1.2

Question 1

Malware

Answer 1

Malicious software, can do anything from gathering keystrokes, controlling affected pcs, to showing advertisements, and encrypting your data.

Question 2

Virus

Answer 2

Malware that can reproduce itself, but it requires the user to execute the program that contains the virus. It than reproduces the filesystem or network to reproduce and spread.

Question 3

Program Virus

Answer 3

Virus that is part of an application

Question 4

Boot sector virus

Answer 4

Virus that lives in the boot sector of the storage device. It starts when the OS is started.

Question 5

Script Vrius

Answer 5

Operating system and browser based scripts, powershell ext.

Question 6

Macro Virus

Answer 6

Common in Microsoft Office apps, utalizes macros at startup of application. Hides in simple files like xml, docs, ext.

Question 7

Fileless virus

Answer 7

A stealth attack, doesn’t actually save to the storage drive. It instead operates souley in the memory of the PC. Usually from clicking a malicious link on a website, then it exploits a flash/java/windows vulnerability. It than launches powershell and downloads payload in ram.

Question 8

Worms

Answer 8

Malware that self-replicates, uses network as transmission. Can do so without user activation

Question 9

Ransomware

Answer 9

A type of malware attack that holds your data ransom, sometimes by just making the user think they are locked out from their data.

Question 10

Crypto-malware

Answer 10

A newer generation of ransomware that makes your data unavailable by encrypting your data until you provide cash.

Question 11

Protect Against Ransomeware

Answer 11

1) Always have a backup - ideally offline
2) Keep operationg system up to date
3) Keep aplications up to date
4) Keep antivirus/anti malware up to date

Question 12

Trojan Horse

Answer 12

A software that pretends to be something else

Question 13

Potentially Unwanted Program (PUP)

Answer 13

Often installed along with other software, many different types that include intrusive toolbars, adware, ext

Question 14

Remote Access Trojans (RATs)

Answer 14

Aka Remote Administration Tool, gives attacker administrative control of a device.

Question 15

Rootkits

Answer 15

Modifies core system files part of the kernel.

Question 16

Finding and removing rootkits

Answer 16

Secure boot with UEFI adds additional boot security.

Question 17

Adware

Answer 17

May cause performance issues, especially over the network by spamming your pc with ads. Often times they are PUPs.

Question 18

Spyware

Answer 18

Malware that spies on you, usually it is a trojan horse.

Question 19

Bots

Answer 19

Once your machine it becomes a bot, used by an attack usually alongside other infected other bots from the C&C server (Command and Control)

Question 20

Botnets

Answer 20

A group of bots working together, often times utilizing a Distributed Denial of Service attack (DDos)

Question 21

Logic Bomb

Answer 21

Waits for a predefined event and issues a command. Often left by someone with a grudge.

Question 22

Plaintext/ Unencrypted password

Answer 22

Some applications store passwords “in the clear” Never store passwords as plaintexts

Question 23

Hashing a password

Answer 23

Hashes represents data as a fixed-length string of text

Question 24

Brute force

Answer 24

Try every possible password combination until the has is matched. It either attacks a password at a login prompt - which is harder as it will usually get locked out after a few attempts -, or by obtaining the password hash.

Question 25

Spraying Attack

Answer 25

Tries to login with a list of common passwords on many accounts. Fewer attempts on more accounts.

Question 26

Dictionary Attacks

Answer 26

Use a dictionary to find common words, many common wordlists available. Some are customized by language or line of work - and also preform letter substitutions (p@$$w0rd)

Question 27

Rainbow Table

Answer 27

An optimized, prebuilt set of hashes. Saves time because the hash chains are pre-calculated. This greatly cuts down on the time it takes to crack a password as it just needs to lookup the hashes instead of calculating them.

Question 28

Salting Hashes

Answer 28

Salt is a bit of random data added to the password before the password is hashed. This can make two passwords that are the same have different hashes because of the random data added to the calculation. This is a great method to defend against rainbow tables.

Question 29

Malicious USB Cable

Answer 29

A physical attack that uses a normal looking USB cable that contains some additional components inside. Often time tells the PC that it is an input device, and then uses that to type commands into the PC without the user’s knowledge. To defend against this, only use USB cables from known trusted sources.

Question 30

Malicious flash drive

Answer 30

Physical attack that uses a normal looking flash drive. Similar to a Malicious USB cable, has additional components that allow it to input commands to a PC by acting as a HID (human interface device). It may also contain virus within the files on the USB, act as a boot device to infect the computer on boot, or act as an ethernet adapter and redirects traffic requests.

Question 31

Skimming

Answer 31

Stealing credit card information during normal transactions. Attackers will copy data from the magnetic stripe or from the machine logging the purchase. Often times, it will include a small camera to watch for pin # input. To defend, check the physical card reader and look for signs of tampering.

Question 32

Card Cloning

Answer 32

Gets card details from a skinner, and then duplicates the card. Would only be able to use magnetic stripe cards, as the chips on cards cannot be duplicated. Cloned gift cars are the most common occurrence.

Question 33

Machine Learning

Answer 33

Computers are getting smarter by utilizing Machine Learning (ML). It requires a lot of data to train the computers, but they will get better over time with more data.

Question 34

Poisoning the Training Data

Answer 34

Attackers send modified data to confuse the Artificial Intelligence (AI) with the intention of making the AI to behave incorrectly.

Question 35

Evasion Attacks

Answer 35

AI is only as good as the training and programming. Attackers will target holes and limitations, and will often time change their attacks once the holes are filled.

Question 36

Securing Learning Algorithms

Answer 36

Check training data, constantly retrain with new data, and train the AI with possible poisoning methods.

Question 37

Suppply Chain

Answer 37

Attackers will infect vulnerabilities along the supply chain and abuse the fact that companies will trust their supply chain.

Question 38

Supply Chain Security

Answer 38

Use trusted it infrastructure equipment, cut down on number of suppliers, and strict controls over policies and procedures.

Question 39

Categories for IT Security

Answer 39

Cloud based & on premises.

Question 40

On Premises Security

Answer 40

Full control over everything in house, and a local team can ensure everything is secure. No waiting for support as checks can occur at any time, but security changes may take additional time and cost.

Question 41

Cloud based Security

Answer 41

Data is in a security environment, but third party may have access to data. Cloud providers have more experience managing large scale security, so the biggest security risk is on users to follow best practices. Cloud security options are scalable but may not be as customizable.

Question 42

Cryptographic Attacks

Answer 42

Attackers will try to find vulnerabilities to crack into cryptographic security. The problem often lies in the implantation over the cryptographic methods themselves.

Question 43

Birthday Attack

Answer 43

Utilizes the birthday paradox to find hash collisions, where to different plaintexts passwords would create the same hash value. To protect against this, you can use a large hash output size.

Question 44

Hash Collisions

Answer 44

Hash digests are supposed to be unique, and different input data should never create the same hash.

Question 45

Downgrade Attack

Answer 45

Instead of using perfectly good encryption, the systems are forced to downgrade into a vulnerable encryption method.