Application

Question 1

Flooding a target machine or resource with many requests to overload the system and prevent use of its resources

Answer 1

DoS - Denial of Service

Question 2

Multiple different sources attack one victim.

Answer 2

DDoS - Distributed Denial of Service

Question 3

The attacker alters the communication between two parties who believe that are directly communicating.

Answer 3

Man-in-the-middle

Question 4

A program attempts to write more data than can be held in fixed block of memory.

Answer 4

Buffer overflow

Question 5

Occurs from processing invalid data, inserts code into the vulnerable computer program and changes the course of execution.

Answer 5

Injection

Question 6

Found in web applications, allows for an attacker to inject client side scripts in web pages

Answer 6

Cross-site scripting
XXS

Question 7

Unauthorized commands are sent from a user that is trusted by the website and allows attackers to steal cookies and harvest passwords.

Answer 7

Cross-site request forgery
(XSRF)

Question 8

An attack that exploits a vulnerability that allows them to gain access to resources that they normally would be restricted from accessing

Answer 8

Privilege escalation

Question 9

The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP

Answer 9

ARP poisoning

Question 10

The amount of traffic sent by the attacker is originally small but then is repeatedly multiplied to place a massive strain on the victim’s resources, in an attempt to cause failure or malfunction.

Answer 10

Amplification

Question 11

Type of attack that exploits vulnerabilities in the domain name system (DNS) to divert internet traffic away from legitimate servers and towards fake ones.

Answer 11

DNS poisoning

Question 12

The act of changing the registration of a domain name with the permission of the victim.

Answer 12

Domain hijacking

Question 13

A proxy trojan horse that infects web browsers and captures browser session data.

Answer 13

Man-in-the-browser

Question 14

The aim is to exploit flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general. Meaning that there is no direct or specific defense to the attack; that puts most systems to become vulnerable assets at risk

Answer 14

Zero day

Question 15

Network-based attack where a valid data transmission is rebroadcasted, repeated or delayed.

Answer 15

Replay

Question 16

Authentication attack that captures and uses the hash of a password that the attacker attempts to log on as a user with the stolen hash

Answer 16

Pass the hash

Question 17

Pass the hash is commonly associated with the following protocol

Answer 17

Microsoft NTLM
New Technology LAN Manager

Question 18

Hijacking

Deceives the user into clicking on a malicious link by adding the link to a transparent layer over what appears to be a legit

Answer 18

Clickjacking

Question 19

Hijacking

An attack win which an attacker attempts to impersonate the user by using their legitimate session token

Answer 19

Session hijacking

Question 20

Hijacking

Redirects the user to a false website based on misspelling the URL, and is also referred to as typosquatting.

Answer 20

URL hijacking

Question 21

hijacking

An alternate name for URL hijacking

Answer 21

Typosquatting

Question 22

Driver manipulation

The process of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code.

Answer 22

Shimming

Question 23

Driver manipulation

Rewrites the internal processing of code without changing its behaviour

Answer 23

Refactoring

Question 24

The attacker falsifies the MAC address of a device.

Answer 24

MAC spoofing

Question 25

An intruder uses another site’s IP address to masquerade as a legitimate site.

Answer 25

IP spoofing