CYBRSCRTY-MODULE 3

Question 1

adversarial artificial intelligence

Answer 1

Exploiting the risks associated with using AI and ML in cybersecurity

Question 2

Application Program Interface (API) attack

Answer 2

An attack that targets vulnerabilities in an API

Question 3

backdoor

Answer 3

Malware that gives access to a computer, program, or service that circumvents any normal security protections

Question 4

bot

Answer 4

An infected computer placed under the remote control of an attacker for the purpose of launching attacks

Question 5

buffer overflow attack

Answer 5

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

Question 6

Client-side request forgery

Answer 6

An attack that takes advantage of an authentication “token” that a website sends to a user’s web browser to imitate the identity and privileges of the victim

Question 7

command and control (C&C)

Answer 7

A structure that sends instructions to infected bot computers

Question 8

Cross-site request forgery (CSRF)

Answer 8

Another term for “Client-Side Request Forgery”

Question 9

Cross-site scripting (XSS)

Answer 9

An attack that takes advantage of a website that accepts user input without validating it

Question 10

Cryptomalware

Answer 10

Malware that encrypts all the files on the device so that none of them can be opened until a ransom is paid

Question 11

device driver manipulation

Answer 11

An attack that alters a device driver from its normal function

Question 12

DLL injection

Answer 12

An attack that inserts code into a running process through a DLL to cause a program to function in a different way than intended

Question 13

error handling

Answer 13

A programming error that does not properly trap an error condition

Question 14

eXtensible Markup Language (XML)

Answer 14

A markup language designed to store information

Question 15

fileless virus

Answer 15

A type of malware that takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks

Question 16

improper input handling

Answer 16

A programming error that does not filter or validate user input to prevent a malicious action

Question 17

injections

Answer 17

Attacks that introduce new input to exploit a vulnerability

Question 18

integer overflow attack

Answer 18

An attack that changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow

Question 19

keylogger

Answer 19

Hardware or software that silently captures and stores each keystroke that a user types on the computer’s keyboard

Question 20

logic bomb

Answer 20

Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it

Question 21

malware

Answer 21

Malicious software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action

Question 22

memory leak

Answer 22

A situation that occurs when, due to a programming error, memory is not freed when the program has finished using it

Question 23

pointer/object dereference

Answer 23

A flaw that results in a pointer given a NULL instead of valid value

Question 24

Potentially Unwanted Program (PUP)

Answer 24

Software that users do not want on their computer

Question 25

race condition

Answer 25

A situation in software that occurs when two concurrent threads of execution access a shared resource simultaneously

Question 26

ransomware

Answer 26

Malware that prevents a user's endpoint device from properly and fully functioning until a fee is paid

Question 27

refactoring

Answer 27

Changing the design of existing code

Question 28

remote access Trojan

Answer 28

Malware that infects a computer like a Trojan but also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols

Question 29

replay

Answer 29

An attack that copies data and then uses it for an attack

Question 30

resource exhaustion attacks

Answer 30

An attack that depletes parts of memory and interferes with the normal operation of the program in RAM to give an attacker access to the underlying OS

Question 31

rootkit

Answer 31

Malware that can hide its presence and the presence of other malware on the computer

Question 32

security of the ML algorithms

Answer 32

A risk associated with the vulnerabilities in AI-powered cybersecurity applications and their devices

Question 33

server-side request forgery (SSRF)

Answer 33

An attack that takes advantage of a trusting relationship between web servers

Question 34

shimming

Answer 34

Transparently adding a small coding library that intercepts calls made by a device and changes the parameters passed between the device and the device driver

Question 35

spyware

Answer 35

Tracking software that is deployed without the consent or control of the uesr

Question 36

SQL injection

Answer 36

An attack that inserts statements to manipulate a database server using Structured Query Language (SQL) commands

Question 37

Structured Query Language (SQL)

Answer 37

A language used to view and manipulate data that is stored in a relational database

Question 38

tainted training data for machine learning

Answer 38

A risk associated with attackers can attempt to alter the training data that is used by ML

Question 39

time of check/time of use

Answer 39

A software check of the state of a resource before using that resource

Question 40

Trojan

Answer 40

An executable program that masquerades as performing a benign activity but also does something palicious

Question 41

worm

Answer 41

Malicious program that uses a computer network to replicate

Question 42

XML injection

Answer 42

An attack that inserts statements to manipulate a database server using eXtensible Markup Language (XML)