Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malicious Software Slide Set #5 Textbook Chapter 6 Clicker Questions

Published byIndra Jayadi Modified over 5 years ago

Similar presentations

Presentation on theme: "Malicious Software Slide Set #5 Textbook Chapter 6 Clicker Questions"— Presentation transcript:

1 Malicious Software Slide Set #5 Textbook Chapter 6 Clicker Questions
                    Peer Instruction Questions for Intro to Computer Security by William E. Johnson, Allison Luzader, Irfan Ahmed is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

2 None/Other/More than one of the above
Consider and identify the following type of malicious software. This attaches itself to another executable program and is able to do anything that executable program can do. The malware executes secretly when the host program is run. Virus Worm Zombie, bot None/Other/More than one of the above Correct Answer = A Source: Computer Security Principles and Practice, Third Edition, page 205 Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices “Trolling for misconceptions: There is likely to be significant confusion between worms and viruses “Analysis and reasoning”—students must tear apart the behavior of the software in order to arrive at the answer “Qualitative questions” as this requires an understanding of each form of malicious software as well as its features Total count: 5 Count without none of the above: 4 Count without identify a set: 4 Count without none of the above or identify a set: 3 Complexity: Simple Presentation: Feature Identification

3 None/Other/More than one of the above
Consider and identify the following type of malicious software. This malware s a copy of itself to other systems or sends itself as an attachment via an instant message service. The malware code is run when the or attachment is received or viewed. Virus Worm Zombie, bot None/Other/More than one of the above Correct Answer = B Source: Computer Security Principles and Practice, Third Edition, page 210 Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices “Trolling for misconceptions: There is likely to be significant confusion between worms and viruses “Analysis and reasoning”—students must tear apart the behavior of the software in order to arrive at the answer “Qualitative questions” as this requires an understanding of each form of malicious software as well as its features Total count: 5 Count without none of the above: 4 Count without identify a set: 4 Count without none of the above or identify a set: 3 Complexity: Simple Presentation: Feature Identification

4 None/Other/More than one of the above
Consider and identify the following type of malicious software. This malware secretly takes over another internet-attached computer and then uses that computer to launch or manage attacks that are difficult to trace to the malware’s creator. This type of payload attacks the integrity and availability of the infected system. Virus Worm Zombie, bot None/Other/More than one of the above Correct Answer = C Source: Computer Security Principles and Practice, Third Edition, page Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices “Qualitative questions” as this requires an understanding of each form of malicious software as well as its features Total count: 3 Count without none of the above: 2 Count without identify a set: 2 Count without none of the above or identify a set: 1 Complexity: Simple Presentation: Feature Identification

5 Which of the following is true for both metamorphic and polymorphic viruses?
Both create a random encryption key to encrypt part of the virus. Both are rewritten completely with every infection and may change behavior and appearance. Both mutate with each infection. Both utilize compression to avoid detection by anti-virus software. None/Other/More than one of the above Correct Answer = C Source: Computer Security Principles and Practice, Third Edition, page 210 Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices “Compare and contrast” due to the requirement of students knowing the key features of both “Qualitative questions” as this requires an understanding of both types of viruses as well as their similarities and differences to answer correctly Total count: 4 Count without none of the above: 3 Count without identify a set: 3 Count without none of the above or identify a set: 2 Complexity: Composite, as it compares two simpler concepts Presentation: Feature Identification

6 Which of the following is true for only metamorphic viruses?
They create a random encryption key to encrypt part of the virus. They are rewritten completely with every infection and may change behavior and appearance. They mutate with each infection. They utilize compression to avoid detection by anti-virus software. None/Other/More than one of the above Correct Answer = B Source: Computer Security Principles and Practice, Third Edition, page 210 Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices “Compare and contrast” due to the requirement of students knowing the key differences between both “Reusing familiar question scenarios” due to the question only slightly pivoting from a truth for both to a truth to one of the choices “Qualitative questions” as this requires an understanding of both (polymorphic and metamorphic) types of viruses as well as their similarities and differences to answer correctly Total count: 5 Count without none of the above: 4 Count without identify a set: 4 Count without none of the above or identify a set: 3 Complexity: Composite, as it compares two simpler concepts Presentation: Feature Identification

7 Which statement below differentiates a virus from a worm?
A virus replicates into an executable. A worm can propagate on its own. A worm replicates into an executable. A virus can propagate on its own. A virus bypasses a normal security check. A worm captures keystrokes on a compromised computer. A worm bypasses a normal security check. A virus captures keystrokes on a compromised computer. None/Other/More than one of the above Correct Answer = A Source: Computer Security Principles and Practice, Third Edition, page 210 Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices “Compare and contrast” due to the requirement of students knowing the key differences between both “Qualitative questions” as this requires an understanding of the relationship between viruses and worms Total count: 4 Count without none of the above: 3 Count without identify a set: 3 Count without none of the above or identify a set: 2 Complexity: Composite, as it compares two simpler concepts Presentation: Feature Identification

8 Which statement below differentiates a botnet and a worm?
A worm propagates itself and activates itself. A worm is initially controlled by some central facility. A wormnet can act in a coordinated manner. A botnet has a remote control facility. None/Other/More than one of the above Correct Answer = E (both A and D are correct) Source: Computer Security Principles and Practice, Third Edition, page 210 Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices “Compare and contrast” due to the requirement of students knowing the key differences between both “Qualitative questions” as this requires an understanding of the relationship between botnets and worms Total count: 4 Count without none of the above: 3 Count without identify a set: 3 Count without none of the above or identify a set: 2 Complexity: Composite, as it compares two simpler concepts Presentation: Feature Identification

9 Direct kernel object manipulation (DKOM) …
is able to delete process from kernel space. removes privileges for a process so it no longer runs as root. deletes the process header for a process, essentially rendering it useless. removes the pointer to a process from the doubly-linked list so it appears as removed (hidden). None/Other/More than one of the above Correct Answer = D Source: Computer Security Principles and Practice, Third Edition, page 210 Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices Total count: 2 Count without none of the above: 1 Count without identify a set: 1 Count without none of the above or identify a set: 0 Complexity: Simple (in its context within this course) Presentation: Definitional

10 None/Other/More than one of the above
Threat mitigation is an important aspect of malware countermeasure. This word describes the act of determining that an attack has occurred and locating the malware. Identification Detection Removal None/Other/More than one of the above Correct Answer = B Source: Computer Security Principles and Practice, Third Edition, page 210 Question Triggers: “Use ‘none of the above’”: due to the provided choice “Identify a set or subset” due to the possibility of multiple choices “Qualitative questions” as this requires understanding the similarities and differences of each option in order to successfully answer the question Total count: 3 Count without none of the above: 2 Count without identify a set: 2 Count without none of the above or identify a set: 1 Complexity: Simple Presentation: Definitional

Download ppt "Malicious Software Slide Set #5 Textbook Chapter 6 Clicker Questions"

Similar presentations

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 14 Computer Security Threats

Chapter 14 Computer Security Threats
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,

Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 Malicious Software.

1 Ola Flygt Växjö University, Sweden Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Similar presentations

Ads by Google