Ch6: Comparing Threats, Vulnerabilities, and Common Attacks Flashcards

1
Q

Script kiddie

A

An attacker who uses existing computer scripts to launch attacks, typically with very little expertise, sophistication, and funding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hacktivist

A

launches attacks as part of an activist movement or to further a cause

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Insider

A

Anyone who has legitimate access to an organization’s internal resources, such as an employee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Organized crime elements are…

A

typically motivated by greed and money but often use sophisticated techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

APTs

A

Advanced Persistent Threats are sponsored by governments and they launch sophisticated, targeted attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DoS attack

A

A denial-of-service attack is an attack from a single source that attempts to disrupt the services provided by another system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DDoS attack

A

A distrubuted denial-of-service attack includes multiple computers attacking a single target. DDoS attacks typically include sustained, abnormally high network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Malware

A

includes a wide variety of malicious code including viruses, worms, Trojans, ransomware, and more

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Virus

A

a malicious program that attaches itself to an application and runs when the application is started

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Worm

A

a self-replicating program that doesn’t need user interaction to run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Logic bomb

A

executes in response to an event, such as when a specific application is executed or a specific time arrives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Backdoor

A

A backdoor provides another way to access a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Trojan

A

A Trojan appears to be something useful but includes a malicious component, such as installing a backdoor on a user’s system. Many Trojans are delivered via drive-by-downloads. They can also infect systems from fake AV software, pirated software, games, or infected USBs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Ransomware

A

a type of malware that takes control of a user’s system or data. Criminals then attempt to extort payment from the victim. Ransomware often includes threats of damaging a user’s system or data if the victim does not pay the ransom.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Crypto-malware

A

Ransomware that encrypts the user’s data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Keyloggers

A

capture a user’s keystrokes and store them in a file, which can be automatically sent to an attacker or manually retrieved

17
Q

Spyware

A

monitors a user’s computer and often includes a keylogger

18
Q

Rootkit

A

A group of programs that has system-level or kernel access and can modify system files and system access. Rootkits hide their running processes to avoid detection with hooking techniques. Tools that can inspect RAM can discover these hidden hooked processes

19
Q

Social engineering

A

uses social tactics to trick users into giving up information or performing actions they wouldn’t normally take

20
Q

Shoulder surfing

A

Looking over someone’s shoulder to gain information. Screen filters help prevent shoulder surfing by obscuring the view for people unless they are directly in front of the monitor

21
Q

Dumpster diving

A

Searching through trash for information

22
Q

Spam

A

unwanted email

23
Q

Phishing

A

malicious spam (clicking on email links to install malware)

24
Q

Spear phishing

A

Attack that targets a specific group of users. It could target employees of a company or customers of a company. Digital signatures can help reduce successful spear phishing

25
Q

Whaling

A

Phishing targeting high-level executives

26
Q

Vishing

A

A form of phishing that uses the phone system or VoIP. Some vishing attempts are fully automated. Others start automated but an attacker takes over at some point during the call

27
Q

AV software

A

Antivirus software detects and removes malware, such as viruses, Trojans, and worms

28
Q

Signature-based AV software

A

detects known malware based on signature definitions

29
Q

Heuristic-based AV software

A

detects previously unknown malware based on behavior

30
Q

__ users helps prevent incidents…

A

Educating users about new viruses, phishing attacks, and 0day exploits helps prevent incidents

31
Q

Zero-day exploits

A

take advantage of vulnerabilities that aren’t known by trusted sources, such as OS vendors and AV vendors

32
Q

Social engineers are effective because…

A

they use psychology-based techniques to overcome users’ objections

33
Q

Two techniques that encourage immediate action are

A

scarcity and urgency