A.R.M. 400 COMPREHENSIVE EXAM 2026
QUESTIONS WITH SOLUTIONS GRADED A+
◉ Malware Components. Answer: Concealer - Features to hide the
malware and/or its activity. (May open hidden connections to the
internet to secretly download the payload).
• Replicator - Manual or automated features that allow malware to
spread (could be triggered when open by user and spread to the user's
network).
• Payload - Malware feature that causes the damage or other malicious
function.
◉ Important Terminology. Answer: Presence: Malware is on the system,
but payload has not been triggered.
Infection: Malware is present and active/payload triggered.
Damage: Performing malicious actions: Deliberate, accidental or
incidental.
,Stealth: The methods through which malware conceals itself.
Polymorphism: Malware's ability to create different copies to evade
signature detection.
◉ Common Classifications. Answer: - File Infectors
- Boot Sector Viruses (Old school - commonly found by anti-virus)
- Interpreted viruses (Macro and Scripts)
◉ File infectors. Answer: Overwriting: Replaces the original file
completely
Parasitic: Modifies the original file to include either the malicious code
itself to a call to a separate, malicious file.
- Prepending
- Appending
- Inserting
◉ Path Companion Viruses. Answer: Exploit the order in which
executable files are called:
- Same filename, priority path (current over system directory).
- Same path, priority filename extension (.com over .exe).
,◉ Sysmptoms of an infected computer. Answer: • System is unstable
and responds slowly - malware may be consuming resources in the
background.
• New and unknown executables found on system
• Altered system settings (without your consent)
• Unusual network traffic
• Random pop ups
Overall system showcases unexpected / unpredictable behaviour
◉ Classification. Answer: Can be classified as malware if it does one of
the following;
• Modifies another program
• Replicates itself without user consent
• Allows an unauthorized person to take control of the system
• Transmits confidential data to a remote system without consent
• Sends data to a system to disrupt normal functioning
• Opens a port for listening in on a local machine to accept commands
from a control server
• Records keystrokes and send the info to a remote server
• Downloads and executes files from suspicious remote servers
• Copies itself into multiple locations
• Injects code into another program
• Makes unauthorized changes to the system
, • Modifies a protected system setting
• Modifies a registry setting used for launching programs on start up
◉ Virus. Answer: Virus (The parasitic infector)
- Self-replicating in nature
- Does not have a separate existence - inserts code into existing files on
the system
- require human activity for infection
◉ Worm. Answer: -Self-replicating
-Standalone strains
-Do Not modify files to spread, instead, they make copies of themselves.
The lack of user interaction makes them exceptionally dangerous to
networking infrastructure and a significant threat i.e Stuxnet.
◉ Trojan. Answer: -non-replicating in nature
-disguises itself as something legitimate while hiding malicious
functionality.
- must be installed by another program, or the user must be tricked into
installing it.
Can take one of three forms:
- An unauthorised program contained within a legitimate one.
QUESTIONS WITH SOLUTIONS GRADED A+
◉ Malware Components. Answer: Concealer - Features to hide the
malware and/or its activity. (May open hidden connections to the
internet to secretly download the payload).
• Replicator - Manual or automated features that allow malware to
spread (could be triggered when open by user and spread to the user's
network).
• Payload - Malware feature that causes the damage or other malicious
function.
◉ Important Terminology. Answer: Presence: Malware is on the system,
but payload has not been triggered.
Infection: Malware is present and active/payload triggered.
Damage: Performing malicious actions: Deliberate, accidental or
incidental.
,Stealth: The methods through which malware conceals itself.
Polymorphism: Malware's ability to create different copies to evade
signature detection.
◉ Common Classifications. Answer: - File Infectors
- Boot Sector Viruses (Old school - commonly found by anti-virus)
- Interpreted viruses (Macro and Scripts)
◉ File infectors. Answer: Overwriting: Replaces the original file
completely
Parasitic: Modifies the original file to include either the malicious code
itself to a call to a separate, malicious file.
- Prepending
- Appending
- Inserting
◉ Path Companion Viruses. Answer: Exploit the order in which
executable files are called:
- Same filename, priority path (current over system directory).
- Same path, priority filename extension (.com over .exe).
,◉ Sysmptoms of an infected computer. Answer: • System is unstable
and responds slowly - malware may be consuming resources in the
background.
• New and unknown executables found on system
• Altered system settings (without your consent)
• Unusual network traffic
• Random pop ups
Overall system showcases unexpected / unpredictable behaviour
◉ Classification. Answer: Can be classified as malware if it does one of
the following;
• Modifies another program
• Replicates itself without user consent
• Allows an unauthorized person to take control of the system
• Transmits confidential data to a remote system without consent
• Sends data to a system to disrupt normal functioning
• Opens a port for listening in on a local machine to accept commands
from a control server
• Records keystrokes and send the info to a remote server
• Downloads and executes files from suspicious remote servers
• Copies itself into multiple locations
• Injects code into another program
• Makes unauthorized changes to the system
, • Modifies a protected system setting
• Modifies a registry setting used for launching programs on start up
◉ Virus. Answer: Virus (The parasitic infector)
- Self-replicating in nature
- Does not have a separate existence - inserts code into existing files on
the system
- require human activity for infection
◉ Worm. Answer: -Self-replicating
-Standalone strains
-Do Not modify files to spread, instead, they make copies of themselves.
The lack of user interaction makes them exceptionally dangerous to
networking infrastructure and a significant threat i.e Stuxnet.
◉ Trojan. Answer: -non-replicating in nature
-disguises itself as something legitimate while hiding malicious
functionality.
- must be installed by another program, or the user must be tricked into
installing it.
Can take one of three forms:
- An unauthorised program contained within a legitimate one.
