Determine type of attack via indicators

Question 1

What is Malware

Answer 1

Software that does something bad. Overlap occurs within malware classification

Question 2

What is Ransomware

Answer 2

Malware that attempts to extort money from victim.

Question 3

What is Trojans

Answer 3

Malware concealed within an installer package for software that appears to be legitimate.

Question 4

What is Worms

Answer 4

Memory-resident malware that can run without user intervention and replicate over network resources. It activates when something is accessed.

Question 5

What is Potentially unwanted programs (PUPs)

Answer 5

Software installed alongside a package selected by the user or perhaps bundled with a new computer system. Also known as Greyware. Not malicious but you don’t want it.

Question 6

What is Fileless virus/Fileless malware

Answer 6

The virus itself is not written to the disk. Uses shellcode. Look up in more detail before the test

Question 7

What is Command and control

Answer 7

An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

Question 8

What is Bots

Answer 8

An automated script or tool that performs some malicious activity.

Question 9

What is Cryptomalware

Answer 9

The crypto-malware class of ransomware attempts to encrypt data files on any fixed, removable, and network drives. If the attack is successful, the user will be unable to access the files without obtaining the private encryption key, which is held by the attacker. If successful, this sort of attack is extremely difficult to mitigate, unless the user has up to date backups of the encrypted files.

Question 10

What is Logic bombs

Answer 10

A trap that activates when a condition is met.

Question 11

What is Spyware

Answer 11

Malware that can perform adware-like tracking, but also monitor local application activity, take screenshots, and activate recording devices, such as a microphone or webcam. Another spyware technique is perform DNS redirection to pharming sites.

Question 12

What is Keyloggers

Answer 12

Spyware that actively attempts to steal confidential information by recording keystrokes.

Question 13

What is Remote access Trojan (RAT)

Answer 13

Backdoor malware that mimics the functionality of legitimate remote control programs, but is designed specifically to operate covertly.

Question 14

What isRootkit

Answer 14

Malware running with System level privileges is referred to as a rootkit.

Question 15

What is Backdoor

Answer 15

Any type of access method to a host that circumvents the usual authentication method and gives the remote user administrative control.

Question 16

What is Password attacks

Answer 16

A broad term covering attacks to capture passwords

Question 17

What is Spraying

Answer 17

Trying multiple common passwords.

Question 18

What is Dictionary

Answer 18

Uses a list or dictionary to generate possible passwords

Question 19

What is Brute force

Answer 19

Tries every possible combination within the size.

Question 20

What is Offline attack

Answer 20

An attack that does not interact with the authentication protocol directly. Hacked database of passwords or might interact with user computers to get data to launch another attack to figure out passwords.

Question 21

What is Online attack

Answer 21

An attack wherein the attacker interacts with authentication service directly.

Question 22

What is Rainbow tables

Answer 22

The attacker uses a precomputed lookup table of all possible passwords and their matching hashes.

Question 23

What is Plaintext/unencrypted

Answer 23

Its just written out and easy to steal.

Question 24

What is Physical attacks

Answer 24

An attack that occurs irl. A flashdrive left in a parking lot with malicious code.

Question 25

What is Malicious universal serial bus (USB) cable

Answer 25

A USB cable infected with malware or physically modified to imply malware.

Question 26

What is Malicious flash drive

Answer 26

A flash drive cable infected with malware or physically modified to imply malware.

Question 27

What is Card cloning

Answer 27

Making one or more copies of an existing card.

Question 28

What is Skimming

Answer 28

Using a counterfeit card reader to capture card details, which are then used to program a duplicate.

Question 29

What is Adversarial artificial intelligence (AI)

Answer 29

Using AI to identify vulnerabilities and attack vectors to circumvent security systems.

Question 30

What is Tainted training data for machine learning (ML)

Answer 30

An attacker inserting corrupt data in the training dataset to compromise a target machine learning model during training.

Question 31

What is Security of machine learning algorithms

Answer 31

Machine learning can be applied in various ways in security, for instance, in malware analysis, to make predictions, and for clustering security events. It can also be used to detect previously unknown attacks with no established signature.

Question 32

What is Supply-chain attacks

Answer 32

The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.

Question 33

What is Cloud-based vs. on-premises attacks

Answer 33

Cloud-based services must be integrated within regular security policies and procedures and audited for compliance. Where indicators of on-premises attacks are found in local application logs and network traffic, indicators of cloud-based attacks are found in API logs and metrics.

Question 34

What is Cryptographic attacks

Answer 34

Circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme.

Question 35

What is Birthday

Answer 35

a type of brute force attack aimed at exploiting collisions in hash functions.

Question 36

What is Collision

Answer 36

Where a function produces the same hash value for two different plaintexts.

Question 37

What is Downgrade

Answer 37

Used to facilitate a man-in-the-middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths. For example, rather than use TLS 1.3, as the server might prefer, the client requests the use of SSL.