2.3

Question 1

All software runs in ____

Answer 1

Memory

Question 2

A method of attack where an attacker injects code into the memory of an existing process

This allows the malware to get access to the same rights, permissions, and data as that process–meaning it has performed a privilege escalation

Answer 2

Memory injection

Question 3

A Windows library containing code and data for applications to use

Answer 3

DLL (Dynamic-Link Library)

Question 4

DLL stands for

Answer 4

Dynamic Link-Library

Question 5

One of the most common forms of malware injection

A method of attack where attackers inject a path to a malicious DLL on the victim process

This way, the victim process will use the malicious DLL instead of the default one

Answer 5

DLL injection

Question 6

A type of attack where the attacker writes more data than what is expected into a particular area of memory

Answer 6

Buffer overflow

Question 7

Checks to ensure that everything/everyone writing into memory is writing only as much as the memory can hold

Answer 7

Bounds checking

Question 8

A vulnerability when two events happen at nearly the same time, and the application doesn’t take into account that the two things may be operating simultaneously. This often has an unexpected outcome.

Answer 8

Race condition

Question 9

A type of attack where an event happens/a value changes between the time a process checks the value, and the time that the value is used.

Answer 9

TOCTOU

Question 10

TOCTOU stands for

Answer 10

Time-of-check to time-of-use

Question 11

2 best practices associated with updating/patching

Answer 11

Always have a known-good backup
Install only from trusted sources

Question 12

What type of security check is performed automatically by your computer to ensure that updates are legitimate?

Answer 12

Digital signatures

Question 13

True/False

If your software automatically updates itself, you can be 100% certain that the update is legitimate

Answer 13

False

It is possible for attackers to compromise the software itself and write their own updates, digitally signed by the legitimate company

Question 14

The foundational computing platform for a computer is called

Answer 14

Operating system

Question 15

True/False

Operating systems are remarkably simple, so they give little opportunity for security vulnerabilities

Answer 15

False

Operating systems are remarkably complex with many lines of code, so they have many opportunities for security vulnerabilities

Question 16

4 best practices for updating your OS

Answer 16

Always update as soon as you can! It’s a race between you and attackers.

Test before deploying

Prepare for a reboot - save all data

Have a known-good backup

Question 17

A type of attack where the attacker puts their own information into a data stream in an application

Answer 17

Code injection

Question 18

What is the cause of enabling code injection?

Answer 18

Bad programming

Question 19

A type of code injection that uses the most common relational database management system language

The attacker can put their own requests into an existing application

Answer 19

SQL injection (SQLi)

Question 20

XSS stands for

Answer 20

Cross-site scripting

Question 21

CSS stands for

Answer 21

Cascading style sheets

Question 22

A type of attack where information from one website could be shared with another website

Answer 22

XSS

Question 23

A type of attack that takes advantage of the trust that a browser has for a website

Answer 23

XSS

Question 24

What is the most common language used to perform XSS?

This language is enabled by most browsers

Answer 24

Javascript

Question 25

A type of XSS attack where the malicious code is hosted in a link that forwards to a third-party website. This link is commonly emailed or messaged to one specific person.

In this attack, the insecure web application accepts input from a user (the link with the malicious request), and then immediately renders that data back to the user in an unsafe way.

The malicious script is NOT on the webserver that the user attempted to reach; it is WITHIN THE REQUEST.

Answer 25

Non-persistent (reflected) XSS

Question 26

A type of XSS attack where the attacker commonly posts the malicious link on a social network.

This happens when the malicious script injection is permanently stored ON THE TARGET’S SERVER. When the user requests non-sanitized information stored in the database, the application can then send the malicious script to the user.

This attack does NOT have a specific target, unlike the other. Anyone who accesses the compromised website is a victim.

Answer 26

Persistent (stored) XSS

Question 27

4 ways to protect against XSS

Answer 27

NEVER click untrusted links

Consider disabling JavaScript or control it with an extension

Keep your browser and apps updated

Validate input

Question 28

Who are the people who can fix the firmware in the hardware devices?

Answer 28

The vendor/manufacturer

Question 29

In this setting, what does hardware device mean?

Answer 29

A technological device that does not give access to its OS; an embedded device. For example, a garage door, light bulb, door locks, and other IoT devices

Question 30

EOL stands for

Answer 30

End of life

Question 31

EOSL stands for

Answer 31

End of service life

Question 32

What does EOL imply for a product?

Answer 32

Manufacturer stops selling a product, but may continue supporting the product and creating patches

Question 33

What does EOSL mean?

Answer 33

The manufacturer has stopped selling the product, no longer supports it, and no longer makes patches. However, they might sell an expensive premium-cost support option.

If you have an EOSL device, replace it ASAP

Question 34

VM stands for

Answer 34

Virtual machine

Question 35

An attack through which an attacker breaks out of a VM to interact with the host OS/hardware

The attacker may then access other VMs and all their information

Answer 35

VM escape

Question 36

A vulnerability where multiple VMs on one hypervisor may write information to each other’s memory/storage.

This vulnerability is caused when the allocated RAM/storage for each VM exceeds the RAM/storage of the hypervisor. (ex. A 4GB hypervisor hosts 3 VMs, each allocated 2 GBs.)

Typically, this would not pose a problem. The vulnerability is fixed with management software updates or security patches.

Answer 36

Resource reuse

Question 37

A cloud-specific attack where the attacker disables the cloud app

Answer 37

DoS or DDoS

Question 38

A cloud-specific attack where the attacker takes advantage of weak or faulty authentication to access the cloud

Answer 38

Authentication bypass

Question 39

A cloud-specific attack where the attacker manually moves around the structure of the web server/app. This could allow the attacker to access sensitive information about clients or the company.

Answer 39

Directory traversal

Question 40

A cloud-specific attack where the attacker runs (potentially malicious) code or applications on the cloud-based system.

Answer 40

Remote code execution

Question 41

A cloud-specific attack where the attacker can share information from the cloud system to their own system. This attack is enabled by poor input validation.

Answer 41

XSS

Question 42

A cloud-specific attack where the attacker writes to unauthorized memory areas. This can cause data corruption, crashing, or code execution.

Answer 42

Out of bounds write

Question 43

A cloud-specific attack where the attacker can get direct access to a database by writing unauthorized database requests. This is enabled by poor input validation.

Answer 43

SQL injection

Question 44

3 providers that should be audited for supply chain vulnerabilities

Answer 44

Service provider
Hardware provider
Software provider

Question 45

True/False

When searching for supply chain vulnerabilities, IT services are the only service providers you need to be auditing.

Answer 45

False

Target was once compromised by malware spreading from their HVAC company. Other service providers can include network providers, payroll/accounting, cloud services, office cleaning, system administration, and utility providers

Question 46

True/False

When purchasing hardware, use a small, trusted supplier base. Have a short list of well-known and trusted suppliers to buy from.

Answer 46

True

Question 47

True/False

Treat newly-installed hardware as untrusted.

Answer 47

True

You must protect your network from any counterfeits or tampered products

Question 48

True/False

You can always trust well-known open source software will be safe

Answer 48

False

You can’t trust anything. If someone has access to the OSS, they can change it to include some malicious code.

Question 49

How are software updates verified to be legitimate?

Answer 49

Digital signatures

Question 50

True/False

It is best practice to disable direct login to the root/administrator account

Answer 50

True

Instead, use the sudo option to run as administrator

Question 51

True/False

Telnet, FTP, SMTP, and IMAP are safe to use

Answer 51

False

All of these protocols are unencrypted.

Question 52

4 unencrypted protocols

Answer 52

Telnet, FTP, SMTP, IMAP

Question 53

Opening/closing port numbers is monitored by a ____

Answer 53

Firewall

Question 54

A method used to circumvent security processes in a mobile device.

It replaces the manufacturer’s firmware with firmware from a third party.

Answer 54

Jailbreaking (Apple)
Rooting (Android)

Question 55

The practice of installing apps onto a mobile device from sources other than the official app store

Answer 55

Sideloading

Question 56

A vulnerability that does not have a patch or a method of mitigation

Answer 56

Zero-day vulnerability

Question 57

An attack that exploits unknown vulnerabilities that have no patches or methods of mitigation available

Answer 57

Zero-day attack