Chapter 9 - Malware, Vulnerabilities, & Threats

Question 1

How is spyware different from other malware?

9 - 300

Answer 1

because it works on behalf of a third party

Question 2

What is a rootkit?

9 - 301

Answer 2

software program that has the ability to hide certain things from the operating system

Question 3

what is a trojan horse?

9 - 305

Answer 3

programs that enter a system or network under the guise of another program

Question 4

what file extension belongs in both columns of allowed and not allowed for email attachments?

9 - 307

Answer 4

.pdf

Question 5

what is a logic bomb?

9 - 307

Answer 5

programs or code snippets that execute when a certain predefined event occurs

Question 6

what is a backdoor attack?

9 - 308

Answer 6

2 different meanings

1. troubleshooting and developer hooks into systems that often circumvented normal authentication
2. gaining access to a network and inserting a program or utility that creates an entrance for an attacker

Question 7

what is a botnet?

9 - 309

Answer 7

software running on infected computers called zombies, under the control of a bot herder

Question 8

what is ransomware?

9 - 309

Answer 8

software delivered through a trojean takes control of a system and demands that a third party be paid

Question 9

tell me the 8 kinds of viruses

9 - 310

Answer 9

polymorphic - change form to avoid detection
stealth - masking themselves from applications
retrovirus - attack or bypass the antivirus software database
multipartite - attack system in multiple ways
armored - difficult to detect or analyze
companion - also known as a trojan, attach to program and create program with a different filename extension
phage - modify and alter programs or databases
macro - exploits the enhancements made to application programs

Question 10

what does it mean to use the “layered approach” with antivirus software?

9 - 317

Answer 10

it means you put the antivirus software at the gateways, the servers, and at the dekstop

Question 11

two of the most common types of DoS attacks are what?

9 - 319

Answer 11

ping of death - send ICMP packets that are larger than the system can handle
buffer overflow - put more data into the buffer than it can hold

Question 12

DDoS uses one computer to target multiple or multiple computers to target one ?

9 - 321

Answer 12

multiple computers to target one computer

Question 13

what is spear phishing?

9 - 323

Answer 13

unique form of phishing in which the message is made to look as if it came from someone you know

Question 14

is a man in the middle attack an active or passive attack?

what’s another name for this kind of attack?

9 - 324

Answer 14

active

TCP/IP hijacking

Question 15

what is a smurf attack?

9 - 326

Answer 15

spoofing the target machine’s IP address and broadcasting to that machine’s routers so that the routers think the target is sending out the broadcast. target system becomes overloaded.

Question 16

tell me the 5 kinds of password attacks

9 - 327

Answer 16

brute force - guess until you get it right
dictionary - use common words to guess password
hybrid - combines dictionary with brute force
birthday - if your key is hashed, given enough time, another value can be created that will give the same hash value
rainbow table - identifying a stored value

Question 17

what is privilege escalation?

9 - 328

Answer 17

user gaining more privileges than they should have because you forgot to remove the backdoor

Question 18

malicious insider threat?

9 - 332

Answer 18

someone on the inside who sells you out

Question 19

client-side attack?

9 - 333

Answer 19

targets vulnerabilities in client applications that interact with a malicious server

Question 20

typo squatting is the same as what?

9 - 333

Answer 20

URL hijacking

Question 21

what is the strategy of watering hole attack?

9 - 334

Answer 21

to identify a site that is visited by those they are targeting, and poison that site

Question 22

tell me about Cross-Site Request Forgery

9 - 335

Answer 22

XSRF, session riding, one click attack, all the same thing

unauthorized commands coming from a trusted user to the website

Question 23

what is a directory traversal attack?

9 - 337

Answer 23

when attacker gains access to restricted directories through HTTP

Question 24

should you or should you not allow ActiveX without prompting you?

9 - 340

Answer 24

don’t allow it without a prompt

Question 25

what’s the difference between risk, threat, and vulnerability?

9 - 344,345

Answer 25

risk - what is the likelihood of an attack being successful?
threat - what are the dangers associated with the risk
vulnerabilites? - where is the system weak?

Question 26

DNS spoofing?

9 - 322

Answer 26

associates IP addresses with a domain

Question 27

what is a SQL injection

9 - 335

Answer 27

type sql code into username field and start extracting data