Breaches Flashcards

1
Q

What is a zero-day exploit?

A

A previously unknown vulnerability in a system that the vendor has not yet patched. They are often exploited by attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a worm?

A

Malware that can self-replicate to spread to other uninfected computers while staying active on the currently infected systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a vulnerability?

A

A flaw in hardware or software that an attacker could exploit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a virus?

A

A type of computer program that replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be “infected.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a trojan?

A

A type of malware that disguises itself as legitimate software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is suspicious activity?

A

Activity that can be seen as potentially malicious, but could also have legitimate uses. For example, an IP address that is scanning a system could be from an attacker, or could be from a harmless program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is SQL injection?

A

A web attack technique that exploits vulnerabilities in websites, allowing an attacker to query the underlying database and access information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is spyware?

A

A type of malware that enables a user to obtain information about another user’s computer activities by transmitting data covertly from their hard drive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is spoofing?

A

The act of modifying traffic or network information to impersonate another system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is scareware?

A

A malware tactic that uses pop-up ads and social engineering to manipulate individuals into believing they need to download or buy software that may appear legitimate, but could contain malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is scanning?

A

Searching for vulnerabilities on a computer network or internet service using a program (remote scanner).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a rootkit?

A

A set of tools installed on a system that enables an attacker to gain control of that system without being detected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is remote code execution?

A

Used to describe a vulnerability that can be exploited without physical access to the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is ransomware?

A

A type of malware designed to block access to a computer system or files until the ransom amount is paid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Ransomware-as-a-Service?

A

A ransomware developer sells or leases their ransomware variants to individuals or groups who then use it to carry out attacks. RaaS reduces the cost to perform ransomware attacks and can provide 24x7 customer support and a platform for managing the malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is proxy malware?

A

Malware that turns infected systems into intermediaries and allows network traffic to go through them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a payload?

A

Malware that an attacker delivers to a victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is pentesting?

A

A security exercise that simulates a cyberattack to check for vulnerabilities that an attacker could take advantage of.

19
Q

What is malware?

A

A program, software, or firmware intended to perform an unauthorized action that adversely impacts the confidentiality, integrity, or availability of a system.

20
Q

What is a kill chain?

A

The process threat actors use for attacking a system. It consists of researching targets, weaponization of malware specific to the target, deployment techniques, exploiting vulnerabilities in specific software, installing malware, command and control establishment, and completing objectives.

21
Q

What is a honeypot?

A

A term used to describe a computer, server, or network that appears legitimate, and contains information or resources of value to attackers. Researchers use these to map how attackers behave.

22
Q

What is an information disclosure attack?

A

An attack that takes advantage of vulnerabilities (insufficient protection of data, displaying of information in error messages, etc.) in web applications to retrieve information that could be stolen or used for further exploitation attempts.

23
Q

What is an exploit?

A

Any object (ex: a program, piece of code, etc.) that can take advantage of a vulnerability in a program or operating system.

24
Q

What is DNS hijacking / DNS redirection?

A

A type of attack where Domain Name Systems (DNS) queries are redirected to send users to malicious sites. Attackers can install malware on user computers, take over routers, or intercept DNS communication directly.

25
Q

What is a drive-by download?

A

Content is automatically downloaded when a web page is loaded by the web browser. These downloads are usually unintentional.

26
Q

What is domain hijacking?

A

An attack where a web address is stolen.

27
Q

What is distributed denial of service?

A

Multiple systems are used to disrupt service or internet connection by flooding it with useless information.

28
Q

What is a dictionary attack?

A

Password guessing attempts using files that contain lists of common passwords.

29
Q

What is denial of service?

A

A single system is used to disrupt the internet use of a user or service by flooding its connection with useless information.

30
Q

What is defacement?

A

An attack that changes the visual appearance of a website (the digital version of graffiti) and potentially adds malware to it.

31
Q

What is data loss?

A

The loss of data caused by an error or malicious activity.

32
Q

What is data leakage?

A

Unauthorized transfer of information from a computer or data center to the outside world.

33
Q

What is a command and control server?

A

A server controlled by attackers that is responsible for sending commands to infected machines.

34
Q

What is a buffer overflow?

A

A vulnerability in which more information can be entered in a device’s memory than is reserved for the program. Attackers exploit this vulnerability to execute malicious code or gain access to other parts of a targeted system.

35
Q

What is a brute force password attack?

A

An attack designed to guess login credentials by cycling through every possible combination of letters, numbers, and characters. Complex passwords would require a significant amount of time to guess correctly.

36
Q

What is a botnet?

A

A collection of systems infected with malware that receive instructions to link up and conduct malicious activity. Botnets can consist of hundreds of thousands of infected machines, and are commonly used to mine Bitcoins and launch Distributed Denial of Service (DDoS) attacks.

37
Q

What is a backdoor?

A

Any method by which an authorized or unauthorized user can gain root access to a network or computer system.

38
Q

What is an attack vector?

A

The method used by an attacker to access or penetrate a system.

39
Q

What is adware?

A

A type of malware that generates pop-up advertisements, or links to ad-laden web pages, to generate illegitimate revenue.

40
Q

What are web server vulnerabilities?

A
  1. web servers are exposed publicly or designed to be connect to, making them a good place to connect through a firewall
  2. they may have permissions to access more files than they should so there is potential for lateral movement
  3. often connected with dynamic capabilities provided by PHP or other interpreters allowing an attacker to supply their own code or modify functionality
  4. other users may visit the page so they can be compromised and used to target other users
  5. often connected to databases so attacker may be able to steal usernames, passwords, emails, credit card details, etc
  6. can be used to get access to the operating system when developers leave code artifacts or code repositories on a web server and pivot to other workstations
  7. where web server is hosted by a third party, an attacker may be able to hack other web sites on that server
41
Q

What are web server analytics?

A

Data collected about the system, application and users interactions and logged remotely; can be automated or managed with an API. Analytics tell the website owner how many connections are being received and potentially where they originate, how long users are on the website, where they go, how long it takes to get there, whether they came from a link or not. Helps to understand traffic flow. Can be used for anomaly detection

42
Q

Why are web page response codes important in security?

A

Codes are useful to attackers as they can indicate whether there is a firewall and how things are configured on the web server e.g. 500 Internal Server Error typically happens due to bad code or failure to handle data or an exception

43
Q

How to secure a web server?

A

Default configuration is usually sufficient but ensure that these are appropriate for the number of workers (Apache usually set low so needs to be increased)
Enable HTTPS to ensure that communications are encrypted
Validate web server permissions so that users are not given too much access because they are added to groups with real power
Disable banner and versioning so that the signature is not available to attackers
Use vendor checklists
Use CIS Benchmarks
Ensure security certificates are up to date