Malware Fundamentals – Understanding Cyber Threats

1. What is malware?

A) A type of hardware component
B) Any software designed to cause damage to a system
C) A software patch for security vulnerabilities
D) A legitimate application for system maintenance

✅ Answer: B) Any software designed to cause damage to a system
📝 Explanation: Malware (malicious software) is any program designed to harm, exploit, or disrupt systems. Examples include viruses, worms, and ransomware.

---

2. Which of the following is NOT a type of malware?

A) Worm
B) Ransomware
C) Keylogger
D) Firewall

✅ Answer: D) Firewall
📝 Explanation: A firewall is a security tool used to filter network traffic, whereas worms, ransomware, and keyloggers are all forms of malware.

---

3. What is the primary function of a Trojan horse?

A) Self-replicate across networks
B) Encrypt user files and demand a ransom
C) Appear as legitimate software while performing malicious actions
D) Capture network packets

✅ Answer: C) Appear as legitimate software while performing malicious actions
📝 Explanation: Trojans disguise themselves as useful programs but execute malicious tasks, such as creating backdoors or stealing information.

---

4. Which malware type spreads without user interaction?

A) Virus
B) Worm
C) Adware
D) Rootkit

✅ Answer: B) Worm
📝 Explanation: Worms spread automatically through networks and exploit vulnerabilities without requiring user action.

---

5. What is the main purpose of ransomware?

A) Spy on user activities
B) Disable firewalls
C) Encrypt user data and demand payment for decryption
D) Modify system boot settings

✅ Answer: C) Encrypt user data and demand payment for decryption
📝 Explanation: Ransomware encrypts a victim’s files and demands a ransom, typically in cryptocurrency, to restore access.

---

6. What is a key characteristic of a rootkit?

A) It displays intrusive advertisements
B) It hides itself and grants persistent unauthorized access
C) It sends phishing emails
D) It modifies browser settings

✅ Answer: B) It hides itself and grants persistent unauthorized access
📝 Explanation: Rootkits operate at the kernel level, allowing attackers to remain undetected while maintaining deep system access.

---

7. How does spyware typically operate?

A) Encrypts files for ransom
B) Collects and transmits user data without permission
C) Creates multiple fake antivirus alerts
D) Replicates itself across networks

✅ Answer: B) Collects and transmits user data without permission
📝 Explanation: Spyware secretly monitors and reports user activity, often used for stealing credentials or tracking behavior.

---

8. Which malware type is commonly used in botnets?

A) Adware
B) Worm
C) Trojan
D) Rootkit

✅ Answer: C) Trojan
📝 Explanation: Trojans install backdoors that allow attackers to remotely control infected machines as part of a botnet.

---

9. What makes polymorphic malware difficult to detect?

A) It requires user interaction to spread
B) It alters its code while keeping its functionality intact
C) It installs keyloggers on victim machines
D) It always encrypts data before executing

✅ Answer: B) It alters its code while keeping its functionality intact
📝 Explanation: Polymorphic malware modifies its code structure each time it executes, making traditional signature-based detection ineffective.

---

10. What is the role of a Command and Control (C2) server in malware attacks?

A) Provides a security patch for infected devices
B) Hosts downloadable malware for future infections
C) Controls and communicates with compromised machines remotely
D) Encrypts user files without permission

✅ Answer: C) Controls and communicates with compromised machines remotely
📝 Explanation: A C2 server is used by attackers to issue commands, extract data, or update malware on infected systems.

---

11. What is a logic bomb in the context of malware?

A) A virus that spreads automatically
B) A payload that activates after specific conditions are met
C) A DoS attack tool
D) A type of phishing attack

✅ Answer: B) A payload that activates after specific conditions are met
📝 Explanation: Logic bombs stay dormant until a specific event, date, or condition triggers their execution.

---

12. Which attack vector is commonly used to distribute malware?

A) Phishing emails
B) Physical USB devices
C) Malicious websites
D) All of the above

✅ Answer: D) All of the above
📝 Explanation: Malware can spread via emails, USB drives, compromised websites, and other means.

---

13. What is the primary goal of adware?

A) To encrypt files
B) To display intrusive advertisements
C) To delete system files
D) To manipulate DNS settings

✅ Answer: B) To display intrusive advertisements
📝 Explanation: Adware bombards users with pop-ups, redirects, and unwanted ads to generate revenue.

---

14. How do botnets contribute to cyberattacks?

A) They assist in ethical hacking
B) They execute coordinated cyberattacks using multiple infected devices
C) They serve as antivirus software
D) They secure network traffic

✅ Answer: B) They execute coordinated cyberattacks using multiple infected devices
📝 Explanation: Botnets are networks of compromised computers used for DDoS attacks, spamming, and credential theft.

---

15. What is the primary risk of fileless malware?

A) It cannot persist in a system
B) It operates entirely in memory, making it harder to detect
C) It modifies boot records
D) It always requires administrator privileges

✅ Answer: B) It operates entirely in memory, making it harder to detect
📝 Explanation: Fileless malware doesn’t write itself to disk and operates in RAM, bypassing traditional antivirus detection.

---

16. What is a backdoor in cybersecurity?

A) A type of antivirus
B) A vulnerability that allows unauthorized access
C) A legitimate debugging tool
D) A firewall rule

✅ Answer: B) A vulnerability that allows unauthorized access
📝 Explanation: Backdoors enable attackers to gain unauthorized remote access without the victim’s knowledge.

---

17. Which of the following is a ransomware variant?

A) WannaCry
B) Stuxnet
C) Blaster
D) MyDoom

✅ Answer: A) WannaCry
📝 Explanation: WannaCry was a notorious ransomware attack that exploited SMB vulnerabilities to spread globally.

---

18. What is cryptojacking?

A) Encrypting malware code
B) Unauthorized use of a system’s resources to mine cryptocurrency
C) Secure cryptographic hashing
D) Ransomware attack variant

✅ Answer: B) Unauthorized use of a system’s resources to mine cryptocurrency
📝 Explanation: Cryptojacking secretly hijacks CPU/GPU power to mine cryptocurrency without the user’s consent.

---

19. What is the purpose of an antivirus program?

A) To detect, prevent, and remove malware
B) To encrypt system files
C) To create logic bombs
D) To facilitate malware communication

✅ Answer: A) To detect, prevent, and remove malware
📝 Explanation: Antivirus software identifies and mitigates malware threats using signatures, heuristics, and behavioral analysis.

---

20. What is the most effective way to prevent malware infections?

A) Avoid downloading any files
B) Use a strong firewall and updated antivirus
C) Rely solely on email spam filters
D) Disable network connectivity permanently

✅ Answer: B) Use a strong firewall and updated antivirus
📝 Explanation: A layered security approach with firewalls, antivirus, and user awareness helps prevent malware infections.

---

21. What is the primary purpose of a botnet?

A) To detect and remove malware
B) To conduct automated cyberattacks using infected machines
C) To improve network security
D) To generate legitimate web traffic

✅ Answer: B) To conduct automated cyberattacks using infected machines
📝 Explanation: Botnets consist of multiple compromised devices under an attacker’s control, used for DDoS attacks, spamming, and credential theft.

---

22. What technique do cybercriminals use to obfuscate malware code?

A) Code signing
B) Packing and encryption
C) Multi-factor authentication
D) Secure boot

✅ Answer: B) Packing and encryption
📝 Explanation: Malware authors use code obfuscation techniques like packing, encryption, and polymorphism to evade detection.

---

23. Which malware specifically targets banking credentials?

A) Ransomware
B) Rootkit
C) Banking Trojan
D) Worm

✅ Answer: C) Banking Trojan
📝 Explanation: Banking Trojans steal login credentials, intercept transactions, or manipulate online banking sessions.

---

24. What is an Advanced Persistent Threat (APT)?

A) A short-lived cyberattack
B) A long-term, targeted attack by sophisticated threat actors
C) A basic form of phishing
D) A network firewall policy

✅ Answer: B) A long-term, targeted attack by sophisticated threat actors
📝 Explanation: APTs remain undetected for extended periods, often state-sponsored and aimed at espionage or data theft.

---

25. Which technique is used by ransomware to make recovery difficult?

A) Self-replication
B) Data exfiltration
C) Shadow copy deletion
D) Phishing

✅ Answer: C) Shadow copy deletion
📝 Explanation: Ransomware often deletes Windows Volume Shadow Copies to prevent victims from restoring files without paying.

---

26. What is the primary function of fileless malware?

A) Infect system firmware
B) Evade traditional antivirus by operating in memory
C) Target specific hardware components
D) Encrypt files without ransom demands

✅ Answer: B) Evade traditional antivirus by operating in memory
📝 Explanation: Fileless malware executes in system memory (RAM) rather than writing to disk, making it difficult to detect.

---

27. Which malware is designed to destroy physical infrastructure?

A) Stuxnet
B) Mirai
C) WannaCry
D) Emotet

✅ Answer: A) Stuxnet
📝 Explanation: Stuxnet was a state-sponsored cyberweapon that targeted Iranian nuclear centrifuges to sabotage infrastructure.

---

28. What is a RAT (Remote Access Trojan)?

A) A tool for secure remote administration
B) A trojan that provides unauthorized remote control over a system
C) A type of rootkit
D) A harmless debugging program

✅ Answer: B) A trojan that provides unauthorized remote control over a system
📝 Explanation: RATs allow attackers to control an infected machine remotely, often for spying, data theft, or botnet operations.

---

29. Which type of malware modifies system boot processes to gain persistence?

A) Keylogger
B) Bootkit
C) Spyware
D) Adware

✅ Answer: B) Bootkit
📝 Explanation: Bootkits modify the Master Boot Record (MBR) or UEFI firmware, ensuring malware executes before the operating system loads.

---

30. How does malvertising spread malware?

A) By exploiting software vulnerabilities
B) By injecting malicious code into legitimate online advertisements
C) Through email phishing campaigns
D) By infecting removable media

✅ Answer: B) By injecting malicious code into legitimate online advertisements
📝 Explanation: Malvertising places malicious ads on trusted websites, infecting users without clicking.

---

31. What is the purpose of scareware?

A) To encrypt system files
B) To trick users into purchasing fake security software
C) To scan files for threats
D) To enhance firewall protection

✅ Answer: B) To trick users into purchasing fake security software
📝 Explanation: Scareware displays fake virus alerts, convincing users to buy useless or malicious software.

---

32. What is an exploit kit?

A) A legitimate software development tool
B) A set of tools designed to automate malware delivery
C) A type of antivirus program
D) A firewall configuration

✅ Answer: B) A set of tools designed to automate malware delivery
📝 Explanation: Exploit kits scan for software vulnerabilities and deploy malware automatically.

---

33. What is clickjacking?

A) A method to force a user to click on a malicious link unknowingly
B) A tool for secure online transactions
C) A security feature in modern browsers
D) A form of phishing

✅ Answer: A) A method to force a user to click on a malicious link unknowingly
📝 Explanation: Clickjacking uses invisible overlays to trick users into clicking buttons or links without realizing it.

---

34. Which of the following is a common malware infection method?

A) Drive-by downloads
B) Social engineering
C) Phishing emails
D) All of the above

✅ Answer: D) All of the above
📝 Explanation: Malware can spread via drive-by downloads, phishing, and social engineering techniques.

---

35. What is a zero-day vulnerability?

A) A vulnerability exploited before the vendor releases a patch
B) A minor security flaw
C) A type of malware
D) A known and patched exploit

✅ Answer: A) A vulnerability exploited before the vendor releases a patch
📝 Explanation: Zero-day exploits target unknown vulnerabilities, making them extremely dangerous.

---

36. What is a cryptovirus?

A) A malware that encrypts files and demands a ransom
B) A secure cryptographic hashing algorithm
C) A legitimate encryption tool
D) A virus that hides in cryptocurrency wallets

✅ Answer: A) A malware that encrypts files and demands a ransom
📝 Explanation: Cryptoviruses like ransomware encrypt files and demand payment for decryption.

---

37. What type of malware hijacks search engine results?

A) Adware
B) Browser hijacker
C) Rootkit
D) Keylogger

✅ Answer: B) Browser hijacker
📝 Explanation: Browser hijackers redirect users to malicious websites by altering browser settings.

---

38. How do hackers use steganography in malware attacks?

A) By encrypting network traffic
B) By hiding malicious code inside legitimate files (e.g., images, PDFs)
C) By modifying boot sectors
D) By injecting malicious SQL queries

✅ Answer: B) By hiding malicious code inside legitimate files (e.g., images, PDFs)
📝 Explanation: Steganography conceals malware in images, videos, or documents to bypass security filters.

---

39. What is a hybrid malware attack?

A) An attack using multiple types of malware
B) A mix of phishing and brute-force attacks
C) A social engineering attack
D) A hardware-based exploit

✅ Answer: A) An attack using multiple types of malware
📝 Explanation: Hybrid malware combines different techniques (e.g., ransomware + trojan) for increased impact.

---

40. What is the most effective way to mitigate malware threats?

A) Using only antivirus software
B) Keeping software updated, using firewalls, and applying security best practices
C) Avoiding email entirely
D) Disconnecting from the internet permanently

✅ Answer: B) Keeping software updated, using firewalls, and applying security best practices
📝 Explanation: A multi-layered defense approach is the best strategy for preventing malware infections.

---

41. What is the main difference between a worm and a virus?

A) A worm spreads without user action, while a virus needs execution
B) A virus spreads faster than a worm
C) Worms can only infect mobile devices
D) Viruses are harmless, while worms are destructive

✅ Answer: A) A worm spreads without user action, while a virus needs execution
📝 Explanation: Worms self-replicate across networks without user intervention, while viruses require execution of an infected file.

---

42. What is “DLL injection” in malware attacks?

A) A technique used to inject legitimate software into a system
B) A method used by malware to execute malicious code inside another process
C) A security feature in Windows
D) A type of network attack

✅ Answer: B) A method used by malware to execute malicious code inside another process
📝 Explanation: DLL injection loads a malicious Dynamic Link Library (DLL) into a legitimate process, allowing malware to run undetected.

---

43. What is an example of a persistent malware technique?

A) Malware that deletes itself after execution
B) Malware that remains on a system even after reboot
C) Malware that only executes once
D) Malware that is only active in RAM

✅ Answer: B) Malware that remains on a system even after reboot
📝 Explanation: Persistent malware uses scheduled tasks, registry modifications, or bootkits to maintain access after reboots.

---

44. How does a rootkit maintain stealth?

A) It encrypts user data
B) It hides itself by modifying system processes and kernel functions
C) It prevents malware from executing
D) It continuously scans for new updates

✅ Answer: B) It hides itself by modifying system processes and kernel functions
📝 Explanation: Rootkits manipulate low-level system functions to remain undetected by security tools.

---

45. What is fast flux in malware attacks?

A) A technique for rapidly changing IP addresses to avoid detection
B) A malware that infects only fast internet connections
C) A method to speed up ransomware encryption
D) A type of brute-force attack

✅ Answer: A) A technique for rapidly changing IP addresses to avoid detection
📝 Explanation: Fast flux rotates IP addresses using compromised hosts to hide Command and Control (C2) servers.

---

46. How does a wiper malware differ from ransomware?

A) Wipers permanently destroy data, while ransomware encrypts it
B) Ransomware spreads through phishing, while wipers do not
C) Wipers demand payment, while ransomware does not
D) Wipers cannot affect operating systems

✅ Answer: A) Wipers permanently destroy data, while ransomware encrypts it
📝 Explanation: Unlike ransomware, wipers erase files permanently, often used in state-sponsored attacks.

---

47. What is the role of a dropper in malware attacks?

A) A dropper is used to deliver and install malware on a target system
B) A dropper removes malware from infected devices
C) A dropper speeds up malware execution
D) A dropper encrypts malware payloads

✅ Answer: A) A dropper is used to deliver and install malware on a target system
📝 Explanation: Droppers download and execute additional malware, often bypassing security measures.

---

48. Which malware attack exploits Windows LSASS (Local Security Authority Subsystem Service)?

A) Keylogging
B) Pass-the-Hash attack
C) Ransomware
D) SQL Injection

✅ Answer: B) Pass-the-Hash attack
📝 Explanation: The Pass-the-Hash attack extracts password hashes from LSASS memory and uses them to authenticate without knowing the plaintext password.

---

49. What is a bot herder in cybersecurity?

A) A person controlling a botnet
B) A security researcher analyzing malware
C) A software patch to fix bot infections
D) A network firewall rule

✅ Answer: A) A person controlling a botnet
📝 Explanation: A bot herder (botmaster) is a cybercriminal who controls a network of compromised devices (botnet).

---

50. What is the purpose of an encrypting ransomware variant?

A) To lock user accounts
B) To encrypt files and demand a ransom for decryption
C) To spread across mobile devices
D) To modify browser settings

✅ Answer: B) To encrypt files and demand a ransom for decryption
📝 Explanation: Encrypting ransomware uses strong encryption to prevent access to files unless a ransom is paid.

---

51. Which attack method is commonly used to install malware on enterprise networks?

A) Social engineering
B) Drive-by downloads
C) Malicious email attachments
D) All of the above

✅ Answer: D) All of the above
📝 Explanation: Malware spreads through phishing, drive-by downloads, and social engineering tactics.

---

52. What is a zombie computer?

A) A computer infected with malware that is controlled remotely
B) A slow-running machine
C) A system with outdated software
D) A firewall bypass tool

✅ Answer: A) A computer infected with malware that is controlled remotely
📝 Explanation: Zombie computers are part of botnets and execute attacks under hacker control.

---

53. What is a Watering Hole attack?

A) Infecting a website frequently visited by a target group
B) Sending phishing emails to random users
C) Using malware to dehydrate a system
D) Exploiting network firewall vulnerabilities

✅ Answer: A) Infecting a website frequently visited by a target group
📝 Explanation: Watering Hole attacks infect trusted websites to target specific users.

---

54. What type of malware uses legitimate system processes to execute itself?

A) Polymorphic virus
B) Fileless malware
C) Rootkit
D) Adware

✅ Answer: B) Fileless malware
📝 Explanation: Fileless malware runs in memory and abuses legitimate processes (e.g., PowerShell, WMI) to execute.

---

55. What is the purpose of an info-stealer malware?

A) To encrypt files
B) To steal sensitive information like passwords and credit card details
C) To modify DNS settings
D) To scan for security vulnerabilities

✅ Answer: B) To steal sensitive information like passwords and credit card details
📝 Explanation: Info-stealers harvest credentials, financial data, and personal information.

---

56. What is a polymorphic malware?

A) Malware that automatically spreads across networks
B) Malware that continuously changes its code to evade detection
C) Malware that targets only mobile devices
D) Malware that encrypts itself upon execution

✅ Answer: B) Malware that continuously changes its code to evade detection
📝 Explanation: Polymorphic malware modifies its code to avoid signature-based detection.

---

57. What type of malware modifies DNS settings to redirect users to malicious websites?

A) DNS hijacker
B) Keylogger
C) Wiper
D) RAT

✅ Answer: A) DNS hijacker
📝 Explanation: DNS hijackers modify DNS settings to redirect traffic to phishing or malware-infected sites.

---

58. Which attack relies on tricking users into running malicious scripts within their browser?

A) Cross-Site Scripting (XSS)
B) SQL Injection
C) Man-in-the-Middle (MITM)
D) ARP Spoofing

✅ Answer: A) Cross-Site Scripting (XSS)
📝 Explanation: XSS injects malicious scripts into trusted websites, allowing attackers to steal cookies or session data.

---

59. What is spear-phishing?

A) A highly targeted phishing attack
B) A form of malware that affects fish farms
C) A brute-force attack variant
D) A mass email campaign

✅ Answer: A) A highly targeted phishing attack
📝 Explanation: Spear-phishing targets specific individuals using personalized, deceptive messages.

---

60. How does ransomware-as-a-service (RaaS) work?

A) Cybercriminals rent ransomware kits to launch attacks
B) A free security tool
C) A legal service for securing data
D) A tool for encrypting email communication

✅ Answer: A) Cybercriminals rent ransomware kits to launch attacks
📝 Explanation: RaaS allows attackers to buy/rent ransomware tools without technical expertise.

---

61. What is a beacon in the context of malware?

A) A network scanning tool
B) A signal sent from an infected system to a Command & Control server
C) A type of honeypot
D) A tool for encrypting web traffic

✅ Answer: B) A signal sent from an infected system to a Command & Control server
📝 Explanation: Malware beacons send periodic signals to the attacker’s Command and Control (C2) server, allowing remote control over infected systems.

---

62. How does a bootkit differ from a traditional rootkit?

A) Bootkits only target macOS
B) Bootkits infect the master boot record (MBR) or UEFI, while rootkits operate at the OS level
C) Rootkits are more persistent than bootkits
D) Bootkits do not modify system files

✅ Answer: B) Bootkits infect the master boot record (MBR) or UEFI, while rootkits operate at the OS level
📝 Explanation: Bootkits gain persistence by infecting the MBR or UEFI firmware, allowing malware to load before the OS boots.

---

63. What is the primary purpose of a packer in malware development?

A) To compress malware files
B) To encrypt and obfuscate malware to evade detection
C) To optimize malware performance
D) To install malware updates

✅ Answer: B) To encrypt and obfuscate malware to evade detection
📝 Explanation: Packers modify malware code to change its signature, helping it evade antivirus and signature-based detection.

---

64. What is the purpose of a dropper in a malware infection chain?

A) To detect and remove security threats
B) To deliver and install malware onto a target system
C) To provide network firewall protection
D) To patch system vulnerabilities

✅ Answer: B) To deliver and install malware onto a target system
📝 Explanation: A dropper is a lightweight malware component used to download and execute additional payloads.

---

65. What is “living off the land” (LotL) in cyberattacks?

A) A type of environmentally friendly malware
B) The use of legitimate system tools for malicious purposes
C) A technique used only in phishing attacks
D) A method for securing endpoints

✅ Answer: B) The use of legitimate system tools for malicious purposes
📝 Explanation: LotL attacks abuse built-in system tools like PowerShell and WMI to execute malware stealthily, bypassing security tools.

---

66. Which component of malware is responsible for communicating with an attacker’s infrastructure?

A) Keylogger
B) Command and Control (C2) module
C) Adware
D) SQL injector

✅ Answer: B) Command and Control (C2) module
📝 Explanation: The C2 module allows attackers to send commands, extract data, and update malware on infected machines.

---

67. What is a crypter in malware attacks?

A) A security tool that encrypts data
B) A software that encrypts and obfuscates malware to bypass detection
C) A password management tool
D) A secure hashing algorithm

✅ Answer: B) A software that encrypts and obfuscates malware to bypass detection
📝 Explanation: Crypters make malware harder to detect by modifying its signature and hiding malicious code.

---

68. How does mobile malware differ from traditional PC malware?

A) It only affects Apple devices
B) It primarily targets mobile operating systems like Android and iOS
C) It cannot steal sensitive data
D) It spreads exclusively through USB connections

✅ Answer: B) It primarily targets mobile operating systems like Android and iOS
📝 Explanation: Mobile malware exploits vulnerabilities in Android and iOS, often spreading through malicious apps, SMS phishing, and fake app stores.

---

69. What is a rogue antivirus?

A) A legitimate antivirus solution
B) A fake security software that tricks users into paying for non-existent threats
C) A vulnerability scanner
D) A tool that helps detect and remove malware

✅ Answer: B) A fake security software that tricks users into paying for non-existent threats
📝 Explanation: Rogue antivirus programs display fake malware alerts, pressuring users into paying for bogus protection.

---

70. What is a time bomb in malware?

A) A malware that executes at a specific date or time
B) A self-destructive virus
C) A type of firewall rule
D) A malware that only affects mobile devices

✅ Answer: A) A malware that executes at a specific date or time
📝 Explanation: Time bombs remain dormant until a predefined date, time, or event triggers them.

---

71. What is a fork bomb?

A) A malware that floods system memory with processes to crash the OS
B) A phishing tool
C) A ransomware variant
D) A malware used for cryptocurrency mining

✅ Answer: A) A malware that floods system memory with processes to crash the OS
📝 Explanation: A fork bomb is a denial-of-service attack that creates an infinite loop of processes, consuming system resources.

---

72. How does metamorphic malware evade detection?

A) It changes its code structure and behavior entirely with each infection
B) It remains dormant for long periods
C) It hides inside legitimate software
D) It spreads via email attachments

✅ Answer: A) It changes its code structure and behavior entirely with each infection
📝 Explanation: Metamorphic malware completely rewrites its code while maintaining its function, making detection challenging.

---

73. What is an example of a malware that exploits a hardware vulnerability?

A) Spectre and Meltdown
B) WannaCry
C) Zeus Trojan
D) Mirai botnet

✅ Answer: A) Spectre and Meltdown
📝 Explanation: Spectre and Meltdown exploit CPU vulnerabilities to leak sensitive data across different processes.

---

74. What is an example of a malware attack targeting industrial control systems (ICS)?

A) Stuxnet
B) Cryptolocker
C) Emotet
D) Zeus

✅ Answer: A) Stuxnet
📝 Explanation: Stuxnet specifically targeted industrial systems, damaging Iranian nuclear centrifuges.

---

75. What is the primary goal of spyware?

A) Encrypt user files
B) Monitor and collect user activity without consent
C) Launch DDoS attacks
D) Modify system boot settings

✅ Answer: B) Monitor and collect user activity without consent
📝 Explanation: Spyware secretly tracks keystrokes, browsing habits, and personal information.

---

76. What is an ATM malware attack?

A) A malware that infects Automated Teller Machines (ATMs) to steal cash and card data
B) A phishing campaign targeting banks
C) A malware that disables banking apps
D) A software that detects vulnerabilities in ATMs

✅ Answer: A) A malware that infects Automated Teller Machines (ATMs) to steal cash and card data
📝 Explanation: ATM malware manipulates banking software, allowing attackers to withdraw cash fraudulently.

---

77. Which malware hijacks CPU power to mine cryptocurrency?

A) Cryptojacker
B) Ransomware
C) Spyware
D) Adware

✅ Answer: A) Cryptojacker
📝 Explanation: Cryptojacking secretly uses system resources to mine cryptocurrency without user consent.

---

78. What is the purpose of a backdoor in malware?

A) To prevent malware infections
B) To grant unauthorized remote access to attackers
C) To improve software performance
D) To block ransomware attacks

✅ Answer: B) To grant unauthorized remote access to attackers
📝 Explanation: Backdoors allow attackers to bypass authentication and control systems remotely.

---

79. How does a phishing attack typically deliver malware?

A) Through fake email links and attachments
B) By modifying firewall rules
C) By using DNS spoofing
D) By disabling system updates

✅ Answer: A) Through fake email links and attachments
📝 Explanation: Phishing emails trick users into downloading malware or entering sensitive credentials.

---

80. What is a polymorphic packer?

A) A packer that changes encryption patterns to bypass detection
B) A tool for compressing executable files
C) A network firewall rule
D) A secure boot mechanism

✅ Answer: A) A packer that changes encryption patterns to bypass detection
📝 Explanation: Polymorphic packers encrypt malware differently each time, making signature-based detection difficult.

---

81. What is the primary method that ransomware uses to spread?

A) Phishing emails with malicious attachments
B) Bluetooth file transfers
C) Mobile applications
D) DNS hijacking

✅ Answer: A) Phishing emails with malicious attachments
📝 Explanation: Most ransomware infections start through phishing emails containing infected attachments or malicious links.

---

82. What is a drive-by download attack?

A) A method to download security updates automatically
B) A technique where malware is downloaded when a user visits a compromised website
C) A legitimate download from a trusted source
D) A type of file encryption process

✅ Answer: B) A technique where malware is downloaded when a user visits a compromised website
📝 Explanation: Drive-by downloads occur without user interaction when visiting an infected website that exploits browser vulnerabilities.

---

83. Which malware spreads by infecting the firmware of a device?

A) Bootkit
B) Rootkit
C) Ransomware
D) Spyware

✅ Answer: A) Bootkit
📝 Explanation: Bootkits infect the firmware (MBR/UEFI), making them persistent even after OS reinstallations.

---

84. What is the purpose of a botnet’s Command & Control (C2) infrastructure?

A) To enhance firewall security
B) To provide attackers with remote control over compromised devices
C) To block malware infections
D) To automatically patch vulnerabilities

✅ Answer: B) To provide attackers with remote control over compromised devices
📝 Explanation: C2 servers send commands, steal data, and control botnets remotely, making them essential in DDoS, spam, and espionage campaigns.

---

85. What is a watering hole attack?

A) Infecting a commonly visited website to target specific victims
B) Phishing attacks targeting social media users
C) Infecting an ATM system with malware
D) A type of ransomware attack

✅ Answer: A) Infecting a commonly visited website to target specific victims
📝 Explanation: Watering hole attacks compromise trusted websites to deliver malware to specific user groups or organizations.

---

86. What makes modular malware different from traditional malware?

A) It uses blockchain for encryption
B) It is pre-installed in operating systems
C) It can dynamically download additional components to extend functionality
D) It does not spread

✅ Answer: C) It can dynamically download additional components to extend functionality
📝 Explanation: Modular malware can update or modify itself post-infection, making it more versatile and adaptable to targets.

---

87. What is a malvertising attack?

A) A legitimate online advertisement campaign
B) A method to distribute malware through online ads
C) A type of ransomware attack
D) A phishing attack targeting advertising companies

✅ Answer: B) A method to distribute malware through online ads
📝 Explanation: Malvertising places malicious advertisements on legitimate ad networks, infecting users without requiring them to click.

---

88. What is a shellcode in malware attacks?

A) A security patch
B) A small piece of malicious code used for exploitation
C) A type of cryptographic algorithm
D) A web-based security protocol

✅ Answer: B) A small piece of malicious code used for exploitation
📝 Explanation: Shellcode is injected into vulnerable applications to execute malicious commands, often used in buffer overflow attacks.

---

89. What is the primary purpose of spyware?

A) To encrypt files for ransom
B) To collect and transmit user data without their knowledge
C) To slow down network connections
D) To block access to specific websites

✅ Answer: B) To collect and transmit user data without their knowledge
📝 Explanation: Spyware steals information like credentials, keystrokes, and browsing habits, often used for espionage or fraud.

---

90. What type of malware hijacks search engine results and redirects users to malicious websites?

A) Rootkit
B) Browser hijacker
C) Keylogger
D) Ransomware

✅ Answer: B) Browser hijacker
📝 Explanation: Browser hijackers modify browser settings, change search results, and redirect users to fraudulent sites.

---

91. What is a bot herder in cybersecurity?

A) A tool that removes botnets from infected machines
B) A hacker who controls a botnet
C) A security researcher analyzing malware
D) A type of antivirus software

✅ Answer: B) A hacker who controls a botnet
📝 Explanation: Bot herders remotely control botnets, often using them for DDoS attacks, spam, and credential theft.

---

92. What is a steganographic malware attack?

A) A type of phishing attack
B) Hiding malicious code inside legitimate files (e.g., images, PDFs)
C) Encrypting system files for ransom
D) A method to scan for vulnerabilities

✅ Answer: B) Hiding malicious code inside legitimate files (e.g., images, PDFs)
📝 Explanation: Steganography conceals malware within media files (images, videos) to bypass security tools.

---

93. Which type of malware records and transmits a user’s keystrokes?

A) Worm
B) Keylogger
C) Adware
D) Ransomware

✅ Answer: B) Keylogger
📝 Explanation: Keyloggers capture keystrokes to steal passwords, credentials, and sensitive data.

---

94. What is an Advanced Persistent Threat (APT)?

A) A long-term, targeted cyberattack carried out by sophisticated attackers
B) A short-lived ransomware attack
C) A new type of antivirus software
D) A brute-force attack on passwords

✅ Answer: A) A long-term, targeted cyberattack carried out by sophisticated attackers
📝 Explanation: APTs target high-value entities, remaining undetected for long periods to steal sensitive data.

---

95. What is an exploit kit?

A) A legitimate security tool
B) A set of scripts that automate the process of finding and exploiting vulnerabilities
C) A tool for securing operating systems
D) A type of DDoS attack

✅ Answer: B) A set of scripts that automate the process of finding and exploiting vulnerabilities
📝 Explanation: Exploit kits scan for software vulnerabilities and automatically deliver malware to vulnerable systems.

---

96. What does a ransomware decryption key do?

A) Encrypts files for further protection
B) Unlocks files encrypted by ransomware
C) Deletes all infected files
D) Removes antivirus software

✅ Answer: B) Unlocks files encrypted by ransomware
📝 Explanation: Ransomware uses encryption, and attackers sell decryption keys to restore locked files.

---

97. How does polymorphic malware evade detection?

A) It remains dormant until triggered
B) It changes its code structure every time it infects a new system
C) It hides inside image files
D) It only affects Linux systems

✅ Answer: B) It changes its code structure every time it infects a new system
📝 Explanation: Polymorphic malware alters its signature constantly, making signature-based detection ineffective.

---

98. What is fileless malware?

A) Malware that does not exist on the victim’s system
B) Malware that operates in memory without writing to disk
C) A type of antivirus software
D) A form of adware

✅ Answer: B) Malware that operates in memory without writing to disk
📝 Explanation: Fileless malware executes in RAM, making it hard to detect using traditional security tools.

---

99. What is a backdoor?

A) A vulnerability that allows unauthorized access
B) A type of phishing attack
C) A brute-force attack
D) A type of network firewall

✅ Answer: A) A vulnerability that allows unauthorized access
📝 Explanation: Backdoors provide attackers with hidden access to compromised systems for future exploitation.

---

100. What is an air gap attack?

A) An attack on wireless networks
B) A method to infect systems that are physically isolated from networks
C) A DoS attack
D) A type of brute-force attack

✅ Answer: B) A method to infect systems that are physically isolated from networks
📝 Explanation: Air gap attacks target offline systems, often using USBs, radio waves, or compromised hardware.

---

101. What is a loader in malware operations?

A) A tool used to remove malware from infected systems
B) A malware component that loads additional malicious payloads
C) A type of network firewall
D) A security feature in modern operating systems

✅ Answer: B) A malware component that loads additional malicious payloads
📝 Explanation: A loader is a lightweight piece of malware designed to download and execute additional malicious code.

---

102. What is a packer in malware development?

A) A technique used to encrypt malware
B) A tool used to optimize code for performance
C) A type of exploit used against outdated software
D) A security feature in modern operating systems

✅ Answer: A) A technique used to encrypt malware
📝 Explanation: Packers compress and encrypt malware to obfuscate its contents and evade signature-based detection.

---

103. Which attack targets a system’s clipboard to steal sensitive information?

A) Man-in-the-Middle attack
B) Clipboard hijacking
C) SQL Injection
D) Ransomware

✅ Answer: B) Clipboard hijacking
📝 Explanation: Clipboard hijacking monitors and alters clipboard contents, often to steal cryptocurrency addresses or credentials.

---

104. What is a man-in-the-browser (MitB) attack?

A) A type of phishing attack
B) A malware that intercepts and manipulates web traffic in a browser
C) A denial-of-service attack
D) A method used to scan for vulnerabilities

✅ Answer: B) A malware that intercepts and manipulates web traffic in a browser
📝 Explanation: MitB malware modifies transactions, form submissions, or authentication processes without user knowledge.

---

105. What is a logic bomb in malware?

A) A malware that triggers after specific conditions are met
B) A self-replicating worm
C) A type of brute-force attack
D) A network scanner

✅ Answer: A) A malware that triggers after specific conditions are met
📝 Explanation: Logic bombs remain dormant until activated by a specific date, action, or event, such as an employee termination.

---

106. What is a firmware rootkit?

A) A malware that hides in system firmware to maintain persistence
B) A security patch for operating systems
C) A type of firewall configuration
D) A virus scanner

✅ Answer: A) A malware that hides in system firmware to maintain persistence
📝 Explanation: Firmware rootkits infect BIOS, UEFI, or other firmware components, allowing malware to survive reboots and OS reinstalls.

---

107. What is a scareware attack?

A) A malware that threatens users with false security warnings to buy fake antivirus software
B) A type of keylogger
C) A network-based attack
D) A cryptographic hashing tool

✅ Answer: A) A malware that threatens users with false security warnings to buy fake antivirus software
📝 Explanation: Scareware tricks users into believing their system is infected, pressuring them into purchasing bogus security tools.

---

108. What is the primary function of a botnet in a DDoS attack?

A) To protect against malware infections
B) To use multiple compromised devices to flood a target with traffic
C) To scan networks for security vulnerabilities
D) To encrypt files and demand ransom

✅ Answer: B) To use multiple compromised devices to flood a target with traffic
📝 Explanation: Botnets control thousands of infected machines to launch Distributed Denial-of-Service (DDoS) attacks.

---

109. What is an ephemeral C2 server in malware attacks?

A) A command-and-control server that changes frequently to avoid detection
B) A firewall rule that blocks all malware communication
C) A legitimate cloud-based security tool
D) A type of encrypted VPN

✅ Answer: A) A command-and-control server that changes frequently to avoid detection
📝 Explanation: Ephemeral (short-lived) C2 servers make it difficult for security tools to track and block malware communications.

---

110. What is the purpose of a persistence mechanism in malware?

A) To ensure malware remains on a system after reboots and security updates
B) To clean up system files
C) To disable other malware infections
D) To improve computer performance

✅ Answer: A) To ensure malware remains on a system after reboots and security updates
📝 Explanation: Persistence mechanisms use scheduled tasks, registry keys, bootkits, or firmware infections to survive system reboots.

---

111. How does keylogger malware steal information?

A) By monitoring and recording keystrokes
B) By injecting malicious code into system files
C) By encrypting user files
D) By modifying browser settings

✅ Answer: A) By monitoring and recording keystrokes
📝 Explanation: Keyloggers record keystrokes and send them to attackers, capturing passwords, PINs, and sensitive data.

---

112. What is the primary objective of banking Trojans?

A) To monitor internet browsing habits
B) To steal online banking credentials and manipulate financial transactions
C) To execute ransomware attacks
D) To launch DDoS attacks

✅ Answer: B) To steal online banking credentials and manipulate financial transactions
📝 Explanation: Banking Trojans intercept credentials, modify transactions, and inject fake banking forms.

---

113. How does a macro virus typically spread?

A) Through infected email attachments containing malicious macros
B) By exploiting browser vulnerabilities
C) By executing kernel-level exploits
D) By modifying antivirus signatures

✅ Answer: A) Through infected email attachments containing malicious macros
📝 Explanation: Macro viruses use malicious scripts in Word or Excel documents to execute malware when opened.

---

114. What is the function of a ransomware affiliate in a Ransomware-as-a-Service (RaaS) model?

A) To distribute ransomware in exchange for a share of the profits
B) To decrypt files after an attack
C) To act as a cybersecurity consultant
D) To prevent malware execution

✅ Answer: A) To distribute ransomware in exchange for a share of the profits
📝 Explanation: RaaS allows cybercriminals to rent ransomware kits, paying affiliates a percentage of ransom payments.

---

115. What makes worm malware particularly dangerous?

A) It self-replicates and spreads without user intervention
B) It encrypts user files
C) It requires phishing emails to spread
D) It only affects mobile devices

✅ Answer: A) It self-replicates and spreads without user intervention
📝 Explanation: Worms exploit network vulnerabilities to propagate automatically across systems.

---

116. What is the primary attack vector for mobile ransomware?

A) Infected email attachments
B) Malicious apps downloaded from unofficial sources
C) SQL injection attacks
D) Denial-of-Service (DoS) attacks

✅ Answer: B) Malicious apps downloaded from unofficial sources
📝 Explanation: Mobile ransomware often spreads through fake apps from third-party stores that lock the device and demand ransom.

---

117. What is a rootkit’s primary goal?

A) To make a system run faster
B) To hide malware and maintain privileged access
C) To remove antivirus software
D) To encrypt all files on a system

✅ Answer: B) To hide malware and maintain privileged access
📝 Explanation: Rootkits operate at kernel-level, modifying system behavior to conceal malicious activities.

---

118. What is the primary characteristic of metamorphic malware?

A) It creates an exact copy of itself
B) It rewrites its entire codebase upon infection
C) It remains dormant indefinitely
D) It spreads via USB devices only

✅ Answer: B) It rewrites its entire codebase upon infection
📝 Explanation: Metamorphic malware changes its internal structure while keeping its functionality, making it harder to detect.

---

💡 Let me know if you want more MCQs or another topic! 🚀

4o

You said:

Nice, now add more question here from 119-140, don’t repete previous question

ChatGPT said:

Here are 22 more MCQs (119-140) on “Malware Fundamentals – Understanding Cyber Threats” with detailed explanations for each answer.

---

Malware Fundamentals – Understanding Cyber Threats

Total Questions: 140

Difficulty: Advanced

---

119. What is an APT (Advanced Persistent Threat) primarily used for?

A) Stealing data over an extended period
B) Encrypting files for ransom
C) Performing denial-of-service (DoS) attacks
D) Redirecting web traffic

✅ Answer: A) Stealing data over an extended period
📝 Explanation: APTs are prolonged cyberattacks by sophisticated actors (often nation-states) to steal sensitive information.

---

120. How does a worm differ from a traditional Trojan?

A) A worm spreads automatically, while a Trojan requires user execution
B) Trojans always cause immediate system crashes
C) Worms only infect web applications
D) Trojans cannot be removed once executed

✅ Answer: A) A worm spreads automatically, while a Trojan requires user execution
📝 Explanation: Worms self-propagate across networks without user interaction, whereas Trojans rely on social engineering.

---

121. What type of malware encrypts files but does NOT demand ransom?

A) Wiper malware
B) Ransomware
C) Adware
D) Keylogger

✅ Answer: A) Wiper malware
📝 Explanation: Unlike ransomware, wipers erase or encrypt files permanently without offering recovery.

---

122. What is a cryptolocker attack?

A) A type of banking malware
B) A ransomware variant that encrypts files and demands payment
C) A worm that spreads via USB
D) A botnet communication tool

✅ Answer: B) A ransomware variant that encrypts files and demands payment
📝 Explanation: Cryptolocker ransomware encrypts user files and demands ransom for decryption keys.

---

123. What is the primary target of IoT malware?

A) Industrial systems and smart devices
B) Financial records
C) Antivirus software
D) Social media profiles

✅ Answer: A) Industrial systems and smart devices
📝 Explanation: IoT malware compromises smart devices (CCTV, routers, medical equipment), often using them for botnets.

---

124. What is the purpose of ransomware-as-a-service (RaaS)?

A) To provide cybersecurity training
B) To allow cybercriminals to use pre-built ransomware in exchange for a share of profits
C) To offer free antivirus solutions
D) To conduct security audits

✅ Answer: B) To allow cybercriminals to use pre-built ransomware in exchange for a share of profits
📝 Explanation: RaaS lets attackers rent ransomware kits to launch attacks without technical knowledge.

---

125. What is the primary risk associated with fileless malware?

A) It does not persist after a reboot
B) It operates in system memory, making it hard to detect
C) It only affects Linux systems
D) It spreads exclusively through email attachments

✅ Answer: B) It operates in system memory, making it hard to detect
📝 Explanation: Fileless malware avoids disk-based detection by executing entirely in RAM.

---

126. What does a botnet primarily do?

A) Encrypts all files on a target system
B) Provides free VPN services
C) Uses compromised devices for coordinated cyberattacks
D) Removes malware from infected systems

✅ Answer: C) Uses compromised devices for coordinated cyberattacks
📝 Explanation: Botnets control infected machines to perform DDoS attacks, spamming, and credential theft.

---

127. What is a watering hole attack?

A) Infecting a trusted website to target specific users
B) Sending mass phishing emails
C) Encrypting DNS requests
D) A variant of ransomware

✅ Answer: A) Infecting a trusted website to target specific users
📝 Explanation: Watering hole attacks compromise frequently visited websites to infect specific victims.

---

128. Which malware records user input without their knowledge?

A) Keylogger
B) Worm
C) Rootkit
D) Adware

✅ Answer: A) Keylogger
📝 Explanation: Keyloggers record keystrokes to steal credentials, banking details, and personal data.

---

129. How does a drive-by download infection occur?

A) By visiting a malicious or compromised website
B) By clicking on a phishing email
C) By opening an infected PDF file
D) By scanning for open ports

✅ Answer: A) By visiting a malicious or compromised website
📝 Explanation: Drive-by downloads deliver malware when users visit infected websites, often exploiting browser vulnerabilities.

---

130. What is a polymorphic virus?

A) A virus that changes its code to evade detection
B) A type of fileless malware
C) A network security tool
D) A worm that spreads via emails

✅ Answer: A) A virus that changes its code to evade detection
📝 Explanation: Polymorphic viruses modify their code structure while maintaining the same functionality, making detection difficult.

---

131. What is a ransomware kill switch?

A) A method to prevent ransomware from executing
B) A function that forces users to pay ransom
C) A kill signal used to delete encrypted files
D) A technique used to enhance encryption

✅ Answer: A) A method to prevent ransomware from executing
📝 Explanation: A kill switch disables ransomware execution, either through security patches or hardcoded vulnerabilities.

---

132. What is a dropper in malware terminology?

A) A program that delivers and executes malware
B) A software used for removing viruses
C) A type of adware
D) A security tool

✅ Answer: A) A program that delivers and executes malware
📝 Explanation: A dropper is a lightweight malware component designed to install additional malicious payloads.

---

133. Which malware is known for targeting industrial control systems (ICS)?

A) Stuxnet
B) Zeus
C) Emotet
D) SpyEye

✅ Answer: A) Stuxnet
📝 Explanation: Stuxnet was designed to sabotage industrial equipment, particularly Iranian nuclear centrifuges.

---

134. How does ransomware typically encrypt files?

A) Using symmetric and asymmetric cryptographic algorithms
B) By modifying user permissions
C) By injecting malicious SQL queries
D) By intercepting network traffic

✅ Answer: A) Using symmetric and asymmetric cryptographic algorithms
📝 Explanation: Ransomware uses AES or RSA encryption, making decryption without the key nearly impossible.

---

135. What is a ransomware double extortion attack?

A) Encrypting files and threatening to leak stolen data
B) Encrypting files twice to demand double ransom
C) Encrypting files and executing a denial-of-service attack
D) Encrypting files and deleting antivirus software

✅ Answer: A) Encrypting files and threatening to leak stolen data
📝 Explanation: Double extortion ransomware encrypts files and also steals data, forcing victims to pay to prevent leaks.

---

136. What is the primary goal of malvertising?

A) To exploit users via malicious advertisements
B) To secure web applications
C) To generate legitimate revenue
D) To remove malware from websites

✅ Answer: A) To exploit users via malicious advertisements
📝 Explanation: Malvertising uses fake or compromised ads to deliver malware to unsuspecting users.

---

137. How do cybercriminals distribute banking Trojans?

A) Through phishing emails and fake banking apps
B) By exploiting firewall vulnerabilities
C) By injecting code into DNS queries
D) By modifying SSL certificates

✅ Answer: A) Through phishing emails and fake banking apps
📝 Explanation: Banking Trojans steal credentials by tricking users into downloading fake banking applications.

---

138. What is a file binder in malware attacks?

A) A tool that combines multiple files into a single executable
B) A security patch to prevent file infections
C) A method to detect fileless malware
D) A process that isolates infected files

✅ Answer: A) A tool that combines multiple files into a single executable
📝 Explanation: File binders are used to attach malware to legitimate files, making it harder to detect malicious intent.

---

139. What is the primary purpose of a web skimmer?

A) To steal payment information from online checkout pages
B) To encrypt web traffic
C) To block advertisements
D) To analyze web traffic logs

✅ Answer: A) To steal payment information from online checkout pages
📝 Explanation: Web skimmers (Magecart attacks) inject malicious JavaScript into websites to capture credit card details during transactions.

---

140. Which malware is designed to disrupt critical infrastructure?

A) Stuxnet
B) TrickBot
C) Emotet
D) LokiBot

✅ Answer: A) Stuxnet
📝 Explanation: Stuxnet targeted industrial control systems, specifically Iranian nuclear centrifuges.

---

141. What is a rogue DHCP server attack?

A) A method where malware manipulates network settings to redirect traffic
B) A ransomware variant
C) A technique used in SQL Injection attacks
D) A way to encrypt files over a network

✅ Answer: A) A method where malware manipulates network settings to redirect traffic
📝 Explanation: A rogue DHCP server assigns malicious DNS settings, redirecting users to phishing or malware-laden websites.

---

142. What is an example of “ransomcloud” malware?

A) Ransomware that encrypts cloud-based emails and documents
B) A botnet used for cloud-based DDoS attacks
C) Malware that infects cloud storage devices
D) A security tool for cloud-based environments

✅ Answer: A) Ransomware that encrypts cloud-based emails and documents
📝 Explanation: Ransomcloud encrypts files stored in cloud services (e.g., OneDrive, Google Drive), forcing victims to pay to regain access.

---

143. What type of malware is used in cryptojacking attacks?

A) Coin-mining malware
B) Rootkits
C) Fileless malware
D) Bootkits

✅ Answer: A) Coin-mining malware
📝 Explanation: Cryptojacking malware secretly uses system resources to mine cryptocurrency, reducing performance.

---

144. What is “fast flux” in cybercrime?

A) A method of frequently changing DNS records to avoid detection
B) A technique used for rapid ransomware encryption
C) A self-replicating worm
D) A method for detecting malware

✅ Answer: A) A method of frequently changing DNS records to avoid detection
📝 Explanation: Fast flux constantly rotates IP addresses, helping cybercriminals hide malicious infrastructure.

---

145. How does an “overlay attack” work in mobile malware?

A) It displays a fake login page over a legitimate app to steal credentials
B) It encrypts mobile files for ransom
C) It blocks the user from accessing network settings
D) It executes shellcode remotely

✅ Answer: A) It displays a fake login page over a legitimate app to steal credentials
📝 Explanation: Overlay attacks trick users into entering sensitive information on fake login screens placed over real apps.

---

146. What is a “honeypot” used for in cybersecurity?

A) A system designed to attract and analyze malware attacks
B) A type of adware
C) A botnet control system
D) A firewall bypass tool

✅ Answer: A) A system designed to attract and analyze malware attacks
📝 Explanation: Honeypots simulate vulnerable systems to study malware behavior and attacker techniques.

---

147. What is the main characteristic of a “rootkit”?

A) It hides malicious processes and files from detection
B) It steals credit card data
C) It encrypts user files and demands ransom
D) It redirects web traffic

✅ Answer: A) It hides malicious processes and files from detection
📝 Explanation: Rootkits operate at the OS level to conceal malware and persist in infected systems.

---

148. What is a “zombie process” in malware attacks?

A) A process that remains running even after termination
B) A process controlled remotely as part of a botnet
C) A process that deletes itself after execution
D) A process that encrypts files before activation

✅ Answer: B) A process controlled remotely as part of a botnet
📝 Explanation: Zombie processes operate under attacker control, allowing botnets to launch DDoS attacks or spam campaigns.

---

149. How does malware use “session hijacking”?

A) By stealing session cookies to impersonate users
B) By encrypting system sessions
C) By deleting browsing history
D) By injecting fake login forms

✅ Answer: A) By stealing session cookies to impersonate users
📝 Explanation: Session hijacking captures authentication cookies, allowing attackers to bypass login credentials.

---

150. What type of malware replaces legitimate system updates with malicious ones?

A) Supply chain malware
B) Adware
C) Bootkits
D) Spyware

✅ Answer: A) Supply chain malware
📝 Explanation: Supply chain attacks infect software updates to deliver malware via trusted sources.

---

151. What is a “clipboard hijacker” in cryptocurrency theft?

A) Malware that modifies copied wallet addresses to steal transactions
B) A tool to clear clipboard history
C) A type of ransomware
D) A phishing attack targeting blockchain users

✅ Answer: A) Malware that modifies copied wallet addresses to steal transactions
📝 Explanation: Clipboard hijackers replace copied cryptocurrency addresses with attacker-controlled ones.

---

152. What is the main danger of “ransomware worms”?

A) They spread automatically across networks, encrypting multiple devices
B) They only affect outdated operating systems
C) They require admin privileges to execute
D) They operate only in offline environments

✅ Answer: A) They spread automatically across networks, encrypting multiple devices
📝 Explanation: Ransomware worms self-propagate using vulnerabilities, as seen in WannaCry and NotPetya.

---

153. How does a “clickjacking” attack work?

A) By making users click on invisible malicious elements
B) By modifying browser cookies
C) By stealing clipboard data
D) By forcing users to visit phishing websites

✅ Answer: A) By making users click on invisible malicious elements
📝 Explanation: Clickjacking overlays invisible UI elements on legitimate pages, tricking users into performing unintended actions.

---

154. What is the primary goal of “exfiltration malware”?

A) To stealthily transfer stolen data to an attacker
B) To block network access
C) To encrypt system files
D) To modify firewall settings

✅ Answer: A) To stealthily transfer stolen data to an attacker
📝 Explanation: Exfiltration malware collects and sends confidential information to an attacker’s remote server.

---

155. What is a “ransom note” in ransomware attacks?

A) A message displayed by ransomware demanding payment
B) A legal document regarding cyber insurance
C) A software patch against encryption
D) A security warning about phishing emails

✅ Answer: A) A message displayed by ransomware demanding payment
📝 Explanation: Ransom notes instruct victims on how to pay to recover encrypted files.

---

156. What is a ransomware “affiliate” in the Ransomware-as-a-Service (RaaS) model?

A) A cybersecurity professional hired to prevent ransomware attacks
B) A cybercriminal who distributes ransomware in exchange for a share of ransom payments
C) A tool used to decrypt ransomware-encrypted files
D) A security researcher who reports vulnerabilities

✅ Answer: B) A cybercriminal who distributes ransomware in exchange for a share of ransom payments
📝 Explanation: Affiliates rent ransomware kits from RaaS providers and launch attacks, earning a percentage of ransom payments.

---

157. What is a “watering hole” attack primarily used for?

A) Exploiting commonly visited websites to target specific victims
B) Infecting removable storage devices
C) Modifying DNS records to reroute traffic
D) Launching email-based phishing campaigns

✅ Answer: A) Exploiting commonly visited websites to target specific victims
📝 Explanation: Watering hole attacks compromise trusted websites to infect users from specific organizations or industries.

---

158. What is the main function of “spyware”?

A) To track user activities and steal sensitive information
B) To encrypt files and demand ransom
C) To launch denial-of-service (DDoS) attacks
D) To inject malicious advertisements

✅ Answer: A) To track user activities and steal sensitive information
📝 Explanation: Spyware secretly monitors user behavior, logs keystrokes, and collects personal data.

---

159. How does a “Trojan dropper” differ from a standard Trojan?

A) A Trojan dropper installs additional malware on the infected system
B) A Trojan dropper spreads automatically like a worm
C) A Trojan dropper deletes itself after execution
D) A Trojan dropper encrypts files instead of delivering payloads

✅ Answer: A) A Trojan dropper installs additional malware on the infected system
📝 Explanation: Trojan droppers are used to download and install additional malicious components onto infected systems.

---

160. What is a “dead drop resolver” in malware operations?

A) A method used to retrieve malware commands from legitimate websites
B) A security feature in antivirus software
C) A way to block malware execution
D) A tool for forensic analysis

✅ Answer: A) A method used to retrieve malware commands from legitimate websites
📝 Explanation: Dead drop resolvers store command-and-control (C2) instructions on public sites (e.g., social media, Pastebin) to avoid detection.

---

161. What is the primary goal of “session hijacking” malware?

A) To take control of an active user session and impersonate the user
B) To delete system logs and hide attacker activities
C) To inject advertisements into web pages
D) To modify firewall configurations

✅ Answer: A) To take control of an active user session and impersonate the user
📝 Explanation: Session hijacking steals session cookies, allowing attackers to bypass authentication and act as the user.

---

162. How does “fileless malware” avoid detection?

A) By operating in system memory instead of writing to disk
B) By encrypting all files in the operating system
C) By using multiple layers of compression
D) By only executing during boot sequences

✅ Answer: A) By operating in system memory instead of writing to disk
📝 Explanation: Fileless malware executes in RAM, avoiding signature-based detection since it does not leave files on disk.

---

163. What is “multi-stage malware”?

A) Malware that executes in multiple phases, often downloading additional components
B) A single-stage attack that encrypts files immediately
C) A malware variant that only affects industrial control systems
D) A cybersecurity tool used for penetration testing

✅ Answer: A) Malware that executes in multiple phases, often downloading additional components
📝 Explanation: Multi-stage malware deploys initial payloads (e.g., droppers) to fetch and execute additional malicious code.

---

164. What is a “command-and-control (C2) framework” used for in malware attacks?

A) To remotely control infected systems and issue commands
B) To generate cryptographic hashes
C) To defend against botnet infections
D) To update antivirus definitions

✅ Answer: A) To remotely control infected systems and issue commands
📝 Explanation: C2 frameworks allow attackers to communicate with and manage infected machines within a botnet.

---

165. How does “ransomware double extortion” work?

A) By encrypting files and threatening to leak stolen data if ransom is not paid
B) By encrypting the same files twice with two different keys
C) By demanding two separate ransom payments
D) By infecting two devices at once

✅ Answer: A) By encrypting files and threatening to leak stolen data if ransom is not paid
📝 Explanation: Double extortion forces victims to pay both to recover files and to prevent public leaks of stolen data.

---

166. What is “malvertising”?

A) Using online advertisements to distribute malware
B) A security feature in browsers
C) A phishing technique targeting advertisers
D) A tool for bypassing VPN restrictions

✅ Answer: A) Using online advertisements to distribute malware
📝 Explanation: Malvertising uses legitimate ad networks to inject malicious code, often leading to drive-by downloads.

---

167. What is a “bot herder” in cybersecurity?

A) A cybercriminal who controls a botnet
B) A tool for analyzing bot traffic
C) A legitimate software used to monitor server logs
D) A method of hiding malware in images

✅ Answer: A) A cybercriminal who controls a botnet
📝 Explanation: A bot herder manages and issues commands to a network of infected computers (botnet).

---

168. What is “rootkit persistence”?

A) A method used by rootkits to maintain access even after reboots
B) A process that prevents malware from executing
C) A type of firewall rule
D) A vulnerability scanning tool

✅ Answer: A) A method used by rootkits to maintain access even after reboots
📝 Explanation: Rootkits modify system components (e.g., kernel, boot records) to remain hidden and persist after reboots.

---

169. What is an “exploit kit”?

A) A set of tools designed to find and exploit software vulnerabilities
B) A security framework used by ethical hackers
C) A tool that prevents malware infections
D) A botnet communication method

✅ Answer: A) A set of tools designed to find and exploit software vulnerabilities
📝 Explanation: Exploit kits scan for unpatched software vulnerabilities and automatically deploy malware.

---

170. How does a “Trojan proxy” operate?

A) It turns infected systems into proxies for malicious traffic
B) It encrypts user files
C) It redirects DNS queries
D) It prevents malware execution

✅ Answer: A) It turns infected systems into proxies for malicious traffic
📝 Explanation: Trojan proxies turn compromised devices into relay points for spam, fraud, and command-and-control (C2) communication.

---

171. What is “IoT botnet malware”?

A) Malware that infects Internet of Things (IoT) devices and forms botnets
B) A security tool for IoT networks
C) A type of firewall rule
D) A method used to encrypt IoT communications

✅ Answer: A) Malware that infects Internet of Things (IoT) devices and forms botnets
📝 Explanation: IoT botnet malware, like Mirai, compromises IoT devices (routers, cameras) and uses them for DDoS attacks.

---

172. What is a “fileless ransomware” attack?

A) A ransomware variant that operates entirely in memory without writing files to disk
B) A ransomware attack that spreads via USB devices
C) A type of malware that removes encrypted files instead of demanding ransom
D) A method of encrypting operating system files

✅ Answer: A) A ransomware variant that operates entirely in memory without writing files to disk
📝 Explanation: Fileless ransomware runs in RAM, avoiding detection by traditional security tools that scan disk-based threats.

---

173. What is “steganographic malware”?

A) Malware that hides malicious code within images, videos, or other media
B) A tool used for malware detection
C) A method of encrypting communication channels
D) A cybersecurity term for phishing attacks

✅ Answer: A) Malware that hides malicious code within images, videos, or other media
📝 Explanation: Steganographic malware conceals its payload inside legitimate files to evade detection by security solutions.

---

174. How does a “living off the land” (LotL) attack work?

A) By abusing legitimate system tools to execute malicious actions
B) By distributing malware through phishing emails
C) By infecting mobile devices through fake apps
D) By using rogue wireless access points

✅ Answer: A) By abusing legitimate system tools to execute malicious actions
📝 Explanation: LotL attacks leverage built-in tools like PowerShell and WMI, reducing the need for external malware payloads.

---

175. What is a “backdoor Trojan”?

A) A malware that provides unauthorized remote access to an attacker
B) A tool used to secure remote desktops
C) A network monitoring tool
D) A type of firewall rule

✅ Answer: A) A malware that provides unauthorized remote access to an attacker
📝 Explanation: Backdoor Trojans install hidden access points, allowing attackers to control infected systems remotely.

---

176. What is the primary function of “ransomware lockers”?

A) To lock users out of their systems until a ransom is paid
B) To encrypt network traffic
C) To monitor network activity
D) To patch vulnerabilities

✅ Answer: A) To lock users out of their systems until a ransom is paid
📝 Explanation: Locker ransomware restricts access to a device, displaying a ransom demand instead of encrypting files.

---

177. What is the main goal of “point-of-sale (POS) malware”?

A) To steal payment card information from POS terminals
B) To launch denial-of-service (DDoS) attacks
C) To encrypt POS system files
D) To modify database records

✅ Answer: A) To steal payment card information from POS terminals
📝 Explanation: POS malware captures payment data from credit/debit card transactions, often used in retail cyberattacks.

---

178. What is “spear-phishing”?

A) A targeted phishing attack aimed at specific individuals or organizations
B) A type of phishing that infects users via social media
C) A ransomware variant
D) A brute-force password attack

✅ Answer: A) A targeted phishing attack aimed at specific individuals or organizations
📝 Explanation: Spear-phishing uses personalized emails to trick victims into revealing credentials or downloading malware.

---

179. What is a “wormable” ransomware?

A) Ransomware that spreads automatically like a worm
B) Ransomware that targets only Linux servers
C) A ransomware variant that cannot be decrypted
D) A ransomware that operates only in offline environments

✅ Answer: A) Ransomware that spreads automatically like a worm
📝 Explanation: Wormable ransomware (e.g., WannaCry) exploits vulnerabilities to self-propagate across networks.

---

180. What does “command-and-control (C2) evasion” refer to?

A) A method used by malware to hide its communication with an attacker
B) A security feature in modern operating systems
C) A malware removal technique
D) A technique for blocking phishing emails

✅ Answer: A) A method used by malware to hide its communication with an attacker
📝 Explanation: C2 evasion techniques include encryption, fast flux, and domain fronting to bypass security monitoring.

---

181. How does “click fraud malware” generate revenue for cybercriminals?

A) By simulating user clicks on online ads to generate fraudulent ad revenue
B) By forcing victims to make online purchases
C) By redirecting users to phishing websites
D) By stealing cryptocurrency

✅ Answer: A) By simulating user clicks on online ads to generate fraudulent ad revenue
📝 Explanation: Click fraud malware uses botnets to perform automated clicks, manipulating ad revenue systems.

---

182. What is a “spyware variant” known as a “stalkerware”?

A) Spyware used to monitor individuals without their consent
B) Malware that encrypts files and demands ransom
C) A tool for ethical hacking
D) A web tracking technology used for targeted ads

✅ Answer: A) Spyware used to monitor individuals without their consent
📝 Explanation: Stalkerware is spyware used to secretly track someone’s location, messages, and activities.

---

183. What does a “remote access Trojan (RAT)” allow an attacker to do?

A) Gain full control over an infected system remotely
B) Prevent malware execution
C) Scan for vulnerabilities in a network
D) Encrypt all files on a system

✅ Answer: A) Gain full control over an infected system remotely
📝 Explanation: RATs provide attackers with full remote access, allowing them to execute commands, steal data, and spy on victims.

---

184. What is a “malware kill switch”?

A) A built-in feature that disables the malware under certain conditions
B) A security tool used to remove malware
C) A method for encrypting files
D) A way to launch a denial-of-service attack

✅ Answer: A) A built-in feature that disables the malware under certain conditions
📝 Explanation: Some malware has a kill switch that can disable its operations, either intentionally by the developers or accidentally.

---

185. What is “ransomware-as-a-service (RaaS)”?

A) A cybercrime business model where attackers lease ransomware tools
B) A cloud-based security service
C) A government-backed cybersecurity initiative
D) A tool for decrypting ransomware

✅ Answer: A) A cybercrime business model where attackers lease ransomware tools
📝 Explanation: RaaS allows cybercriminals to use pre-built ransomware kits in exchange for a share of the ransom payments.

---

186. What is “malspam”?

A) Spam emails containing malware attachments or links
B) A spam filter used to block malicious emails
C) A type of social engineering attack
D) A security patch against phishing attacks

✅ Answer: A) Spam emails containing malware attachments or links
📝 Explanation: Malspam spreads malware through infected email attachments, malicious links, or exploit kits.

---

187. What is a “Trojan banker”?

A) A type of Trojan designed to steal online banking credentials
B) A cybersecurity tool used for network monitoring
C) A botnet used for DDoS attacks
D) A type of malware that modifies DNS records

✅ Answer: A) A type of Trojan designed to steal online banking credentials
📝 Explanation: Banking Trojans trick users into entering financial details on fake banking websites.

---

188. What is a “dropper” in malware terminology?

A) A program that installs malware onto a target system
B) A security tool used to prevent malware infections
C) A firewall component that blocks malicious traffic
D) A phishing attack that tricks users into revealing passwords

✅ Answer: A) A program that installs malware onto a target system
📝 Explanation: Droppers do not carry harmful payloads themselves but deliver other types of malware, such as Trojans or ransomware.

---

189. How does “spyware” typically operate?

A) By silently collecting user activity and transmitting it to attackers
B) By encrypting files and demanding a ransom
C) By injecting malicious advertisements into web pages
D) By deleting system logs

✅ Answer: A) By silently collecting user activity and transmitting it to attackers
📝 Explanation: Spyware monitors user activity, often stealing credentials, browsing history, and keystrokes.

---

190. What is a “payload” in the context of malware?

A) The malicious component of malware that performs a specific function
B) A security feature in modern operating systems
C) A tool used for scanning for malware infections
D) A part of antivirus software

✅ Answer: A) The malicious component of malware that performs a specific function
📝 Explanation: A payload is the actual malicious action executed by the malware, such as data theft, file encryption, or system compromise.

---

191. What is the primary goal of “malvertising”?

A) To distribute malware via online advertisements
B) To block advertisements on malicious websites
C) To encrypt website data for ransom
D) To scan network traffic for vulnerabilities

✅ Answer: A) To distribute malware via online advertisements
📝 Explanation: Malvertising injects malicious code into legitimate ad networks, infecting users who view or click on the ads.

---

192. What is a “zero-click attack” in malware delivery?

A) An attack that does not require user interaction to execute
B) A phishing attack that tricks users into clicking malicious links
C) A type of ransomware attack that encrypts files instantly
D) A brute-force attack targeting login credentials

✅ Answer: A) An attack that does not require user interaction to execute
📝 Explanation: Zero-click attacks exploit system vulnerabilities to execute malware without requiring the user to click or download anything.

---

193. How does a “watering hole” attack infect victims?

A) By compromising a website frequently visited by the target group
B) By sending phishing emails with malicious attachments
C) By encrypting system files and demanding ransom
D) By modifying network firewall settings

✅ Answer: A) By compromising a website frequently visited by the target group
📝 Explanation: Watering hole attacks inject malware into trusted websites, infecting specific targets when they visit.

---

194. What is “RAM scraping” in malware attacks?

A) A technique that extracts sensitive data from a computer’s memory
B) A process that encrypts files stored in RAM
C) A method of erasing all files from a computer
D) A type of DoS attack that exhausts system memory

✅ Answer: A) A technique that extracts sensitive data from a computer’s memory
📝 Explanation: RAM scraping malware targets point-of-sale (POS) systems, extracting credit card data before it is encrypted.

---

195. What is a “botnet proxy” used for?

A) To hide the attacker’s identity by routing malicious traffic through infected devices
B) To provide cybersecurity researchers with testing environments
C) To filter network traffic and prevent malware infections
D) To monitor antivirus performance

✅ Answer: A) To hide the attacker’s identity by routing malicious traffic through infected devices
📝 Explanation: Botnet proxies relay attack traffic through compromised machines, making it harder to trace the attack’s origin.

---

196. What does a “polymorphic virus” do to evade detection?

A) It changes its code structure every time it infects a new system
B) It deletes itself after execution
C) It encrypts files on the victim’s computer
D) It spreads only through phishing emails

✅ Answer: A) It changes its code structure every time it infects a new system
📝 Explanation: Polymorphic malware modifies its appearance while maintaining its functionality, bypassing signature-based antivirus detection.

---

197. How does a “man-in-the-browser” (MitB) attack work?

A) By injecting malicious code into web pages viewed in a browser
B) By redirecting users to phishing sites
C) By encrypting files on a victim’s computer
D) By performing brute-force login attempts

✅ Answer: A) By injecting malicious code into web pages viewed in a browser
📝 Explanation: MitB malware manipulates web sessions, altering transactions, stealing credentials, or bypassing authentication mechanisms.

---

198. What is “geo-fencing” in malware attacks?

A) A method used by malware to activate only in specific geographic locations
B) A technique for encrypting network traffic
C) A security measure that prevents malware from spreading
D) A way to bypass two-factor authentication

✅ Answer: A) A method used by malware to activate only in specific geographic locations
📝 Explanation: Geo-fencing allows malware to execute only in targeted locations, avoiding detection in unintended regions.

---

199. What is the primary function of a “keylogger”?

A) To record keystrokes and send them to an attacker
B) To protect against unauthorized logins
C) To scan and remove malware infections
D) To block phishing websites

✅ Answer: A) To record keystrokes and send them to an attacker
📝 Explanation: Keyloggers capture and transmit everything typed by the victim, including passwords and sensitive information.

---

200. What is an “air-gap malware” attack?

A) A malware attack that infects systems that are physically isolated from networks
B) A phishing attack that targets air travel companies
C) A method of encrypting network traffic
D) A cybersecurity technique used to prevent malware infections

✅ Answer: A) A malware attack that infects systems that are physically isolated from networks
📝 Explanation: Air-gap malware spreads via removable media (e.g., USB drives) or covert channels, even on systems without internet access.