Chapter 43 Β· Quiz

Other Malware Types Quiz

Seven questions covering keyloggers, encryption bypass, logic bombs, SCADA attacks, and rootkit detection.

Q1. A user's banking credentials were stolen. The user's workstation has HTTPS enforced for all banking sessions, current antivirus with up-to-date signatures, and full-disk encryption enabled. The antivirus scan returned clean. Which explanation is MOST consistent with all of these facts?
Q2. A security researcher demonstrates DarkComet RAT's keylogging module in a controlled environment. She types "passw", then presses Backspace twice, then types "sword1!". What does DarkComet's log capture?
Q3. An analyst discovers that a scheduled maintenance script was modified to include a section that will delete production database records when executed on a specific future date. The modification was made by a recently terminated database administrator before their departure. The antivirus scan of the script file returns clean. Which control would MOST likely detect this before the date arrives?
Q4. In the South Korea cyberattack of March 2013, thousands of systems at banks and broadcasting companies simultaneously displayed "Boot device not found" at 2:00 PM on March 20. A phishing email on March 19 was the initial vector. Which malware technique produced this coordinated simultaneous outcome?
Q5. A security analyst opens Task Manager on a workstation and sees no suspicious processes. A full antivirus scan returns clean. However, the perimeter firewall logs show regular outbound connections from that workstation to an unrecognized external IP address at 3:00 AM. Which explanation BEST accounts for the discrepancy between the clean local scan and the anomalous firewall logs?
Q6. Which technology is the PRIMARY hardware-level prevention mechanism against rootkits that modify the OS kernel?
Q7. Match each term on the left to its correct description on the right.

Click each term on the left, then click its match on the right.
Match each item on the left with its correct description on the right:
Logic Bomb
Rootkit
Keylogger
SCADA
A. Embeds in the OS kernel; hides from Task Manager and antivirus by intercepting and falsifying OS query responses
B. Industrial control system technology for physical infrastructure (power grids, water treatment); targeted in the Ukraine 2016 cyberattack
C. Dormant until a trigger fires; custom-written so no AV signature exists; often planted by insiders
D. Captures keystrokes before encryption is applied; bypasses HTTPS and full-disk encryption; may also capture clipboard, screenshots, and search queries
Click an item on the left to select it, then click its match on the right.