Cyber 160 Module 3~ Threats and Attacks and Endpoints Flashcards

1
Q

**

network connected hardware devices

A

endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

software that enters a computer system without the users knowledge or consent and then performs, unwanted and harmful actions

A

malware

imprison

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

prevents a user endpoint device from properly and fully functioning until a fee is paid

A

ransomware

imprison

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

type of ransomware that encrypts all the files on the devices so that none of them can be opened

A

cryptoware

imprison

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

malicious computer code that is attached to a file

Ex: user might send an infected email to another user and once the virus reaches the computer it begins to infect it

A

file-based virus

launch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

does not attatch to a file, takes advantage of native services and proccesses that are part of the operating system to avoid detection and carry out it’s attacks

A

fileless virus

launch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

uses a computer network to replicate

A

net virus or worm

launch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

infected computer placed under the remote control of an attacker for the purpose of launching attacks

A

zombie or bot

launch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

a structure that sends instructions to infected bot computers

A

command and control (C&C)

launch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

tracking software that’s developed without the consent or control of the user

A

spyware

snoop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

silently caputres and stores each keystroke that a user types on the computer keyboard

A

keylogger

snoop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

software that users do not want on their comptuer that comes pre-installed

Ex: pop-up windows

A

potentially unwanted programs (PUPs)

deceive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

executable program that masquerades as performing a kind activity but also does something malicious

A

trojan

deceive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

basic functionality of a trojan but also gives the threat agaent unauthorized remote access to the victim’s computer by using specially configured command protocols

A

remote access trojan (rat)

deceiver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it

A

logic bomb

evade

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

fives access to a computer program or seervice that cirumvents any normal security protectections ; allows attacker to return and bypass securtiy settings

A

backdoor

evade

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

hides its presence and the presence of other malware on the computer

A

rootkit

evade

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

attack takes advtage of a website that accepts user input without validating

A

cross-site scripting (xss)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

inserts statements to manipulate a database server using structured querty language command and targets SQL servers by introducing malicous commands into them

A

SQL injection

19
Q

attack that introduces new input to exploit a vulnerability

20
Q

language used to view and manipulate data thats stored in a relational database

A

Structured Query Language

21
Q

markup language designed to store information

A

eXtensible Markup Language

22
Q

inserts statemnet to manipulate a database server using extensible Markup Language (XML)

A

XML injection

23
Q

takes advantage of an unauthentication “token” that a website sends to a user’s web browser while pretending to be an authroized user

A

cross site request forgery (CSRF)

24
takes advantave of an authentication "token" that a website sends to a user's web browser to imitate the identity and privillege of the victim
client-side request forgery
25
takes advantage of a trusting relationship between web servers to gain access to sensitive data or inject harmful data
server- side request forgery (SSRF)
26
attack that copies data and the uses it for an attack; later threat actor retransmits selected and edited portions of coppied command to later impersonate the legitimate user
replay
27
depletes part of memory and thus interferes with normal operatings of the program in RAM
resource exhaustion attacks
28
due to a programming error, memory is not freed when the program has finsihed being used
memory leak
29
proccess attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer
buffer overflow attack
30
attackers change the value of a variable to something outside the range the programmer had inteded by using an integer overflow ## Footnote Ex: withdrawing $1 from an account getting a balance of $0 could cause a balance of $4,234,432,567
integer over flow attack
31
programming error that doesn't filter or validate user input to prevent a malicious action
improper input handling
32
programming error that does not properly trap an error condition
error handling
33
flaw that results in a pointer given a NULL instead of valid value
project/object derference
34
when two concurrent threads of execution access on a shared resource simultaneously
race condition
35
software check of the state of a resource before using that resource
time of check / time of use
36
attack that targets vulnerabilities is an API
application program interface (API) attack
37
link provided by operating system, web browser or other platform that allows a developer access to resources at a high level
application program interface (API)
38
software that controls and operates an external hardware device thats connected to a computer
device driver
39
attack that alters a device driver from its normal function
device driver manipulation
40
changing the design of exhisitng code
refactoring
41
storage of both code and data that can be used by more than one program at the same time
Dynamic- Link Library (DLL)
42
attack that inserts code into a running proccess through a DLL to cause a program to function in a different way then intended
DLL injection
43
exploiting the risks associated with using AI and ML in cyber security
adversial artificial intelligence
44
risks associated with the vulnerabilities in AI- powered cybersercuirty applications and their devices
security of ML algortithms
45
risks associated wihth attackers can attempt to alter the trainnig data thats used by ML and can attempt to alter ttraining data used by machine learning to produce false negative and cloak themselves
tainted training data for machine learning