A worm tries to gather information, while a virus tries to destroy data. We will also look at four ways of seeing if a rootkit is installed, by using kern_check, chkrootkit, strace and Rootkit Hunter. Integrity-Based Detection. Integrity-based detection is a substitute to both signature- and heuristic-based detection. If a biometric characteristic, like your fingerprints, is compromised, your . This makes it a more advanced type of malware that proves to be one of the most difficult to detect and remove. The Question - Which of the following security threats is defined by its self propagating characteristic? a) 5 b) 7 c) 10 d) 12 Answer: c Explanation: There are a total of 10 types of virus. Integrity-based detection is a substitute to both signature- and heuristic-based detection. It has following charactaristics. This rootkit allows us to hide files and processes and creates a backdoor on the machine that has it. Characteristics are grouped into the following categories: Anti-security, self-preservation. A. Characteristics of macro viruses Boot loader-level rootkit Hypervisor-level rootkit Library-level rootkit Kernel-level rootkit Question 29) What is the first step in the vulnerability management life cycle? This way, when the kernel enumerates processes by following the links, it won't see that . D) deleting an infected file. Question 20) Which of the following characteristics applies to the Simple Service Discovery Protocol (SSDP)? Which of the following has occurred? Rootkit which of the folowing are characteristics of a rootkit (Select two.) Which of the following attacks are examples of Denial-of-service attacks (DoS)? (choose all that apply) Can be vulnerable to denial of . Once malicious software is installed on a system, it is essential that it stays concealed, to avoid detection. CHARACTERISTICS OF A VIRUS: viruses are extremely well adapted to their host organism, virus structure varies greatly. is self-replicating. A rootkit is a set of programs installed on a system to maintain covert access to that system with administrator (or root)3 privileges, while hiding evidence of its presence to the greatest extent possible. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. Explanation. Rootkit. More Questions: CCNA Cyber Ops (v1.1) - Chapter 6 Exam Answers. You receive an email with an important attachment, but the attachment is not there. In the previous two parts of this series on the Necurs rootkit [ 1 ], [ 2 ], we looked at what it does to hook the system. As mentioned above, the rootkit builds table of ntoskrnl exports that stores pointers to functions and hashes of names. Answer (1 of 6): Depends on the type of malware. The hybrid approach is very successful and the most popular rootkit at this time. The term rootkit is a compound of "root" (the traditional name of the privileged account on Unix-like operating systems) and . b) Understands the process of exploiting network vulnerabilities. Pages 160 ; Ratings 100% (6) 6 out of 6 people found this document helpful; This preview shows page 7 - 10 out of 160 pages.preview shows page 7 - 10 out of 160 pages. Rootkits allow someone, legitimate or otherwise, to administratively control a computer. Correct Answer. ITC Chapter 2 Quiz Answers Which two characteristics describe a worm? travels to new computers without any intervention or knowledge of the user. It is a significant network and Internet security threat. b) Understands the process of exploiting network vulnerabilities. has been answered correctly and answers for the question is Rootkit More about these Exams has been answered correctly and answers for the question is Rootkit. Botnet: A number of Internet-connected devices that are running one or more bots. The second one is a kernel level rootkit named Knark. C) repairing an infected file. 28. A (n) ________ is the portion of virus code that is unique to a particular computer virus. attacker floods the victim with a huge flow of packets and uses up all the bandwidth. Trojan horse. Excellent knowledge of Windows. Which of the following are characteristics of a rootkit? - A program that performs a malicious activity at a specific time or after a triggering event. Using the NDIS interface allows a driver access to raw packets. FOLLOW n is the total number of behavior characteristics in the behavior feature library. Initially, the attacker runs tools such as Tripware, AIDE, etc. The behavioral characteristics of Rootkit can be expressed in a collection. The following signs on your device might indicate the presence of a rootkit. Following are the rootkit detection techniques: signature, heuristic, integrity, cross view-based, and runtime execution path profiling. Rootkit. Understands the process of exploiting network vulnerabilities. Autostart or other system reconfiguration. Explanation: Worm malware can execute and copy itself without being triggered by a host program. executes when software is run on a computer. . In the first and second parts of his series on the Necurs rootkit, Peter Ferrie looked at what it does to hook the system. C. 1. d) Has the highest level of security for the organization. Correct Answer The Correct Answer for this Question is Rootkit Explanation The Question - Which of the following security threats is defined by its self propagating characteristic? IPS - A rootkit is a set of software tools that enable an unauthorized user to gain controls of a computer system without being detected. Question: Which two characteristics describe a worm? Which of the following is true of a DDoS attack? Other Important Terms . 83. infects computers by attaching to software code. (2) Hides itself from detection, requires admin-level privileges for installation. - A type of malicious code similar to a virus whose primary purpose is to duplicate itself and spread, while not necessarily intentionally damaging or destroying resources. Question 7. executes when software is run on a computer. This time, we will look at what those . A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system. Rootkits can be classified in accordance with the following characteristics: Persistence: A persistent rootkit is one that is activated every time the system starts up. c) poor handling of unexpected input. Which of the following is not a common file extension type that should be restricted or blocked as an email attachment due to its likelihood to contain or host a virus? B) encryption code. (Choose two.) A. Library level rootkits B. Kernel level rootkits C. System level rootkits D. Application level rootkits Correct Answer - A Explanation - Library leve rootkits is the correct answer. Which of the following is not a typical characteristic of an ethical hacker? Using conventional tools to remove Sony's digital media malware will leave ordinary users with Windows systems unable to play CDs. However, there are some general structural characteristics that all viruses share. Which of the following statements most accurately describes the characteristics of the above networks broadcast and collision domains? Trojan. The Question - Which of the following security threats is defined by its self propagating characteristic? Following are the rootkit detection techniques: signature, heuristic, integrity, cross view-based, and runtime execution path profiling. Simple Service Discovery protocol is the basis protocol which is used to discover services in small network environments for Universal Plug and Play service. Which of the following attacks come under the category of. A collection of zombie computers have been set up to collect personal information. What is the API vulnerability revealed in . A company determined that its web site was compromised and a rootkit was installed on the server hosting the application. To do so, it must store its code in some way within the computer, and must also have some way to automatically start itself up. Which of the following choices would have most likely prevented the incident? Rootkit. A) virus signature. Software packages known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user. Q13. B. This article will explore the key concepts associated with rootkits and reverse engineering, including types of rootkits and common techniques used by rootkits, like hooking and exploitation of interrupts. In this section, we'll go through kernel rootkits, hardware & software rootkits, Hyper-V, and more. . Appropriately named after the Iliad 's famed Trojan Horse, the malware called Trojans disguises itself as desirable software and tricks users into downloading it. While NDIS exe, bat, doc, or txt. For example, created by rootkit table of ntoskrnl exports is used only in one case, when the rootkit receives special IOCTL code. The rootkit swaps pointers of the two objects neighboring its own process. Characteristics are grouped into the following categories: Anti-security, self-preservation Autostart or other system reconfiguration Deception, social engineering File drop, download, sharing, or replication Hijack, redirection, or data theft Malformation or other known malware traits Process, service, or memory object change Rootkit, cloaking Rootkits hide perfectly from most virus scanners and security solutions, meaning the user may never know they exist. A key characteristic of rootkits is that they tend not to provide any clues that they have infiltrated the system. Many instances of malware fit into multiple categories: for instance, Stuxnet is a worm, a virus and a rootkit. . b) overloading of transport-layer mechanisms. c) patience, persistence and perseverance. A worm can execute independently of the host system. Worm. What is the purpose of a Denial of Service attack? hides in a dormant state until needed by an attacker. Kerel level focuses on replaceing specific code while application level will concentrate on . Integrity-Based Detection. on a clean system. A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. B. Hijack, redirection, or data theft. (select two) Requires administrator-level privileges for installation, Hides itself from detection 6. >>Asynchronous attack Trojan horse DNS poisoning You have installed anti-malware software that checks for viruses in email attachments. A. Library level rootkits B. Kernel level rootkits C. System level rootkits D. Application level rootkits. d. has been answered correctly and answers for the question is Rootkit More about these Exams Originally, within the context of UNIX-type systems, a rootkit was a group of tools belonging to the operating system itself, such as netstat, passwd and ps, which were modified by an intruder in order to gain unlimited access to the target computer, without this intrusion being detected by the system administrator. hides in a dormant state until needed by an attacker. User mode rootkits are the furthest from the core of your computer and affect only target the software on your PC. Question: Which two characteristics describe a worm? a) Excellent knowledge of windows. A rootkit is designed to provide administrator-level access to a third party without the system owner's knowledge. The Correct Answer for this Question is. Chapter 2 Quiz Answers. Rootkit developers, wanting the best of both worlds, developed a hybrid rootkit that combines user-mode characteristics (easy to use and stable) with kernel-mode characteristics (stealthy). Rootkit 5. Virus Rootkit Trojan Worm Correct Answer The Correct Answer for this Question is Rootkit Explanation The Question - Which of the following security threats is defined by its self propagating characteristic? (Choose two.) Which of the following includes all hardware and software necessary to secure data, such as firewalls and antivirus software? Trojans impersonate . A rootkit can be classified using the following characteristics: Persistent: Activates each time the system boots. A rootkit is software that gives malicious actors remote control of a victim's computer with full administrative privileges. A) updating your antivirus software. . Uses multicast addressesQuestion. Privilege escalation C. Replay attack D. Man-in-the-middle attack Correct Answer: In Windows NT 5.x all processes active in the system are linked in a single bidirectional list. Which of the following is not a typical characteristic of an ethical hacker? File drop, download, sharing, or replication. Which of the following security policies is the company using during this entire process to mitigate the risk of hacking attacks? C) compression code. You configure the software to quarantine any files with problems. All viruses have a capsid or head region that contains its genetic material. Botnets are used to perform distributed . This provides access to all the functions and services of the operating system. More about these Exams Describe a logic bomb. Kernel rootkit. $$ U = \left\{ {u_{1} ,u_{2} , \ldots u_{n} } \right\} $$ (1) Among them, \( u_{i} \) expresses a behavior characteristic of Rootkit. A program that performs a malicious activity at a specific time or after triggering an event. Although this type of software has some legitimate uses, such as providing remote end-user support, most rootkits open a backdoor on victims' systems to introduce malicious software . d. Sysinternals' Mark Russinovich has performed an analysis of the copy restriction measures deployed by Sony Music on its latest CDs: which he bluntly calls a 'root kit'. What this means is that the rootkit can effectively add new code to the OS, or even delete and replace OS code. Answer: a. Given this, rootkits are usually designed to avoid detection and can be difficult to detect. Question 63: A hybrid virus infects both files and system sectors and may incorporate which of the following? There are two broadcast domains in the network. A worm can replicate itself, while a virus requires a host for distribution. Malformation or other known malware traits. Trojans. The rootkit must store code in a persistent store, such as the registry or file system, and configure a method by which the code executes without user intervention. In simple language, 'rootkit' is basically a software kit used to get to the root of the computer. In other words, a software kit used to gain admin access to the computer and thereby control it. This . The WP bit will need to be set and reset at multiple points in the code, so it makes programmatic sense to abstract the operations. Trojan Horse. Join us as we pull back the curtain of various types of rootkit malware, and learn about the attack vectors and the prevention measures. hides in a dormant state until needed by an attacker. Firmware rootkits. So far, we have shown only how to craft raw packets from a user-mode program. 1. travels to new computers without any intervention or knowledge of the user. Which two characteristics describe a worm? 3. Rootkits are similar to Trojans in that they serve as a backdoor to introduce more malware to the computer. Malware is Malicious Software Malware can be anything from Adware which just spams ads to you, Spyware which collects data or even Ransomware which will encrypt your data in exchange for money d) highly complex application security controls. What are the characteristics of a rootkit? Attackers use rootkits to hide malware on a device in a way that allows it to persist undetected over time, sometimes for years. executes when software is run on a computer. During that time, it can steal data or resources . You've created a message to send to another user. , Your computer system is a participant in an asymmetric cryptography system. In connection flooding, the attacker floods the victim network with a huge number of connections, so that, no other machine can connect to it. For Windows XP we will use a rootkit called Hacker Defender. , By definition, which security concept uses the ability to prove that a sender undeniably sent an encrypted message? Next characteristics show inarticulate logic of rootkit work. The following code originates from the PaX project, specifically from the native_pax_open_kernel() and native_pax_close_kernel() routines.Extra caution is taken to prevent a potential race condition caused by unlucky scheduling on SMP systems, as explained in a . QUESTION 36 A user visits their normal banking website. In fact it is used to launch the DDoS attacks called as amplification attack. d) Has the highest level of security for the organization. . A Trojan can give a malicious party remote access to an infected computer. (Select the two best answer choices) A. A worm is restricted to one system, while a virus can spread from system to system. Rootkits can prevent a harmful process from being visible in the system's list of processes, or keep its files from being read. A. Domain name kiting B. By Susan Bradley. The capsid is made of proteins and glycoproteins. A behavior characteristic can appear in Rootkit or . 83. Deception, social engineering. You have heard about a new malware program that presents itself to users as a virus scanner. A rootkit is a collection of tools that, once installed, attackers can use to create backdoors in a victim's system and introduce other types of malware to the network for further attacks. 8. Developed as a legitimate software to provide a 'backdoor' to software developers in order to fix the respective software - in case any . Ans. It is vulnerable to DDoS attacks. Rootkits that modify system's kernel object queue can hide processes as follows. infects computers by attaching to software code. This is fine for experiments, but when it comes to creating a real-world rootkit, you must be able to send and receive raw packets from the kernel. c) patience, persistence and perseverance. Once an attacker has access to an infected computer, it is possible for the . 281.651.2254 sales@securenetworkers.com Facebook What type of rootkit will patch, hook, or replace the version of system call in order to hide information? It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Changes in your settings and . They are thus also much easier to detect and remove than any other rootkits. Commonly referred to as application rootkits, they replace the executable files of standard programs like Word, Excel, Paint, or Notepad. It is considered by many to be more dangerous because it embeds itself very deeply into the user's system. (Choose two.) More about these Exams Rootkits can be injected into applications, kernels, hypervisors, or firmware. Which command should the administrator use to shred the data? Which of the following is not a typical characteristic of an ethical hacker? You have heard about a new malware program that prevents itself to users as a virus scanner. Rootkits have two primary functions: remote command/control (back door) and software eavesdropping. is self-replicating. 1. There are four broadcast domains in the network. has been answered correctly and answers for the question is Rootkit. A rootkit: > Is almost invisible software. a) weak or non-existent mechanisms for authentication. Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. B. Process, service, or memory object change. Rootkits. The following methods are used by hackers to avoid detection:Encryption and tunneling - hide or scramble the malware content Resource exhaustion - keep the host device too busy to detect the invasion Traffic fragmentation - split the malware into multiple packets Protocol-level misinterpretation - sneak by the firewall Explanation: Weak or non-existent mechanisms for authentication is an example of session layer vulnerability. A. A rootkit is a set of programs that allow attackers to maintain hidden, permanent, administrator-level access to a computer. Andrew Orlowski Tue 1 Nov 2005 // 10:25 UTC. (Choose two.) A Trojan horse, commonly known as a "Trojan," is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. on a clean system. A . Reverse engineering will give access to precise information regarding these characteristics of a rootkit, often within a matter of hours. 12. B) placing a found virus in a secure area on the hard drive. Blended threat: A malware package that combines the characteristics of multiple kinds of the malicious program like Trojans, viruses worms, seeking to exploit more than one system vulnerability. Initially, the attacker runs tools such as Tripware, AIDE, etc. This type of rootkit is designed to function at the level of the operating system itself. a. In part 3, he takes a look at what those hooks actually do. There are _____ types of computer virus. Rootkit Which of the following are characteristics of a rootkit? Explanation. The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. The URL is correct and the website is displayed in the browser, but the user gets an SSL warning that the SSL certificate is invalid as it is signed by an unknown authority. hides in a dormant state until needed by an attacker executes when software is run on a computer travels to new computers without any intervention or knowledge of the user infects computers by attaching to software code is self-replicating Explanation: Worms are []Continue reading. a) Excellent knowledge of windows. Requires administrator-level privileges for installation Hides itself from detection You have heard about a new malware program that presents itself to users as a virus scanner. Firmware rootkits are the next step in sophistication. Ans.