Chapter 7 Protecting Against Advanced Attacks Flashcards
1
Q
____ attacks typically include sustained, abnormally high network traffic
A
DDoS
2
Q
_______ occurs when one person or entity impersonates or masquerades as someone or something else.
A
Spoofing
3
Q
____ flood attacks disrupt the TCP handshake process and can prevent legitimate clients from connecting.
A
SYN
4
Q
True or False: In a SYN attack, the attacker never finishes the handshake sequence
A
True
The attacker floods the server with SYN packets but never sends the final ACK packets
5
Q
True or False: Attackers often spoof the source IP address when conducting SYN flood DoS attacks
A
True
6
Q
A ________ attack is a form of active interception or active eavesdropping. It uses a separate computer that accepts traffic from each party in a conversation and forwards the traffic between the two.
A
man-in-the-middle(MITM)
7
Q
_____ ______ is one way that an attacker can launch an MITM attack.
A
Address Resolution Protocol (ARP) poisoning
8
Q
Kerberos helps prevent man-in-the-middle attacks with ______ ______.
A
mutual authentication
9
Q
______ ______ is an attack that misleads computers or switches about the actual MAC address of a system.
A
ARP poisoning
10
Q
_____ resolves the IP addresses of systems to their hardware address and stores the result in an area of memory known as the ARP cache.
A
ARP
11
Q
True or False : The ARP request broadcasts the MAC address and essentially asks, “Who has this MAC address?”
A
False
It broadcasts the IP address
12
Q
True or False : The computer with the IP address in the ARP request responds with its MAC address. The computer that sent the ARP request caches the MAC address for the IP.
A
True
13
Q
True or False : In a man-in-the-middle attack, an attacker can redirect network traffic and, in some cases, insert malicious code.
A
True
14
Q
An attacker can also use ARP poisoning in a ____attack.
A
DoS
15
Q
The ____ ____ is the IP address of a router connection that provides a path out of the network.
A
default gateway
16
Q
True or False : If all the computers cache a bogus MAC address for the default gateway, a few of them can reach it.
A
False
None of them can reach the default gateway and it stops all traffic out of the network.
17
Q
A ___ ____ attack attempts to modify or corrupt DNS results.
A
DNS poisoning
18
Q
True or False : Many current DNS servers use Domain Name System Security Extensions(DNSSEC) to protect the DNS records and prevent DNS poisoning attacks.
A
True
19
Q
A ______ attack is another type of attack that manipulates the DNS name resolution process.
A
pharming
20
Q
True or False : Pharming attacks on the client computer modify the hosts file used on Windows systems.
A
True
21
Q
An _____ _____ is a type of DDoS attack which typically uses a method that significantly increases the amount of traffic sent to, or requested from, a victim.
A
amplification attack
22
Q
A _____ attack spoofs the source address of a directed broadcast ping packet to flood a victim with ping replies.
A
smurf
23
Q
__ amplification attacks send DNS requests to DNS servers spoofing the IP address of the victim.
A
DNS
24
Q
True or False : DNS poisoning attacks attempt to corrupt DNS data.
A
True
25
True or False : Amplification attacks increase the amount of traffic sent to or requested from a victim and can be used against a wide variety of systems, including individual hosts, DNS servers, and NTP servers.
True
26
A ____ ____ attack attempts to guess all possible character combinations.
brute force
27
List the two types of brute force attacks
1. Online
| 2. Offline
28
An ______ password attack attempts to discover a password from an _____ system.
online
29
______ password attacks attempt to discover passwords from a captured database or captured packet scan.
Offline
30
True or False : One of the first steps to thwart offline brute force attacks is to use complex passwords and to store the passwords in an encrypted or hashed format.
True
31
A ______ attack is one of the original password attacks which uses a ______ of words and attempts every word in the _____ to see if it works.
dictionary
32
_____ attacks attack the ____ of a password instead of the password.
Hash
33
True or False : Most authentication protocols encrypt the password or the hash before sending it across the network.
True
34
In a _______ attack, the attacker discovers the hash of the user’s password and then uses it to log on to the system as the user.
pass the hash
35
True or False : Any authentication protocol that passes the hash over the network in an unencrypted format is susceptible to a pass the hash attack
True
Mostly associated with MS LAN Manager (LM) and NT LAN Manager (NTLM). Two older MS security protocols used to authenticate MS clients
36
______ uses a number used once (nonce) on both the client and the authenticating server.
NTLMv2
37
What is a better alternative to NTLM?
NTLMv2 or Kerberos
38
In a ______ attack, an attacker is able to create a password that produces the same hash as the user’s actual password.
birthday
39
A hash _____ occurs when the hashing algorithm creates the same hash from different passwords.
collision
40
True or False : Birthday attacks on hashes are thwarted by decreasing the number of bits used in the hash to decrease the number of possible hashes.
False
Birthday attacks on hashes are thwarted by increasing the number of bits used in the hash to increase the number of possible hashes
41
______ attacks are a type of attack that attempts to discover the password from the hash. It is a huge database of precomputed hashes.
Rainbow table
42
______ passwords is a common method of preventing rainbow table attacks, along with other password attacks such as dictionary attacks.
Salting
43
A ____ is a set of random data such as two additional characters.
salt
44
True or False : Using additional characters add complexity to the password, and also result in a different hash than the system would create using only the original password. This causes password attacks that compare hashes to fail.
True
45
A _____ attack is one where an attacker _____ data that was already part of a communication session. In this scenario, a third party attempts to impersonate a client that is involved in the original session.
replay
46
True or False : Many protocols use timestamps and sequence numbers to thwart replay attacks.
True
47
True or False : An attacker can launch a known plaintext attack if he has samples of both the plaintext and the ciphertext.
True
48
A ____ plaintext attack uses targeted parts of a message to encrypt and match against entire ciphertext to determine the encryption algorithm being used.
chosen
49
In a _______ only attack, the attacker doesn’t have any information on the plaintext.
ciphertext
50
_____/______ occurs when someone buys a domain name that is close to a legitimate domain name.
Typo squatting/URL hijacking
51
List a few reasons why attackers might buy a similar domain i.e. comptai.org vs original comptia.org
Hosting a malicious web site.
Earning ad revenue.
Reselling the domain.
52
______ tricks users into clicking something other than what they think they’re clicking.
Clickjacking
53
_____ hijacking takes advantage of ____ IDs stored in cookies.
Session
54
True or False : Attackers can read cookies installed on systems through several methods, such as through cross-site scripting attacks (described later in this chapter). Once they have the session ID, they can insert it into the HTTP header and send it to the web site. If the web server uses this session ID to log the user on automatically, it gives the attacker access to the user’s account.
True
55
A _______ is a type of proxy Trojan horse that infects vulnerable web browsers.
man-in-the-browser
56
_____ provides the solution that makes it appear that the older drivers are compatible. A driver ____ is additional code that can be run instead of the original driver.
Shimming, shim
57
______ code is the process of rewriting the internal processing of the code, without changing its external behavior.
Refactoring
58
A _____ vulnerability is a weakness or bug that is unknown to trusted sources
zero-day
59
A ________ is a bug in a computer application that causes the application to consume more and more memory the longer it runs.
memory leak
60
An _______ attack attempts to use or create a numeric value that is too big for an application to handle.
integer overflow
61
A _______ occurs when an application receives more input, or different input, than it expects. The result is an error that exposes system memory that would otherwise be protected and inaccessible.
buffer overflow
62
True or False : If the attacker uses the buffer overflow to crash the system or disrupt its services, it is a DoS attack.
True
63
True or False : A buffer overflow attack includes several different elements, but they happen all at once. The attacker sends a single string of data to the application. The first part of the string causes the buffer overflow. The next part of the string is a long string of NOPs followed by the attacker’s malicious code, stored in the attacked system’s memory. Last, the malicious code goes to work.
True
64
True or False : Buffer overflows occur when an application receives more data than it can handle, or receives unexpected data that exposes system memory. Buffer overflow attacks often include NOP instructions (such as x90) followed by malicious code. When successful, the attack causes the system to execute the malicious code. Input validation helps prevent buffer overflow attacks.
True
65
____ ____ is an attack that injects a DLL into a system’s memory and causes it to run.
DLL injection
66
True or False : In a successful DLL injection attack, the attacker attaches to a running process, allocates memory within the running process, connects the malicious DLL within the allocated memory, and then executes functions within the DLL.
True
67
____ ___ has been optimized by an application (called a compiler) and converted into an executable file..
Compiled code
68
____ ___ is evaluated, interpreted, and executed when the code is run.
Runtime code i.e. HTML
Note: Python is a hybrid of compiled and runtime code. Code is initially compiled then accessed each time during runtime. If interpreter detects change in source code it recompiles it.
69
____ ___ is the practice of checking data for validity before using it and is one of the most important security steps that developers should take.
Input validation
70
_____ ____ prevents an attacker from sending malicious code that an application will use by either sanitizing the input to remove malicious code or rejecting the input.
Input validation
71
True or False : Improper input handling (or the lack of input validation) is one of the most common security issues on web-based applications. It allows many different types of attacks, such as buffer overflow attacks, SQL injection, command injection, and cross-site scripting attacks.
True
72
Preventing the use of specific characters (, = -) can be used to prevent _____ attacks
SQL injection attacks
73
Preventing the use of special characters (< >) can be used to block _____ code
HTML
74
True or False : Other input validation techniques attempt to sanitize HTML code before sending it to a web browser also referred to as escaping the HTML code or encoding the HTML code.
True
75
True or False : Improper error handling can often give attackers information about an application.
True
76
List two factors about error handling
1. Errors to users should be general.
| 2. Detailed information should be logged.
77
True or False : Error and exception handling helps protect the integrity of the operating system and controls the errors shown to users. Applications should show generic error messages to users but log detailed information.
True
78
True or False : Certificates can be used to authenticate and validate software code
True
79
What are two benefits with code signing?
1. The certificate identifies the author
| 2. The hash verifies the code has not been modified
80
___ ___ is code that is never executed or used
Dead code
81
____ code analyzers examines the code without executing it
Static
82
____ analysis checks the code as it is running
Dynamic
83
____ uses a computer program to send random data to an application.
Fuzzing
84
____ testing attempts to simulate a live environment and determine how effective or efficient an application operates with a load
Stress
85
______ is an isolated area used for testing programs
Sandbox
86
_____ _____ is the process of ensuring that software meets specifications and fulfills its intended purpose.
Model verification
87
_____ models attempt to give structure to software development projects
Software development life cycle (SDLC)
88
List two popular SDLC models
1. Waterfall
| 2. Agile
89
______ model includes multiple stages going from top to bottom.
Waterfall
90
List typical stages used with the waterfall model
1. Requirements
2. Design
3. Implementation
4. Verification
5. Maintenance
91
True or False : A challenge with the waterfall method is that it is overly flexible
False
| The waterfall method is said to lack flexibility
92
_____ model uses a set of principles shared by cross-functional teams.
Agile
93
True or False : Instead of strict phases, the agile model uses iterative cycles
True
94
True or False : A key difference of the waterfall model is that emphasizes interaction between customers, developers, and testers during each cycle.
False
| It is the agile model that does this.
95
True or False : The agile model can be very effective if the customer has a clear idea of the requirements
True
96
___ ____ is an agile-aligned methodology that stresses security throughout the lifetime of the project.
Secure DevOps
97
_____ _____ helps ensure that developers do not make unauthorized changes.
Change management
98
_____ ____ tracks the versions of software as it is updated, including who made the update and when.
Version control
99
______ an application refers to preparing and configuring the application to launch on different devices and to use different application services.
Provisioning
100
_______ an app refers to removing it from a device.
Deprovisioning
101
List the two primary applications used for web servers
1. Apache is free and can run on UNIX, LINUX, and Windows systems
2. Internet Information Services (IIS) is a Microsoft product and is included free with any Windows Server product
102
______ of a database refers to organizing the tables and columns to reduce redundant data and improve overall database performance.
Normalization
103
True or False : A database is in First Normal Form 1NF if it meets the following criteria:
1. Each row within a table is unique and identified with a primary key
2. Related data is contained in a separate table
3. None of the columns include repeating groups
True
104
True or False : A database is in Second Normal Form 2NF only applies to tables that have a composite key where two or more columns make up the full primary key.
True
105
True or False : A database is in Second Normal Form 2NF if it meets the following criteria:
1. It is in 1NF
2. Non-primary key attributes are completely dependent on the composite primary key
True
106
True or False : A database is in Third Normal Form 3NF if it meets the following criteria:
1. It is in 2NF and 1NF
2. All columns that aren't primary keys are only dependent on the primary key.
True
107
True or False : In many cases, a SQL injection attack starts by sending improperly formatted SQL statements to the system to generate errors.
True
108
True or False : Attackers use SQL injection attacks to pass queries to back-end databases through web servers. Many SQL injection attacks use the phrase ‘ or ‘1’=’1’ -- to trick the database server into providing information.
True
109
_____ ____ is a specific type of command injection attack that attempts to access a file by including the full directory path, or traversing the directory structure.
Directory traversal
110
_____ ____ ___ is another web application vulnerability that can be prevented with input validation techniques. Attackers embed malicious HTML or JavaScript code into a web site’s code. The code executes when the user visits the site.
Cross-site scripting (XSS)
111
True or False : Cross-site scripting (XSS) attacks allow attackers to capture user information such as cookies. Input validation techniques at the server help prevent XSS attacks.
True
112
______ is an attack where an attacker tricks a user into performing an action on a web site.
Cross-site request forgery (XSRF or CSRF)
113
True or False : Cross-site request forgery (XSRF) scripting causes users to perform actions on web sites, such as making purchases, without their knowledge. In some cases, it allows an attacker to steal cookies and harvest passwords.
True
114
A ______ is a structure used to provide a foundation.
Framework
115
_____ ____ typically use a structure of basic concepts and they provide guidance to professionals on how to implement security in various systems.
Cybersecurity frameworks
116
List some categories of frameworks
1. Regulatory frameworks based on relevant laws and regulations
2. Non-regulatory framework typically identifies common standards and best practices that organizations can follow. i.e. COBIT
3. Industry-specific i.e. PCI DSS for credit cards
