Chapter 14

Question 1

Social engineering

Answer 1

The practice of exploiting people to gain access to unauthorized areas and systems.

Question 2

Phishing

Answer 2

An attack that uses a malicious email crafted to look legitimate. The intent is to have a user click a link to a malicious website or download a malicious file.

Question 3

Spear phishing

Answer 3

A phishing attack that is designed to target a specific person.

Question 4

Vishing

Answer 4

A social engineering attack in which the hacker attempts to get sensitive information from a user over the phone.

Question 5

Shoulder surfing

Answer 5

A social engineering attack in which the hacker gathers sensitive information by looking over a target’s shoulder while the target is working on a computer.

Question 6

Tailgating

Answer 6

A social engineering attack that allows the hacker to bypass access control systems by closely following a legitimate user into a building.

Question 7

Impersonation

Answer 7

A social engineering attack in which the hacker attempts to gain access to the building by pretending to be a legitimate or authorized person.

Question 8

Dumpster diving

Answer 8

A social engineering attack in which the hacker goes through the trash to find sensitive information.

Question 9

Evil twin

Answer 9

A rogue access point that is configured to mimic a legitimate wireless network.

Question 10

Denial of service (Dos)

Answer 10

An attack that is designed to overload the target with more data than it can handle, causing it to shut down. A distributed denial of service (DDoS) attack uses multiple computers to carry out the attack.

Question 11

SQL injection

Answer 11

An attack designed to target databases.

Question 12

Cross-site scripting (XSS)

Answer 12

An attack designed to target improperly configured input fields on a website.

Question 13

On-path attack

Answer 13

An attack in which the attacker intercepts a communication. The attacker may obtain data from and/or manipulate the data before sending it to the intended recipient.

Question 14

Brute force attack

Answer 14

A password cracking attack in which the attacker attempts to guess passwords by using a cracking tool that submits every possible letter, number, and symbol combination.

Question 15

Dictionary attack

Answer 15

A password cracking attack in which the attacker uses a list of words and phrases to guess the decryption key.

Question 16

MAC spoofing

Answer 16

A network attack in which the MAC address of the hacker’s computer is changed to match the network’s gateway and overwrite the switch’s CAM table to intercept all communications.

Question 17

Zero-day attack

Answer 17

Any attack that exploits a vulnerability that the developer is not aware of yet.

Question 18

Operating system end of life

Answer 18

An operating system that is no longer supported by the vendor.

Question 19

Bring Your Own Device (BYOD)

Answer 19

A policy that allows users to use their own personal devices for work purposes.

Question 20

Whaling

Answer 20

A spear phishing attack that is designed to target a high-level employee, such as a CEO.

Question 21

SYN flood

Answer 21

The attacked sends a bunch of SYN packets with a spoofed IP address. When the target responds with the SYN-ACK packet, it sends it to the wrong IP address, which means no response will come back. The target eventually gets overwhelmed waiting for the response packets.

Question 22

Amplification attack

Answer 22

Consumes the bandwidth between the target and the internet, effectively cutting them off. DNS amplification attacks are a common example of this. Basically, the attacker sends a large amount of DNS queries to multiple open DNS servers with the victim’s IP address spoofed as the sender. The DNS servers will send the DNS responses back to the victim, which can quickly overload them.

Question 23

IP address spoofing

Answer 23

The attacker modifies his computer with an IP address that matches the IP address of a device on the network. The packets go to the attacker’s computer instead of to a server as the sender intended.

Question 24

DNS spoofing

Answer 24

The attacker modifies a website’s address in the DNS server. When the user attempts to go to that website, the browser redirects the user to the attacker’s malicious site.

Question 25

HTTPS spoofing

Answer 25

The attacker uses a website name that looks similar to a real site. For example, www.testout.com is replaced with www.test0out.com.

Question 26

SSL hijacking

Answer 26

The attacker passes forged authentication keys to both the user and application/server. The user and application think they are talking to each other, but all communication is going through the attacker.

Question 27

Email hijacking

Answer 27

The attacker compromises the target’s email account to monitor and gather information.

Question 28

Wi-Fi eavesdropping

Answer 28

This is also known as a evil-twin attack. The attacker tricks users into connecting to a malicious wireless network. The attacker then monitors and manipulates the data packets flowing across the wireless network.

Question 29

Session hijacking

Answer 29

When a user logs into a website, a session cookie is generated. If the attacker intercepts this data, the attacker can access the user’s account.

Question 30

Password spraying

Answer 30

Instead of attempting multiple logins using a single user account and different passwords, the attacker uses the same passwords with multiple user accounts.

Question 31

High-level format

Answer 31

Formatting method that removes the pointers to the data on the drive, but not the data on the drive. The high-level format is the standard format that’s done through the operating system tools.

Question 32

Low-level format

Answer 32

Formatting method that writes new sectors and tracks to the drive and is typically done by the manufacturer when the drive is first assembled.

Question 33

Degaussing

Answer 33

Hard drive destruction method that purges the entire hard disk all at once by exposing it to an extremely strong magnetic pulse.

Question 34

Certificate of destruction (COD)

Answer 34

Document that details the method and date of a hard drive’s destruction along with the chain of custody.

Question 35

Virus

Answer 35

Self-replicating malware that attaches in a legitimate program and hides there. When the program runs, the virus payload is also executed.

Question 36

Boot-sector virus

Answer 36

A virus that injects itself in the boot sector and moves the Master Boot Record to another location on the hard drive. The virus then always executes before the MBR.

Question 37

Trojan Horse

Answer 37

Malware that provides a hacker covert remote access to the victim’s system.

Question 38

Keylogger

Answer 38

Malware that logs every keystroke the user makes and then sends the report back to the hacker.

Question 39

Spyware

Answer 39

Malware that monitors and logs a user’s activity on the device. This includes web browsing, applications, instant messaging, etc.

Question 40

Ransomware

Answer 40

Malware that scans the system for user files and encrypts them. To regain access to files, the victim must pay a ransom.

Question 41

Cryptominer

Answer 41

Malware that uses the victim computer’s resources to mine for cryptocurrency on behalf of the hacker.

Question 42

Rootkit

Answer 42

Malware that consists of programs that can give the hacker root (administrator) access to the target machine.

Question 43

Malware definitions

Answer 43

A unique fingerprint for each discovered malware. Anti-malware programs keep a database of definitions to detect and remove malware.

Question 44

Sheep-dip computer

Answer 44

A special computer that is setup for malware analysis and remediation.

Question 45

Windows Pre-Installation Environment (WinPE)

Answer 45

A lightweight version of Windows that boots from the USB drive and is typically used to help deploy Windows in an enterprise environment or for troubleshooting Windows issues.

Question 46

Sheep dip computer

Answer 46

A computer that is isolated from any networks, and it has port monitors, file monitors, network monitors, and anti-malware software installed. This system would only connect to a network under extremely strict conditions.

Question 47

Firewall

Answer 47

A device or software that inspects network traffic based on a set of rules.

Question 48

Network appliances

Answer 48

Devices that exist on a network to provide certain services for that network.

Question 49

Intrusion detection system (IDS)

Answer 49

A feature that detects intrusion attempts and alerts the system administrator.

Question 50

Intrusion prevention system (IPS)

Answer 50

A feature that detects intrusions and takes actions to prevent it, including reporting, blocking, or dropping traffic when intrusions occur.

Question 51

Access Control List (ACL)

Answer 51

A mechanism used to define and enforce rules about who (or what) can access resources in a system and what actions they can perform.

Question 52

Packet filtering

Answer 52

This is one of the most common types of firewalls. It scans all packets and reads the source and destination IP addresses along with their port numbers. Based on the ACL, the firewall will reject any packet that does not belong to that network.

Question 53

Circuit layer gateway

Answer 53

This gateway scans the traffic based on TCP or UDP transmission. If the transmission is detected as legitimate, the packet is granted access while the link remains established.

Question 54

Application level gateway

Answer 54

This gateway monitors the contents of the packet. Each packet has information about the application that uses the data. The ACL will then dictate whether that data will be denied or allowed based on the application.

Question 55

Unified Threat Management

Answer 55

An all-in-one solution for multiple network appliances. A UTM can help alleviate budget constraints and physical space.

Keep in mind:
The disadvantage is that a UTM can suffer from connectivity issues and be a single point of failure.

Question 56

Endpoint management server

Answer 56

A way to keep track of various devices while ensuring that software is secure. Many companies that need small IT department overhead use this option.