Comptia Security + Flashcards
What is phishing ?
social engineering that mimics email to steal your information
what is typosquatting and prepending of the Url ?
Hijacking of a url ( usually changes one one thing ) in the domain name or add onto the domains beginning . Prepending is adding onto the beginning. Typosquatting is changing the url name to make it seem believable
what is pretexting?
Lying to gain information, this can be done via phone or email
what is Pharming ?
A poisoned DNS that is combined with fishing that targets a group of people
What is Vishing/Smishing?
Voice and SMS phising
What is reconnoissance ?
Gathering information on victims
What is spear phishing ?
targeted phishing with inside information
what is whaling ?
a phishing attack that attacks the CEO
What is shoulder surfing ?
Looking over someones shoulder to gather information
What is a Hoax in term of IT?
A threat that dosen’t actually exist
What is a waterhole attach and how do you prevent it ?
A water hole attack is a cyber attack that install malware from a third party organization. In order to prevent water hole attacks a company should use a next gen firewall and anti-malware/ Anti-virus
How does a mail gateway system prevent against spam email ?
The mail gate way acts as a firewall for incoming and outgoing emails filter to detect varied problems. It does this by identifying keywords and problematic know senders
What is a reverse DNS? and how does it help prevent spam?
The email server will look at the known IP address and see if it matches the sender
What is tailgating?
using a authorized person to Gaining unauthorised access to a building
What is an invoice scam?
An attack that is disguised as a Bill
What is credential harvesting?
An attacker is looking to find your sign-ins, this is done via malicious emails.
What is a virus?
Malware that needs a human to download it to begin the replicating process
What is a worm?
Malware that does not need a human to click on it before it begins replicating
What is electing information tactic?
A person call and pretends to be from the help desk and convinces people to give information.
What is trojan Horse software?
A software that looks normal but has an ulterior motive to do bad or simple do nothing
What is a back door during malware?
A way for malware to reconnect to your system without having to go through the front door
What is RAT ( REMOTE ACESS TROJANS ) ?
A program that give a 3rd party full remote access over the operating system
What is a root kit and why is it so hard to get rid of ?
A type of malware that modifies the core system files
What is crypto-malware?
Encryption that requires a key in order to use-crypt information. Victim must pay ransom in order to get the key .
What is Adware?
A malware attack that pop-ups ads
What is a Botnet?
A group of computers that have been taken over to form a network of bots
What is a Logic bomb?
A bomb that has been left to activate later, this is malware
what is pup malware? ( potential unwanted pop-up)
Any un wanted malware
What is DDoS?
Distributed denial of service
What is a password Hash?
a string of text that is used to represent password data. Hash can not be reversed
What is a Spraying attack?
trying to log in with common passwords
What is a Brute force attack?
this type of attack tries every possible password combination
what is a dictionary attack?
many common password wordlists are standard among people in a certain industry
What is a rainbow table?
A table that has saved passwords and their hashes
What is salt?
A salt is random data added to a password when hashing
Why are malicious USB and Flash drivers known as HID ? and how do they attack the system?
They are known as Human interface Devices because they can begin typing w/o human interaction. They use that to there advantage to download malware onto computer. They can also have a keyboard logger .
What is skimming?
copying data from magnetic stripe on credit cards
What is a C2 server?
A c2 server is the mail tool cyber threat actors use to launch and control cyber attacks
Why is it important to check data when inserting it into a machine learning program ?
The machine learning program is only as good as the data is. A poisoned data means weakness within the program
What is supply chain security ?
Supply chain security is ensuring that there are polices and procedures in place to protect your network from other companies that work with yours.
what is a hash collision ?
is when 2 pieces of different data share the same hash value 
How do you avoid hash collision ?
Increasing the hash length decreases the chance of a collision happening
What is the downgrade attack ?
A type of attack that is done during sending of data. This attacks causes systems to downgrade their security
What is privildge escalation ?
An average user gains administer access to the operation system
What is the difference between a vertical escalation and a horizontal escalation ?
In a vertical escalation a normal user is gaining administrative, while in a horizontal escalation user A is gaining access to user B
What is data execution prevention ?
only allows application to run where that data and its functions are allowed to run. This prevent privilege escalation
What is a cross site script ?
Information from one site is shared with another
What is a non-persistent ( reflected) XSS attack?
It is an attack that allows the script to run in user input. For example, there is a fake website that allows session id to be available just from the user inserting information into the empty info box
What is a persistent reflected (stored) attack?
An attack that is stored onto a post and does not specifically target a person, but all who come into contact with the post
What is a code injection attack?
adding your own information into a data stream and stealing information, bad programming leads to this. This should not be allowed
What is a buffer overflow?
One section of memory is an override a different section of memory
What is a replay attack ?
An attacker gathers raw network data and send it across the network to make it seem as if it was coming someone in the network
What is pass the hash ?
During this type of attack the attacker places a device between the victim and the server so that the attacker also receive the hash as it goes to the server to authenticate. why is this bad ?
How can you protect a client from a pass the hash attack ?
End-to end encryption and salt ( one time authentication session id could not be used again)
Explain what end to end encryption is
Both ends are encrypted. I send a friend a message using there public key and the decrypt it with there private key
What is session Hijacking ( or sidejacking ) ?
An attacker gain the session id and bypasses the authentication and posses as you
Explain what a cross site request forgery
An attacker will create a hyperlink that is sent to the victim to click. Once this has been clicked the victims computer will connect to the banks server and the attacker will naw be able to do whatever they want with the victims account
Explain what a server side request forgery
An attacker finds a vulnerability within an application on the web server .The attacker will then send a request that will request the web server to gather more information the the victims server
What are some attacks that can be done with drives ?
Since drivers work along side software , they can be manipulated to turn into a key logger to steal sensitive information as the person types it
what is the windows shim? and how do attackers use it to get malware onto victims computer ?
The windows shims allows application to run on older window models. Attackers will write there own shim and this will help them by pass any user security features
What is a metamorphic malware ? ( refactoring)
a metamorphic malware is an attack that appears different each due to it redesigning itself. This makes it extremely hard for anti-malware protection to protect.
What is SSL stripping /HTTP downgrade ?
During this type of attack the attacker sit in between the client and the server and uses no encrypted communication between the victim and there self. The attacker will use encrypted communication( https) with the web server but communicate back to the victim in http to prompt the victim to keep sharing sensitive information. This can all be avoided by only using Https.
What is a race condition ?
A race condition is behavior of a software system depends on the relative timing of events such as the order in which threads are scheduled to run.
What is NULL Pointer dereference ?
a program will attempt to reference a portion of memory that does not have anything or is undefined. This will cause the application to crash.
What is integer overflow ?
An integer overflow is larger number are placed into smaller sized space. This causes overflow into other memory sections.
Explain what a directory traversal is
during this type of attack the hacker is able to read files of a web server that are outside of the websites file directory
explain what improper error handling is
this is when error messages show to much information and could lead to sharing very sensitive information to the wrong personal
Explain what a API attack is
An attack that looks into vulnerabilities in api-based apps
What is a shim ? In operating system ?
In windows through the use of shims, an older software can be ran through a previous windows Version while still in the new version
What is a rouge access point ? and its evil town ?
A rouge access point in a unauthorized access point that isn’t necessarily malicious . An wireless evil twin looks legitimate but it is malicious. If you are using the evil twin just make sure the communication in encrypted
What is bluejacking ?
An unsolicited message via Bluetooth
What is Bluesnarfing ?
An attacker can access data from your phone using Bluetooth
What’s are management frames ?
Are a specific type of frame that is used in wireless networking. This protocol allows you to join/ leave the wireless network while also authenticating your device.
What is an Disassociation attack ?
Is an attack the causes DOS by attacking the 802.11 protocol that is used to during wireless networking. This is because the management frames are not encrypted .
What is RF jamming ?
During a RF jamming the good signal is no longer becoming the main signal because of the noise around.
What is a cryptographic nonce ?
This is a random or pseudo number that can’t be reasonably guessed. The nonce is added into the login process to help create different hashes each time to avoid a replay attack( aka decrypting the hash).
What does it mean to salt a password ?
Salting means that a nonce is added to every pass word saved onto the data base. This means no hash will be the same even if the passwords are the same
How do you add randomization to cryptography ?
By adding a nonce. A nonce is a set of value that is used for the time being. A nonce will be different every log in. The server will check your nonce along with your password hash and if it looks good will grant you acesss.