1.2 Compare and contrast types of attacks Flashcards

1
Q

An attacker came within close proximity of a victim and sent the mobile device user spam of an unsolicited text message. Once the user clicked the link in the message, the user’s device was infected with Trojan malware. What type of attack did the hacker most likely infect the mobile user with?

A

Bluejacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A social engineer intercepted an end-user’s phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user’s home with permission. What type of social engineering attack did the ISP and end-user fall victim to?

A

Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If an attacker purchases a fake domain that has a similar name of a real domain, and then uses the fake domain to send the legitimate company forged notices by email, which of the following attacks did the malicious user perform?

A

Typosquatting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A penetration tester cracked a company’s Wired Equivalent Privacy (WEP) access point (AP) by making the AP generate a large amount of initialization vector (IV) packets, by replaying Address Resolution Protocol (ARP) packets at it. What type of attack did the pen tester use to crack the AP?

A

Replay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A user entered credentials into a web application login page. Unfortunately, the login form contained a malicious invisible iFrame, that allowed the attacker to intercept the user’s input. What type of attack is this known as?

A

Clickjacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?

A

Rainbow table attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?

A

A Man-in-the-Browser (MitB) attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A group of college students receive a phone call from someone claiming to be from a debt consolidation firm. The solicitor tried to convince the students that for a limited time, a rare offer will expire, which could erase their student loan debt if they provide their Social Security Number and other personally identifiable information (PII). Which of the following tactics did the caller use?

A

Scarcity and urgency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

URL hijacking (also called typosquatting)

A
  • relies on users navigating to misspelled domains. An attacker registers a domain name with a common misspelling of an existing domain. Users who misspell a URL in the web browser are taken to the attacker’s website
  • is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Domain hijacking

A

where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Kiting

A

act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tasting

A

Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Replay

A
  • attacker intercepts authentication data and reuses it to re-establish a session. To crack WEP, a type of replay attack is used
  • consists of intercepting a key or password hash then reusing it to gain access to a resource, such as the pass-the-hash attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

War driving

A

practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them or trying to break into them (using WEP and WPA cracking tools)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Wi-Fi jamming

A

attack can be performed by setting up an AP with a stronger signal. Wi-Fi jamming devices are illegal to use and to sell. The attacker needs to gain fairly close physical proximity to the wireless network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Skimming

A

RFID attack where an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Clickjacking

A

hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

MitB

A

where the web browser is compromised by installing malicious plug-ins or scripts or intercepting API calls. Vulnerability exploit kits can be installed to a website and actively try to exploit vulnerabilities in clients browsing the site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

XSRF

A

malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Session IDs

A

generated using patterns (such as IP address with the date and time), making the session vulnerable to eavesdropping and possibly hijacking, by replaying the cookie to re-establish the session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Salt

A

Passwords not “salted” with a random value, make the ciphertext vulnerable to rainbow table attacks. A rainbow table attack is a type of password attack where an attacker uses a set of plaintext passwords and their hashes to crack passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

dictionary attack

A

software enumerates values in a dictionary wordlist. Enforcing password complexity makes passwords difficult to guess and compromise. Varying the characters in the password makes it more resistant to these attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

brute force attack

A

attempts every possible combination in the key space, to derive a plaintext password from a hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

hybrid password attack

A

targeted against naively strong passwords. The password cracking algorithm tests dictionary words and names in combination with numeric prefixes and/or suffixes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

bluejacking

A

Bluetooth-discoverable device is vulnerable to bluejacking, similar to spam, where someone sends an unsolicited text (or picture/video) message or vCard (contact details). This can also be a vector for Trojan malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Bluesnarfing

A

refers to using an exploit in Bluetooth to steal information from someone else’s phone. The exploit (now patched) allows attackers to circumvent the authentication mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

rogue AP

A

masquerades as a legitimate one is called an evil twin or sometimes wiphishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

HTTP Response Splitting

A

where the attacker would craft a malicious URL and convince the victim to submit it to the web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

LSOs or Flash cookies

A

data that is stored on a user’s computer by websites that use Adobe Flash Player. A site may be able to track a user’s browsing behavior through LSOs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Using social engineering, an attacker called an employee to extract the name and contact information of the Chief Information Security Officer (CISO). What social engineering deception did the attacker utilize?

A

Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A social engineer, impersonating a suppliant, rummaged through the garbage of a high-ranking loan officer, hoping to find discarded documents and removable media containing personally identifiable information (PII). Which of the following social engineering techniques did the attacker utilize?

A

Dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following is an example of why viruses are destructive?

A
  • Viruses can exploit zero days

- Viruses can spread via social engineering techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?

A

A Man-in-the-Middle attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Mutual authentication prevents a client from inadvertently submitting confidential information to a non-secure server. Mutual authentication also helps avoid which of the following? (Select two)

A
  • Man-in-the-Middle attacks

- Session hijacking attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

An attacker remotely compromised a closed-circuit television (CCTV) server and used it to steal a user’s password. Which of the following can help prevent this type of shoulder surfing?

A

A privacy filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What type of attack can facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths?

A

A downgrade attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Worms

A
  • spread through memory and network connections rather than infecting files
  • worms are memory-resident viruses that replicate over network resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Mutual authentication

A
  • security mechanism that requires that each party in a communication verifies each other’s identity and helps in avoiding Man-in-the-Middle attacks
  • helps in avoiding session hijacking attacks, and is a security mechanism that requires that each party in a communication verifies each other’s identity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Address Resolution Protocol (ARP) poisoning

A

occurs when an attacker, with access to the network, redirects an IP address to the MAC address of a computer that is not the intended recipient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

IP spoofing

A

occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

colocation

A

data center that contains racks with networking equipment owned by different companies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

access list

A

held at each secure gateway records who is allowed to enter. An electronic lock may be able to log access attempts or a security guard can manually log movement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

downgrade attack

A

used to facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

birthday attack

A

type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can be used for the purpose of forging a digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Man-in-the-Middle attack

A

form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

An attacker exploited a vulnerability on a website frequently visited by a group of bank employees. Once the employees visit the site, the attacker’s malware infects their computers. What type of attack did the employees fall for?

A

A watering hole attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?

A

A Man-in-the-Middle attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

If a hacker compromised multiple computers with Trojan malware to create a botnet, what type of attack can the hacker launch?

A

Distributed Denial of Service (DDoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

If a social engineer dresses up as an internet technician, and then proceeds to enter a place of business once granted permission, what type of social engineering attack does this describe?

A

Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

If an attacker performs open source intelligence (OSINT) gathering and social engineering on the CEO and creates an email scam for the upper management department of a company, what type of attack occurs?

A

Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

To automate and simplify the setup process of adding a wireless network, a homeowner installed a wireless access point capable of Wi-Fi Protected Setup (WPS) with an eight-character Personal Identification Number (PIN). What type of attack can a hacker perform to exploit this vulnerability?

A

A brute force attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

An attacker modified the HTML code of a legitimate password-change webform, then hosted the .html file on the attacker’s web server. The attacker then emailed a URL link of the hosted file to a real user of the webpage. Once the user clicked the link, it changed the user’s password to a value the attacker set. Based on this information, what type of attack is the website vulnerable to?

A

Cross-site Request Forgery (XSRF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

watering hole attack

A

directed social engineering attack. It relies on the circumstance that a group of targets may use an unsecure third party website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

hoax attack

A

email alert or web pop-up will claim to have identified some sort of security problem, like a virus infection, and offer a tool to fix the problem, but the tool will be some sort of Trojan application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Pharming

A

relies on corrupting the way the victim’s computer performs Internet name resolution, so that they are redirected from the genuine site to the malicious one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Cross-site Request Forgery (XSRF)

A

malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser. This is successful if the server does not check if the user actually made the request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Reflected Cross-Site Scripting (XSS)

A

server-side input validation exploit that injects a script into a website. Once the victim visits the infected website, the malicious code executes in the user’s browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Stored (or persistent) Cross-Site Scripting (XSS)

A

server-side script attack that inserts code into a back-end database used by the trusted site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Document Object Model (DOM) Cross-Site Scripting (XSS)

A

exploits vulnerabilities in client-side scripts to modify the content and layout of a web page

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

An attacker gathered Open Source Intelligence (OSINT) about a company through the internet, then contacted employees of the company and used the information gathered to extract more personally identifiable information (PII). Which of the following describes this type of social engineering attack?

A

Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

An attacker bought a domain similar to the domain name of a legitimate company. The attacker then used the fake domain to host malware and launch pharming attacks. Which of the following did the attacker use?

A

URL Hijacking

62
Q

Which of the following is a way that a Denial of Service (DoS) attack cannot be performed?

A

Use web application firewall processing rules to filter traffic

63
Q

An attacker stole a website name by gaining control of and altering its registration information. The attacker then changed the IP address associated with the site, to the IP of a web server the attacker owned. What is this exploit of the website registration process known as?

A

Domain hijacking

64
Q

TCP/IP hijacking

A

spoofing attack where attackers disconnect a host, then replaces it with their own machine, spoofing the original host’s IP address

65
Q

rogue AP

A

If scans or network logs show that unauthorized devices are connecting, determine whether the problem is an access point with misconfigured or weak security, or whether there is a rogue AP

66
Q

spectrum analyzer

A

device that can detect the source of jamming (interference) on a wireless network. It usually has a directional antenna, which pinpoints the exact location of the interference

67
Q

SPAN port

A

With a SPAN port, the sensor is attached to a specially configured port on the switch that receives copies of frames addressed to nominated access ports (or all the other ports)

68
Q

RFID devices

A

encode information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else

69
Q

web application firewall (WAF)

A

ne designed specifically to protect software running on web servers and their backend databases from code injection and DoS attacks. WAFs use application-aware processing rules to filter traffic

70
Q

DoS attacks

A
  • prevent network access by knocking out the directory server
  • focus on overloading a service by using up CPU, system RAM, disk space, or network bandwidth (resource exhaustion)
71
Q

route injection

A

spoofed routing information (route injection). Routing protocols that have weak or no authentication are vulnerable to route table poisoning. This can mean that traffic is misdirected to a monitoring port (sniffing), sent to a blackhole (non-existent address), or continuously looped around the network, causing DoS

72
Q

A malicious actor discovered that a company’s storing and processing of data were insecure. The attacker deciphered encrypted data without authorization and impersonated a person within the organization by appropriating their encryption keys. What type of critical vulnerability did the attacker exploit?

A

The use of weak cipher suites and implementations

73
Q

A malicious user compromised a company’s email server and bought a domain that was similar to the domain name of the company’s bank. The attacker monitored the email server and altered the account numbers of legitimate pay-off notices from the bank. The attacker then used the fake domain to send the company the notices forged with the attacker’s bank account number. Which of the following attacks did the attacker execute?

A

Typosquatting

74
Q

What type of brute force attack aims at exploiting collisions in hash functions?

A

Birthday attacks

75
Q

Which of the following social engineering techniques has less of a chance of arousing suspicion and getting caught?

A
  • Familiarity

- Liking

76
Q

trapdoor function

A

mathematical cipher that is simple to perform one way, but difficult to reverse. The aim is to reduce the attacker to blindly guessing the correct value

77
Q

minimum key length

A

A recommendation on minimum key length for an algorithm is made by the length of time it would take to “brute force” the key, given current processing resources

78
Q

frequency analysis

A

Some ciphers are vulnerable to cracking by frequency analysis, which depends on the fact that some letters and groups of letters appear more frequently in language than others

79
Q

Which of the following type of packets does an attacker generate to crack a Wired Equivalent Privacy (WEP) access point?

A

Address Resolution Protocol (ARP) packets

80
Q

Through what method can malware evade antivirus software detection so that the software no longer identifies the malware by its signature?

A

Refactoring

81
Q

weak cipher suites and implementations

A

Attacks on encryption are made to decipher encrypted data without authorization, and to impersonate a person or organization by appropriating their encryption keys due to the use of weak cipher suites and implementations

82
Q

ARP packets

A

To crack WEP, a replay attack is used to make the AP generate a large number of IV packets, usually by replaying ARP packets at it, and cycle through IV values quickly

83
Q

IP packets

A

used in IP spoofing which occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets

84
Q

TLS packets

A

used during the TLS handshake to create the establishment of a secure session. Once the session is established, client and server exchange encrypted data in SSL/TLS records, which are placed into transport layer packets for delivery

85
Q

Mirroring mode

A

allows another VM to sniff the unicast packets addressed to a remote interface (like a spanned port on a hardware switch)

86
Q

Refactoring

A

means the code performs the same function by using different methods. Refactoring means that the antivirus software may no longer identify the malware by its signature

87
Q

DLL injection

A

not a vulnerability of an application, but of the way the operating system allows one process to attach to another, and then force it to load a malicious link library

88
Q

Shimming

A

process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable

89
Q

An attacker can exploit a weakness in a password protocol, to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password?

A
  • A rainbow table

- A dictionary word

90
Q

An end-user received a web pop-up that claimed to identify a virus infection on their computer. The pop-up offered a link to download a program to fix the problem. After clicking the link, the security operations center (SOC) received an alert from the computer that the user downloaded a Trojan. Which of the following is most likely true about the pop-up?

A

The tool claiming to fix the problem was actually a hoax attack

91
Q

A hacker placed a false name:IP address mapping in the HOSTS file on a user’s workstation to redirect traffic to the attacker’s computer. What type of attack did the hacker perform?

A

Domain Name System (DNS) client cache poisoning

92
Q

After a social engineer used Open Source Intelligence (OSINT) to gather information about the victim, the attacker then used this information to email the victim, personalizing the message and convincing the victim to click a malicious link. What type of social engineering attack does this describe?

A

A hoax attack

93
Q

After a social engineer used Open Source Intelligence (OSINT) to gather information about the victim, the attacker then used this information to email the victim, personalizing the message and convincing the victim to click a malicious link. What type of social engineering attack does this describe?

A

Spear phishing

94
Q

An attacker changed the physical address of the wireless adapter interface, to redirect traffic to the hacker’s computer destined for the legitimate user. What type of attack does this describe?

A

Media Access Control (MAC) spoofing

95
Q

Spear phishing

A

phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack. The attacker might know the details that help convince the target that the communication is genuine

96
Q

Spyware

A

program that monitors user activity and sends the information to someone else. This can occur with or without the user’s knowledge

97
Q

Rogueware

A

fake antivirus web pop-up that claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker’s Trojan

98
Q

DNS client cache poisoning

A

occurs if an attacker is able to place a false name:IP address mapping in the HOSTS file and effectively poison the DNS cache, he or she will be able to redirect traffic

99
Q

Address Resolution Protocol (ARP) poisoning

A

occurs when an attacker, with access to the network, redirects an IP address to the MAC address of a computer that is not the intended recipient

100
Q

Domain Name System (DNS) spoofing

A

attack that compromises the name resolution process, and can be used to facilitate pharming or Denial of Service (DoS) attacks

101
Q

IP spoofing

A

occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets

102
Q

If a system is vulnerable, to which of the following can an attacker (with system access) be able to obtain keys from system memory?

A

Privilege escalation

103
Q

Privilege escalation

A

An attacker with system access is able to obtain keys from system memory or pagefiles/scratch disks. Privilege escalation is the practice of exploiting flaws in an operating system or other application, to gain a greater level of access than was intended for the user or application

104
Q

SQL injection attack

A

inserts an SQL query as part of user input, which allows an attacker to extract or insert information into the database or execute arbitrary code

105
Q

Directory traversal

A

occurs when the attacker gets access to a file outside the web server’s root directory

106
Q

Transitive access

A

describes the problem of authorizing a request for a service that depends on an intermediate service

107
Q

Pre-Shared Key (PSK)

A

A Pre-Shared Key (PSK) refers to using a passphrase to generate the key that is used to encrypt communications. It is also referred to as group authentication, since a group of users share the same secret

108
Q

Wi-Fi Protected Access (WPA)

A

encryption scheme for protecting Wi-Fi communications, designed to replace WEP

109
Q

Media Access Control (MAC)

A

spoofing is an attack in which an attacker falsifies the factory assigned MAC address of a device’s network interface

110
Q

Network Address Port Translation (NAPT)

A

overloading maps private host IP addresses onto a single public IP address

111
Q

Fingerprinting

A

act of port scanning using a tool, such as Nmap (network mapping), which can reveal the presence of a router and what dynamic routing and management protocols it is running

112
Q

ICMP redirect (a.k.a. ARP poisoning)

A

tricks hosts on the subnet into routing through the attacker’s machine rather than the legitimate default gateway

113
Q

An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would prevent this type of network disruption?

A
  • Boost the signal of the legitimate equipment

- Locate the offending radio source and disable it

114
Q

Which of the following can perform a Denial of Service (DoS) attack against a wireless network?

A
  • A disassociation attack

- A deauthentication attack

115
Q

A registry has a code library added to it, to include its files to the system folder, which can intercept and redirect calls to enable legacy mode functionality. This is a way that malware, with local administrator privileges, can run on reboot. Which of the following represents this code library?

A

A shim

116
Q

After spoofing the IP address of a network host, an attacker connects to multiple servers and redirects SYN/ACK (Synchronize/Acknowledge) packets to a victim server to consume its bandwidth and crash it. What type of attack does this describe?

A

A DRDoS attack

117
Q

An attacker changed the physical address of the wireless adapter interface, to redirect traffic to the hacker’s computer destined for the legitimate user. What type of attack does this describe?

A

Media Access Control (MAC) spoofing

118
Q

Which of the following attacks do security professionals expose themselves to if they turn the power output down on a wireless access point (AP)?

A

Evil twin attacks

119
Q

“evil twin” attacks

A
  • Security professionals expose themselves to “evil twin” attacks, as users may expect to find the network at a given location and assume that the rogue AP is legitimate
  • evil twin is a rogue access point (AP) masquerading as a legitimate one, and can have a similar Service Set Identifier (SSID) name as the legitimate AP. The evil twin can harvest information from users entering their credentials
120
Q

deauthentication attack

A

A deauthentication attack sends a stream of spoofed deauth frames to cause a client to deauthenticate from an AP. This might allow the attacker to interpose the rogue AP or sniff information about the authentication process.

121
Q

disassociation attack

A

A disassociation attack hits the target with disassociation packets and is used to perform a Denial of Service (DoS) attack against the wireless infrastructure

122
Q

interference

A
  • A wireless network can be disrupted by interference from other radio sources. One way to defeat a jamming attack is to locate the offending radio source and disable it.
  • A wireless network can be disrupted by interference from other radio sources. One way to defeat a jamming attack is to boost the signal of the legitimate equipment.
  • The source of interference will only be detected using a spectrum analyzer, and does not defeat or prevent it.
123
Q

Personal Area Network (PAN)

A

network that connects two to three devices with cables and is most often seen in small or home offices

124
Q

An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would prevent this type of network disruption?

A
  • Boost the signal of the legitimate equipment

- Locate the offending radio source and disable it

125
Q

pointer

A

reference to an object in memory. Attempting to access that memory address is called dereferencing

126
Q

integer overflow attack

A

causes the target software to calculate a value that exceeds the upper and lower bounds

127
Q

race condition

A

software vulnerability that occurs when the execution processes is dependent on the timing of certain events, and those events fail to execute in the order and timing intended

128
Q

Distributed Reflection Denial of Service (DRDoS) attack

A

adversary spoofs the victim’s IP address and attempts to open connections with multiple servers. Those servers direct their SYN/ACK (Synchronize/Acknowledge) responses to the victim server. This rapidly consumes the victim’s available bandwidth

129
Q

botnet

A

set of computers that has been infected to enable attackers to exploit computers to mount attacks

130
Q

Smurf attack

A

adversary spoofs the victim’s IP address and pings the broadcast address of a third-party network. Each host directs its echo responses to the victim server

131
Q

An attacker discovered an input validation vulnerability on a website, crafted a URL that performed code injection against it, and emailed the link to the victim. Once the user clicked the link, the web site returned the page containing the malicious code. What type of attack does this describe?

A

Cross-site scripting (XSS)

132
Q

A social engineer convinced a victim to visit a malicious website, which allowed the attacker to exploit vulnerabilities on the victim’s web browser. Which of the following best describes this type of attack?

A

A Man-in-the-Browser (MitB) attack

133
Q

By modifying query traffic, an attacker compromised a legitimate site’s web server via a Denial of Service (DoS) attack and redirected traffic, intended for the legitimate domain to go instead to the attacker’s malicious IP address. What type of attack did the hacker perform?

A

Domain Name System (DNS) server cache poisoning

134
Q

Which of the following is an example of why viruses are destructive?

A
  • Viruses can spread via social engineering techniques

- Viruses can exploit zero days

135
Q

An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. Which of the following attacks is the mobile device vulnerable to?

A

Bluesnarfing

136
Q

Which of the following attacks can the use of once-only tokens and timestamping sessions help prevent?

A
  • A replay attack

- A pass-the-hash attack

137
Q

Which of the following, if implemented, will NOT help mitigate the threat of tailgating?

A

Installing non-discretionary privilege management

138
Q

A social engineer, after performing reconnaissance on a victim, spoofed the phone number of the doctor’s office the target frequently visits. Posing as the receptionist, the attacker called the victim, and requested the victim’s Social Security Number (SSN). What type of social engineering attack did the social engineer exercise?

A

Authority

139
Q

A social engineer used vishing and polite behavior to persuade a target to visit a fake website with fake reviews. The attacker then persuaded the victim to enter personally identifiable information (PII) in a web form. Which of the following did the attacker use to make the site appear more legitimate?

A
  • Familiarity/liking

- Consensus/social proof

140
Q

Which of the following does NOT provide encryption and is therefore, vulnerable to eavesdropping and Man-in-the-Middle attacks?

A

NFC

141
Q

NFC (Near Field Communications)

A

does not provide encryption, so eavesdropping and Man-in-the Middle attacks are possible, if the attacker can find some way of intercepting the communication and other software services are not encrypting the data

142
Q

An attacker performed a Denial of Service (DoS) attack against a server, crashing it. What could the attacker do to mask the origin of the attack and make it harder for the security team to find the source of the attack?

A

Use IP spoofing

143
Q

Nondiscretionary privilege management

A

models are aimed to mitigate the problem of regulating the access control of privileged admin accounts

144
Q

By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?

A

A shim

145
Q

If a system is vulnerable, to which of the following can an attacker (with system access) be able to obtain keys from system memory?

A

Privilege escalation

146
Q

Privilege escalation

A
  • practice of exploiting flaws in an operating system or other application, to gain a greater level of access than was intended for the user or application
  • attacker with system access is able to obtain keys from system memory or pagefiles/scratch disks
147
Q

A user entered credentials into a web application login page. Unfortunately, the login form contained a malicious invisible iFrame, that allowed the attacker to intercept the user’s input. What type of attack is this known as?

A

Clickjacking

148
Q

An adversary spoofs a victim’s IP address and attempts to open connections with multiple servers. If those servers direct their SYN/ACK (Synchronize/Acknowledge) responses to the victim server, and rapidly consume the victim’s bandwidth, what has happened?

A

A Distributed Reflection Denial of Service (DRDoS) attack

149
Q

A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?

A

Locally Shared Objects (LSOs)

150
Q

A security analyst’s scans and network logs show that unauthorized devices are connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device?

A

A rogue access point (AP)