Chapter 2

Question 1

Threat actor

Answer 1

Any person or group who presents a security risk

Question 2

nation state actors

Answer 2

Highly skilled, highly funded government-sponsored attackers

Question 3

hactivist

Answer 3

Attacks for ideological reasons, often highly sophisticated with little resources/funding

Question 4

unskilled attacker (script kiddie)

Answer 4

attackers with little skill and little funding

Question 5

Insider threat

Answer 5

many resources, medium sophistication, employee out for revenge or financial gain, takes advantage of organization knowledge, knows exactly where to hit vulnerable systems

Question 6

Organized crime

Answer 6

highly funded, highly sophisticated, motivated by money

Question 7

Shadow IT

Answer 7

many resources, low sophistication, group that doesn’t want to deal with IT dept regulations, circumvents existing IT

Question 8

Threat vector

Answer 8

Method used by an attacker to access a victim’s machine

Question 9

Agentless

Answer 9

Executable that does not require installation, such as a web-based executable

Question 10

Client-based

Answer 10

Executable that requires installation, think installed malware

Question 11

Unsupported systems

Answer 11

Outdated operating systems no longer supported by the manufacturer; no patches exist

Question 12

WEP, WPA, WPA2, WPA3

Answer 12

Wireless network security protocols used to encrypt wireless traffic. WPA3 is most secure and up to date.

Question 13

802.1X

Answer 13

A port-based authentication protocol. Prevents access to the network unless someone provides proper credentials. Can be used wireless or wired.

Question 14

Bluetooth

Answer 14

Attackers can use bluetooth for reconnaissance to determine location

Question 15

TCP

Answer 15

Transmission Control Protocol. A port. TCP is usually seen as TCP/IP in writing.

Question 16

UDP

Answer 16

User Datagram Protocol. A port.

Question 17

Open port vector

Answer 17

an opportunity for an attacker. Could be due to a misconfiguration or a system vulnerability.

Question 18

Default credentials

Answer 18

if you keep default credentials, very easy for attackers to gain access

Question 19

MSP

Answer 19

Managed service provider

Question 20

Supply chain vector

Answer 20

An attacker could gain access to a network using a vendor or a supplier. Think 2013 target CC breach and counterfeit Cisco hardware being delivered

Question 21

Phishing

Answer 21

Social engineering, usually delivered by email, SMS. Usually grammar, spacing, URL not quite right. Creates a sense of urgency to click a malicious link.

Question 22

Business Email Compromise (BEC)

Answer 22

Attacker pretends to be a trusted business for financial gain

Question 23

BEC

Answer 23

Business Email Compromise

Question 24

Pretexting

Answer 24

Lying to get information, often creating stories.

Question 25

Typosquatting

Answer 25

An attacker registers a domain name with a common misspelling of an existing URL

Question 26

Vishing

Answer 26

Voice phishing over the phone

Question 27

Smishing

Answer 27

SMS phishing

Question 28

Watering Hole attack

Answer 28

A malicious attack that is directed toward a small group of specific individuals who visit the same 3rd party website, such as a sandwich shop.

Question 29

DLL

Answer 29

Dynamic Link Library. A Windows library containing data and code.

Question 30

Malware

Answer 30

Malware runs in memory. Malware can run on its own or inject itself into a legitimate process

Question 31

Memory Injection

Answer 31

Malware injecting itself into an existing process, getting access to the data with the same rights and permissions, performing a privilege escalation.

Question 32

DLL injection

Answer 32

Attacker injects a path to a malicious DLL (Dynamic link library) into memory and runs it.

Question 33

Buffer overflow attack

Answer 33

Attacker overwrites a buffer of memory, spilling over into other memory areas, effectively manipulating data to change the permissions the system gives the attacker

Question 34

Race condition

Answer 34

A programming flaw that occurs when two sets of code attempt to access the same resource. The first one to access the resource wins, which can result in inconsistent results.

Question 35

TOCTOU (Time-of-Check to Time-of-Use)

Answer 35

Race condition. You don’t check bank account before going grocery shopping.

Question 36

TOCTOU

Answer 36

Time-of-Check to Time-of-Use

Question 37

OS

Answer 37

Operating system

Question 38

SQL

Answer 38

Structured query language. The most common database management system language

Question 38

Malicious update

Answer 38

A fake update used to introduce malicious functionality

Question 39

SQLi

Answer 39

SQL injection

Question 40

SQL injection

Answer 40

An attacker injects commands into a field to be manipulated by the database. All they have to do is enter ‘OR ‘1 = 1’ and they have access to entire database.

Question 41

XSS

Answer 41

Cross-site scripting

Question 42

Cross-site Scripting

Answer 42

Attacker sends malicious link to victim, runs a legitimate website, but attacker runs malicious code behind the scenes to obtain user’s data.

Question 43

Vulnerable XSS website

Answer 43

Website with search engine that allows javascript code injection for attacker to obtain information

Question 44

Persistent (stored) XSS attack

Answer 44

Attacker posts malicious message on social media, out there for people to click on

Question 45

Internet of things (IoT) devices hardware vulnerabilities

Answer 45

Stove, refrigerator, garage door opener, could potentially connect to network and become vulnerable to attack

Question 46

IoT

Answer 46

Internet of Things

Question 47

Firmware

Answer 47

Operating system inside of hardware devices- only manufacturers are able to fix, think surgical/medical device reps

Question 48

EOL

Answer 48

End of Life

Question 49

End of life

Answer 49

Manufacturer stops making product

Question 50

EOSL

Answer 50

End of service life

Question 51

End of service life

Answer 51

Manufacturer no longer provides technical support with patches, etc

Question 52

Legacy devices

Answer 52

May want to add firewall rules to restrict use of legacy devices

Question 53

VM

Answer 53

Virtual machine

Question 54

Virtual machine

Answer 54

Largely same capabilities and security practices apply as physical machines

Question 55

Virtual machine escape

Answer 55

Attacker escapes from VM and interacts with host operating system, allows attacker to exploit entire virtual world and the data within

Question 55

Resource Reuse

Answer 55

Data inadvertently being shared between VMs

Question 56

Jailbreaking/rooting

Answer 56

Attacker gaining access to mobile device, installing custom firmware and circumventing security features and mobile device manager becomes useless.

Question 57

MDM

Answer 57

Mobile device manager/management

Question 58

Sideloading

Answer 58

Apps installed manually without app store

Question 59

Virus

Answer 59

Malware that can reproduce itself through running a program, etc

Question 60

Fileless virus

Answer 60

stealth attack virus, never installed on a file or system, but runs in memory instead

Question 61

Ransomware

Answer 61

Encrypts all your data and holds it hostage, usually offering the key in exchange for money

Question 62

Worm

Answer 62

Malware that self-replicates without any intervention, uses the network as a transmission medium, (don’t need to run a program or anything)

Question 63

Spyware

Answer 63

Malware that spies on you, usually for identity theft purposes- can include keylogging technology and browser monitoring

Question 64

Bloatware

Answer 64

Apps installed on a new device, often by the manufacturer, that you don’t need, and take up valuable storage space. Can be difficult to remove

Question 65

Keyloggers

Answer 65

Software that can capture keystrokes, such as passwords, email info, URLs, private messaging. May also store other information such as screenshots

Question 66

Trojan Horse

Answer 66

A type of malware that downloads on to your computer disguised as a legitimate program

Question 67

Logic bomb

Answer 67

Waits for a specific date or event to “go off”

Question 67

Rootkit

Answer 67

Hides itself in the root of the operating system. It runs as part of the kernal in the core operating system files, making it difficult to detect.

Question 68

OS

Answer 68

Operating system

Question 69

Brute force physical attack

Answer 69

Literally breaking down doors to achieve a goal

Question 70

RFID

Answer 70

Radio Frequency identified cloning

Question 71

Radio Frequency identified cloning (RFID)

Answer 71

Cloning keyfobs, employee access cards

Question 72

Environmental physical attack

Answer 72

Could attack HVAC system, the operating environment, the power source

Question 73

Denial of service (DoS) attack

Answer 73

Attacker forces a system to fail by overloading it

Question 74

DoS attack

Answer 74

Denial of Service

Question 75

DDoS attack

Answer 75

Distributed Denial of Service

Question 76

Distributed Denial of Service (DDoS) attack

Answer 76

A coordinated attack launching an army of computers to bring down a service by creating a traffic spike using up all the system’s bandwidth. Attackers could utilize botnets to achieve this.

Question 77

DNS amplification

Answer 77

Attacker submits a small request that has a large volume response to the victim’s system to overwhelm it

Question 78

DNS

Answer 78

Domain name system

Question 79

DNS (Domain Name system) Spoofing/Posioning

Answer 79

Attacker modifies the DNS server or the client host file and causes user to visit a malicious website instead of a trusted one, could also perform an on-path attack and alter the DNS system IP address to match the attacker’s, so that subsequent requests will go to attacker’s computer instead of the DNS server.

Question 80

URL hijacking

Answer 80

same as typosquatting

Question 81

Domain hijacking

Answer 81

Attacker gains access to domain name of DNS and therefore gains access to the systems it is attached to.

Question 82

Radio Frequency (RF) Jamming

Answer 82

Type of Denial of Service (DoS) attack preventing wireless communication

Question 83

Wireless deauthentication attack

Answer 83

Type of wireless Denial of Service (DoS) attack suddenly disconnecting people from the network they are working on

Question 84

IEEE 802.1X

Answer 84

Opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. Wired or wireless.

Question 85

Wireless jamming

Answer 85

Usually reactive jamming, jams only when people try to use the network

Question 86

On path attack

Answer 86

Middleman intercepting conversation in real time to modify information sent

Question 87

ARP poisoning/spoofing

Answer 87

on path attack on a local subnet, ARP has no security so it is vulnerable, attacker can respond to a request impersonating a router IP address or other system

Question 88

On-path browser attack

Answer 88

man in the browser attack. malware or trojan on user device redirects traffic to attacker. Waits for you to login to something like your bank account to obtain valuable information

Question 89

Replay attack/Credential replay

Answer 89

Attack gathers data via network tap, on path attack, etc and uses that data to pose as the victim computer by replaying that information. Ex: attacker sits in and obtains username and hashed password. Later replays it to the server to pose as the victim. Can avoid pass the hash attack by salting the hash or using encryption.

Question 90

Spraying attack

Answer 90

attacker uses most common passwords, 2-3 so as to not lock out user and set off alarms if they do not gain access

Question 91

brute force password attack

Answer 91

attacker attempts as many times and combinations as possible until lockout or success, could take months

Question 92

Malicious code

Answer 92

could be packaged in an executable, scripts running in system, viruses, worms, trojan horses, etc

Question 93

Privilege escalation

Answer 93

attacker accessing regular user’s credentials and gaining access to administrator rights or higher-level access

Question 94

Cross site request forgery (XSRF, CSRF, sea-surf)

Answer 94

Session riding. Attacker impersonates user and makes requests to server that user did not make. Such as independently posting to your facebook page when you’re logged into FB

Question 95

XSRF, CSRF, sea-surf

Answer 95

Cross-site request forgery, session riding

Question 96

Directory traversal/path traversal

Answer 96

aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)

Question 97

Birthday attack

Answer 97

Attacker finding a hash collision

Question 98

downgrade attack

Answer 98

downgrading security for user. Example: SSL stripping attack, where on path attack is used to redirect user to send their data without protection of https in URL

Question 99

Segmentation

Answer 99

separating systems for higher performance or security. Ex: VLANs, load balancing,

Question 100

PCI

Answer 100

Payment card industry

Question 101

ACL

Answer 101

Access control list

Question 102

Access control list (ACL)

Answer 102

access control list, could be grouped by user type, user function, IP address, etc. for higher security

Question 103

Configuration enforcement

Answer 103

Each time a device connects, a posture assessment is performed to mitigate risk. If systems are too out of date, company may require system to be quarantined/out of commission until updates have been implemented.

Question 104

Decommissioning

Answer 104

remove sensitive data from storage drives before decommissioning equipment, could later recycle or destroy device

Question 105

Endpoint detection and response (EDR)

Answer 105

EDR technology can detect a threat, investigate a threat, and respond by isolating the system, quarantining the system, and rolling back to a previous configuration, no technician input required

Question 106

EDR

Answer 106

Endpoint detection and response

Question 107

API

Answer 107

Application programming interface

Question 108

HIPS (Host -based intrusion prevention system)

Answer 108

Can recognize and block known attacks on each individual device, secure operating system OS, often built into EDR (Endpoint detection and response) or anti-malware software

Question 109

HIPS

Answer 109

Host-based Intrusion Prevention System