Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > 1.0 - Threats, Attacks, and Vulnerabilities > Flashcards

1.0 - Threats, Attacks, and Vulnerabilities Flashcards

1
Q

Phishing

A
  • Mixture of social engineering and spoofing, often delivered by SPAM, IM, etc.
  • try to convince you to provide personal information, SSN, Credit Card, Bank info, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Spear Phishing

A
  • Direct their efforts toward a specific, narrow group of people
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Whaling

A
  • Phishing that target high level individuals such as CEO’s, CIOs, VPs, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vishing

A
  • “Voice-Phishing”
  • Phishing conducted over the phone
  • Fake security checks or banks updates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Replay Attack

A
  • an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data
  • WPA using TKIP is vulnerable to replay attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Downgrade Attack

A
  • forces a system to downgrade its security

- attackers bypass a stronger security suite and exploit the weaker suite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DoS

A
  • an attack from a single source that attempts to disrupt the services provided by another system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DDoS

A
  • an attack from multiple sources that attempts to disrupt the services provided by another system
  • typically include sustained, abnormally high network traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Man-in-the-Middle

A
  • an attackers accepts traffic from each party in a conversation and forwards the traffic between the two
  • the two parties are unaware of the MITM and it can interrupt the traffic at will or insert malicious code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ARP Poisoning

A
  • attack that misleads computers or switches about the actual MAC address of a system
  • ARP poisoning is sometimes used in MITM attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Amplification

A
  • attack that significantly increases the amount of traffic sent to, or request from, a victim
  • can be used against a wide variety of systems, including individual hosts, DNS servers, and NTP servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Birthday Attack

A
  • attacker is able to create a password that produces the same hash as the user’s actual password
  • this is called a hash collision
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Replay Attack

A
  • replay attacks capture data in a session with the intent to later impersonate one of the parties in the session
  • an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data
  • WPA using TKIP is vulnerable to replay attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Collision Attack

A
  • collision attack occurs when the hashing algorithm creates the same hash from different passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Dictionary Attack

A
  • a dictionary attack uses a file of words and common passwords to guess a password
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Brute Force Attack

A
  • a brute force attacks attempts to guess all possible character combinations
  • can be done online or offline
17
Q

Rainbow Tables Attack

A
  • type of attack that attempts to discover the password from the hash
  • uses huge databases of passwords and their calculated hashes
  • attacker compares the hash of the original password against hashes stored in the huge rainbow table
18
Q

XSS

A
  • cross-site scripting allows attackers to embed malicious HTML or JavaScript code into a web site’s code
  • allows attackers to capture user information such as cookies
19
Q

XSRF

A
  • cross-site request forgery scripting causes users to perform actions on web sites such as making purchases, without their knowledge
  • in some cases it allows attackers to steal cookies and harvest passwords
20
Q

Active Reconnaissance

A
  • active reconnaissance methods use tools such as network scanners to gain information on the target
21
Q

Passive Reconnaissance

A
  • passive reconnaissance methods use open-source intelligence methods, such as social media and an organizations website
22
Q

Penetration Testing

A
  • penetration test is intrusive and can potentially compromise a system
  • a penetration test is an active test that can assess deployed security controls and determine the impact of a threat
  • it starts with a vulnerability scan and then tries to exploit vulnerabilities by actually attacking or simulating an attack
23
Q

Vulnerability Scanning

A
  • vulnerability scans are passive and have little impact on a system during a test

Security+ (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions