2.3.2, 4.1.3, 2.3.3 Flashcards
What is a buffer overflow vulnerability?
When a program writes more data to a buffer than it can handle, leading to the overflow of adjacent memory
Which type of vulnerability occurs when a user or process gains unauthorized access to higher-level privileges?
Privilege Escalation
What is the primary purpose of a Denial-of-Service (DoS) attack?
To overload a system with traffic, making it slow or unresponsive
What is the term used to describe security flaws that are unknown to the software vendor and have no available patch?
Zero-Day Vulnerabilities
Which type of attack occurs when a user injects commands or code into a web server to execute?
Command Injection
SQL stands for:
Structured Query Language
What is the primary purpose of Cross-site Scripting (XSS)?
To bypass access controls and impersonate users
Which technology is subject to injection attacks when used for structuring data exchanged on the web?
XML
What does Mobile Device Management (MDM) involve?
Administering mobile devices like smartphones and tablets
Which deployment model allows employees to use their personal devices for work purposes?
Bring Your Own Device
In the Corporate-Owned, Personally Enabled (COPE) deployment model, who maintains control over the device and its security?
The IT department
What is the purpose of the Choose Your Own Device deployment model?
Employees choose their devices from a list provided by the company
Which connection method is crucial for remote work and on-the-go connectivity, utilizing cellular data networks?
Cellular
Where is Wi-Fi connection commonly used?
Corporate offices
What is Bluetooth commonly used for?
File sharing and connecting peripherals
What unique challenges do deployment models and connection methods address in a corporate environment?
Connectivity and security of mobile devices
How do deployment models and connection methods work together in a mobile solution?
They address different aspects of mobile device management
What are firmware vulnerabilities?
Security flaws in embedded software
What is a potential consequence of exploiting firmware vulnerabilities?
Unauthorized access to the host system
When does hardware reach its end-of-life (EOL)?
When the manufacturer stops providing support and updates
What is a common vulnerability associated with legacy hardware?
Lack of modern security features
How can organizations mitigate hardware vulnerabilities?
Regularly apply patches and updates to firmware
What is a characteristic of VM escape vulnerability?
Unauthorized access to the host system from a virtual machine
How can resource reuse vulnerabilities be mitigated?
Implementing strong isolation mechanisms between VMs
What is a cloud-specific vulnerability?
Inadequate identity, credential, and access management
How can organizations address inadequate network security in cloud environments?
Implementing network segmentation
What is a potential consequence of misconfigurations in cloud environments?
Loss of customer trust