114. Which of the following are nonmalware threats?
1. Viruses
2. Worms
3. Phishing
4. Virus hoaxes
a. 1 and 2
b. 2 and 3
c. 1 and 3
d. 3 and 4
114. d. There are two forms of nonmalware threats that are often associated with malware. The first is phishing attacks, which frequently place malware or other attacker tools onto systems. The second is virus hoaxes, which are false warnings of new malware threats. Viruses and worms are true forms of malware threats.
115. Which of the following is not an example of a vulnerability mitigation technique for malware?
a. Patch management
b. Antivirus software
c. Least privilege
d. Host hardening measures
115. b. Antivirus software is an example of a threat mitigation technique for malware. Antivirus software, spyware detection and removal utility software, intrusion prevention systems, firewalls and routers, and application settings are security tools that can mitigate malware threats. Malware often attacks systems by exploiting vulnerabilities in operating systems, services, and applications. Vulnerability can usually be mitigated by patch management, least privilege, and host hardening measures.
116. Which of the following application settings used to prevent malware incidents will not stop phishing and spyware delivery?
a. Filtering spam
b. Filtering website content
c. Restricting macro use
d. Blocking Web browser pop-up windows
116. c. Applications such as word processors and spreadsheets often contain macro languages; macro viruses take advantage of this. Most common applications with macro capabilities offer macro security features that permit macros only from trusted locations or prompt the user to approve or reject each attempt to run a macro. Restricting macro use cannot stop phishing and spyware delivery.
Filtering spam is incorrect because spam is often used for phishing and spyware delivery (for example, Web bugs often are contained within spam), and it sometimes contains other types of malware. Using spam-filtering software on e-mail servers or clients or on network-based appliances can significantly reduce the amount of spam that reaches users, leading to a corresponding decline in spam-triggered malware incidents.
Filtering website content is incorrect because website content-filtering software contains lists of phishing websites and other sites that are known as hostile (i.e., attempting to distribute malware to visitors). The software can also block undesired file types, such as by file extension.
Blocking Web browser pop-up windows is incorrect because some pop-up windows are crafted to look like legitimate system message boxes or websites and can trick users into going to phony websites, including sites used for phishing, or authorizing changes to their systems, among other malicious actions. Most Web browsers can block pop-up windows; other can do so by adding a third-party pop-up blocker to the Web browser.
117. Which of the following is not a secondary source for malware incident detection?
a. Antivirus software
b. Firewall log files
c. Network-based IPS sensors
d. Capture files from packet sniffers
117. a. Antivirus software is the primary source of data for malware incident detection. Examples of secondary sources include (i) firewall and router log files, which might show blocked connection attempts, (ii) log files from e-mail servers and network-based IPS sensors, which might record e-mail headers or attachment names, (iii) packet capture files from packet sniffers, network-based IPS sensors, and network forensic analysis tools, which might contain a recording of malware-related network traffic. Host-based IPS is also a secondary source.
118. In the application security environment, system or network transparency is achieved through which of the following security principles?
a. Process isolation and hardware segmentation
b. Abstraction and accountability
c. Security kernel and reference monitor
d. Complete mediation and open design
118. a. Transparency is the ability to simplify the task of developing management applications, hiding distribution details. There are different aspects of transparency such as access failure, location, migration replication, and transaction. Transparency means the network components or segments cannot be seen by insiders and outsiders, and that actions of one user group cannot be observed by other user groups. Transparency is achieved through process isolation and hardware segmentation principles.
