Bcis 4630 exam 3

What is the main difference between a virus and a worm?

A virus attaches itself to another file and usually requires user interaction to spread while a worm is self-contained and spreads automatically through networks

What is a macro virus?

A virus that uses application macros such as VBA to execute malicious code

What is a polymorphic virus?

A virus that changes its code during each replication to evade signature-based detection

What is a logic bomb?

Malicious code that remains dormant until a specific event triggers it

What is a Trojan horse?

A malicious program that appears useful or harmless but contains hidden malicious code

How does a Trojan differ from a virus or worm?

A Trojan does not self-replicate

What is ransomware?

Malware that encrypts files or systems and demands payment for decryption

What is an Advanced Persistent Threat (APT)?

A long-term coordinated attack designed to maintain access and steal information over time

What is a zero-day vulnerability?

A software flaw unknown to the developer and security vendors

What is a zero-day exploit?

An attack that takes advantage of a zero-day vulnerability before a patch exists

What is a buffer overflow?

An attack where excessive input overwrites adjacent memory locations

What is the root cause of a buffer overflow?

Failure to validate user input size

What is shellcode?

Small malicious code inserted into memory and executed after a successful exploit

What is EIP?

The Extended Instruction Pointer that determines the next instruction executed by the CPU

What is a rootkit?

Malware that modifies or replaces operating system components to hide attacker activity

What information can rootkits hide?

Processes files registry keys and network connections

What are the three major rootkit techniques?

Windows API abuse DLL injection and API hooking

What is DLL injection?

Forcing a process to load a malicious DLL

What is API hooking?

Intercepting API calls and altering their behavior

What is a Denial of Service (DoS) attack?

An attack that overwhelms a target with requests and prevents legitimate access

What is a Distributed Denial of Service (DDoS) attack?

A DoS attack launched simultaneously from many compromised systems

What is a bot?

Malware that allows an attacker to remotely control a computer

What is a botnet?

A network of compromised computers controlled by an attacker

What is a zombie?

An infected computer that carries out commands from an attacker

What is command and control (C&C)?

The communication channel used to control bots

What is a SYN flood?

A DoS attack that exploits the TCP three-way handshake by never completing connections

What is a half-open connection?

A connection where SYN and SYN/ACK have occurred but the final ACK was never received

What is IP spoofing?

Falsifying the source IP address in a packet

What is a Man-in-the-Middle attack?

An attack where an attacker intercepts and possibly modifies communications between two parties

What is ARP poisoning?

Sending false ARP information to alter ARP cache entries

What is a firewall?

A device that filters traffic between trusted and untrusted networks

What is a packet-filtering firewall?

A firewall that makes decisions using information contained in a single packet

What is stateful inspection?

Firewall technology that tracks active sessions and connection states

What is NAT?

Network Address Translation

What is a DMZ?

A network buffer zone between the Internet and an internal network

What is an IDS?

An Intrusion Detection System that monitors activity for suspicious behavior

What is a HIDS?

Host-Based Intrusion Detection System

What is a NIDS?

Network-Based Intrusion Detection System

What is a Xmas scan?

A scan with the FIN PSH and URG flags set

What is misuse detection?

Detecting attacks by matching known signatures

What is anomaly detection?

Detecting deviations from established normal behavior

What is a false positive?

Benign activity incorrectly identified as an attack

What is a false negative?

A real attack that goes undetected