Attacks, Threats and Vulnerabilities Flashcards
What kind of attack is an example of IP spoofing?
Man-In-the-middle (MITM) Attack
Explanation - The man-in-the-middle attack intercepts communications between two systems.
What technique would you use to determine the current version of SSH running on a web server?
Banner Grabbing
Explanation - This process involves actively connecting to the server using telnet or netcat and collecting the response from the webserver.
What scanning topology would be BEST able to meet the following requirements?
- vulnerability scans of centrally managed workstations and network devices (I.e., Laptops)
- Ability to scale up and down as new members use the network
- Minimal number of false positives to ensure result accuracy
A combination of cloud-based and server-based scanning engines.
What is a “Highjacked” E-mail?
This occurs when someone takes over your email account and sends out messages on your behalf.
This can also occur after a system is taken over by an attacker.
What type of Vulnerability Scan would BEST assist in determining if a targets configuration settings are correct?
Credentialed Scans
Explanations - The credentialed scans log into a system and retrieve their configuration information.
What are considered “Private IP Addresses?”
10.x.x.x
172.16-32.x.x
192.168.x.x.
All other IP addresses are considered publicly routable over the internet (except localhost and APIPA addresses)
What best describes a hash value that is related to malware associated with an advanced persistent threat (APT)?
This is an Indicator of Compromise or “IOC”
Explanation - This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.
Note: IOCs are typically virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers.
