Cheat Sheet

Question 1

Virus

Answer 1

replicates using port 1900

Question 2

Polymorphic virus

Answer 2

mutates, as does its hash value

Question 3

Ransomware

Answer 3

asks for money; could be subtle

Question 4

Worm

Answer 4

spreads using port 5000

Question 5

Trojan

Answer 5

could change .dll files

Question 6

Rootkit

Answer 6

upon reinstalling the OS, it is still there; in Linux, look for the bash shell as a path

Question 7

Keylogger

Answer 7

logs keystrokes

Question 8

Adware

Answer 8

uses popups

Question 9

Bots

Answer 9

infected machine used as an attack vector

Question 10

RAT

Answer 10

sends back passwords to the hacker, who then logs in

Question 11

Logic bomb

Answer 11

needs a trigger, such as time

Question 12

Phishing

Answer 12

uses email; targets one person

Question 13

Spear phishing

Answer 13

attacks a group; look for plurals in the question

Question 14

Whaling

Answer 14

attacks CEO or high‐level executives

Question 15

Vishing

Answer 15

uses a telephone or leaves a voicemail

Question 16

Tailgating

Answer 16

follows someone through; does not use credentials

Question 17

Impersonating

Answer 17

pretends to be from the help desk or IT team

Question 18

Dumpster diving

Answer 18

pulls information from the trash bin

Question 19

Shoulder surfing

Answer 19

someone looks over an employee’s shoulder or uses a smartphone to video your bank transaction

Question 20

Watering hole

Answer 20

infects a trusted website

Question 21

Authority

Answer 21

email from CEO or HR; asks you to fill in a form

Question 22

Urgency

Answer 22

letting a fireman into the server room

Question 23

DoS

Answer 23

one host taking out another

Question 24

DDoS

Answer 24

multiple hosts taking out one host

Question 25

Man‐in‐the middle

Answer 25

interception attack data in real time

Question 26

Replay

Answer 26

interception attack data replayed at a later date

Question 27

Kerberos

Answer 27

prevents replay and pass‐the‐hash attacks

Question 28

Buffer overflow

Answer 28

too much data in a field

Question 29

Integer overflow

Answer 29

too large a number in a data field

Question 30

XSS

Answer 30

uses HTML tags/JavaScript; no authentication

Question 31

XSRF/CSRF

Answer 31

asks you to click on an icon and provide authentication

Question 32

Privilege escalation

Answer 32

tries to get admin rights

Question 33

ARP poisoning

Answer 33

prevented by using static entries in the arp cache—for example, arp ‐s

Question 34

DNS poisoning

Answer 34

prevented by using DNSSEC that produces RRSIG records

Question 35

ARP

Answer 35

local LAN attack

Question 36

Man‐in‐the‐browser

Answer 36

trojan already installed; after bank transactions; URL does not change

Question 37

Zero‐day virus

Answer 37

cannot be detected other than baseline; takes more time to get antidote.

Question 38

Pass‐the‐hash

Answer 38

attacks NTLM authentication; prevented by disabling NTLM or using Kerberos

Question 39

Session hijacking

Answer 39

steals your cookies

Question 40

Evil twin

Answer 40

looks like a legitimate WAP

Question 41

Rogue AP

Answer 41

free; steals information; prevented by using 802.1x

Question 42

Jamming

Answer 42

interference attack

Question 43

WPS

Answer 43

push the button; brute-force attacks underlying password

Question 44

Bluejacking

Answer 44

hijacks Bluetooth phone; sends text messages

Question 45

Bluesnarfing

Answer 45

steals contacts from Bluetooth phone

Question 46

RFID

Answer 46

prevents theft of small devices

Question 47

NFC

Answer 47

wireless payment; short range

Question 48

Birthday

Answer 48

hash-collision attack; digital signatures vulnerable

Question 49

Disassociation attacks

Answer 49

prevents access to the WAP

Question 50

Rainbow tables

Answer 50

precomputed list of passwords and hashes; used for hash-collision attacks

Question 51

Dictionary

Answer 51

password; prevented by using a random character in your password or misspelling your password

Question 52

Brute force

Answer 52

every available combination; prevents account lockout low value or salt password

Question 53

Collison

Answer 53

matches hashes

Question 54

Weak implementation

Answer 54

uses WEP; better to use WPA2‐CCMP as it is the strongest

Question 54

Downgrade

Answer 54

uses legacy SSL rather than TLS; POODLE is a classic example

Question 55

Script kiddie

Answer 55

purchases scripts and programs, probably from the dark web

Question 56

Hacktivist

Answer 56

politically motivated agent

Question 57

Nation state/APT

Answer 57

foreign government agent

Question 58

Organized crime

Answer 58

profit-driven agent who will blackmail you

Question 59

Competitors

Answer 59

steals your trade secrets; beats you to market with your product

Question 59

Insider

Answer 59

known as a malicious insider; hardest to detect

Question 60

Intrusive

Answer 60

can cause damage

Question 61

Black box

Answer 61

knows nothing

Question 62

White box

Answer 62

knows everything

Question 63

Gray box

Answer 63

has at least one piece of information—for example, a password or diagram

Question 64

Fuzzing

Answer 64

enters random characters into an application for spurious results; black-/white-box pen testers use it

Question 65

Pivot

Answer 65

accesses a network through a vulnerable host, then attacks a secondary, more important host

Question 66

Initial exploitation

Answer 66

where pen testing starts

Question 67

Escalation of privileges

Answer 67

obtains admin rights

Question 68

Intrusive scan

Answer 68

used in pen testing; can cause damage to your system

Question 69

Passive

Answer 69

no damage

Question 70

Credentialed

Answer 70

admin rights; more information; audit files; account and certificate information

Question 71

Non‐credentialed

Answer 71

low level; finds missing patches

Question 72

Race condition

Answer 72

two threads accessing data at the same time

Question 73

End‐of‐life systems

Answer 73

lack of vendor support; no patches

Question 74

Error handling

Answer 74

customer side makes error small; IT support error needs all information

Question 75

Default configuration

Answer 75

changes username or passwords

Question 76

Untrained users

Answer 76

not complying with policies

Question 76

Resource exhaustion

Answer 76

running CPU at 100% or running out of memory

Question 77

Key management

Answer 77

ensures keys signed in and out each day