Common Threats and Vulnerabilities Flashcards
_________is malicious software used by threat actors to compromise target computers for harmful purposes.
Malware
This is a type of malware used to secretly gather data on a target computer and send it back to threat actors.
Spyware
This is a collection of malware tools that can be used by threat actors to remotely access and control target computers.
Rootkit
This is a type of malware that is used by threat actors to encrypt the hard drive content of a target computer.
Ransomware
This is a type of malware that redirects the browser on target computers to various predetermined websites chosen by threat actors.
Adware
This is a type of malware used by thread actors on target computers to take over computer resources for the purposes of mining.
Cryptojacking
A self propagating malicious code that can propagate to other systems on the network and consume resources that could lead to a denial of service attack is called a_________.
Worm
A computer malware code that replicates itself on the target computer and spreads through the network, causing damage and distributing additional harmful payloads is called a ______.
Virus
A program that appears to be useful or harmless, but contains hidden code that can compromise the target system on which it runs is called a _______
Trojan horse
What type of attack occurs when threat actors utilize botnets on several computers to overwhelm our targeted web server?
DDoS
True or false? Following a “clear screen” policy means that you keep your computer in a locked state when you are away from your desk.
True
Thread actors send emails randomly to a very large number of recipients with the intent to gather information or fraud for identity theft.
Phishing
Threat actors send emails that are carefully designed to get a single recipient within an organization to respond and unknowingly, install malware onto their system.
Spear phishing
Threat actors create fraudulent text messages to try to lure victims into revealing account information or installing malware.
Smishing
Threat actors use voice calls to manipulate an individual into releasing confidential data.
Vishing
What kind of attack intercepts and alters data sent between two hosts?
Man-in-the-middle
What is spyware?
A program that collects information about users, systems, and browsing habits.
What is the term for a collection of software tools used by an attacker to obtain administrator level access to a computer?
Rootkit
What attack method requires the use of a phone to obtain personal or sensitive information?
Vishing
Which type of cyber attack includes fishing, tailgating, and shoulder surfing?
Social engineering
Which social engineering attack targets high ranking individuals in order to compromise personal or sensitive data?
Whaling
Which type of physical attack involves entry into a restricted building or area?
Tailgating
What type of attack is directed toward a specific group of users to trick them into visiting an infected website?
Watering hole
You discover malware that has been collecting data and forwarding it to another server in a different country. For several months, what type of attack is this?
Advanced persistent threat
What is a common type of attack launched under IoT devices?
DDoS attack
True or false? Advanced persistent threat (ATP) attacks are used to steal data?
True
An employee steals confidential technical specifications for a product for personal gain.
Malicious insider
An employee takes home a storage drive without authorization, which is then stolen from the employee’s vehicle.
Negligent insider
An employee gives their credentials to an attacker and a spear fishing attack, and the attacker uses the credentials to launch further attacks.
Compromise insider
