Chapter 5: Endpoint Vulnerabilities, Attacks, and Defenses

Question 1

What are Endpoints?

Answer 1

Any device - a better and more accurate description

Question 2

What is Blocking Ransomeware?

Answer 2

Blocks user from using the computer correctly

Question 3

What is Locking Ransomeware?

Answer 3

Encrypts some or all files on the device so that they can’t be open

Question 4

What is spyware?

Answer 4

Tracking software deployed without consent

Question 5

What is a Trojan?

Answer 5

Executable program that masquerades as performing good activity BUT does something malicious

Question 6

What is RAT?

Answer 6

Remote Access Trojan

Question 7

What is the definition of a Launch type of malware? (Virus, Worm, Bloatware, and Bot)

Answer 7

Infects a computer to launch attacks on other computers

Question 8

What is a File-Base Virus?

Answer 8

Reproduces itself on the same computer without human intervention (Easy)

Question 9

What is a Fileless Virus?

Answer 9

Not attached to files, takes advantage of native services and process - ex. RAM (Hard)

Question 10

What is a worm (Network Virus)?

Answer 10

Malicious program that uses a computer network to replicate

Question 11

What is Bloatware?

Answer 11

Software that is installed on a device without user requesting it

Question 12

What is a Bot/Zombie?

Answer 12

Infected robot computer

Question 13

What is a Botnet?

Answer 13

Multiple bot computers

Question 14

What are Bot Herders?

Answer 14

Controls bots through a C&C structure

Question 15

What is a logic bomb?

Answer 15

Computer code added to legit program but lies dormant& evades detection until a specific logical event

Question 16

What is a Rootkit?

Answer 16

Malware hides its presence & possibly other malware

Question 17

What is a Backdoor?

Answer 17

Gives access to a computer, program, or service that circumvents any normal security protections

Question 18

What is an IoA?

Answer 18

Indicator of Attack - A sign an attack is currently underway

Question 19

What is an IoC?

Answer 19

Indicator of Compromise - A sign an attack has already happened

Question 20

What is Privilege Escalation?

Answer 20

Allows attacker to gain access beyond what is entitled for a user

Question 21

What is Buffer Overflow?

Answer 21

A process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

Question 22

What is a NULL Pointer/Object?

Answer 22

An improper handling situation

Question 23

What is a Race Condition?

Answer 23

Two concurrent threads of execution access shared resource simultaneously

Question 24

What is a web-based attacks?

Answer 24

Attacks through web application

Question 25

What is Directory Traversal?

Answer 25

Takes advantage of a vulnerability so that a user can move from the root directory or other restricted directory

Question 26

What are Request Forgery attacks?

Answer 26

A request that has been fabricated

Question 27

What is Cross-site scripting? (XSS)

Answer 27

A website that accepts user input without validating it & uses that in put in a response; no sanitizing

Question 28

What is sanitizing in programing?

Answer 28

the process of cleaning or filtering user input to ensure it doesn’t contain any malicious code that could be executed by the web application - to “clean” anything from “bad things”

Question 29

What is CSRF?

Answer 29

Cross-Site Request Forgery - Takes advantage of an authentication "Token" that a website sends to a users browser

Question 30

What is SSRF?

Answer 30

Server-Site Request Forgery - Takes advantage of a trusting relationship between servers

Question 31

What is a Replay attack?

Answer 31

Commonly against digital identities, Impersonates legitimate user - copies data and then uses it for an attack

Question 32

What is Antivirus?

Answer 32

Monitors computer activity, examines computer for file-based virus infection

Question 33

What is static analysis?

Answer 33

Older AV products that use signature-based monitoring

Question 34

What is dynamic analysis?

Answer 34

Looking for characteristics. heuristic monitoring

Question 35

What is Secure Cookies?

Answer 35

Encrypted request over the secure HTTPS protocol

Question 36

What is HTTP Response Headers?

Answer 36

Headers that tell browser how to behave with website

Question 37

What is HIDS?

Answer 37

Host Intrusion Detection Systems - Used to detect attack

Question 38

What is an HIPS?

Answer 38

Host Intrusion Prevention Systems - Monitor activity to block malicious attack

Question 39

What is EDR?

Answer 39

Endpoint Detection & Response - Tools more robust than HIDS & HIPS, Preform more analytics to ID anomalies

Question 40

What is a keylogger?

Answer 40

Software or Hardware that silently captures and stores each keystroke that is typed on a user's keyboard - Can even be able to take screenshots of the screen and send that over the ethernet to the threat actor (software) - Sometimes needs to be installed and retrieve without being detected (hardware)

Question 41

What is TOC/TOU?

Answer 41

Time of Check/Time of Use - A race condition in which a threat actor can influence the state of the resource between a check

Question 42

What is TOE?

Answer 42

Target of Evaluation - A system, product, and its documentation that is the subject of a security evaluation