1. Which of the following is a method of accessing a computer without the security and

Chapter 1

• Which of the following is a method of accessing a computer without the security and

authentication procedures that are normally required?

• Trojan horse

*b. Backdoor

• Shell
• Wrapper

• Which type of channel is a legal, secure channel for the transfer of data or

information within the network of a company?

*a. overt

• covert
• hidden
• public

• Which type of channel is an illegal, hidden path used to transfer data from a network?

• tapped
• overt
• rogue

*d. covert

• What type of trojan provides attackers with passwords or other confidential data such

as credit card numbers and audit sheets?

• Remote access trojan
• Proxy trojan

*c. Data-sending trojan

• ICMP Backdoor trojan

• Which protocol is an integral part of IP, is a connectionless protocol, and is used to

provide error messages to unicast addresses?

*a. ICMP

• SMTP
• SNMP
• IRC

(Ethical Hacking and Countermeasures, Threats and Defense Mechanisms, 2e EC-Council) (Test Bank, Correct Answer are marked with*) 1 / 3

• Which type of trojan permits the attacker to bypass corporate firewalls, make use of

ports that are authorized by corporate firewalls, and connect with the outside world through a victim's computer?

• Proxy
• ICMP Backdoor

*c. Reverse connecting

• Remote access

• What is a program that is used to bind trojan executables to legitimate files?

• Binders
• Assemblers
• Compilers

*d. Wrappers

• Which tool used by trojan creators is run with the user's IP address after starting a

Netcat listener on the user's machine at port 8080?

• Windows Reverse Shell

*b. RemoteByMail

• Perl-Reverse Shell
• Atelier Web Remote Commander

• Which of the following is NOT a typical step in detecting trojans?

• Scan for suspicious open ports
• Scan for suspicious registry entries

*c. Scan for ICMP type 8 packets

• Scan for suspicious network activities

• Which tool can help detect trojans by displaying ports on which the computer is

listening?

• PrcView

*b. Netstat

• Tripwire
• Sfc
• / 3

Chapter 2

• Which type of malware is a self-replicating program that produces its own code by

attaching copies of itself to other executable codes, and operates without the knowledge or desire of the user.

*a. virus

• worm
• Trojan horse
• rootkit

• What type of malware spreads automatically using the network?

• rootkit
• Trojan horse
• virus

*d. worm

• Which of the following depends on the reaction of naive users rather than software

code that actually causes harm?

• macro virus
• shell virus

*c. virus hoax

• multipartite virus

• Which of the following is an indication of an actual virus attack as opposed to a likely

hardware problem?

• the computer beeps at startup with no screen display

*b. unknown files keep appearing on the system

• the mouse hangs or does not respond
• the monitor starts flickering

• Which type of virus forms a layer around the target host program's code that can be

compared to an eggshell because it makes itself the original program and the host code its subroutine?

• Add-on viruses
• Intrusive viruses
• Boot viruses

*d. Shell viruses

• / 3