Common Threat Vector 2.2 Flashcards
1
Q
Threat Vector
A
- Method used by the attacker
2
Q
Attack Vector
A
- A way attackers can gain access to a system or infect an intended target.
3
Q
Message Based Vectors
A
- One of the biggest, and most successful threat vectors.
4
Q
Messaged Based Vector - Email
A
- Attackers can send malicious links in an email.
5
Q
Message Based Vector - SMS (Short Message Service)
A
- Attackers performed via text message.
- Sending malicious links
6
Q
Phishing
A
- A type of social engineering attack.
- Attacker attempts to obtain sensitive information from users by masquerading as a trusted entity.
- Encourages recipients to go to a website that appears reputable
7
Q
Imaged-based Vectors
A
- More difficult to identify the threat in an image.
8
Q
Formats of Image-Based Vectors
A
- Scalable Vector Graphic format (SVG)
- Extensible Markup Language (XML)
9
Q
Vishing
A
- Using voice communication technology to obtain a victim’s information.
- Takes advantage of the trust in the telephone network.
10
Q
Malicious Flash Drive
A
- The attacker leaves tainted USB devices for people to pick up and use.
- User plugs the USB into their device then an automates the attack.
- Can act as a keyboards.
11
Q
Client Based Software Vector
A
- Infected executable
- Known (or unknown) vulnerabilities
- May require constant updates
12
Q
Agentless System
A
- To access the intended software connect to a separate system.
- Common with web based applications or products.
- Compromises the server which affects all users on the system.
13
Q
Unsupported Systems Vectors
A
- Outdated software that is no longer supported and can’t be patched
- Can be a single entry for a vector attack
14
Q
Unsecure Network Vectors
A
- A company’s network connects everything.
- The attacker no longer needs direct physical access.
15
Q
802.1X
A
- Authentication standard that supports port-based authentication services between a user and an authorization device.
- Commonly used on wireless access point.