Assignment: Malware Threats | Ethical Hacking using Kali Linux (in English) - Software Development PDF Download

Multiple Choice Questions (MCQs)

Q1: What is the primary function of a Trojan horse in cybersecurity?
(a) Encrypt user data for ransom
(b) Appear as a legitimate program while performing malicious actions
(c) Spread automatically without user interaction
(d) Record keystrokes and steal credentials
Ans: (b) Appear as a legitimate program while performing malicious actions

Q2: Which of the following is an example of ransomware?
(a) WannaCry
(b) Stuxnet
(c) SQL Slammer
(d) Netbus
Ans: (a) WannaCry

Q3: What does a keylogger do?
(a) Encrypts files on a victim’s computer
(b) Records keystrokes to steal sensitive information
(c) Hides files from the user
(d) Spreads via network shares
Ans: (b) Records keystrokes to steal sensitive information

Q4: Which command is used in Linux to check running processes for malware?
(a) top
(b) ps aux
(c) ls -l
(d) df -h
Ans: (b) ps aux

Q5: Which type of malware spreads without user interaction?
(a) Virus
(b) Worm
(c) Trojan
(d) Rootkit
Ans: (b) Worm

Q6: What is a common persistence technique used by malware?
(a) Creating a registry entry
(b) Running as a guest user
(c) Using the cd command
(d) Disabling firewalls
Ans: (a) Creating a registry entry

Q7: What is the purpose of a rootkit?
(a) Encrypt user files
(b) Provide unauthorized access while remaining hidden
(c) Display fake antivirus alerts
(d) Log out users from the system
Ans: (b) Provide unauthorized access while remaining hidden

Q8: What command is used to scan for malware in a Linux system?
(a) chkrootkit
(b) netstat
(c) whoami
(d) cat /etc/passwd
Ans: (a) chkrootkit

Q9: What technique do attackers use to distribute malware via email?
(a) Phishing
(b) Port scanning
(c) DNS spoofing
(d) Keylogging
Ans: (a) Phishing

Q10: Which tool is commonly used for malware analysis?
(a) Wireshark
(b) Metasploit
(c) Volatility
(d) Aircrack-ng
Ans: (c) Volatility

Clear all your Software Development doubts with EduRev Join for Free

Join for Free

Fill in the Blanks

Q1: A ________ disguises itself as legitimate software while performing malicious actions.
Ans: Trojan horse

Q2: ________ is a type of malware that demands payment to restore access to files.
Ans: Ransomware

Q3: Attackers use ________ to send deceptive emails that trick users into downloading malware.
Ans: Phishing

Q4: ________ is a command-line tool used to detect rootkits on Linux systems.
Ans: chkrootkit

Q5: ________ is a memory forensics tool used for analyzing malware in RAM.
Ans: Volatility

True/False

1. Worms require user interaction to spread.
Ans: False

2. Keyloggers can be both hardware and software-based.
Ans: True

3. A rootkit hides itself and other malicious activities on a system.
Ans: True

4. Ransomware typically spreads through brute-force attacks.
Ans: False

5. Antivirus software can always detect zero-day malware.
Ans: False

Download the notes Assignment: Malware Threats

Download as PDF

Download as PDF

HOTS (Higher Order Thinking Skills) Questions

Q1: Your company’s network has been infected with ransomware. What immediate steps would you take to minimize damage?
Ans: Disconnect affected systems, identify the ransomware type, restore from backups, report the attack, and update security policies.

Q2: A user reports suspicious activity on their machine. You suspect a Trojan is running in the background. How would you verify and remove it?
Ans: Use ps aux (Linux) or tasklist (Windows) to check running processes, scan with chkrootkit or an antivirus, and remove malicious entries from startup.

Q3: You need to analyze a suspected malware file. What steps would you take in a controlled environment?
Ans: Use a virtual machine, analyze with Volatility, inspect network traffic with Wireshark, and decompile the malware if necessary.

Q4: An employee unknowingly clicked on a phishing email attachment. What security measures should be in place to prevent such incidents?
Ans: Implement email filtering, conduct cybersecurity training, enable multi-factor authentication, and use endpoint protection tools.

Q5: A Linux server is behaving suspiciously, and you suspect it has been compromised by a rootkit. How would you investigate?
Ans: Run chkrootkit or rkhunter, check for hidden processes (lsmod, ps aux), and inspect network activity (netstat -an).

Take a Practice Test Test yourself on topics from Software Development exam

Practice Now

Practice Now

Hands-on Coding Questions

Q1: Write a Python script to detect running processes and check for suspicious ones.
Ans:
import psutil
suspicious_processes = ["nc", "netcat", "meterpreter", "keylogger"]
for process in psutil.process_iter(['pid', 'name']):
    if process.info['name'] in suspicious_processes:
        print(f"Suspicious process detected: {process.info['name']} (PID: {process.info['pid']})")

Q2: Create a Bash script that scans for rootkits using chkrootkit and outputs the results to a log file.
Ans:
#!/bin/bash
echo "Running chkrootkit scan..." > malware_scan.log
chkrootkit >> malware_scan.log
echo "Scan complete. Check malware_scan.log for details."