Here are Top 50 multiple-choice questions (MCQs) only focused on the Malware (viruses, worms, Trojans, etc.) in the context of Cyber Threats and Attack Vectors, along with their answers and explanations.
1. Purpose of Computer Viruses?
- Theft of personal information
- Replicating and spreading to other files
- Denial of service attacks
- Unauthorized access to a system
Computer viruses aim to replicate and attach themselves to other files, spreading throughout a system or to other systems.
2. Type of Malware Disguised as Legitimate Programs?
- Worm
- Trojan
- Spyware
- Ransomware
Trojans disguise themselves as legitimate files or programs but contain malicious code that performs unauthorized actions.
3. Key Characteristic of a Worm?
- Requires user interaction to spread
- Spreads through infected files
- Propagates independently across networks
- Encrypts files for ransom
Worms are self-replicating and spread across networks without requiring user interaction.
4. Malware that Encrypts Files and Demands Payment?
- Spyware
- Ransomware
- Adware
- Rootkit
Ransomware encrypts files and demands a ransom for their decryption key.
5. Purpose of a Rootkit?
- Stealing sensitive information
- Encrypting files for ransom
- Concealing unauthorized access
- Disrupting network services
Rootkits are designed to conceal the presence of unauthorized access or malicious software on a system.
6. Which type of malware is designed to observe and gather user information without their knowledge?
- Worm
- Trojan
- Spyware
- Adware
Spyware is designed to observe and collect user information without their knowledge or consent.
7. What is the primary purpose of adware?
- Disrupting system operations
- Encrypting files for ransom
- Displaying unwanted advertisements
- Stealing login credentials
Adware primarily aims to display unwanted advertisements to users.
8. How does a logic bomb differ from a virus or worm?
- It spreads independently across networks
- It requires user interaction to activate
- It encrypts files for ransom
- It disguises itself as a legitimate program
A logic bomb requires specific conditions or actions to activate, unlike viruses or worms that can spread independently.
9. What is a characteristic of a DDoS (Distributed Denial of Service) attack?
- Data encryption
- Unauthorized access
- Overloading a server with traffic
- Replicating and spreading to other systems
DDoS attacks aim to overload a server with traffic, rendering it unavailable to legitimate users.
10. How does a fileless malware attack differ from traditional malware?
- It requires physical contact with the infected device
- It resides in system memory without a file footprint
- It spreads through infected email attachments
- It targets specific geographic locations
Fileless malware resides in system memory without leaving a traditional file footprint, making it challenging to detect.
11. Which type of malware often disguises itself as a legitimate antivirus program?
- Worm
- Ransomware
- Rootkit
- Rogue antivirus
Rogue antivirus malware pretends to be a legitimate antivirus program but is actually malicious.
12. In a phishing attack, what is the common method used to trick users into revealing sensitive information?
- Distributing malware-infected files
- Impersonating a trusted entity
- Launching DDoS attacks
- Encrypting files for ransom
Phishing attacks often involve impersonating a trusted entity to trick users into revealing sensitive information.
13. What is the primary purpose of a backdoor in the context of cybersecurity?
- Spreading across networks
- Concealing unauthorized access
- Encrypting files for ransom
- Displaying unwanted advertisements
A backdoor is designed to provide unauthorized access to a system while remaining hidden from normal security measures.
14. Which malware is designed to capture and transmit sensitive data, such as login credentials?
- Spyware
- Adware
- Keylogger
- Ransomware
Keyloggers are malware that capture and transmit sensitive data, including keystrokes, to malicious actors.
15. What is a distinguishing feature of a polymorphic virus?
- It spreads through infected email attachments
- It disguises itself as a legitimate program
- It changes its code to avoid detection
- It requires user interaction to activate
Polymorphic viruses change their code to evade detection by antivirus programs.
16. Which malware is designed to modify or destroy data on a targeted system?
- Spyware
- Ransomware
- Logic bomb
- Destroyer virus
A destroyer virus is designed to modify or destroy data on a targeted system.
17. What is the purpose of a sandbox in the context of cybersecurity?
- Displaying unwanted advertisements
- Testing and isolating potentially malicious code
- Spreading across networks
- Encrypting files for ransom
A sandbox is used to test and isolate potentially malicious code in a controlled environment.
18. How does a man-in-the-middle attack work?
- Overloading a server with traffic
- Intercepting and altering communication between two parties
- Spreading through infected email attachments
- Disguising itself as a legitimate program
In a man-in-the-middle attack, the attacker intercepts and alters communication between two parties without their knowledge.
19. Which term describes the process of disguising the origin of an attack by routing it through multiple intermediate systems?
- Spoofing
- Tunneling
- Impersonation
- Evasion
Tunneling involves routing an attack through multiple intermediate systems to disguise its origin.
20. What is the primary goal of a spear-phishing attack?
- Overloading a server with traffic
- Disguising itself as a legitimate program
- Targeting specific individuals or organizations
- Spreading through infected email attachments
Spear-phishing attacks target specific individuals or organizations with personalized and deceptive messages.
21. What is the primary purpose of a ransomware attack?
- Stealing sensitive information
- Overloading a server with traffic
- Encrypting files and demanding payment
- Intercepting and altering communication
Ransomware attacks encrypt files and demand payment for their release.
22. How does a trojan differ from other types of malware?
- It replicates and spreads to other files
- It disguises itself as a legitimate program
- It requires user interaction to activate
- It encrypts files for ransom
Trojans require user interaction to activate and perform malicious actions.
23. What is the primary characteristic of a botnet?
- Encrypting files for ransom
- Independently spreading across networks
- Providing unauthorized access to a system
- Compromising multiple computers for coordinated attacks
Botnets involve multiple compromised computers controlled by a centralized entity for coordinated attacks.
24. How does a zero-day exploit differ from other types of vulnerabilities?
- It is a known and patched vulnerability
- It targets specific geographic locations
- It is an undisclosed and unpatched vulnerability
- It requires user interaction to activate
A zero-day exploit targets undisclosed and unpatched vulnerabilities, making it challenging to defend against.
25. What is the purpose of privilege escalation in a cyber attack?
- Disguising the origin of an attack
- Intercepting and altering communication
- Increasing the level of access on a compromised system
- Spreading independently across networks
Privilege escalation involves increasing the level of access on a compromised system, providing greater control to the attacker.
- Spoofing
- Phishing
- Hacking
- Tunneling
Hacking involves the unauthorized access and use of another user's account or system resources.
27. What is the primary purpose of a honeypot in cybersecurity?
- Intercepting and altering communication
- Testing and luring potential attackers
- Disguising the origin of an attack
- Providing unauthorized access to a system
Honeypots are used to test and lure potential attackers, allowing organizations to study their methods.
28. Which type of attack involves flooding a network or server with excessive traffic to disrupt its normal functioning?
- Man-in-the-middle attack
- Spoofing attack
- DDoS attack
- Phishing attack
DDoS (Distributed Denial of Service) attacks flood a network or server with excessive traffic to disrupt normal functioning.
29. What is a buffer overflow vulnerability in the context of cybersecurity?
- Intercepting and altering communication
- Overloading a server with traffic
- Exploiting excessive data input to overwrite adjacent memory
- Disguising the origin of an attack
A buffer overflow vulnerability involves exploiting excessive data input to overwrite adjacent memory, potentially leading to unauthorized access.
- Encryption
- Authentication
- Authorization
- Tunneling
Encryption involves converting information into a code that can only be deciphered by authorized parties.
31. In the context of malware, what is a signature-based detection method?
- Monitoring network traffic for anomalies
- Identifying malware based on known patterns or signatures
- Testing and isolating potentially malicious code
- Intercepting and altering communication
Signature-based detection identifies malware based on known patterns or signatures.
32. Which term describes the practice of tricking individuals into revealing sensitive information by pretending to be a trustworthy entity?
- Spoofing
- Phishing
- Tunneling
- Evasion
Phishing involves tricking individuals into revealing sensitive information by pretending to be a trustworthy entity.
- Intercepting and altering communication
- Overloading a server with traffic
- Exploiting human psychology to manipulate individuals
- Disguising the origin of an attack
Social engineering attacks aim to exploit human psychology to manipulate individuals into revealing sensitive information or taking specific actions.
34. Which term describes the process of verifying the identity of a user, system, or application?
- Spoofing
- Authentication
- Authorization
- Encryption
Authentication is the process of verifying the identity of a user, system, or application.
35. What is the primary purpose of a firewall in the context of cybersecurity?
- Encrypting files for ransom
- Providing unauthorized access to a system
- Monitoring network traffic for anomalies
- Controlling and filtering incoming and outgoing network traffic
Firewalls are used to control and filter incoming and outgoing network traffic to prevent unauthorized access.
36. What is the primary goal of a logic bomb in a cyber attack?
- Spreading independently across networks
- Encrypting files for ransom
- Concealing unauthorized access
- Activating under specific conditions to cause harm
A logic bomb activates under specific conditions to cause harm, such as deleting or modifying data.
37. How does a heuristic-based detection method differ from a signature-based method in cybersecurity?
- It identifies malware based on known patterns or signatures
- It monitors network traffic for anomalies
- It tests and isolates potentially malicious code
- It analyzes behavior and characteristics of unknown files
Heuristic-based detection analyzes the behavior and characteristics of unknown files to identify potential threats.
- Spoofing
- Phishing
- SQL injection
- Tunneling
SQL injection involves the unauthorized access and manipulation of data stored on a website by injecting malicious SQL code.
39. What is a characteristic of a hybrid malware attack?
- It requires user interaction to activate
- It disguises itself as a legitimate program
- It combines characteristics of different types of malware
- It spreads independently across networks
Hybrid malware attacks combine characteristics of different types of malware, making them more sophisticated and versatile.
40. What is the purpose of network segmentation in the context of cybersecurity?
- Providing unauthorized access to a system
- Encrypting files for ransom
- Dividing a network into segments to enhance security
- Concealing unauthorized access
Network segmentation involves dividing a network into segments to enhance security by isolating different parts of the network.
- Encrypting files for ransom
- Concealing itself within the system's operating system
- Spreading independently across networks
- Intercepting and altering communication
Rootkits gain unauthorized access by concealing themselves within the system's operating system.
42. What is the primary purpose of an intrusion detection system (IDS) in cybersecurity?
- Encrypting files for ransom
- Concealing unauthorized access
- Monitoring and identifying suspicious activity on a network
- Spreading independently across networks
An intrusion detection system (IDS) monitors and identifies suspicious activity on a network to alert administrators of potential security threats.
- Spoofing
- Phishing
- Hacking
- Tunneling
Hacking involves exploiting software vulnerabilities to gain unauthorized access or control over a system.
44. What is the purpose of a VPN (Virtual Private Network) in cybersecurity?
- Providing unauthorized access to a system
- Encrypting files for ransom
- Establishing a secure and private connection over the internet
- Concealing unauthorized access
A VPN (Virtual Private Network) establishes a secure and private connection over the internet, enhancing privacy and security.
45. What is the primary objective of a dropper in the context of malware?
- Data exfiltration
- Delivering and installing other malicious payloads
- Deleting system files
- Initiating a denial of service attack
A dropper's main purpose is to deliver and install other malicious payloads onto a system.
46. What is a polymorphic virus known for?
- Rapid replication speed
- Changing its code to avoid detection
- Targeting specific applications
- Encrypting user files
Polymorphic viruses change their code to evade detection by antivirus software.
47. Which type of malware is designed to capture and transmit sensitive user information, such as login credentials?
- Ransomware
- Spyware
- Worm
- Rootkit
Spyware is designed to capture and transmit sensitive information, often including login credentials.
48. What is a logic bomb in the context of malware?
- Malware disguised as a legitimate program
- Malicious code that activates upon a specific event or condition
- Self-replicating malware
- Malware designed for denial of service attacks
A logic bomb is a type of malicious code that activates upon a specific event or condition.
49. Which malware type is specifically designed to spread through email attachments or links?
- Worm
- Trojan
- Macro virus
- Ransomware
Macro viruses spread through email attachments or links, often using macros in documents.
50. What is a characteristic of a fileless malware attack?
- Requires physical access to the target system
- Leaves no traditional traces on the system's hard drive
- Spreads through infected files
- Encrypts files and demands a ransom
Fileless malware attacks operate in the system's memory, leaving no traditional traces on the hard drive.