Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security + > Chapter 9 - Malware, Vulnerabilities, & Threats > Flashcards

Chapter 9 - Malware, Vulnerabilities, & Threats Flashcards

1
Q

How is spyware different from other malware?

9 - 300

A

because it works on behalf of a third party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a rootkit?

9 - 301

A

software program that has the ability to hide certain things from the operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is a trojan horse?

9 - 305

A

programs that enter a system or network under the guise of another program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what file extension belongs in both columns of allowed and not allowed for email attachments?

9 - 307

A

.pdf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is a logic bomb?

9 - 307

A

programs or code snippets that execute when a certain predefined event occurs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is a backdoor attack?

9 - 308

A

2 different meanings

  1. troubleshooting and developer hooks into systems that often circumvented normal authentication
  2. gaining access to a network and inserting a program or utility that creates an entrance for an attacker
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is a botnet?

9 - 309

A

software running on infected computers called zombies, under the control of a bot herder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is ransomware?

9 - 309

A

software delivered through a trojean takes control of a system and demands that a third party be paid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

tell me the 8 kinds of viruses

9 - 310

A

polymorphic - change form to avoid detection
stealth - masking themselves from applications
retrovirus - attack or bypass the antivirus software database
multipartite - attack system in multiple ways
armored - difficult to detect or analyze
companion - also known as a trojan, attach to program and create program with a different filename extension
phage - modify and alter programs or databases
macro - exploits the enhancements made to application programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what does it mean to use the “layered approach” with antivirus software?

9 - 317

A

it means you put the antivirus software at the gateways, the servers, and at the dekstop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

two of the most common types of DoS attacks are what?

9 - 319

A

ping of death - send ICMP packets that are larger than the system can handle
buffer overflow - put more data into the buffer than it can hold

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DDoS uses one computer to target multiple or multiple computers to target one ?

9 - 321

A

multiple computers to target one computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is spear phishing?

9 - 323

A

unique form of phishing in which the message is made to look as if it came from someone you know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

is a man in the middle attack an active or passive attack?

what’s another name for this kind of attack?

9 - 324

A

active

TCP/IP hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what is a smurf attack?

9 - 326

A

spoofing the target machine’s IP address and broadcasting to that machine’s routers so that the routers think the target is sending out the broadcast. target system becomes overloaded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

tell me the 5 kinds of password attacks

9 - 327

A

brute force - guess until you get it right
dictionary - use common words to guess password
hybrid - combines dictionary with brute force
birthday - if your key is hashed, given enough time, another value can be created that will give the same hash value
rainbow table - identifying a stored value

17
Q

what is privilege escalation?

9 - 328

A

user gaining more privileges than they should have because you forgot to remove the backdoor

18
Q

malicious insider threat?

9 - 332

A

someone on the inside who sells you out

19
Q

client-side attack?

9 - 333

A

targets vulnerabilities in client applications that interact with a malicious server

20
Q

typo squatting is the same as what?

9 - 333

A

URL hijacking

21
Q

what is the strategy of watering hole attack?

9 - 334

A

to identify a site that is visited by those they are targeting, and poison that site

22
Q

tell me about Cross-Site Request Forgery

9 - 335

A

XSRF, session riding, one click attack, all the same thing

unauthorized commands coming from a trusted user to the website

23
Q

what is a directory traversal attack?

9 - 337

A

when attacker gains access to restricted directories through HTTP

24
Q

should you or should you not allow ActiveX without prompting you?

9 - 340

A

don’t allow it without a prompt

25
Q

what’s the difference between risk, threat, and vulnerability?

9 - 344,345

A

risk - what is the likelihood of an attack being successful?
threat - what are the dangers associated with the risk
vulnerabilites? - where is the system weak?

26
Q

DNS spoofing?

9 - 322

A

associates IP addresses with a domain

27
Q

what is a SQL injection

9 - 335

A

type sql code into username field and start extracting data

Security + (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions