1-10

Question 1

What is an amplification attack?

Answer 1

Use of botnets for a DDOS or SPAM attack

Question 2

What is a reflection attack?

Answer 2

Using the victims IP to spam itself

Question 3

What is poisoning?

Answer 3

Manipulated a trusted source of data

Question 4

What is hijacking?

Answer 4

Intercepting communications to eavesdrop, capture, manipulate, and/or reuse packets

Question 5

What are the common types of phishing?

Answer 5

Spear fishing, Whaling, SMSishing, Vishing, Watering holes

Question 6

What are local types of social engineering?

Answer 6

Shoulder surfing, Piggybacking/Tailgaiting, Dumpster Diving, USB Baiting.

Question 7

What is a cross site scripting attack?

Answer 7

Injection of malicious code into a web app or back end that will execute scripts in a user’s browser. Can be persistent or reflective.

Question 8

Cross Site Request Forgery?

Answer 8

Tricks a web browser into executing malicious actions on a trusted site for which the user is authenticated (usually via manipulated link/URL).

Question 9

What can significantly reduce the impact of of XSS and SQL injection attacks?

Answer 9

Input and output validation

Question 10

What is threat modeling?

Answer 10

Structured process by which potential threats, actors, and vectors can be identified, enumerated, and prioritized.

Question 11

What is OSINT?

Answer 11

Open Source Intelligence

Question 12

What are some government sources of threat modeling data?

Answer 12

NIST, FBI, US-CERT, NVD, MITRE, and CISA

Question 13

What are the three threat modeling approaches?

Answer 13

Asset-Centric (what/why), Architecture-Centric (how), and Attacker-Centric (who).