2.2.1, 2.4.8, 2.4.9 Flashcards
Which vector exploits vulnerabilities in communication channels like email, text messaging, or social media to deliver content or trick users into revealing sensitive information?
Message-based
What precaution should users take to mitigate risks associated with image-based attacks?
Disable image previews in email clients
Which vector leverages malicious code embedded within harmless files to compromise systems or steal data?
File-based
What precaution should individuals take when dealing with unexpected phone calls to mitigate voice call attacks?
Verify the caller’s identity before providing any information
Which vector exploits the trust often placed in removable devices to infiltrate systems and compromise data?
Removable device
What is a characteristic of client-based vulnerabilities?
They require installation of specific client applications by the user
Which vector targets unsupported systems and applications, making them prime targets for attackers due to unaddressed vulnerabilities?
System-based
What precaution can be taken to mitigate wireless network-based attacks?
Enforce multi-factor authentication
What is the primary goal of a Denial of Service (DoS) attack?
To disrupt the availability of a service or information
What type of DoS attack can be inadvertently caused by improper configuration, leading to a broadcast storm?
Switching loop
What is a Distributed Denial of Service (DDoS) attack characterized by?
Multiple agents attacking a certain system
What is the primary difference between a network DDoS attack and an application DDoS attack?
Network DDoS attacks target an entire network to shut it down
What is an amplified DDoS attack?
Leveraging servers to create a significantly larger response to a small request
How do reflected DDoS attacks work?
Exploit servers to reflect attack traffic towards the target
What is the key defense measure against DDoS attacks mentioned in the text?
Using experimental and signature-based IDS/IPS for security monitoring
What is the main goal of a network DDoS attack?
To disrupt an entire network
What is the primary difference between DoS and DDoS attacks?
DDoS attacks utilize multiple agents to amplify traffic
What can inadvertently cause a Denial of Service attack, as mentioned in the text?
Inadequate bandwidth for the environment
What is domain hijacking?
Illegally changing the registration of a domain name
What is the primary purpose of DNS servers?
To translate between domain names and IP addresses
What is DNS poisoning, also known as DNS spoofing?
Altering server DNS information to redirect users to malicious websites
How does URL redirection pose a security risk?
By redirecting users to unintended, usually malicious, websites
What is the primary purpose of a domain reputation service?
To verify and mark domain reputations as trusted or untrusted
How does DNSSEC help prevent DNS poisoning attacks?
By securing DNS records with digital signatures
Which of the following is NOT a common type of domain attack mentioned in the text?
Domain registration
What can happen if a user is redirected to a malicious website through URL redirection?
They may be subject to phishing attacks or malware downloads
What is the primary purpose of domain name registries?
To ensure only one owner can possess a domain name at a time
How does domain hijacking impact the affected organization?
It requires time and paperwork to reverse the illegal change
