1.0 - Threats, Attacks and Vulnerabilities Flashcards

1
Q

Code is changing after each use, so that signature-based scanning does not always work.

Type of threat?

A

Polymorphic Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Code is encrypted so that it cannot be decomplied or reverse engineered.

Type of threat?

A

Armored Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Files are encrypted, either permanently or until a ransom is paid.

Type of threat?

A

Crypto-Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Files are encrypted, and request for ransom is received.

Type of threat?

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Malicious code that attaches itself to another piece of executable code. It only runs when the executable it is attached to is run.

Type of threat?

A

Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Malicious code that spreads across a network without being attached to another executable. Can also move via email, open network shares, IIS, SQL. Type of threat?

A

Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Software that appears to do one thing, such as a game, but also has embedded malicious code.

Type of threat?

A

Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Threat that modifies the OS, often by re-writing the kernel.

Type of threat?

A

Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Malicious code that records keystrokes.

Type of threat?

A

Keylogger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Software that makes ads appear. Can be malicious or legitimate.

Type of software?

A

Adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Software that monitors a user’s activities, including: keylogging, browsing, cheating on games, software usage.

Type of software?

A

Spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A large number of infected PCs that can be controlled by one malicious user.

Type of threat?

A

Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A hacker installs a toolkit on a remote PC that lets them record keystrokes, take screenshots, install software, see and change system settings.

What is this toolkit called?

A

RAT (Remote-Access Trojan)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An administrator installs a piece of code that will delete files or do other damage if they are fired.

What is this called?

A

Logic Bomb (or Time Bomb if it will go off a specific number of days later)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A developer is able to get back into a system even after new layers of security have been added.

What method did they use.

A

Backdoor / Trapdoor. Often a hard-coded password, which is difficult to remove.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

List common Indicators of Compromise (IOC)

A

Common IOCs are:

Network:

  • Unusual outbound network traffic
  • Geographical irregularities in network traffic
  • HTML response sizes
  • Mismatched port-application traffic
  • Unusual DNS requests
  • Signs of DDoS activity
  • Web traffic with nonhuman behavior

Accounts:

  • Anomalies in privileged user account activity
  • Account login red flags

OS & Applications:

  • Increase in database read volumes
  • Large number of requests for the same file
  • Suspicious registry or system file changes
  • Unexpected patching of systems
  • Mobile device profile changes
  • Bundles of data in the wrong place
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A threat returns even after the OS is wiped and reloaded while the system is air-gapped.

Likely type of threat?

A

Firmware Rootkit, possibly in a video card or expansion card firmware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This threat loads before the OS, as a virtualization layer for the OS. This allows it to intercept hardware calls to the OS.

A

Virtual Rootkit or Vitual Machine-Based Rootkit (VMBR).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This type of threat operates at the OS level, giving it priviledged access to the system.

A

Kernal Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This type of threat infects libraries, such as .DLL files, so they can execute inside a target process to spoof it, or overwrite the memory of the target application.

A

Library Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Any threat will attack at least one of the three security requirements (the CIA of security). These are?

A

Confidentiality

Integrity

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A user receives an email indicating that they need to login to resolve an account issue at a website.

What type of threat is this?

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Members of just the accounting team receive emails asking them to login to the corporate bank account, with an invalid link.

What type of attack is this?

A

Spear Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The CEO receives a ficticious email or phone call, which was tailored just for her. What type of attack is this?

A

Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A threat actor spoofs the company’s HR phone number and calls users asking them for personal information. What kind of attack is this?

A

Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How can users protect against phishing and vishing attacks?

A

Never use the link or phone number provided in the incoming message.

Educate users about these threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Someone sparks up a conversation with an employee as they are heading into work, then follows them though the door without authenicating. What just happened and how can it be avoided?

A

The treat actor was Tailgating to gain entry to the building. Educating employees about proper entry procedures or a mantrap are possible solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How might a threat actor avoid third-party authorization?

A

They may:

  1. Arrive with knowledge of an existing project or issue
  2. Use the guise of trouble to create a sense of urgency
  3. Name drop someone important who is currently unavailable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What types of parties might a threat actor impersonate?

A

Help Desk / Support

Contractors / Outside Parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the best defense against impersonation attacks?

A

A standard process for verifying identity and user education.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

An attacker goes through the organization trash looking for sensitive information. What is this technique called?

A

Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

An attacker watches the keypad on an ATM machine to get users’ PIN numbers, possibily from afar with a telephoto lens. What type of attack is this?

A

Shoulder Surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are some methods to prevent shoulder surfing?

A

Blinders around PIN keypads

Keypads the move the numbers around

User education

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Users receive a viral email telling them to delete an important system file in order to prevent future attacks. What is this?

A

A Hoax, but a damaging one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A website is altered to distribute malware, often just to users in a certain geographical area. What is this attack called?

A

Watering Hole

These are difficult and time-consuming to setup, so they tend to use zero-day attacks, and are often backed by nation states.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A threat actor pretends to be calling from from the IRS. What social engineering principal are they using?

A

Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A threat actor implies that a user’s job may be on the line if they do not cooperate. What social engineering principal are they using?

A

Intimidation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

A threat actor works within a group to push the decision making process in a particular direction. What social engineering principal are they using?

A

Consensus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A phishing email says that user only has a few minutes to reset their account. What social engineering principal is being used?

A

Urgency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

An advertisment says that only a few items are left for sale. What social engineering principal is being used?

A

Scarcity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A threat actor talks to a user about how they have been in similar situations or had similar feelings. What social engineering principal is being used?

A

Familiarity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A social engineer’s goal is not to force someone to do something they don’t want to do, but to create a perception in their mind that they are doing the right thing. What social engineering principal is this?

A

Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Describe a social engineer’s primary goal and technique.

A

Their goal is to manipulate a person’s perception in order to change their actions.

They do this by preying on a person’s beliefs, biases and stereotypes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

A system if flooded with TCP SYN requests that return back to a non-existent IP address. This causes the system to lock up. What type of attack is this?

A

DoS (Denial of Service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

A threat actor is able to send commands to a few master systems, which control hundreds or thousands of zombie PCs, which are infected with the correct malware. When the order is received these systems all flood one target with requests, bringing it down. What type of attack is this?

A

DDoS (Distributed Denial of Service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What precautions can be taken against DDoS attacks?

A

Precautions against DDoS attacks include:

  1. Consistent patching
  2. Shorter timeouts for TCP connections
  3. Distributed workloads
  4. Block ICMP packets at the border
  5. Scan your network for zombie systems (helps others more than you)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

An attacker steals a cookie from a user and is able to hijack their session, by rerouting all communication through another PC. This allows the attacker to see the data being moved (if not encrypted) and see who the target is communicating with. What type of attack is this?

A

Man-in-the-Middle (session hijacking specifically)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Lack of input error-checking in programs is the root cause of this common attack where new commands are injected into a program through the input fields.

A

Buffer Overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Describe the 2014 Heartbleed attack.

A

It took advantage of a buffer overflow vulnerability in the OpenSSL library.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Describe some types of Injection attacks.

A

SQL injection - allows unauthorized SQL commands to run

XML injection - allows access to data

LDAP injection - allows access to data

Command injection - gives privledged command-line access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is the difference between XSS and SQL injection?

A

XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application’s database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Lack of input validation on a web site allows attackers to include a script and have it rendered. What is this method called?

A

Cross-Site Scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

How can Cross-Site Scripting (XSS) be migated?

A

Cross-Site Scripting (XSS) mitigation:

  • Use anti-XSS libraries to strip scripts from the input strings
  • Limit types of uploads, screen or whitelist uploads
  • Testing with encoded and unencoded inputs to find vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

A user is logged into a banking site. Meanwhile code is executed in a separate browser tab to perform a transaction at the site without the user’s knowledge. What type of attack is this?

A

Cross-Site Request Forgery (XSRF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What methods can migate against Cross-Site Request Forgeries (XSRF)?

A
  • Re-validate the user on important transactions
  • Limit authentication time
  • Cookie expiration
  • Use anti-CSRF tokens in form submissions. These are sent to the user at authentication, then included in subsequent HTTP requests. This the most effective method.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

An attacker gets standard access to a system, then duplicates an elevated token to run processes as an elevated user. What type of attack is this?

A

Privilege Escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What methods can mitigate privilege escalation attacks?

A
  • Follow the least-privilege model
  • Regularly review administrative accounts
  • Monitor privileged accounts for unusual behavior
  • Reduce processes and services that run in elevated mode
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

An attacker sends incorrect ARP and RARP requests to a network, feeding incorrect data into system ARP tables. They then use this corruption to setup a man-in-the-middle attack. What is this method?

A

ARP Poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

An attacker sends ICMP Ping commands to a network address, with the reply aimed at a specific PC. This floods the target PC with ping requests. When an attacker is able to create a greater effect than would be possible with a single client, what is it called?

A

Amplification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Running nslookup shows that a system’s local DNS cache is pointing certain DNS names to the wrong IP addresses. What type of attack has occurred?

A

DNS Poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

You login to GoDaddy to discover that you no longer own and control one of you domain names. What has occurred?

A

Domain Hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

A trojan element is added to a user’s browser that intercepts and changes data as they browse certain websites. What is this attack called?

A

Man-in-the-Browser (MitB)

63
Q

An attacker uses a vulnerability that is unknown to the developer, so even the latest patches will not protect systems. What is this called?

A

Zero Day attack

64
Q

An attacker captures communication between two parties and retransmits them at a later time. What is this called?

A

Replay

65
Q

What best defends against replay attacks?

A

Defenses against replay attacks:

  • Encryption
  • Short time frames for transactions
66
Q

An attacker captures a hash file and injects it into a system. This allows them to authenticate without knowing the password. What is this called?

A

Pass the Hash.

This is technically demanding attack, but tools have been developed to make it easier.

67
Q

When a user clicks on a certain design element, their click is altered by a transparent overlay, causing them to click elsewhere and executing the attacker’s code. What is this type of attack?

A

Clickjacking

68
Q

A user receives a DoS attack, taking down their system. At the same time, the attacker takes over a Telnet or web session that the user was running. What is this called?

A

Session Hijacking

69
Q

A peice of malware alters the URL a user is attempting to browse to, causing them to go to a fake website. What is this called?

A

URL Hijacking

70
Q

A user receives an email from the bank asking them to login. The URL in the mail looks similar to their bank’s, but the actual domain is different. What is this called?

A

URL Hijacking, Fake URL, Brandjacking, Typo Squatting

71
Q

An attack puts a layer of code between a driver and the OS, changing hardware responses without altering the driver itself. What is this form of driver manipulation called?

A

Shimming

72
Q

An attacker modifies internal code to add functionality without changing other external behavior of the code or driver. What is this called?

A

Refactoring

73
Q

An attacker puts the IP of the target system into certain web traffic to facilitate an attack. What is this called?

A

IP Spoofing

74
Q

A target system is flooded with ICMP requests after the attacker sent the ICMP request to the network address. What technique was used?

A

IP Spoofing - in the initial request to the network address. This called a Smurf attack.

75
Q

What can mitigate IP spoofing attacks?

A
  • Limit trust relationships between hosts
  • Configure firewalls to reject packets from outside that have an inside IP in the From address
76
Q

Why are IP spoofing SYN/ACK attacks more difficult from outside the network?

A

The attacker will have to guess the sequence numbers for the SYN/ACK transaction.

77
Q

Wireless networks are especially succeptible to this attack where conversations are recorded and sent later on.

A

Replay attacks

78
Q

WEP wireless encryption was suseptible to this exploit where an initial key sequence was send in the plaintext part of the message.

A

Initialization Vector (IV). Software such as AirSnort can intercept each packet with weak IV and eventually crack the WEP encryption key for a WAP.

79
Q

You discover a wireless access point hidden in a cupboard. It is configured to emulate a company WAP and intercept user data. What is this called?

A

Evil Twin

80
Q

A non-company owned AP is allowing clients to authenticate to a real company AP. The attacker uses this to collect user credentials.

A

Rogue AP

81
Q

A certain radio spectrum is targed by a rogue wireless device. What is this called?

A

Jamming

82
Q

This easy to use wireless authentication system has the user enter an 8-digit code to authenticate and is susceptible to brute-force attacks.

A

WPS (Wi-Fi Protected Setup)

83
Q

A user is in a crowded airport when they receive a text message or image via Bluetooth from an unknown and unauthorized user. What type of attack is this?

A

Bluejacking

84
Q

What can be done to avoid bluejacking?

A
  • Disable Bluetooth
  • Set Bluetooth devices to nondiscoverable
85
Q

An attacker copies data from a target phone via Bluetooth. This can include emails, contacts, calendar, and media files. What is this attack called?

A

Bluesnarfing

86
Q

What is the key difference between bluejacking and bluesnarfing?

A

Bluejacking sends unauthorized data. Bluesnaring uses an authorized connection to steal data.

87
Q

What types of attacks are RFID readers succeptible to?

A
  • Replay - the attacker intercepts signals and replays them later to authenticate.
  • Cloning - a dupilcate RFID card can be created using eavesdropping data.
88
Q

An attacker sends deauthentication frames to a WAP to remove it from the network. What is this called?

A

Disassociation

89
Q

Why would an attacker disassociate a WAP?

A
  • To sniff the reconnect, including the WPA four-way handshake. This provides initial information needed in a brute-force or dictionary-based WPA attack.
  • It forces users to reconnect, which is a chance to mount a man-in-the-middle attack.
90
Q

This brute-force cryptographic attack looks for collisions within hash functions, or duplicate hash functions.

A

Birthday attack

91
Q

An attacker gathers the original plaintext and the ciphertext for that message, then uses them to key through brute-force attemptes. What is this attack called?

A

Known Plaintext/Ciphertext

92
Q

What can be done to mitigate Known Plaintext/Ciphertext attacks?

A

Large keyspace, so that a brute-force attack is no longer feasible.

93
Q

These lists of hash values associated with passwords make password cracking easier.

A

Rainbow tables

94
Q

What method makes rainbow tables useless?

A

Salted Hashes, where an additional salt value makes the precomputing process not replicable.

95
Q

A list of common words is used to crack a password.

A

Dictionary attack

96
Q

Every possible password is attemted against a system or hash file, in this computing-intensive attack.

A

Brute Force

97
Q

Which type of brute force attack is easy to notice?

A

Online Brute Force attacks are often detected as the system sees many authentication attempts on the same account.

98
Q

This type of brute force attack requries that the attacker first steal the hash file.

A

Offline Brute Force attack

99
Q

What types of methods are often part of a hybrid password attack?

A

Hybrid password attack may start with a dictionary attack, the move on to brute force methods.

100
Q

When two different inputs produce the same output of a hash function, what type of attack is possible?

A

Collision attack. Many versions of the hash file are produced, then a birthday attack is used to find collisions between them.

101
Q

An attacker take acvantage of a backword compatibility feature in the protocol and forces a TSL/SSL conversation to use a lesser form of encryption. What is this method?

A

Downgrade

102
Q

If developers do not follow best practices, attackers can record and use conversations to break even encrypted systems with this relatively simple technique.

A

Replay

103
Q

This common web security protocol has been hacked in all of its version but is still commonly used. What is it, and what should it be replaced with.

A

SSL has been cracked. It should be replace with TLS. Unfortunately, weak implementations are one of the main issues in IT security.

104
Q

This type of threat actor has little technical knowledge and relies on pre-fab tools.

A

Script Kiddies

105
Q

When hackers work collectively, usually on the behalf if a cause, they are what?

A

Hacktivists

106
Q

These type of hackers work to monetize their efforts and work in large, organized units.

A

Organized Crime. Criminal cybersecurity is now larger in dollar terms and the international drug trade.

107
Q

Often the most skilled of hackers work for these organizations, useing highly structured attacks and defenses.

A

Nation States. They often use Advanced Persistent Threats (APT) against other nation states or economic interests.

108
Q

With this method, hackers achieve a presense on a target network over a long period of time to gather as much data as possible.

A

Advanced Persistent Threat (APT)

109
Q

This group of intruders are especially difficult to protect against since they already have some access and understanding of the systems.

A

Insiders

110
Q

This type of attack is used sparingly - only when other methods are not available - because it usually cannot be used more than once.

A

Zero Day

111
Q

List the common attributes of threat actors.

A

Attributes of threat actors include:

  • Resources
  • Level of sophistication
  • Location
  • Motivation
112
Q

A cooperative group of government and non-government, sharing and analyzing threat data is an example of what?

A

Open Source Intelligence

113
Q

Would a penetration test use a zero day attack? Why or why not?

A

Pen Tests look for common and known vulnerabilities, so they can be mitigated.

114
Q

What goals would a pen tester set?

A

To hack the system with the same objectives as a likely threat actor. Try to get to the data or system that is most valued to a hacker.

115
Q

Pen testers use tools to directly interract with the target network and learn about it. What is this called?

A

Active Reconnaissance

116
Q

Pen testers may use publicly-available sources to gather information about a target network. What is this called?

A

Passive Reconnaissance

117
Q

Pen testers use passive and active tools. What is the difference?

A

Passive tools scan a network without detection. Active tools can be detected.

118
Q

An attacker establishes a presence on a PC, uploads tools to it, and uses it to scan that portion of the network. They repeat this process to gain information about larger portions of the network. What is the process called?

A

Pivoting or network traversal

119
Q

This step in the pen testing process shows that a network vulnerability exists, but stops short of damaging any systems.

A

Initial Exploitation

120
Q

List some common techinques used by pen testers.

A

Common pen testing techniques include:

  • Initial exploitation
  • Pivoting / network traversal
  • Escalation of privilege
  • Perstence
121
Q

This testing technique exposes the program, system or network to malformed input data and looks for flaws in the output data. The tester has no knowledge of how the syhstem works.

A

Black Box Testing.

This is a common testing technique for web-based applications.

122
Q

This testing technique looks at the internal structures and data processing of an application. The tester has detailed knowledge of the application.

A

White Box Testing

123
Q

This testing technique is efficient becuase the testers have some knowledge of the software, network or system they are testing. This is efficient becuase entire paths can be eliminated from the test.

A

Grey Box Testing

124
Q

What is the difference between Pen Testing and Vulnerablility Scanning?

A

Vulnerability Scanning will find vulnerabilities, whether they can be exploited or not.

Pen Testing will determine which vulnerabilities can be exploitated.

125
Q

What is the difference between credential and non-credentialed vulnerability scans? Why are both scans important?

A

The difference is whether the vulnerability scan tool was given valid account credentials to use.

Both tests should be run, as a real attacker may not have credentials initially, but might later on in the process.

126
Q

List the common steps in a vulnerability scan.

A

Common steps in the vulnerability scan are:

  • Identify vulnerability
  • Identify missing or ineffective security contols
  • Identify common misconfigurations
127
Q

What is the difference between intrusive and non-intrusive vulnerability tests?

A

Intrusive tests will make a change to the system state. This is more accurate at detecting vulnerabilities but it can cause system disruption.

128
Q

An attacker sends similar commands in fast sequence. The data is not received in the expected order, allowing the attacker to gain access. This is an example of what?

A

Race Conditions

129
Q

What methods can be used to prevent race conditions?

A

Race conditions can be prevented by:

  • Reference counters
  • Kernal locks
  • Thread syncronization
130
Q

An organization chooses to continue using a server that is running and older OS, which no longer receives updates. What type of vulnerability is this?

A

End of Life System

131
Q

The primary software on a server receives patches from the vendor, but some of the lesser components from a third party are not patched. What are these vulnerable components called?

A

Embedded Systems

132
Q

Your organization is using a software that is many versions old, so the vendor support contract has run out. What vulnerability is this?

A

Lack of Vendor Support

133
Q

This is the most common general type of software vulnerabilty, and can be mitigated with input validation.

A

Improper Input Handling

134
Q

List types of Improper Input Handling

A

Types of Improper Input Handing include:

  • Buffer Overflows
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (XSRF)
  • Injection attacks
  • Canonical Structure Errors
135
Q

Which is a better error handling method? Report error to user, or write it to a log file.

A

Writing errors to a log file is safer, if it is stored where access can be limited by an ACL.

136
Q

A hacker forces errors in a system and records each error message to learn more about the system. What vulnerability is this?

A

Improper Error Handling

137
Q

A new system is configured with older, less secure, protocols enabled even though they are not needed. What vulnerability is this?

A

Misconfiguration or Weak Configuration

138
Q

New access points are installed without changing the factory-set admin password. What vulnerability is this?

A

Default Configuration

139
Q

An attacker floods a target sytem with requests until it runs out of memory or bandwidth and it crashes. What is this technique?

A

Resource Exhaustion

140
Q

Someone in marketing clicks on the URL in a phishing email, causing a system failure. What would have best prevented this event?

A

User training

141
Q

A user is able to get into an advanced system because IT Security didn’t realize that one of his group memberships also grants the extra access. What type of vulnerability is this?

A

Improperly Configured Account

142
Q

The accounting software is confgured to pay on invoices without matching them to purchase orders. What type of vulnerabilty is this?

A

Vulnerable Business Process

143
Q

The security team would like to build their own custom cryptographic algorithm and implementation. Is this a good idea?

A

No. Custom cipher suites are not considered secure because they are very difficult to create and implement effectively. It is better to choose an existing cypher system that has been proven to be effective.

144
Q

SSL or TLS?

A

SSL bad

TLS good

145
Q

A program crashes after a certain amount of time, after mis-written memory overwrites parts of the program’s memory space. What is this called?

A

Memory Leak

146
Q

An attacker crashes a system by sending it numerical values that are larger than the programmers intended. What is this technique called?

A

Integer Overflow

147
Q

An attacker enters 150 digits into the phone number field of a form, causing the program to crash or execute an unintended command. What is this called?

A

Buffer Overflow

148
Q

An attacker inputs invalid data designed to prompt the program to reference the wrong area a memory. What is this called?

A

Pointer Dereference

149
Q

You discover that a copy of MS Office now has extra functions, including dangerous tools that could be used by a hacker. What is the likely type of attack?

A

DLL Injection

150
Q

Your organization has acquired numerous smaller companies. As a result, some of the system are not documented or accounted for. This is an example of what?

A

System Sprawl and Undocumented Assets

151
Q

Your large network has no subnets or VLANs. This is what type of vulnerability?

A

Architecture / Design Weakness

152
Q

Your organization receives a successful targeted attack, despite all of the latest patches being applied. What is the likely type of attack?

A

Zero Day

153
Q

Compensating Controls can block the path of an attack without directly addressing the underlying vulnerability. What type of attack are they especially effective against?

A

Zero Day

154
Q

The employee who updates the certificate server got a job in Florida last year and has not been replaced. What vulnerabilty does your network likely have now?

A

Improper Certificate and Key Management