pl -r /mnt/forensics/WINDOW/system32/config/software -p uninstall
1 point
Mark only one oval.
a. To determining all installed applications
b. To determining all uninstalled applications
c. To determine the information of switch
d. To determine the information of operating system
56.
Which is the following tool that allows us to detect ADS in a file
1 point
Mark only one oval.
a. yara
b. vwareworkstation
c. fog
d. stream.exe
57.
_________ can be considered a self-extracting archive, where
compressed data is packaged along with the relevant decompression code
in an executable file
1 point
Mark only one oval.
a. dlldump
b. dir /R
c. runtime packer
d. RISC
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
16/17
01:57 26/03/2023
58.
IAM302-Part1
Which of the following is not a stand-alone program?
1 point
Mark only one oval.
a. Virus
b. Worm
c. Adware
d. Antivirus
59.
Which of the following is most likely to send spam emails from your
1 point
computer?
Mark only one oval.
a. Worm
b. Adware
c. Spyware
d. Keylogger
60.
Which of the following is least likely to be detected with standard antivirus
software?
1 point
Mark only one oval.
a. Spyware
b. Adware
c. Ransomware
d. Trojan
This content is neither created nor endorsed by Google.
Forms
https://docs.google.com/forms/d/1KI4MpR7GGfnk0eu9QYr9IUNO4mKlSPu-JeAnRtzsDrY/edit
17/17
Download