Advanced Cyber Attacks

Question 1

A type of Distributed Denial-of-Service (DDoS) attack where the attacker exploits publicly accessible servers to amplify the attack’s impact on the target.

Example: An attacker uses a vulnerable server to send a large volume of traffic to overwhelm a target system.

Answer 1

Amplified DDoS attack

Question 2

A DDoS attack that aims to overwhelm the target’s network by flooding it with high volumes of traffic, consuming all available bandwidth.

Example: A massive traffic flood that causes a website to become inaccessible by using up all its bandwidth.

Answer 2

Volumetric DDoS attack

Question 3

An attack where the attacker sends traffic to a third-party server, which then redirects it to the target, making it appear as if the traffic originated from the server.

Example: An attacker sends a request to a server, which then forwards the request to a target, making it harder to trace the source.

Answer 3

Reflected DDoS attack

Question 4

A DDoS attack that targets specific applications or services on a server, aiming to exhaust system resources and make them unavailable.

Example: An attacker sends a series of complex requests to a web application, overloading its processing capabilities.

Answer 4

Application DDoS attack

Question 5

A type of attack where an attacker falsifies DNS records to redirect traffic from a legitimate website to a malicious one.

Example: A user is redirected to a fake login page after entering a website’s URL due to manipulated DNS records.

Answer 5

DNS Spoofing

Question 6

A cyber attack where attackers use previously leaked username and password combinations to gain unauthorized access to accounts on other sites.

Example: An attacker tries multiple username and password combinations from past data breaches to break into online banking accounts.

Answer 6

Credential Stuffing

Question 7

An attack where an attacker registers a domain name that is similar to a popular one, often to steal traffic or impersonate a legitimate site.

Example: An attacker registers a slightly misspelled version of a popular brand’s website to deceive users into visiting it.

Answer 7

URL Hijacking

Question 8

The act of gaining unauthorized access to a registered domain name and transferring it to a different owner, often for malicious purposes.

Example: An attacker gains control over a company’s domain name and transfers it to another registrar to sell it.

Answer 8

Domain Hijacking

Question 9

An attack where a malicious actor inserts false DNS records into a resolver’s cache, redirecting users to fraudulent or malicious sites.

Example: A user unknowingly visits a fake website after the DNS cache was manipulated to redirect traffic.

Answer 9

DNS cache poisoning

Question 10

An attack where an attacker sends spoofed Address Resolution Protocol (ARP) messages to associate their MAC address with the IP address of another device, enabling interception of traffic.

Example: A network attacker intercepts data meant for another user by manipulating address resolution.

Answer 10

ARP poisoning

Question 11

A malicious tactic where an attacker registers domain names similar to popular ones to exploit users who make typing errors.

Example: A user intending to visit a legitimate site ends up on a fraudulent page due to a misspelled URL.

Answer 11

Typosquatting

Question 12

An attack in which a single entity creates multiple fake identities to manipulate or disrupt a system, especially in peer-to-peer networks.

Example: A network is overwhelmed with fake nodes created by an attacker to control decision-making.

Answer 12

Sybil Attack

Question 13

An unauthorized wireless access point installed on a network, often used by attackers to intercept traffic or gain access.

Example: An attacker sets up an unauthorized device to mimic a company’s Wi-Fi network and steal credentials.

Answer 13

Rogue (AP) Access Point

Question 14

A secure server used to bridge access between different security zones, often for administrative purposes in sensitive environments.

Example: Administrators use this system to securely connect to production servers in a restricted network.

Answer 14

Jump Server

Question 15

A basic network device that connects multiple devices on a LAN and lacks advanced management or configuration features.

Example: A simple device used to expand a home network without any administrative setup.

Answer 15

Unmanaged Switch

Question 16

A hardware device used to monitor and capture network traffic without interrupting the flow of data between devices.

Example: Security teams use this device to passively analyze network traffic for suspicious activity.

Answer 16

Network Tap

Question 17

An attack that sends spoofed disassociation frames to a wireless network, forcing connected devices to disconnect from the access point.

Example: A user’s device repeatedly disconnects from a Wi-Fi network due to malicious interference.

Answer 17

Wireless Disassociation Attack

Question 18

An attack where a malicious actor disrupts wireless communication by overwhelming the network with interference or noise.

Example: Devices in a specific area cannot connect to Wi-Fi due to intentional signal interference.

Answer 18

Wireless Jamming

Question 19

A wireless technology that allows data exchange between devices in close proximity, typically within a few centimeters.

Example: A smartphone is used to make a contactless payment at a point-of-sale terminal.

Answer 19

NFC Communication (Near Field Communication)

Question 20

An attack that exploits weaknesses in the initialization vector of encryption algorithms to reveal plaintext or encryption keys.

Example: An attacker captures wireless packets and analyzes their initialization vectors to crack the network key.

Answer 20

IV Attack (Initialization Vector Attack)

Question 21

The practice of driving around with a device to locate and map wireless networks, often targeting unsecured or poorly secured networks.

Example: A person uses a laptop and antenna to search for open Wi-Fi networks while driving through a neighborhood.

Answer 21

War Driving

Question 22

An attack where a malicious actor creates a rogue wireless network using the same SSID as a legitimate one to trick users into connecting.

Example: A fake Wi-Fi network mimics the name of a trusted public hotspot to intercept user data.

Answer 22

SSID Spoofing

Question 23

A unique identifier assigned to a user’s session with a system or application, used to track and manage interactions.

Example: A web server assigns a temporary identifier to keep a user logged into their account during a session.

Answer 23

Session ID

Question 24

An attack where an attacker uses a hashed password, instead of cracking it, to authenticate and gain unauthorized access to a system.

Example: A hashed credential is intercepted from a compromised machine and reused to log into another system.

Answer 24

Pass-The-Hash Attack

Question 25

A type of brute force attack where an attacker tries a small set of commonly used passwords across many accounts, rather than targeting a single account with many passwords.

Example: An attacker attempts to log into multiple accounts using a set of simple passwords like “123456” or “password.”

Answer 25

Spraying Attack

Question 26

An attack where malicious code is inserted into a program or system, causing it to execute unintended actions or compromise security.

Example: An attacker injects a script into a web form that allows them to access sensitive database information.

Answer 26

Code Injection

Question 27

The act of capturing and analyzing data packets transmitted over a network to intercept sensitive information.

Example: An attacker uses a packet sniffer to capture login credentials sent over an unencrypted network.

Answer 27

Packet Sniffing

Question 28

An attack where a user is tricked into performing unwanted actions on a web application where they are authenticated, often leading to unauthorized actions.

Example: A user unknowingly submits a form that transfers money from their account while logged into their banking app.

Answer 28

CSRF/XSRF Attack (Cross-Site Request Forgery)

Question 29

An attack where malicious XML data is inserted into a web application’s input, exploiting weaknesses in XML parsers to execute unauthorized actions.

Exploit targets web applications that generate content used to store and transport data?

Answer 29

XML (Extensible Markup Language) Injection Attack

Question 30

An attack where malicious input is injected into a Lightweight Directory Access Protocol (LDAP) query, allowing an attacker to manipulate or bypass authentication processes.

Example: An attacker enters a specially crafted string into a login form that modifies an LDAP query, granting unauthorized access.

Answer 30

Lightweight Directory Access Protocol (LDAP) Injection Attack

Question 31

A path traversal attack where an attacker uses the ../ (dot-dot-slash) sequence to navigate the file system and access directories or files outside of the intended directory.

Example: An attacker manipulates a URL to access sensitive system files by including ../ sequences in the file path.

Answer 31

Dot-dot-slash attack

Question 32

An attack where an attacker manipulates file paths to access files and directories outside of the intended directory, often exploiting vulnerabilities in web applications.

Example: An attacker uses ../ to escape the intended directory and view sensitive files like /etc/passwd on a server.

Answer 32

Directory Traversal Attack

Question 33

An attack where an attacker forces a system to use a weaker or less secure version of a protocol or encryption, making it easier to exploit vulnerabilities.

Example: An attacker intercepts a secure HTTPS connection and forces it to use an outdated SSL/TLS version with known weaknesses.

Answer 33

Downgrade Attack

Question 34

An attack where the attacker has access to both the ciphertext and its corresponding plaintext, allowing them to derive the encryption key.

Example: An attacker uses a known plaintext (like an encrypted message header) to break the encryption and reveal the rest of the message.

Answer 34

KPA (Known-Plaintext Attack)

Question 35

A type of brute force attack where the attacker uses a precompiled list of possible passwords (a dictionary) to guess the correct password.

Example: An attacker uses a list of common words to crack a password rather than trying every possible character combination.

Answer 35

Dictionary Attack

Question 36

An attack that exploits the probability of finding two inputs that produce the same hash value, based on the birthday paradox in probability theory.

Example: An attacker finds two different messages that result in the same hash value, which can be used to undermine digital signatures.

Answer 36

Birthday Attack

Question 37

An attack method where an attacker systematically tries all possible combinations of passwords or encryption keys until the correct one is found.

Example: An attacker uses software to try every possible password combination for an account, such as “a1b2c3” to crack a password.

Answer 37

Brute-Force Attack

Question 38

A system for identifying and cataloging publicly known cybersecurity vulnerabilities and exposures.

Answer 38

CVE (Common Vulnerabilities and Exposures)

Question 39

Artifacts or data that provide evidence of a security breach, such as IP addresses, file hashes, or registry keys.

Answer 39

IoC (Indicators of Compromise)

Question 40

A system or platform used to share cyber threat indicators automatically between organizations or security systems.

Answer 40

AIS (Automated Indicator Sharing)

Question 41

The process of collecting and analyzing publicly available information from open sources to gather intelligence.

Example: An attacker gathers information from social media profiles to craft a targeted phishing attack.

Answer 41

OSINT (Open Source Intelligence)

Question 42

The use of multiple active sessions by the same user across different devices or locations, which can increase the risk of unauthorized access.

Example: A user logs into their account from both their phone and laptop simultaneously, creating multiple active sessions.

Answer 42

Concurrent session usage

Question 43

A system that allows users to authenticate once and gain access to multiple applications or services without needing to log in separately for each one.

Example: A user logs in to their company portal, and automatically gains access to email, calendar, and other tools without re-entering credentials.

Answer 43

Single Sign-On (SSO)

Question 44

An anomaly detection technique used to identify suspicious logins or activities, where a user appears to log in from two geographically distant locations in an unrealistically short period.

Example: A user logs in from New York and then from Tokyo within minutes, which would be impossible to achieve in the given time frame.

Answer 44

Impossible travel

Question 45

A security control that limits the hours during which users are allowed to log into a system, reducing the risk of unauthorized access outside of designated times.

Example: A company restricts employee logins to weekdays between 9:00 AM and 5:00 PM, preventing access after hours.

Answer 45

Login Time Restrictions

Question 46

The process of logging events or activities that occur outside of the regular monitoring schedule, often used to capture irregular or unexpected behavior.

Example: Security systems generate logs for unusual access attempts that happen outside of normal business hours for further investigation.

Answer 46

Out-of-Cycle Logging

Question 47

A situation where a user or system is unable to access necessary resources due to permission issues, outages, or malicious actions.

Example: A user cannot access shared files on a network due to a misconfigured access control setting.

Answer 47

Resource inaccessibility

Question 48

The absence of expected log data, which can hinder incident detection and investigation, often caused by misconfiguration or tampering.

Example: An attacker deletes logs to cover their tracks, preventing administrators from identifying the breach.

Answer 48

Missing logs

Question 49

A network segment placed between an internal network and an external network (such as the internet), designed to add an extra layer of security by isolating public-facing services.

Example: A company places its web server in this area to allow external users to access it while keeping internal networks protected.

Answer 49

DMZ (Demilitarized Zone)