Application/Service Attacks

Question 1

What is a DoS attack?

Answer 1

Flooding a target machine or resource with many requests to overload the system and prevent use of its resources.

Question 2

What is a DDoS attack?

Answer 2

Multiple different sources attack one victim.

Question 3

What is a Buffer Overflow?

Answer 3

A program attempts to write more data than can be held in a fixed block of memory.

Question 4

What is an Injection attack?

Answer 4

Occurs from processing invalid data, inserts code into the vulnerable computer program and changes the course of execution.

Question 5

What is a Cross-Site Scripting attack?

Answer 5

Found in web applications, allows for an attacker to inject client-side scripts in web pages.

Question 6

What is a Cross-site request forgery?

Answer 6

Unauthorized commands are sent from a user that is trusted by the website. Allows the attacker to steal cookies and harvest passwords

Question 7

What is a privilege escalation attack?

Answer 7

An attack that exploits a vulnerability that allows them to gain access to resources that they normally would be restricted from accessing.

Question 8

What is an ARP Poisoning attack?

Answer 8

The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP.

Question 9

What is an Amplification attack?

Answer 9

The amount of traffic sent by the attacker is originally small but then is repeatability multiplied to place a massive strain on the victim’s resources, in an attempt to cause it to fail or malfunction.

Question 10

What is DNS Poisoning?

Answer 10

Is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.

Question 11

What is Domain hijacking?

Answer 11

The act of changing the registration of a domain name without the permission of the victim.

Question 12

What is a Man-in-the-browser attack?

Answer 12

A proxy Trojan horse that infects web browsers and capture browser session data

Question 13

What is a Zero Day Attack?

Answer 13

The aim is to exploit flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general. Meaning that there is no direct or specific defense to the attack; which puts most systems vulnerable assets at risk.

Question 14

What is a Replay attack?

Answer 14

Is a network-based attack where a valid data transmission is rebroadcasted, repeated, or delayed.

Question 15

What is a Pass the Hash attack?

Answer 15

An authentication attack that captures and uses the hash of a password. The attacker then attempts to log on as the user with the stolen hash. This type of attack is commonly associated with the Microsoft NTLM (New Technology LAN Manager) protocol.

Question 16

What is Clickjacking?

Answer 16

Deceives the user into clicking on a malicious link by adding the link to a transparent layer over what appears to be a legitimate web page.

Question 17

What is Session hijacking?

Answer 17

An attack in which an attacker attempts to impersonate the user by using their legitimate session token.

Question 18

What is URL hijacking?

Answer 18

Redirects the user to a false website based on misspelling the URL, and is also referred to typosquatting.

Question 19

What is Typosquatting?

Answer 19

An alternate name for URL hijacking.

Question 20

What is Shimming?

Answer 20

The process of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code.

Question 21

What is Refactoring?

Answer 21

Rewrites the internal processing of code without changing its behavior.

Question 22

What is MAC Spoofing?

Answer 22

The attacker falsifies the MAC address of a device.

Question 23

What is IP Spoofing?

Answer 23

An intruder uses another site’s IP address to masquerade as a legitimate site.

Question 24

What is a Man-in-the-middle?

Answer 24

The attacker alters the communication between two parties who believe they are directly communicating.