Application/Service Attacks Flashcards

1
Q

What is a DoS attack?

A

Flooding a target machine or resource with many requests to overload the system and prevent use of its resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a DDoS attack?

A

Multiple different sources attack one victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Buffer Overflow?

A

A program attempts to write more data than can be held in a fixed block of memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an Injection attack?

A

Occurs from processing invalid data, inserts code into the vulnerable computer program and changes the course of execution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Cross-Site Scripting attack?

A

Found in web applications, allows for an attacker to inject client-side scripts in web pages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a Cross-site request forgery?

A

Unauthorized commands are sent from a user that is trusted by the website. Allows the attacker to steal cookies and harvest passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a privilege escalation attack?

A

An attack that exploits a vulnerability that allows them to gain access to resources that they normally would be restricted from accessing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an ARP Poisoning attack?

A

The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an Amplification attack?

A

The amount of traffic sent by the attacker is originally small but then is repeatability multiplied to place a massive strain on the victim’s resources, in an attempt to cause it to fail or malfunction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is DNS Poisoning?

A

Is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Domain hijacking?

A

The act of changing the registration of a domain name without the permission of the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a Man-in-the-browser attack?

A

A proxy Trojan horse that infects web browsers and capture browser session data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Zero Day Attack?

A

The aim is to exploit flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general. Meaning that there is no direct or specific defense to the attack; which puts most systems vulnerable assets at risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Replay attack?

A

Is a network-based attack where a valid data transmission is rebroadcasted, repeated, or delayed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Pass the Hash attack?

A

An authentication attack that captures and uses the hash of a password. The attacker then attempts to log on as the user with the stolen hash. This type of attack is commonly associated with the Microsoft NTLM (New Technology LAN Manager) protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Clickjacking?

A

Deceives the user into clicking on a malicious link by adding the link to a transparent layer over what appears to be a legitimate web page.

17
Q

What is Session hijacking?

A

An attack in which an attacker attempts to impersonate the user by using their legitimate session token.

18
Q

What is URL hijacking?

A

Redirects the user to a false website based on misspelling the URL, and is also referred to typosquatting.

19
Q

What is Typosquatting?

A

An alternate name for URL hijacking.

20
Q

What is Shimming?

A

The process of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code.

21
Q

What is Refactoring?

A

Rewrites the internal processing of code without changing its behavior.

22
Q

What is MAC Spoofing?

A

The attacker falsifies the MAC address of a device.

23
Q

What is IP Spoofing?

A

An intruder uses another site’s IP address to masquerade as a legitimate site.

24
Q

What is a Man-in-the-middle?

A

The attacker alters the communication between two parties who believe they are directly communicating.