Cybersecurity Fundamentals Week 5

Question 1

Black hat hackers (crackers)

Answer 1

Hackers who attempt to obtain unauthorized access to computer systems to damage their operations or to steal confidential data.

Question 2

Bot/Botnet

Answer 2

A computer system network that as been compromised and is under the attackers control. They are used to carry out diff schemes and cyberattacks.

Question 3

Buffer overflow

Answer 3

Buffers that store data temporarily during a transfer.When data volume exceeds the memory buffers capacity, a buffer overflow occurs. When this happens memory areas are overwritten.

Question 4

Clickjacking

Answer 4

An attack that tricks victims into unintentionally clicking on a malicious link or button that is usually disguised as a harmless element.

Question 5

Command and control (c&c/c2)

Answer 5

A tactic used to communicate between a compromised system and an attacker.

Question 6

Common vulnerabilities and exposures (CVE)

Answer 6

A global program whose goal is to ID, define, and classify publicly disclosed cybersecurity vulnerabilities.

Question 7

Credential stuffing

Answer 7

A type of attack in which attackers utilize compromised lists of user credentials to infiltrate a system.

Question 8

Cybersecurity Framework

Answer 8

A collection of documentation that defines the best practices for organizations to manage and handle cyber threats. These decrease organizations exposure to weaknesses and threats.

Question 9

Denial-of-service attack (DoS, DDoS)

Answer 9

Attack designed to shut down a system or network by making its resources unavailable to users by overwhelming the target causing it to fail. DDoS is same but uses many more devices and has a more significant attack.

Question 10

Dictionary attack

Answer 10

A password attack that uses billions of potential passwords from a vast dictionary to discover a users password.

Question 11

DNS Cache Poisoning

Answer 11

The act of providing a victim with a phony DNS record that redirects them to a different website.

Question 12

Ethical hacking

Answer 12

The process of detecting security vulnerabilities, bugs, misconfigurations, etc before attackers do to fix them. Aka penetration testing.

Question 13

Exploit

Answer 13

A program, software, piece of data, or command that manipulates a system or computer bug to cause undesirable or unexpected behavior. It is not the malicious program itself, but the method attackers employ to deliver it.

Question 14

Firewall

Answer 14

A tool that monitors incoming and outgoing network traffic to allow or deny connections aligned with security policies.

Question 15

Grey hat hacker

Answer 15

A hacker who doesn’t fit either the white or black hat hacker categories and who typically carries out penetration testing on networks without the owners consent. It’s not necessarily malicious, but it is illegal.

Question 16

HTTP Flood

Answer 16

A type of DDoS attack when the attacker takes advantage of a genuine HTTP GET or POST request to target a web server or application.

Question 17

HTTPS spoofing

Answer 17

Attacker uses a domain that strongly resembles the target website to trick victims into believing they are visiting the actual website.

Question 18

ICMP(ping) flood

Answer 18

DDoS attack that attempts to overload a tarts device with many ICMP echo requests. (Pings)

Question 19

Mitre att&ck

Answer 19

A knowledge database and model for cyber attacker behavior representing the stages of an attack lifecycle.

Question 20

NICE Framework

Answer 20

A national resource that assist employers in enhancing their cybersecurity workforce. Establishes a common terminology for characterizing cybersecurity work and personnel, no matter where or for whom.

Question 21

Protecting

Answer 21

A type of social engineering attack involving pretexts to get unsuspecting persons to disclose sensitive information.

Question 22

SMB protocol

Answer 22

A network protocol that allows users to connect with various computers and servers to access their resources and distribute, open, and modify files.

Question 23

SYN Flood

Answer 23

DDoS attack that leverages the TCP three-way handshake to waste system resources and make the target server unavailable.

Question 24

Unknown exploit (zero day)

Answer 24

A vulnerability that is not disclosed to a programs developers and is typically found after it has been exploited.

Question 25

Vishing

Answer 25

Phishing attacks that uses phone calls.

Question 26

Worm

Answer 26

Malware that replicates itself and spreads across a network automatically. It takes advantage of security software weaknesses to execute harmful actions.

Question 27

Zero-day Attacks

Answer 27

Uses zero-day exploits to target unknown vulnerabilities. Since the vendor isn’t aware, there is no patch yet.