1.2

Question 1

Most common network attacks are?

Answer 1

Reconnaissance attacks, access attacks, Denial of Service, Distributed Denial of Service attacks

Question 2

What are reconnaissance attacks are trying to do?

Answer 2

Attempt to gather information about the victim before launching an attack, example use cdp, whois, ping sweeps etc.

Question 3

Explain social engineering

Answer 3

In an attack that tries to use people to do thing or spill info

Question 4

social engineering - phishing

Answer 4

a message with a link that goes to a dodgy site but looks legit

Question 5

social engineering - spear phishing

Answer 5

targeted phishing attack for an person/organzation

Question 6

social engineering - whaling

Answer 6

targeted emails for top execs

Question 7

social engineering - pharming

Answer 7

used to direct a customers url from a valid resource to a malicious one that could be made to appear as the valid site to the user.

Question 8

social engineering - smishing

Answer 8

attack through a text

Question 9

social engineering - vishing

Answer 9

attack through phone

Question 10

social engineering - baiting

Answer 10

leaving an infected device lying around

Question 11

What is privilege escalation

Answer 11

process of taking some leve of access and achieving an even greater level of access to a router and then uses a brute-force attack against the router

Question 12

What are back doors?

Answer 12

When attackers gain access to a system they usually want future access. a backdoor application can be installed to either allow future access or to collect information to use in further attacks.

Question 13

How can backdoors be installed?

Answer 13

by users clicking something without realizing the link they click or the files they open is a threat. Can also be implemented as a result of a virus or worm.

Question 14

6 types of access attacks

Answer 14

Password, Trust exploitation, port redrection, mitm, buffer overflow, ip, mac, dhcp spoofing

Question 15

what is a convert channel?

Answer 15

effective mechanism for sending and receiving information data between machines without alerting any firewalls. Die Daten unter einem anderen Protokoll verkleiden.

Question 16

How to get a password? And which type of attack?

Answer 16

Trying to get ciritical passwords using methods like social engineering or brute force etc. Access attack

Question 17

What is trust exploitation? which type of attack?

Answer 17

using unauthorized privileges to gain access to a system. access attack

Question 18

What is MITM? which type of attack?

Answer 18

Man in the middle, when the attacker places themselves in the middle of 2 devices in order to eavesdrop or manipulate date, access attack

Question 19

What is buffer overflow? which type of attack?

Answer 19

causing the buffer to overflow and crashing the system, leading to a DoS attack

Question 20

What is ip, mac, dhcp spoofing? which type of attack?

Answer 20

an attack that makes it look like it is coming from the source - using a rogue dhcp server to respond to requests or exhausting the genuine server’s pool. access attack

Question 21

What are Dos and DDoS attack attempt to do?

Answer 21

They try to consume all of a computers critical resources in order to make it unavailable for use.

Question 22

From which source is DDoS? And what can this attack use?

Answer 22

DDoS is an attack from all sources and can use reflection and amplification.

Question 23

What is reflection and amplification in combination with DDoS?

Answer 23

Reflection is when the attacker send a flood of protocol requests packets to various ip host, while amplification a small forged attacked gets a big reply from reflectors, called the avalanche effect.

Question 24

DDoS - ping of death?

Answer 24

sending a malicious ping to a computer causing a crash - not done anymore

Question 25

DDoS - Smurf attacks?

Answer 25

sending lots of icmp packets to the broadcast addresss of a big network cantaining the victims ip address as source and every host will replay back to that address - not done anymore

Question 26

DDoS - tcp syn flood attack?

Answer 26

exploits te 3 way handshake by sending loads of syn packets with random source addresses to a victim, forcing it to wait for acks that will never arrive, leaving half open connections

Question 27

Defenses against social engineering are?

Answer 27

password mgmt, 2 factor authentication, antivirus/phishing, change mgmt, info handling and classification

Question 28

What is password management?

Answer 28

make rules on password change and format

Question 29

what is 2 factor authentication?

Answer 29

mixing what a user has and something they know to gain access

Question 30

what is antivirus/phishing?

Answer 30

host and network based filtering systems

Question 31

what is change management?

Answer 31

a process showing how and when changes can be made

Question 32

what is info handling and classification?

Answer 32

a policy that sets out how info can be handled and destroyed

Question 33

malware - what is a virus?

Answer 33

a code that is attached to exe files that require user interaction to propogate

Question 34

what is a trojan horse?

Answer 34

malware that looks genuine but is mailicous and creates a back door into the infected system. needs user interaction

Question 35

what are worms?

Answer 35

they are like viruses but doesn’t need user interaction to reproduce - it also makes functional copies of itself

Question 36

describe vectors of data loss/exfiltration

Answer 36

It is when data is leaked somehow to the outside word intentionally or not

Question 37

vectors of data loss/exfiltration are:

Answer 37

email attachments, unencrypted devices, cloud storage, removable media, hard copy