Читаем CISSP Practice полностью

108. d. Although some worms are intended mainly to waste system and network resources, many worms damage systems by installing backdoors, perform distributed denial-of-service (DDoS) attacks against other hosts, or perform other malicious acts.

109. Which of the following statements are true about malicious mobile code?

1. It does not infect files.

2. It does not attempt to propagate itself.

3. It takes advantage of the default privileges.

4. It uses languages such as Java and ActiveX.

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

109. d. Malicious mobile code differs significantly from viruses and worms in that it does not infect files or does not attempt to propagate itself. Instead of exploiting particular vulnerabilities, it often affects systems by taking advantage of the default privileges granted to mobile code. It uses popular languages such as Java, ActiveX, JavaScript, and VBScript. Although mobile code is typically benign, attackers have learned that malicious code can be an effective way of attacking systems, as well as a good mechanism for transmitting viruses, worms, and Trojan horses to users’ workstations.

110. Blended attacks use which of the following?

1. Multiple infection methods

2. Multiple transmission methods

3. Multiple transmission methods simultaneously

4. Multiple infection methods in sequence

a. 1 only

b. 2 only

c. 3 only

d. 1, 2, 3, and 4

110. d. A blended attack is an instance of malware that uses multiple infection or transmission methods. Blended attacks can spread through such services as instant messaging and peer-to-peer (P2P) file sharing. Blended attacks do not have to use multiple methods simultaneously to spread; they can also perform multiple infections in sequence.

111. Backdoors listen for commands on which of the following?

1. Source port

2. Destination port

3. TCP port

4. UDP port

a. 1 only

b. 2 only

c. 1 or 2

d. 3 or 4

111. d. Backdoor is a general term for a malicious program that listens for commands on a certain TCP or UDP port. Most backdoors consist of a client component and a server component. The client resides on the intruder’s remote computer, and the server resides on the infected system. When a connection between client and server is established, the remote intruder has some degree of control over the infected computer. Both source port and destination port are incorrect because they are too generic to be of any use here.

112. A proactive role to protect an organization from computer-related failures, malfunctions, or disasters is to:

a. Train every employee in the emergency procedures.

b. Conduct fire drills regularly every month.

c. Train all IT staff in file rotation procedures.

d. Incorporate recovery requirements into system design.

112. d. Incorporation of recovery requirements into system design can provide automatic backup and recovery procedures. This helps to prepare for disasters in a timely manner. Training every employee in emergency procedures is incorrect because it does not guarantee that they can respond to a disaster in an optimal manner when needed. Conducting fire drills regularly every month is incorrect because the scope of fire drill may not address all possible scenarios. Disaster recovery goes beyond fire drills; although, the fire drill is a good practice. Training all IT staff in file rotation procedures is incorrect because only key people need to be trained.

113. Rootkits are often used to install which of the following attacker tools?

1. Web browser plug-ins

2. E-mail generators

3. Backdoors

4. Keystroke loggers

a. 1 only

b. 2 only

c. 3 only

d. 3 and 4

113. d. A rootkit is a collection of files installed on a system to alter the standard functionality of the system in a malicious and stealthy way. Rootkits are often used to install attacker tools such as backdoors and keystroke loggers on a system.

A Web browser plug-in provides a way for certain types of content to be displayed or executed through a Web browser. Attackers sometimes create malicious plug-ins that act as spyware. An example is the spyware dialer, which uses modem lines to dial phone numbers without the user’s permission or knowledge. Some dialers are in forms other than Web browser plug-ins, such as Trojan horses.

Malware can deliver an e-mail-generating program to a system, which can be used to create and send large quantities of e-mail to other systems without the user’s permission or knowledge. Attackers often configure e-mail generators to send malware, spyware, spam, or other unwanted content to e-mail addresses on a predetermined list.