Question 18 Malware that corrupts the target operating system in such a manner t

Question

Question 18

Malware that corrupts the target operating system in such a manner that a network defender can no longer trust the native OS is exhibiting what type of characteristics?

worm

trojan

rootkit

exploit

Question 19

code is written to target a specific vulnerability, it is often paired with a  to perform a specific function on the target system that benefits the attacker.

Question 20

is a commonly used port scanner that uses unique combinations of packets and packet flags to identify network services and the underlying operating system.

Question 21

Define and describe each phase in the defender's methodology, provide examples.

Question 22

How would the "principle of least privilege" apply when setting up a user account for a new employee?

Explanation / Answer

Question 18

Malware that corrupts the target operating system in such a manner that a network defender can no longer trust the native OS is exhibiting what type of characteristics?

worm

trojan

rootkit - This is the right answer.

Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. Obtaining this access is a result of direct attack on a system (i.e., exploiting a known vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key is the root or Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem.[2] When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment.

exploit

Question 19

code is written to target a specific vulnerability, it is often paired with a  to perform a specific function on the target system that benefits the attacker.

This is called an exploit. An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something computerized.

Question 20

is a commonly used port scanner that uses unique combinations of packets and packet flags to identify network services and the underlying operating system.

This is a Syn Scan using NDP. SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections. SYN scan works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap's FIN/NULL/Xmas, Maimon and idle scans do. It also allows clear, reliable differentiation between the open, closed, and filtered states.

Question 21

Define and describe each phase in the defender's methodology, provide examples.

Data Defender

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.