Common Threat Vector 2.2 Flashcards

1
Q

Threat Vector

A
  • Method used by the attacker
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Attack Vector

A
  • A way attackers can gain access to a system or infect an intended target.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Message Based Vectors

A
  • One of the biggest, and most successful threat vectors.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Messaged Based Vector - Email

A
  • Attackers can send malicious links in an email.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Message Based Vector - SMS (Short Message Service)

A
  • Attackers performed via text message.
  • Sending malicious links
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Phishing

A
  • A type of social engineering attack.
  • Attacker attempts to obtain sensitive information from users by masquerading as a trusted entity.
  • Encourages recipients to go to a website that appears reputable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Imaged-based Vectors

A
  • More difficult to identify the threat in an image.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Formats of Image-Based Vectors

A
  • Scalable Vector Graphic format (SVG)
  • Extensible Markup Language (XML)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Vishing

A
  • Using voice communication technology to obtain a victim’s information.
  • Takes advantage of the trust in the telephone network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Malicious Flash Drive

A
  • The attacker leaves tainted USB devices for people to pick up and use.
  • User plugs the USB into their device then an automates the attack.
  • Can act as a keyboards.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Client Based Software Vector

A
  • Infected executable
  • Known (or unknown) vulnerabilities
  • May require constant updates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Agentless System

A
  • To access the intended software connect to a separate system.
  • Common with web based applications or products.
  • Compromises the server which affects all users on the system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Unsupported Systems Vectors

A
  • Outdated software that is no longer supported and can’t be patched
  • Can be a single entry for a vector attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Unsecure Network Vectors

A
  • A company’s network connects everything.
  • The attacker no longer needs direct physical access.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

802.1X

A
  • Authentication standard that supports port-based authentication services between a user and an authorization device.
  • Commonly used on wireless access point.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Open Ports and Services

A
  • Every open port is an opportunity for the attacker.
  • Services on machines are accessed through TCP or UDP ports.
17
Q

Firewall Rules

A
  • Any service not being used should be disabled.
  • Ports should be blocked by the firewall.
18
Q

Weak Configurations

A
  • Most devices have default usernames and passwords which must be changed upon receiving the device.
  • Correct credentials provide full control.
19
Q

Supply Chain Vectors

A
  • Involves using a company’s supply chain as an unwitting agent in an attack.
  • Tampering with the underlying infrastructure or manufacturing process.
20
Q

Managed Service Provider (MSP)

A
  • Company that remotely manages a customer’s IT infrastructure.
  • If an attacker gains access to the MSP, they can gain access to a system.