Cyber Attacks and Vulnerabilities Flashcards

1
Q

Vulnerability where code placed in programs that bybass normal authentication and security mechanisms

A

Backdooor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Method of accessing unauthorized directories by moving through the directory structure on a remote server

A

Directory Traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

when attacker is able to execute or run commands on a victim computer

A

Arbitrary Code Execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Attacker is able to execute commands remotely

A

RCE - Remote Code Execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Attack against a vulnerability that is unknown to original developer or manufacturer

A

Zero Day

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When a process stores data outside the memory range allocated by the developer

A

Buffer Overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Occurs when an attack fills up the buffer with a non-operational instruction (NOP) so that the return address may hit a NOP and continue on until it finds the attacker’s code to run

A

Smash the Stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An attack that overflows a server with traffic, overloading and rendering it inaccessible to legitimate users

A

DOS - Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Occurs when an attacker embeds malicious scripting commands into a trusted website

A

XSS - Cross Site Scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Type of XSS attack that attempts to get data provided by the attacker to be saved on the web server by the victim

A

Stored/Persistent XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Type of XSS attack that attempts to have a non persistent effect activated by a victim clicking a link on the site

A

Reflected XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

XSS attack that attempts to exploit the victim’s web browser

A

DOM-Based XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Occurs when attacker forces a user to execute actions on a web server for which they are already authenticated

A

Cross Site Request Forgery - XSRF/CSRF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

attack that involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.

A

DDOS - Distributed Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Attack that manipulates or compromises the logic of an XML application or service.

A

XML injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

XML attack that embeds a request for local resource

A

XML External Entity XXE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing (similar to DOS)

A

XML Bomb

19
Q

Software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer

A

Race Condition

20
Q

Password attack where a threat actor uses a single common password or a short list of common passwords against multiple accounts on the same application. This avoids the account lockouts that typically occur when an attacker uses a brute force attack on a single account by trying many passwords.

A

Spraying Attack

21
Q

Password Attack that uses a predefined list of words

A

Dictionary Attack

22
Q

What is a rainbow table attack?

A

Password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database. Used to speed up the process of password guessing.

23
Q

What is an evil twin attack?

A

fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications.

24
Q

What is bluesnarfing?

A

When a hacker accesses a wireless device through a Bluetooth connection.

25
Q

What is bluejacking?

A

Sending unsolicited messages over bluetooth

26
Q

What is wireless disassociation attack?

A

also known as deauthentication attacks

wireless network attacks that target the 802.11 Wi-Fi protocol by sending forged deauthentication frames to a wireless access point or client device, causing the device to disconnect from the network.

27
Q

What is the most common form of DDoS attack?

A

Network Based

28
Q

What factor has the biggest impact on domain reputation?

A

Distribution of spam

29
Q

What enables client side URL redirection? Hosts or localhost?

A

Hosts

30
Q

What is DNS poisoning?

A

Remapping a domain name to a rogue IP address

31
Q

What is domain hijacking?

A

a situation in which domain registrants lose control over their domain names due to unlawful actions of third parties

32
Q

An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as

A

MAC cloning, MAC spoofing

33
Q

What is MAC flooding?

A

network attack that overflows a switch’s memory used to store the MAC address table.

34
Q

What is a smurf attack?

A

A Smurf attack is a distributed denial-of-service attack in which large numbers of ICMP packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.

Key word is ICMP Packets

35
Q

What is a ping of death attack?

A

A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer.

36
Q

What is used in data URL phishing?

A

Prepending

37
Q

What is prepending?

A

Prepending is the technique of adding a data URL prefix before a legitimate URL, making it appear like a secure link to the user. For example, an attacker may use a link such as “data:text/html,https://www.paypal.com” to create a fake PayPal login page. When the user clicks on the link, the malicious payload is executed, leading to the theft of the user’s PayPal credentials.

38
Q

What is cryptomalware?

A

Malware that uses encryption

39
Q

What is an SSRF attack?

A

Server Side Request Forgery - involves an attacker abusing server functionality to access or modify resources. The attacker targets an application that supports data imports from URLs or allows them to read data from URLs.

40
Q

What is Integer Overflow?

A

programming error where an application tries to store a numeric value in a variable that is too small to hold it?

41
Q

What is a null pointer deference?

A

When a computer attempts to read a variable value from an invalid memory address

42
Q

Exploits the trust a user’s web browser has in a website….XSS or XSRF?

A

XSS

43
Q

User’s browser executes attacker’s script…..XSS or XSRF?

A

XSS