1. What is the key difference between a virus and a worm?
a) A virus requires user action to spread, while a worm spreads automatically
b) A worm needs a host file, while a virus does not
c) Viruses only target Windows systems, while worms attack all OS
d) Worms are only used for ethical hacking
β
Answer: a) A virus requires user action to spread, while a worm spreads automatically
π Explanation: Viruses need a host file and require execution by a user, while worms self-replicate and spread without user intervention.
2. What type of malware disguises itself as legitimate software?
a) Virus
b) Worm
c) Trojan Horse
d) Rootkit
β
Answer: c) Trojan Horse
π Explanation: Trojans appear harmless or useful but execute malicious operations when installed, often giving attackers unauthorized access.
3. What is a common delivery method for Trojan horses?
a) USB drives
b) Phishing emails
c) Software downloads
d) All of the above
β
Answer: d) All of the above
π Explanation: Trojans can be delivered via infected USBs, email attachments, or software downloads disguised as legitimate programs.
4. Which of the following malware types primarily focuses on spreading itself across networks?
a) Ransomware
b) Spyware
c) Worm
d) Adware
β
Answer: c) Worm
π Explanation: Worms are designed to spread rapidly across networks without user intervention.
5. How does a polymorphic virus evade detection?
a) It deletes itself after execution
b) It changes its code while keeping the same functionality
c) It hides in system memory
d) It only affects encrypted files
β
Answer: b) It changes its code while keeping the same functionality
π Explanation: Polymorphic viruses mutate their code to avoid signature-based detection by antivirus software.
6. What is the primary goal of a Trojan backdoor?
a) To encrypt files for ransom
b) To provide an attacker remote access to the victimβs system
c) To display unwanted advertisements
d) To delete the systemβs boot sector
β
Answer: b) To provide an attacker remote access to the victimβs system
π Explanation: Backdoor Trojans allow attackers to control a system remotely, often used for espionage or botnet recruitment.
7. Which type of malware is specifically designed to block access to files until a ransom is paid?
a) Adware
b) Spyware
c) Ransomware
d) Keylogger
β
Answer: c) Ransomware
π Explanation: Ransomware encrypts files and demands a ransom to restore access, often causing financial and data loss.
8. What was the primary infection method of the ILOVEYOU worm?
a) Exploiting browser vulnerabilities
b) Spreading via email attachments
c) Using file-sharing networks
d) Hiding in gaming software
β
Answer: b) Spreading via email attachments
π Explanation: The ILOVEYOU worm spread through email with an infected attachment, tricking users into opening it.
9. Which of these malware types can log keystrokes and steal sensitive data?
a) Trojan
b) Keylogger
c) Ransomware
d) Botnet
β
Answer: b) Keylogger
π Explanation: Keyloggers secretly record user keystrokes, capturing passwords, credit card numbers, and other sensitive data.
10. What is a rootkit used for?
a) Displaying unwanted ads
b) Hiding malicious processes from detection
c) Encrypting files
d) Speeding up a computer
β
Answer: b) Hiding malicious processes from detection
π Explanation: Rootkits help attackers conceal malware, making detection difficult for security software.
11. Which malware was responsible for causing physical damage to Iranβs nuclear centrifuges?
a) WannaCry
b) Stuxnet
c) MyDoom
d) Conficker
β
Answer: b) Stuxnet
π Explanation: Stuxnet was a sophisticated worm designed to sabotage Iranβs nuclear facilities by altering industrial control systems.
12. How does a worm typically spread?
a) By embedding itself in boot sectors
b) By self-replicating across networks
c) By infecting only executable files
d) By sending spam emails
β
Answer: b) By self-replicating across networks
π Explanation: Worms exploit network vulnerabilities to spread from one computer to another without user action.
13. What is the primary objective of spyware?
a) Encrypting files
b) Monitoring user activities
c) Destroying system files
d) Disabling antivirus software
β
Answer: b) Monitoring user activities
π Explanation: Spyware secretly gathers information such as browsing habits, keystrokes, and personal data.
14. Which malware spreads by modifying and inserting itself into executable files?
a) Worm
b) Virus
c) Trojan
d) Ransomware
β
Answer: b) Virus
π Explanation: Viruses infect and modify executable files to spread when the file is executed.
15. What is a botnet?
a) A virus that deletes system files
b) A network of infected computers controlled remotely
c) A Trojan designed to steal passwords
d) An antivirus scanning tool
β
Answer: b) A network of infected computers controlled remotely
π Explanation: Botnets are used for launching DDoS attacks, spam campaigns, and cybercrime operations.
16. Which of the following best describes ransomwareβs primary attack vector?
a) Phishing emails
b) Bluetooth attacks
c) Hardware modifications
d) Social media infections
β
Answer: a) Phishing emails
π Explanation: Ransomware is often spread through email attachments or malicious links that trick users into executing it.
17. What is a Trojan dropper?
a) A type of malware that installs additional malware
b) A tool for ethical hacking
c) A vulnerability scanner
d) A self-replicating virus
β
Answer: a) A type of malware that installs additional malware
π Explanation: A Trojan dropper carries and deploys malware payloads, enabling infection with multiple types of malware.
18. What is an example of an advanced persistent threat (APT) using malware?
a) Adware pop-ups
b) Targeted cyber-espionage attacks
c) Temporary system slowdowns
d) Unwanted software installations
β
Answer: b) Targeted cyber-espionage attacks
π Explanation: APTs use malware to maintain long-term access to systems for cyber-espionage or sabotage.
19. What type of malware was used in the WannaCry attack?
a) Trojan
b) Worm
c) Virus
d) Spyware
β
Answer: b) Worm
π Explanation: WannaCry exploited a Windows SMB vulnerability to spread rapidly as a worm and encrypt victim files.
20. What is the best defense against Trojans?
a) Installing multiple antivirus programs
b) Avoiding suspicious downloads and attachments
c) Disabling system firewalls
d) Using outdated operating systems
β
Answer: b) Avoiding suspicious downloads and attachments
π Explanation: Since Trojans rely on user execution, the best defense is avoiding unknown downloads and phishing emails.
21. What makes a logic bomb different from a regular virus?
a) It self-replicates like a worm
b) It remains dormant until triggered by specific conditions
c) It spreads through network vulnerabilities
d) It is always embedded in hardware devices
β
Answer: b) It remains dormant until triggered by specific conditions
π Explanation: A logic bomb is malicious code that stays inactive until triggered by an event, such as a specific date or action.
22. What characteristic defines a multipartite virus?
a) It can infect multiple operating systems
b) It attacks the boot sector and executable files simultaneously
c) It primarily targets Linux servers
d) It remains in system memory only
β
Answer: b) It attacks the boot sector and executable files simultaneously
π Explanation: Multipartite viruses can infect multiple areas of a system, such as the boot sector and program files, making them harder to remove.
23. Which type of Trojan steals sensitive banking credentials?
a) Ransomware
b) Spyware
c) Banking Trojan
d) Keylogger
β
Answer: c) Banking Trojan
π Explanation: Banking Trojans are designed to steal online banking credentials by hijacking web sessions or capturing keystrokes.
24. What malware technique uses packers to evade detection?
a) Encrypting the payload
b) Self-replicating within a network
c) Corrupting system files
d) Sending automated phishing emails
β
Answer: a) Encrypting the payload
π Explanation: Packers compress and encrypt malware code to make it harder for antivirus tools to detect.
25. What is a wormβs most dangerous feature?
a) It spreads without user intervention
b) It requires manual activation
c) It only infects mobile devices
d) It is limited to executing on a single machine
β
Answer: a) It spreads without user intervention
π Explanation: Worms exploit vulnerabilities to spread rapidly across systems without user action.
26. What was unique about the Slammer worm?
a) It targeted Linux systems exclusively
b) It caused a global internet slowdown within minutes
c) It only worked on personal computers
d) It was spread through USB devices
β
Answer: b) It caused a global internet slowdown within minutes
π Explanation: The SQL Slammer worm spread so rapidly that it overloaded networks within minutes, causing major disruptions.
27. What is a Trojan ransomware hybrid?
a) A virus that deletes files permanently
b) A Trojan that spreads like a worm
c) A Trojan that delivers ransomware payloads
d) A worm that executes commands remotely
β
Answer: c) A Trojan that delivers ransomware payloads
π Explanation: Some Trojan ransomware hybrids act as droppers, installing ransomware when executed.
28. What role does an exploit kit play in malware infections?
a) It patches vulnerabilities
b) It automates finding and exploiting system flaws
c) It prevents malicious scripts from executing
d) It scans computers for viruses
β
Answer: b) It automates finding and exploiting system flaws
π Explanation: Exploit kits are tools that hackers use to scan for and exploit vulnerabilities automatically.
29. Which malware attack targets industrial control systems?
a) Trojan Spy
b) Stuxnet
c) Adware
d) Keylogger
β
Answer: b) Stuxnet
π Explanation: Stuxnet was specifically designed to sabotage industrial control systems in nuclear plants.
30. What is a boot sector virus?
a) A virus that corrupts mobile applications
b) A virus that infects the systemβs startup process
c) A virus that hides in Microsoft Office macros
d) A worm that spreads via Bluetooth
β
Answer: b) A virus that infects the systemβs startup process
π Explanation: Boot sector viruses affect the Master Boot Record (MBR) and can prevent system boot-up.
31. Whatβs the primary purpose of a dropper?
a) To steal passwords
b) To deploy additional malware onto the system
c) To display advertisements
d) To encrypt system files
β
Answer: b) To deploy additional malware onto the system
π Explanation: A dropper is a carrier malware that installs other malware onto an infected machine.
32. What does a command-and-control (C2) server do in a botnet?
a) Prevents malware infections
b) Controls and issues commands to infected machines
c) Detects vulnerabilities in firewalls
d) Blocks phishing attempts
β
Answer: b) Controls and issues commands to infected machines
π Explanation: C2 servers manage botnets, allowing hackers to execute commands remotely.
33. What made the Conficker worm infamous?
a) It targeted only Android devices
b) It was spread through Bluetooth
c) It infected millions of systems using an unpatched Windows vulnerability
d) It encrypted user files
β
Answer: c) It infected millions of systems using an unpatched Windows vulnerability
π Explanation: Conficker exploited a Windows vulnerability (MS08-067) and infected millions of systems.
34. Which malware technique modifies system logs to hide traces of an attack?
a) Rootkit
b) Spyware
c) Trojan banker
d) Worm
β
Answer: a) Rootkit
π Explanation: Rootkits modify system logs and processes to conceal malware presence.
35. What is the purpose of a botnetβs DDoS attack?
a) To install ransomware
b) To overwhelm and crash a target system
c) To delete system logs
d) To execute SQL injections
β
Answer: b) To overwhelm and crash a target system
π Explanation: Botnets launch DDoS attacks to flood networks or servers, making them unavailable.
36. How does a worm differ from a Trojan?
a) A worm spreads automatically, while a Trojan requires execution
b) A Trojan spreads via emails, but a worm spreads via USB
c) Worms do not infect files
d) Trojans are always detected by antivirus software
β
Answer: a) A worm spreads automatically, while a Trojan requires execution
π Explanation: Worms self-replicate, while Trojans need user execution.
37. What makes a zero-day malware attack dangerous?
a) It self-destructs after execution
b) It exploits vulnerabilities before patches are available
c) It only targets corporate networks
d) It requires administrator privileges to execute
β
Answer: b) It exploits vulnerabilities before patches are available
π Explanation: Zero-day attacks exploit unknown vulnerabilities, making them extremely difficult to defend against.
38. What is malvertising?
a) Malware hidden inside online advertisements
b) An antivirus tool for removing malware
c) A social engineering attack
d) A tool for detecting Trojans
β
Answer: a) Malware hidden inside online advertisements
π Explanation: Malvertising injects malware-laced ads into legitimate websites to spread infections.
39. Which malware technique involves encrypting only a portion of a file?
a) Macro virus
b) Partial encryption ransomware
c) Keylogger
d) Banking Trojan
β
Answer: b) Partial encryption ransomware
π Explanation: Some ransomware partially encrypts files to evade detection and speed up the encryption process.
40. What is the best practice to prevent Trojan infections?
a) Disable antivirus software
b) Open email attachments from unknown senders
c) Avoid downloading unknown software
d) Disable firewalls
β
Answer: c) Avoid downloading unknown software
π Explanation: Trojans rely on social engineeringβso avoiding untrusted downloads is the best defense.
41. What is the main reason that macro viruses are dangerous?
a) They can delete system files automatically
b) They execute automatically when opening a document
c) They spread through Bluetooth devices
d) They are always undetectable
β
Answer: b) They execute automatically when opening a document
π Explanation: Macro viruses embed themselves in documents (e.g., MS Word, Excel) and execute when the file is opened, leading to potential system compromise.
42. Which of the following is a major risk of using cracked software?
a) It makes the system faster
b) It often contains malware like Trojans
c) It improves antivirus protection
d) It prevents phishing attacks
β
Answer: b) It often contains malware like Trojans
π Explanation: Cracked software is frequently bundled with Trojans, keyloggers, or backdoors, leading to system compromise.
43. What was the primary infection vector of the WannaCry ransomware?
a) USB devices
b) Email phishing
c) Exploiting SMB vulnerabilities
d) Malicious web ads
β
Answer: c) Exploiting SMB vulnerabilities
π Explanation: WannaCry exploited the EternalBlue SMB vulnerability in Windows to spread across networks.
44. What type of malware is also known as a RAT (Remote Access Trojan)?
a) A self-replicating virus
b) A Trojan that provides remote control access
c) A worm that spreads through email
d) A malware designed to disable firewalls
β
Answer: b) A Trojan that provides remote control access
π Explanation: RATs (Remote Access Trojans) allow attackers to remotely control infected systems, steal data, or spy on users.
45. Which technique is commonly used by worms to spread in a network?
a) Sending emails with infected attachments
b) Exploiting unpatched network vulnerabilities
c) Disguising as legitimate software
d) Requiring user execution
β
Answer: b) Exploiting unpatched network vulnerabilities
π Explanation: Worms self-replicate by exploiting security flaws in networked systems.
46. What does a botnet typically rely on for remote control?
a) Local storage files
b) Social media platforms
c) Command-and-control (C2) servers
d) Browser extensions
β
Answer: c) Command-and-control (C2) servers
π Explanation: C2 servers allow attackers to send commands to infected devices in a botnet.
47. How do fileless malware attacks work?
a) They embed themselves in executable files
b) They operate directly in system memory without leaving a file
c) They spread through USB drives
d) They encrypt files for ransom
β
Answer: b) They operate directly in system memory without leaving a file
π Explanation: Fileless malware resides in RAM, making it harder to detect since it leaves no files on disk.
48. What is a common characteristic of a stealth virus?
a) It spreads through the internet only
b) It actively hides itself from antivirus software
c) It encrypts files on the system
d) It can only spread through email attachments
β
Answer: b) It actively hides itself from antivirus software
π Explanation: Stealth viruses modify system files and logs to avoid detection by security tools.
49. Which of these is NOT a characteristic of a worm?
a) Self-replication
b) Spreads without user interaction
c) Needs a host file to spread
d) Exploits vulnerabilities in networks
β
Answer: c) Needs a host file to spread
π Explanation: Unlike viruses, worms do not need host files and can spread independently.
50. What is a scareware attack?
a) Malware that displays fake warnings to trick users into installing fake antivirus software
b) A keylogger that records sensitive data
c) A Trojan that spreads through phishing emails
d) A virus that modifies BIOS settings
β
Answer: a) Malware that displays fake warnings to trick users into installing fake antivirus software
π Explanation: Scareware manipulates users into installing fake security software by showing false virus warnings.
51. How do worms typically slow down networks?
a) By modifying router configurations
b) By overloading bandwidth with excessive self-replication
c) By encrypting files on shared drives
d) By forcing the network into safe mode
β
Answer: b) By overloading bandwidth with excessive self-replication
π Explanation: Worms spread aggressively, consuming network resources, leading to slow performance.
52. What distinguishes a blended threat from a typical malware attack?
a) It combines multiple attack methods (e.g., worm + Trojan)
b) It only affects Linux systems
c) It relies only on phishing for execution
d) It does not exploit vulnerabilities
β
Answer: a) It combines multiple attack methods (e.g., worm + Trojan)
π Explanation: Blended threats use multiple attack vectors to maximize impact.
53. Which malware attack specifically targets mobile devices?
a) Stuxnet
b) Smishing
c) Boot sector virus
d) SQL injection
β
Answer: b) Smishing
π Explanation: Smishing (SMS phishing) uses malicious text messages to deliver malware to mobile users.
54. What is the purpose of a ransomware decryptor?
a) To decrypt files encrypted by ransomware
b) To scan for vulnerabilities in systems
c) To prevent phishing attacks
d) To speed up infected systems
β
Answer: a) To decrypt files encrypted by ransomware
π Explanation: Decryptors are tools that help restore encrypted files after a ransomware attack.
55. What is an example of an advanced persistent malware attack?
a) A virus that deletes itself after execution
b) Malware that stays hidden and exfiltrates data over time
c) A worm that spreads in a single burst
d) A Trojan that only affects gaming software
β
Answer: b) Malware that stays hidden and exfiltrates data over time
π Explanation: Advanced Persistent Threats (APTs) use malware to maintain access and steal data over long periods.
56. Which tool is commonly used by malware authors to obfuscate code?
a) Antivirus software
b) Crypters
c) VPN services
d) Packet sniffers
β
Answer: b) Crypters
π Explanation: Crypters encrypt malware to evade antivirus detection.
57. What happens in a Trojan horse attack?
a) The user is tricked into installing malicious software disguised as something legitimate
b) The malware spreads across networks automatically
c) The system is scanned for security vulnerabilities
d) Files are compressed and encrypted
β
Answer: a) The user is tricked into installing malicious software disguised as something legitimate
π Explanation: Trojan horses appear harmless but execute malicious actions once installed.
58. How do worms propagate?
a) Through phishing emails only
b) By executing payloads inside documents
c) By exploiting system vulnerabilities
d) By requiring administrator privileges
β
Answer: c) By exploiting system vulnerabilities
π Explanation: Worms spread automatically by taking advantage of security vulnerabilities.
59. Which malware specifically blocks access to a system and demands payment?
a) Rootkit
b) Worm
c) Ransomware
d) Spyware
β
Answer: c) Ransomware
π Explanation: Ransomware locks or encrypts files and demands payment for decryption.
60. What is the best defense against worms?
a) Avoid opening email attachments
b) Keep systems updated with patches
c) Disable antivirus software
d) Use only public Wi-Fi networks
β
Answer: b) Keep systems updated with patches
π Explanation: Worms often exploit unpatched vulnerabilities, so regular updates prevent infections.
61. What is the purpose of a Trojan downloader?
a) To download additional malicious payloads onto an infected system
b) To remove existing malware from a system
c) To prevent phishing attacks
d) To encrypt user files for ransom
β
Answer: a) To download additional malicious payloads onto an infected system
π Explanation: Trojan downloaders are used to fetch and install additional malware after initial infection.
62. What differentiates a time bomb from other malware?
a) It self-replicates
b) It activates on a specific date or time
c) It requires user input to execute
d) It modifies system hardware
β
Answer: b) It activates on a specific date or time
π Explanation: Time bombs remain dormant until a predefined trigger (e.g., a specific date) activates them.
63. Which component of a botnet is responsible for issuing commands to infected devices?
a) Command-and-Control (C2) server
b) Keylogger
c) Trojan horse
d) Adware
β
Answer: a) Command-and-Control (C2) server
π Explanation: The C2 server is the central hub used by attackers to control infected systems remotely.
64. What was the primary goal of the Zeus malware?
a) To execute DDoS attacks
b) To steal banking credentials
c) To act as a worm
d) To remove viruses from a system
β
Answer: b) To steal banking credentials
π Explanation: Zeus (Zbot) was a banking Trojan designed to steal financial credentials.
65. What is a fast-flux network in malware attacks?
a) A worm that spreads via Bluetooth
b) A technique to rapidly change the IP addresses of malicious servers
c) A type of ransomware that encrypts files quickly
d) A keylogger that records data in real-time
β
Answer: b) A technique to rapidly change the IP addresses of malicious servers
π Explanation: Fast-flux networks make it difficult to track malware hosts by rapidly rotating IP addresses.
66. What is the primary function of ransomware-as-a-service (RaaS)?
a) To provide ready-to-use ransomware tools to cybercriminals
b) To protect users from ransomware attacks
c) To offer antivirus services to organizations
d) To detect phishing emails
β
Answer: a) To provide ready-to-use ransomware tools to cybercriminals
π Explanation: RaaS allows cybercriminals to rent or purchase ransomware kits and deploy attacks.
67. What is a rootkitβs primary purpose?
a) To log keystrokes
b) To hide the presence of malware from detection
c) To encrypt user files
d) To steal financial credentials
β
Answer: b) To hide the presence of malware from detection
π Explanation: Rootkits modify system components to conceal malicious activities.
68. What is a polymorphic virus?
a) A virus that changes its code to evade detection
b) A self-replicating worm
c) A Trojan that steals login credentials
d) A virus that affects only mobile devices
β
Answer: a) A virus that changes its code to evade detection
π Explanation: Polymorphic viruses modify their code structure while maintaining the same functionality, making them difficult to detect.
69. Which malware spreads using fake updates or security patches?
a) Trojan dropper
b) FakeAV (Fake Antivirus)
c) Worm
d) Keylogger
β
Answer: b) FakeAV (Fake Antivirus)
π Explanation: FakeAV malware mimics legitimate security software to trick users into installing it.
70. What is the main function of a bootkit?
a) To infect and control the boot process of a computer
b) To prevent operating system updates
c) To delete system files
d) To display advertisements
β
Answer: a) To infect and control the boot process of a computer
π Explanation: Bootkits infect the bootloader to gain control over a system before the OS loads.
71. What is a hybrid malware attack?
a) A combination of multiple malware types (e.g., virus + Trojan)
b) A malware attack that only affects hybrid cloud systems
c) A self-replicating macro virus
d) A worm that spreads only through USB
β
Answer: a) A combination of multiple malware types (e.g., virus + Trojan)
π Explanation: Hybrid malware combines different attack techniques for greater effectiveness.
72. What does the term βmalvertisingβ refer to?
a) Malware distributed via online ads
b) A virus that targets advertising companies
c) A security technique to detect phishing attacks
d) A rootkit that modifies DNS settings
β
Answer: a) Malware distributed via online ads
π Explanation: Malvertising injects malicious scripts into legitimate advertisements to infect users.
73. Which malware is known for stealing login credentials from browsers?
a) Ransomware
b) Info-stealer Trojan
c) Boot sector virus
d) Worm
β
Answer: b) Info-stealer Trojan
π Explanation: Info-stealer Trojans extract stored passwords from browsers like Chrome, Firefox, and Edge.
74. What is the primary characteristic of a metamorphic virus?
a) It modifies its entire code structure without changing functionality
b) It spreads automatically without user interaction
c) It only affects Linux systems
d) It hides itself inside media files
β
Answer: a) It modifies its entire code structure without changing functionality
π Explanation: Metamorphic viruses completely rewrite their code while keeping their malicious intent intact.
75. What is a packer used for in malware attacks?
a) To encrypt malware to evade antivirus detection
b) To speed up malware execution
c) To delete system files
d) To replicate a virus on multiple devices
β
Answer: a) To encrypt malware to evade antivirus detection
π Explanation: Packers compress and encrypt malware code, making detection harder.
76. What is an exploit kit?
a) A set of tools that automatically exploit vulnerabilities
b) A toolkit for removing malware
c) A type of ransomware that spreads via phishing
d) A security patch that prevents exploits
β
Answer: a) A set of tools that automatically exploit vulnerabilities
π Explanation: Exploit kits scan for and exploit system vulnerabilities to deploy malware.
77. What was the impact of the Code Red worm?
a) It infected millions of IIS web servers
b) It encrypted files and demanded ransom
c) It only targeted Linux servers
d) It was used in bank fraud operations
β
Answer: a) It infected millions of IIS web servers
π Explanation: The Code Red worm exploited a buffer overflow vulnerability in Microsoft IIS servers.
78. What is a logic bomb?
a) A malware that remains dormant until a specific condition is met
b) A self-replicating worm
c) A Trojan that encrypts user files
d) A phishing attack
β
Answer: a) A malware that remains dormant until a specific condition is met
π Explanation: Logic bombs activate when certain conditions are met, such as a specific date.
79. What is the primary goal of ransomware attacks?
a) To lock or encrypt files and demand payment
b) To collect browsing history for targeted ads
c) To log keystrokes and steal passwords
d) To force users to install fake software
β
Answer: a) To lock or encrypt files and demand payment
π Explanation: Ransomware encrypts user files and demands payment for decryption.
80. What is a key characteristic of spyware?
a) It secretly gathers user data without consent
b) It self-replicates like a worm
c) It encrypts system files
d) It launches DDoS attacks
β
Answer: a) It secretly gathers user data without consent
π Explanation: Spyware collects personal information such as keystrokes, browsing activity, and login credentials.
81. What is the primary purpose of a dropper in malware attacks?
a) To remove malware from infected systems
b) To install additional malware on a target system
c) To block antivirus software
d) To create fake login pages
β
Answer: b) To install additional malware on a target system
π Explanation: Droppers act as initial-stage malware, designed to download and install additional malicious payloads.
82. Which of the following is a primary characteristic of a fileless virus?
a) It spreads through infected email attachments
b) It exists only in system memory and does not leave files on disk
c) It requires a host file to spread
d) It encrypts files for ransom
β
Answer: b) It exists only in system memory and does not leave files on disk
π Explanation: Fileless malware operates entirely in RAM, making it harder to detect with traditional antivirus software.
83. What does a bot herder control?
a) A group of infected computers in a botnet
b) A security system preventing bot attacks
c) A tool that removes malware from a system
d) A type of Trojan that spreads via USB
β
Answer: a) A group of infected computers in a botnet
π Explanation: A bot herder (botmaster) controls compromised devices (zombies) to perform tasks like DDoS attacks or spam campaigns.
84. What made the Melissa virus one of the first major email-based malware threats?
a) It auto-forwarded itself to email contacts
b) It encrypted files and demanded a ransom
c) It targeted only Linux servers
d) It was the first polymorphic virus
β
Answer: a) It auto-forwarded itself to email contacts
π Explanation: The Melissa virus spread rapidly via Microsoft Outlook emails, infecting thousands of users.
85. What is the primary difference between a Trojan and a worm?
a) Worms spread automatically, while Trojans require user execution
b) Trojans self-replicate, while worms do not
c) Worms only affect Windows, while Trojans target all systems
d) Trojans can only be removed manually
β
Answer: a) Worms spread automatically, while Trojans require user execution
π Explanation: Trojans rely on user action for execution, whereas worms spread without user intervention.
86. How do worms primarily spread?
a) By exploiting system vulnerabilities
b) By attaching themselves to executable files
c) By requiring user execution
d) By stealing login credentials
β
Answer: a) By exploiting system vulnerabilities
π Explanation: Worms propagate through network and system vulnerabilities, often without requiring user action.
87. What is the primary objective of keylogger malware?
a) To encrypt system files
b) To steal user credentials by recording keystrokes
c) To create a backdoor for hackers
d) To slow down the operating system
β
Answer: b) To steal user credentials by recording keystrokes
π Explanation: Keyloggers record keystrokes to steal passwords, credit card details, and other sensitive data.
88. What type of attack involves malware modifying system updates?
a) Supply chain attack
b) Denial-of-service attack
c) Clickjacking attack
d) Social engineering attack
β
Answer: a) Supply chain attack
π Explanation: Supply chain attacks inject malicious code into trusted software updates, spreading malware widely.
89. What type of malware pretends to fix security issues but actually installs more malware?
a) Scareware
b) Ransomware
c) Worm
d) Spyware
β
Answer: a) Scareware
π Explanation: Scareware tricks users into installing fake security software, which actually infects their system.
90. What made the MyDoom worm one of the fastest-spreading malware in history?
a) It used email attachments with social engineering tactics
b) It encrypted system files
c) It exploited browser vulnerabilities
d) It targeted only government networks
β
Answer: a) It used email attachments with social engineering tactics
π Explanation: MyDoom spread via email phishing, tricking users into opening infected attachments.
91. How does a logic bomb differ from other malware types?
a) It remains dormant until triggered by a specific condition
b) It spreads without user interaction
c) It requires a network to execute
d) It only affects operating systems
β
Answer: a) It remains dormant until triggered by a specific condition
π Explanation: Logic bombs remain inactive until a pre-defined event (e.g., a specific date or user action) occurs.
92. What is a waterhole attack?
a) Infecting a commonly visited website with malware
b) A phishing attack targeting cloud users
c) A Trojan designed for mobile devices
d) A worm that spreads through USB
β
Answer: a) Infecting a commonly visited website with malware
π Explanation: Waterhole attacks compromise popular websites that target users frequently visit.
93. What type of malware was used in the NotPetya attack?
a) Ransomware
b) Spyware
c) Adware
d) Rootkit
β
Answer: a) Ransomware
π Explanation: NotPetya masqueraded as ransomware but was actually a destructive wiper malware.
94. How does spyware typically infiltrate a system?
a) By embedding itself in software downloads and phishing emails
b) By encrypting files
c) By modifying BIOS settings
d) By injecting malicious browser extensions
β
Answer: a) By embedding itself in software downloads and phishing emails
π Explanation: Spyware infects systems through malicious software, phishing emails, and drive-by downloads.
95. What technique do some ransomware variants use to avoid detection?
a) Encrypting files only partially
b) Executing from external storage
c) Overwriting the master boot record
d) Using fake browser extensions
β
Answer: a) Encrypting files only partially
π Explanation: Some ransomware variants encrypt only portions of files to evade detection and speed up encryption.
96. Which malware is specifically designed to manipulate industrial control systems?
a) Stuxnet
b) Zeus
c) Conficker
d) CryptoLocker
β
Answer: a) Stuxnet
π Explanation: Stuxnet was designed to sabotage Iranβs nuclear centrifuges by manipulating industrial control systems (ICS).
97. What technique allows worms to bypass security measures?
a) Code obfuscation
b) Drive-by download
c) Email phishing
d) System rebooting
β
Answer: a) Code obfuscation
π Explanation: Code obfuscation helps worms disguise their malicious code, making detection harder.
98. How do rootkits maintain persistence?
a) By modifying kernel-level processes
b) By encrypting user files
c) By self-replicating across networks
d) By injecting code into email servers
β
Answer: a) By modifying kernel-level processes
π Explanation: Rootkits embed themselves deep into the OS (kernel level) to persist even after reboots.
99. What type of Trojan is designed to take full control of a system remotely?
a) Remote Access Trojan (RAT)
b) Keylogger
c) Adware
d) Macro virus
β
Answer: a) Remote Access Trojan (RAT)
π Explanation: RATs provide complete remote control to attackers, often used for espionage.
100. What is the best defense against ransomware?
a) Regular backups and software updates
b) Disabling antivirus software
c) Opening all email attachments
d) Using outdated operating systems
β
Answer: a) Regular backups and software updates
π Explanation: Frequent backups and up-to-date security patches are key defenses against ransomware.
101. What technique do attackers use to make malware look like a legitimate program?
a) Code obfuscation
b) DLL injection
c) File hashing
d) Trojanization
β
Answer: d) Trojanization
π Explanation: Trojanization disguises malware as a legitimate program, tricking users into installing it.
102. What does a rootkit do to evade detection?
a) It runs in the foreground of the operating system
b) It modifies or hides system files and processes
c) It self-destructs after execution
d) It sends spam emails
β
Answer: b) It modifies or hides system files and processes
π Explanation: Rootkits operate at a deep system level to hide malicious activities from security tools.
103. What is a wormβs primary method of infection?
a) It requires user interaction to spread
b) It exploits network vulnerabilities to spread automatically
c) It is attached to email attachments
d) It embeds itself in web browsers
β
Answer: b) It exploits network vulnerabilities to spread automatically
π Explanation: Worms self-replicate by taking advantage of network vulnerabilities without requiring user action.
104. Which malware attack method involves embedding code inside legitimate website scripts?
a) Cross-Site Scripting (XSS)
b) Trojan dropper
c) Macro virus
d) Man-in-the-middle attack
β
Answer: a) Cross-Site Scripting (XSS)
π Explanation: XSS attacks embed malicious scripts into trusted websites, which then execute on visitors’ browsers.
105. How do hackers distribute keyloggers most effectively?
a) By using phishing emails and infected downloads
b) By executing denial-of-service attacks
c) By modifying router configurations
d) By embedding them in network packets
β
Answer: a) By using phishing emails and infected downloads
π Explanation: Keyloggers are often distributed through phishing, software cracks, or malicious downloads.
106. Which of the following is an example of a time bomb virus?
a) Malware that activates on a specific date
b) A virus that deletes files instantly
c) A Trojan that executes when a file is opened
d) A worm that spreads via email
β
Answer: a) Malware that activates on a specific date
π Explanation: Time bomb viruses remain inactive until a predefined condition (e.g., a date) is met.
107. What does ransomware typically do after encrypting files?
a) Deletes the files permanently
b) Demands payment in exchange for decryption
c) Spreads via Bluetooth
d) Changes all file extensions to “.exe”
β
Answer: b) Demands payment in exchange for decryption
π Explanation: Ransomware locks user files and demands payment to restore access.
108. What is the primary purpose of a Trojan banker?
a) To steal banking credentials
b) To execute denial-of-service attacks
c) To modify the operating systemβs boot process
d) To spread itself across networks
β
Answer: a) To steal banking credentials
π Explanation: Banking Trojans are designed to steal online banking credentials by injecting malicious code into banking sessions.
109. What type of malware redirects users to fraudulent websites?
a) Trojan banker
b) Adware
c) Pharming malware
d) Polymorphic virus
β
Answer: c) Pharming malware
π Explanation: Pharming alters DNS settings to redirect users to fake websites designed to steal information.
110. What differentiates ransomware from other types of malware?
a) It spreads only through social media platforms
b) It steals passwords without encrypting files
c) It holds user data hostage for ransom
d) It creates backdoors for remote access
β
Answer: c) It holds user data hostage for ransom
π Explanation: Ransomware encrypts files and demands payment for their decryption.
111. What is the main goal of a botnet?
a) To execute attacks using multiple compromised devices
b) To remove viruses from an infected system
c) To improve system security
d) To prevent data breaches
β
Answer: a) To execute attacks using multiple compromised devices
π Explanation: Botnets consist of infected devices controlled remotely, often used for DDoS attacks, spam, and data theft.
112. What is a primary defense against worms?
a) Keeping software updated
b) Disabling antivirus protection
c) Avoiding online banking
d) Restarting the system daily
β
Answer: a) Keeping software updated
π Explanation: Worms often exploit outdated software vulnerabilities, so regular updates are crucial for protection.
113. Which malware attack is known for recording audio and video from an infected device?
a) Rootkit
b) RAT (Remote Access Trojan)
c) Adware
d) Boot sector virus
β
Answer: b) RAT (Remote Access Trojan)
π Explanation: RATs allow attackers to remotely control a system, including activating the camera and microphone.
114. What is the primary function of a wormβs payload?
a) To encrypt system files
b) To execute malicious actions once the worm has spread
c) To assist antivirus software in detection
d) To remove backdoor access
β
Answer: b) To execute malicious actions once the worm has spread
π Explanation: A wormβs payload can perform data theft, system destruction, or install backdoors.
115. What does a botnetβs C2 (Command and Control) infrastructure do?
a) It manages and issues commands to infected devices
b) It helps remove malware infections
c) It blocks phishing attempts
d) It provides free cloud storage
β
Answer: a) It manages and issues commands to infected devices
π Explanation: C2 infrastructure allows hackers to control infected systems remotely.
116. What is an example of a malware attack via removable media?
a) Stuxnet spreading via infected USB drives
b) Botnets using phishing campaigns
c) Adware running on a web browser
d) Spyware exploiting online banking apps
β
Answer: a) Stuxnet spreading via infected USB drives
π Explanation: Stuxnet was a highly sophisticated worm that spread through USB flash drives.
117. What is the function of a botnet in a DDoS attack?
a) To encrypt all system files
b) To send massive amounts of traffic to a target server
c) To steal credentials from browsers
d) To disable a systemβs firewall
β
Answer: b) To send massive amounts of traffic to a target server
π Explanation: Botnets launch DDoS attacks by flooding a target server with excessive requests.
118. What malware targets mobile banking apps to steal credentials?
a) Banking Trojan
b) Keylogger
c) Ransomware
d) Logic bomb
β
Answer: a) Banking Trojan
π Explanation: Banking Trojans inject malicious scripts into mobile banking apps to steal login credentials.
119. What is the best way to prevent ransomware infections?
a) Avoid opening suspicious email attachments and keep backups
b) Use outdated antivirus software
c) Click on every email link to verify its legitimacy
d) Store passwords in plaintext
β
Answer: a) Avoid opening suspicious email attachments and keep backups
π Explanation: Preventing ransomware requires caution with email attachments, regular system backups, and software updates.
120. What was the primary impact of the Blaster worm?
a) It caused widespread system crashes by exploiting Windows vulnerabilities
b) It encrypted files and demanded a ransom
c) It only targeted Linux-based servers
d) It spread via SMS messages
β
Answer: a) It caused widespread system crashes by exploiting Windows vulnerabilities
π Explanation: The Blaster worm targeted Windows systems, forcing automatic reboots and causing network disruptions.
121. What is a primary method used by worms to evade detection?
a) Code obfuscation
b) Sending phishing emails
c) Encrypting all system files
d) Blocking firewall access
β
Answer: a) Code obfuscation
π Explanation: Code obfuscation allows worms to alter their structure and avoid detection by antivirus and security tools.
122. What distinguishes a metamorphic virus from a polymorphic virus?
a) Metamorphic viruses rewrite their entire code, while polymorphic viruses only change portions of their code
b) Polymorphic viruses delete themselves after execution
c) Metamorphic viruses cannot spread across networks
d) Polymorphic viruses only infect boot sectors
β
Answer: a) Metamorphic viruses rewrite their entire code, while polymorphic viruses only change portions of their code
π Explanation: Metamorphic viruses completely restructure their code, while polymorphic viruses make minor code modifications to evade detection.
123. What is an example of a worm that spread through instant messaging platforms?
a) Koobface
b) Stuxnet
c) Zeus
d) CryptoLocker
β
Answer: a) Koobface
π Explanation: Koobface spread through social media and instant messaging, tricking users into clicking malicious links.
124. What is the primary purpose of an exploit kit in malware attacks?
a) To scan for vulnerabilities and automate attacks
b) To remove malware infections
c) To create backup copies of files
d) To encrypt files before deletion
β
Answer: a) To scan for vulnerabilities and automate attacks
π Explanation: Exploit kits scan for unpatched vulnerabilities in web browsers, operating systems, and plugins to deploy malware.
125. What is the primary goal of spyware?
a) To encrypt files
b) To secretly collect information from the infected system
c) To modify operating system boot processes
d) To execute denial-of-service (DDoS) attacks
β
Answer: b) To secretly collect information from the infected system
π Explanation: Spyware gathers user data such as keystrokes, browsing activity, and login credentials without consent.
126. What does a worm do when it successfully infects a new system?
a) It creates copies of itself and spreads further
b) It asks for user permission to execute
c) It immediately encrypts all files
d) It waits for a scheduled time to execute
β
Answer: a) It creates copies of itself and spreads further
π Explanation: Worms self-replicate and continue spreading to other vulnerable systems.
127. What is clickjacking?
a) A technique that tricks users into clicking on malicious elements hidden under legitimate buttons
b) A ransomware attack that steals passwords
c) A rootkit infection that affects mobile devices
d) A phishing attack targeting credit card details
β
Answer: a) A technique that tricks users into clicking on malicious elements hidden under legitimate buttons
π Explanation: Clickjacking manipulates web page layers to trick users into clicking something unintended, often granting attackers unauthorized actions.
128. What malware technique modifies DNS settings to redirect users to malicious sites?
a) Pharming
b) Phishing
c) Ransomware
d) Trojan downloader
β
Answer: a) Pharming
π Explanation: Pharming alters DNS settings to redirect traffic to fraudulent websites without user interaction.
129. What is a blended threat in malware?
a) A combination of multiple attack techniques (e.g., worm + Trojan + exploit)
b) A virus that targets both Mac and Windows devices
c) A malware attack that only affects cloud services
d) A virus that can disable firewalls
β
Answer: a) A combination of multiple attack techniques (e.g., worm + Trojan + exploit)
π Explanation: Blended threats combine different types of malware (worms, Trojans, exploits, etc.) for maximum impact.
130. What malware was responsible for infecting Iranβs nuclear facilities?
a) Stuxnet
b) MyDoom
c) Zeus
d) Slammer
β
Answer: a) Stuxnet
π Explanation: Stuxnet was designed to sabotage industrial control systems, particularly those in Iranβs nuclear facilities.
131. What attack method does SpyEye malware use?
a) Banking credential theft
b) Ransomware encryption
c) Browser hijacking
d) IoT botnet infections
β
Answer: a) Banking credential theft
π Explanation: SpyEye is a banking Trojan that steals login credentials, financial data, and credit card details.
132. How does a Trojan proxy function?
a) It turns an infected system into a proxy server for cybercriminals
b) It encrypts all files on the system
c) It spreads automatically like a worm
d) It deletes system logs
β
Answer: a) It turns an infected system into a proxy server for cybercriminals
π Explanation: Trojan proxies transform infected computers into proxy servers for hiding malicious activity.
133. What makes a polymorphic worm dangerous?
a) It can change its signature while spreading
b) It self-destructs after execution
c) It only infects removable media
d) It does not require network access
β
Answer: a) It can change its signature while spreading
π Explanation: Polymorphic worms alter their code and signature to evade antivirus detection.
134. How do ransomware operators demand payments from victims?
a) Through cryptocurrency transactions
b) By requesting direct credit card payments
c) By sending payment links via email
d) By using legal banking channels
β
Answer: a) Through cryptocurrency transactions
π Explanation: Most ransomware demands payments in Bitcoin or other cryptocurrencies to remain anonymous.
135. What does a Trojan click fraud malware do?
a) It generates fake ad clicks to earn money
b) It encrypts files for ransom
c) It injects malicious scripts into browsers
d) It modifies DNS settings
β
Answer: a) It generates fake ad clicks to earn money
π Explanation: Trojan click fraud malware automatically clicks on online ads, generating revenue for cybercriminals.
136. How does a Trojan SMS malware work?
a) It sends unauthorized text messages to premium-rate numbers
b) It modifies mobile banking applications
c) It disables the deviceβs microphone
d) It infects only desktop computers
β
Answer: a) It sends unauthorized text messages to premium-rate numbers
π Explanation: Trojan SMS malware sends costly messages to premium-rate services, charging victims without their knowledge.
137. What technique do attackers use in drive-by download attacks?
a) Infecting a website with malware that downloads automatically when visited
b) Sending phishing emails with malicious links
c) Embedding malware inside software cracks
d) Manipulating DNS records to redirect users
β
Answer: a) Infecting a website with malware that downloads automatically when visited
π Explanation: Drive-by downloads occur when users visit compromised websites, which silently install malware without consent.
138. What is the purpose of ransomware-as-a-service (RaaS)?
a) To provide cybercriminals with ready-to-use ransomware kits
b) To remove ransomware infections
c) To detect phishing websites
d) To track cybercriminals
β
Answer: a) To provide cybercriminals with ready-to-use ransomware kits
π Explanation: RaaS allows criminals to purchase or rent pre-built ransomware tools, making cybercrime more accessible.
139. What is an example of worm propagation via email?
a) Love Bug (ILOVEYOU)
b) Zeus
c) Petya
d) Mirai
β
Answer: a) Love Bug (ILOVEYOU)
π Explanation: ILOVEYOU spread via email attachments, infecting millions of users globally.
140. What is a Trojan FakeAV?
a) A Trojan that pretends to be an antivirus program but installs malware
b) A virus that disables all security tools
c) A worm that spreads through browser extensions
d) A Trojan that forces users to uninstall real security software
β
Answer: a) A Trojan that pretends to be an antivirus program but installs malware
π Explanation: FakeAV Trojans trick users into installing malware by pretending to be legitimate antivirus software.
141. Which type of malware records everything a user types on their keyboard?
a) Rootkit
b) Keylogger
c) Adware
d) Worm
β
Answer: b) Keylogger
π Explanation: Keyloggers record keystrokes to steal sensitive information like passwords, banking credentials, and personal data.
142. What is the primary function of a Trojan dropper?
a) To install additional malware on an infected system
b) To spread like a worm
c) To act as an exploit scanner
d) To perform ransomware attacks
β
Answer: a) To install additional malware on an infected system
π Explanation: Trojan droppers are used to deliver and install other malware payloads without the user’s knowledge.
143. How does a macro virus spread?
a) Through browser extensions
b) Through infected documents containing malicious macros
c) By exploiting network vulnerabilities
d) By executing from external storage
β
Answer: b) Through infected documents containing malicious macros
π Explanation: Macro viruses embed themselves in Microsoft Office documents (Word, Excel, etc.) and execute when macros are enabled.
144. What is a botnetβs primary purpose?
a) To provide free cloud services
b) To enable remote access to a network
c) To coordinate large-scale cyberattacks using infected machines
d) To scan for vulnerabilities in a system
β
Answer: c) To coordinate large-scale cyberattacks using infected machines
π Explanation: Botnets are networks of compromised devices used to perform DDoS attacks, spam campaigns, and cryptocurrency mining.
145. Which worm was responsible for one of the fastest internet infections in history?
a) SQL Slammer
b) Zeus
c) Stuxnet
d) CryptoLocker
β
Answer: a) SQL Slammer
π Explanation: SQL Slammer infected hundreds of thousands of machines within minutes, causing major internet slowdowns.
146. What is the primary characteristic of a stealth virus?
a) It remains inactive until triggered
b) It hides changes to infected files and system processes
c) It encrypts files for ransom
d) It spreads through removable media
β
Answer: b) It hides changes to infected files and system processes
π Explanation: Stealth viruses modify system files, logs, and antivirus detection mechanisms to remain undetected.
147. What does a Trojan keylogger do?
a) It encrypts files and demands a ransom
b) It records user keystrokes and sends them to an attacker
c) It replicates itself across networks
d) It deletes system files automatically
β
Answer: b) It records user keystrokes and sends them to an attacker
π Explanation: Trojan keyloggers secretly record everything typed by a user, capturing passwords, PINs, and other credentials.
148. What is a Trojan FakeAV?
a) A Trojan that pretends to be antivirus software but is actually malware
b) A virus that corrupts antivirus programs
c) A worm that only infects mobile devices
d) A ransomware variant that spreads through email
β
Answer: a) A Trojan that pretends to be antivirus software but is actually malware
π Explanation: FakeAV Trojans trick users into installing fake antivirus software, which then installs malware instead of removing threats.
149. What is the primary attack vector for ransomware?
a) Phishing emails
b) Bluetooth vulnerabilities
c) Physical access to devices
d) Hardware failures
β
Answer: a) Phishing emails
π Explanation: Ransomware is often delivered via phishing emails with malicious attachments or links.
150. Which type of malware spreads by modifying existing executable files?
a) Trojan
b) Worm
c) Virus
d) Ransomware
β
Answer: c) Virus
π Explanation: Viruses attach themselves to executable files, spreading when the infected file is executed.
151. What was the primary goal of the ILOVEYOU worm?
a) To steal banking credentials
b) To spread through email attachments and overwrite files
c) To execute ransomware encryption
d) To create a backdoor in government networks
β
Answer: b) To spread through email attachments and overwrite files
π Explanation: The ILOVEYOU worm spread via email attachments, overwriting files and causing significant damage.
152. What malware technique modifies system memory instead of files?
a) Fileless malware
b) Rootkit
c) Macro virus
d) Trojan proxy
β
Answer: a) Fileless malware
π Explanation: Fileless malware operates entirely in RAM, leaving no traditional file traces for antivirus programs to detect.
153. What is the primary function of a Trojan backdoor?
a) To provide unauthorized remote access to an attacker
b) To scan for system vulnerabilities
c) To execute distributed denial-of-service (DDoS) attacks
d) To generate spam emails
β
Answer: a) To provide unauthorized remote access to an attacker
π Explanation: Backdoor Trojans create a hidden entry point in a system, allowing attackers to remotely control the infected device.
154. What is the key difference between a logic bomb and a time bomb virus?
a) Logic bombs trigger based on an action, while time bombs activate at a set time
b) Time bombs spread across networks
c) Logic bombs self-replicate like worms
d) Time bombs require user input to execute
β
Answer: a) Logic bombs trigger based on an action, while time bombs activate at a set time
π Explanation: Logic bombs execute when a specific condition is met, while time bombs activate at a predetermined date or time.
155. What is a Trojan spy?
a) A Trojan that records user activity and sends it to an attacker
b) A worm that spreads through USB devices
c) A virus that only affects mobile operating systems
d) A self-replicating macro virus
β
Answer: a) A Trojan that records user activity and sends it to an attacker
π Explanation: Trojan spy malware collects keystrokes, screenshots, and browser history to spy on users.
156. How do hackers typically distribute worms?
a) By exploiting network vulnerabilities
b) By sending manual download links
c) By infecting hardware components
d) By modifying antivirus programs
β
Answer: a) By exploiting network vulnerabilities
π Explanation: Worms spread by exploiting unpatched security vulnerabilities in networks and operating systems.
157. What is the primary danger of a Trojan downloader?
a) It installs additional malware on the infected system
b) It deletes system files permanently
c) It spreads by modifying boot sectors
d) It encrypts files and demands a ransom
β
Answer: a) It installs additional malware on the infected system
π Explanation: Trojan downloaders fetch and install more malware, often leading to multi-stage infections.
158. What does Spyware primarily target?
a) User data and online activity
b) System hardware components
c) Only government institutions
d) Antivirus programs
β
Answer: a) User data and online activity
π Explanation: Spyware secretly collects user browsing habits, login credentials, and sensitive information.
159. What malware infects network devices and forms botnets?
a) Mirai
b) WannaCry
c) Zeus
d) ILOVEYOU
β
Answer: a) Mirai
π Explanation: Mirai botnet malware infects IoT devices, using them for DDoS attacks.
160. What is the best way to prevent Trojan infections?
a) Avoid downloading unverified software
b) Disable firewall protection
c) Use outdated operating systems
d) Click on pop-up ads to verify security threats
β
Answer: a) Avoid downloading unverified software
π Explanation: Trojans are often disguised as legitimate software, making it crucial to avoid untrusted downloads.
161. What is the main difference between a worm and a virus?
a) A worm spreads without user interaction, while a virus requires execution
b) A virus only affects Windows, while a worm infects all systems
c) Worms cannot spread across networks
d) Viruses do not modify system files
β
Answer: a) A worm spreads without user interaction, while a virus requires execution
π Explanation: Worms self-replicate and spread automatically, whereas viruses need a host file and user execution to propagate.
162. Which type of malware is often used in corporate espionage?
a) Keylogger
b) Spyware
c) Worm
d) Adware
β
Answer: b) Spyware
π Explanation: Spyware is commonly used in corporate espionage to steal sensitive data such as business strategies and financial records.
163. What is the primary purpose of a Trojan rootkit?
a) To hide the presence of other malware
b) To spread automatically through email
c) To encrypt files for ransom
d) To disable all system applications
β
Answer: a) To hide the presence of other malware
π Explanation: Rootkits modify system processes to hide malicious activities, making it difficult for antivirus tools to detect malware.
164. How does a Trojan RAT (Remote Access Trojan) function?
a) It allows attackers to remotely control an infected device
b) It encrypts user files and demands a ransom
c) It spreads automatically through networks
d) It injects advertisements into web browsers
β
Answer: a) It allows attackers to remotely control an infected device
π Explanation: RATs give attackers full remote control over an infected machine, allowing them to steal data, install additional malware, or spy on users.
165. What is a Trojan SMS attack?
a) Malware that sends unauthorized text messages to premium-rate numbers
b) A virus that spreads via SMS
c) A worm that affects mobile devices
d) A ransomware attack disguised as an SMS
β
Answer: a) Malware that sends unauthorized text messages to premium-rate numbers
π Explanation: Trojan SMS malware exploits mobile devices by sending expensive SMS messages to premium-rate numbers.
166. How do fileless malware attacks evade detection?
a) They execute directly in system memory without leaving a file
b) They encrypt files and delete themselves
c) They disguise themselves as system updates
d) They self-replicate like worms
β
Answer: a) They execute directly in system memory without leaving a file
π Explanation: Fileless malware does not write files to disk, making it difficult for traditional antivirus programs to detect.
167. What is an example of a banking Trojan?
a) Zeus
b) Stuxnet
c) WannaCry
d) Melissa
β
Answer: a) Zeus
π Explanation: Zeus (Zbot) is a well-known banking Trojan that steals online banking credentials.
168. What malware attack modifies a website’s legitimate scripts to inject malicious content?
a) Cross-Site Scripting (XSS)
b) SQL Injection
c) Trojan Dropper
d) Ransomware
β
Answer: a) Cross-Site Scripting (XSS)
π Explanation: XSS injects malicious scripts into trusted websites, allowing attackers to steal session cookies or redirect users to fake login pages.
169. What makes polymorphic malware difficult to detect?
a) It constantly changes its code structure
b) It hides inside system logs
c) It spreads only through email attachments
d) It disables antivirus programs
β
Answer: a) It constantly changes its code structure
π Explanation: Polymorphic malware alters its code and signature with each infection, making it harder for signature-based detection systems to identify.
170. Which malware was used in one of the biggest DDoS attacks targeting IoT devices?
a) Mirai
b) Conficker
c) Slammer
d) Zeus
β
Answer: a) Mirai
π Explanation: Mirai infected IoT devices and used them to launch DDoS attacks against large internet services.
171. What is a Trojan bankerβs primary target?
a) Online banking credentials
b) Network firewalls
c) Encryption keys
d) Antivirus software
β
Answer: a) Online banking credentials
π Explanation: Banking Trojans target bank login credentials by injecting malicious code into banking session pages.
172. What type of malware redirects users to malicious websites even if they type the correct URL?
a) Pharming malware
b) Adware
c) Worm
d) Ransomware
β
Answer: a) Pharming malware
π Explanation: Pharming malware modifies DNS settings to redirect victims to fake sites designed to steal login credentials.
173. What is the primary goal of adware?
a) To display unwanted advertisements and track user behavior
b) To encrypt files for ransom
c) To install rootkits on a system
d) To disable network firewalls
β
Answer: a) To display unwanted advertisements and track user behavior
π Explanation: Adware bombards users with unwanted ads and collects browsing data for advertising purposes.
174. Which worm was one of the first to target Microsoft IIS web servers?
a) Code Red
b) Slammer
c) Stuxnet
d) MyDoom
β
Answer: a) Code Red
π Explanation: Code Red targeted Microsoft IIS servers, causing large-scale disruptions.
175. How does a Trojan FakeAV trick users?
a) By pretending to be antivirus software but actually installing malware
b) By replicating itself across a network
c) By modifying hardware settings
d) By blocking security updates
β
Answer: a) By pretending to be antivirus software but actually installing malware
π Explanation: FakeAV Trojans pretend to detect threats, then urge users to install fake security software, which is actually malware.
176. What is a Trojan Clicker used for?
a) Generating fraudulent ad revenue by clicking on ads automatically
b) Spreading worms across networks
c) Encrypting files for ransom
d) Deleting antivirus databases
β
Answer: a) Generating fraudulent ad revenue by clicking on ads automatically
π Explanation: Trojan Clickers perform automatic ad clicks, generating revenue for cybercriminals.
177. What malware was responsible for the Petya ransomware outbreak?
a) NotPetya
b) Slammer
c) Conficker
d) Mirai
β
Answer: a) NotPetya
π Explanation: NotPetya disguised itself as ransomware but was actually a wiper malware designed to destroy data.
178. What was the primary infection method of the Melissa virus?
a) Email attachments containing Word macros
b) Exploiting web browser vulnerabilities
c) Infecting USB devices
d) Modifying DNS settings
β
Answer: a) Email attachments containing Word macros
π Explanation: Melissa was a macro virus spread via email attachments in Microsoft Word.
179. How does a logic bomb work?
a) It remains dormant until a specific trigger condition is met
b) It spreads automatically through networks
c) It encrypts system files
d) It steals login credentials
β
Answer: a) It remains dormant until a specific trigger condition is met
π Explanation: Logic bombs wait for a predefined condition (e.g., a date or event) to activate their malicious payload.
180. What malware attack steals credit card details by injecting malicious code into checkout pages?
a) Magecart
b) CryptoLocker
c) Zeus
d) Stuxnet
β
Answer: a) Magecart
π Explanation: Magecart attacks inject malicious JavaScript into online checkout pages to steal credit card details.
181. What is a key feature of a multipartite virus?
a) It targets multiple entry points like the boot sector and executable files
b) It spreads only through USB devices
c) It encrypts files without a ransom demand
d) It modifies DNS settings
β
Answer: a) It targets multiple entry points like the boot sector and executable files
π Explanation: Multipartite viruses infect multiple areas of a system, making them harder to remove.
182. What distinguishes a ransomware wiper from traditional ransomware?
a) It encrypts files but does not provide decryption even after payment
b) It spreads via removable storage devices
c) It allows partial decryption after negotiation
d) It is only found on Linux systems
β
Answer: a) It encrypts files but does not provide decryption even after payment
π Explanation: Ransomware wipers are designed to destroy data, not just encrypt it, making recovery impossible.
183. How does a Trojan banker typically steal credentials?
a) By injecting fake login forms into banking websites
b) By brute-forcing passwords
c) By encrypting bank accounts
d) By disabling firewalls
β
Answer: a) By injecting fake login forms into banking websites
π Explanation: Trojan bankers use form-grabbing techniques to steal login credentials during banking transactions.
184. What technique do worms often use to propagate?
a) Exploiting unpatched system vulnerabilities
b) Requiring user execution
c) Attaching themselves to email attachments
d) Modifying antivirus definitions
β
Answer: a) Exploiting unpatched system vulnerabilities
π Explanation: Worms exploit vulnerabilities to spread across networks and systems automatically.
185. What malware type is designed to disable security defenses?
a) Kill switch malware
b) Trojan blocker
c) Ransomware
d) Worm
β
Answer: a) Kill switch malware
π Explanation: Kill switch malware is designed to disable security programs like antivirus, firewalls, and system protections.
186. What is the purpose of Trojan cryptojackers?
a) To mine cryptocurrency using infected devices
b) To encrypt system files and demand payment
c) To steal financial credentials
d) To modify BIOS settings
β
Answer: a) To mine cryptocurrency using infected devices
π Explanation: Cryptojacking Trojans hijack system resources to mine cryptocurrency without the user’s consent.
187. How does fast-flux botnet architecture enhance malware survivability?
a) By rapidly changing the IP addresses of command-and-control (C2) servers
b) By encrypting all outgoing network traffic
c) By spreading through social media links
d) By hiding in cloud storage services
β
Answer: a) By rapidly changing the IP addresses of command-and-control (C2) servers
π Explanation: Fast-flux botnets rotate IP addresses frequently, making it difficult for authorities to track and take them down.
188. What is a primary purpose of an advanced persistent threat (APT)?
a) To maintain long-term access to a target system for espionage
b) To launch large-scale DDoS attacks
c) To delete files on infected systems
d) To spread advertisements
β
Answer: a) To maintain long-term access to a target system for espionage
π Explanation: APTs focus on long-term cyber espionage, allowing attackers to steal confidential data over time.
189. What malware was responsible for the WannaCry ransomware outbreak?
a) A worm exploiting SMB vulnerabilities
b) A Trojan delivered via social engineering
c) A banking Trojan
d) A spyware variant
β
Answer: a) A worm exploiting SMB vulnerabilities
π Explanation: WannaCry spread using the EternalBlue SMB exploit, making it behave like a worm.
190. What does Trojan DNSChanger malware do?
a) It modifies DNS settings to redirect users to malicious websites
b) It encrypts DNS configuration files
c) It infects only Linux-based servers
d) It replaces IP addresses with encrypted URLs
β
Answer: a) It modifies DNS settings to redirect users to malicious websites
π Explanation: DNSChanger Trojans alter network settings to redirect users to attacker-controlled websites.
191. What is a zombie computer in a botnet?
a) A compromised device controlled by a remote attacker
b) A system that spreads ransomware automatically
c) A machine that performs self-destruct operations
d) A server that hosts malware payloads
β
Answer: a) A compromised device controlled by a remote attacker
π Explanation: Zombie computers in a botnet execute commands issued by a command-and-control (C2) server.
192. What is the primary goal of Trojan downloaders?
a) To install additional malware on an infected system
b) To send spam emails
c) To spread through removable media
d) To delete antivirus software
β
Answer: a) To install additional malware on an infected system
π Explanation: Trojan downloaders download and install more malware, allowing multi-stage infections.
193. How does a drive-by download attack work?
a) It installs malware when a user visits a compromised website
b) It spreads through social engineering
c) It requires a malicious email attachment
d) It self-destructs after execution
β
Answer: a) It installs malware when a user visits a compromised website
π Explanation: Drive-by downloads install malware silently when a user visits an infected website.
194. What is the function of a bot herder?
a) To control and manage infected devices in a botnet
b) To remove malware from compromised systems
c) To encrypt sensitive user data
d) To perform hardware modifications
β
Answer: a) To control and manage infected devices in a botnet
π Explanation: Bot herders command and control large botnets to launch attacks.
195. What was unique about the NotPetya malware attack?
a) It disguised itself as ransomware but was actually a wiper
b) It targeted only Linux-based systems
c) It required manual execution
d) It only affected IoT devices
β
Answer: a) It disguised itself as ransomware but was actually a wiper
π Explanation: NotPetya was disguised as ransomware but was actually designed to wipe data, not decrypt it.
196. What type of malware was responsible for the Shamoon attack?
a) A destructive wiper malware
b) A banking Trojan
c) A polymorphic worm
d) A keylogger
β
Answer: a) A destructive wiper malware
π Explanation: Shamoon was destructive malware that erased data from infected systems.
197. What is a Trojan DDoS attack?
a) A Trojan that turns infected machines into bots for DDoS attacks
b) A virus that encrypts network connections
c) A ransomware strain that demands money from companies
d) A keylogger that logs user activity
β
Answer: a) A Trojan that turns infected machines into bots for DDoS attacks
π Explanation: Trojan DDoS malware hijacks infected computers to participate in DDoS attacks.
198. What is the purpose of Trojan Ransom malware?
a) To lock user files and demand payment
b) To disable security software
c) To inject advertisements into browsers
d) To spread through Bluetooth
β
Answer: a) To lock user files and demand payment
π Explanation: Trojan Ransom malware encrypts files and demands ransom payments.
199. What is a Trojan Mailfinder?
a) A Trojan that collects email addresses from infected machines
b) A worm that spreads through email attachments
c) A phishing attack targeting email providers
d) A malware variant that modifies email encryption settings
β
Answer: a) A Trojan that collects email addresses from infected machines
π Explanation: Trojan Mailfinder steals email addresses from infected systems for spamming and phishing campaigns.
200. What is the best prevention against worms?
a) Keeping systems updated with security patches
b) Installing multiple antivirus programs
c) Avoiding encrypted messages
d) Disconnecting from the internet permanently
β
Answer: a) Keeping systems updated with security patches
π Explanation: Worms exploit unpatched vulnerabilities, so regular system updates help prevent infections.