Domain 1.0: Attacks, threats and vul.

Question 1

Programming errors can result in system compromise, allowing someone to gain unauthorized privileges. This is known as ________

Answer 1

privilege escalation

Question 2

malware:

infect systems and spread copies of themselves

Answer 2

viruses

Question 3

malware:

similar to viruses but do not require a host to replicate

Answer 3

worms

Question 4

malware:

disguise malicious code within apparently useful applications

Answer 4

trojans

Question 5

malware:

trigger on a particular condition

Answer 5

logic bombs

Question 6

malware:

can be installed and hidden on a computer mainly for the purpose of compromising the system

Answer 6

rootkits

Question 7

malware:

usually demands money in return for the release of data, which may have also been encrypted using crypto-malware

Answer 7

ransomware

Question 8

malware:

may monitor browser activity and log keystrokes and may impact computer performance

Answer 8

spyware

Question 9

______ and _______ often result in a computer running slowly and generating pop-ups.

Answer 9

spyware, adware

Question 10

an ______ ______ seeks to make analysis difficult by including a metaphorical layer of armor around the virus

Answer 10

armored virus

Question 11

__________ is a social engineering attack commonly done through email across a large audience

Answer 11

phishing

Question 12

____ _______ is a social engineering attack commonly done through email that targets an individual or an individual group

Answer 12

spear phishing

Question 13

_______ is similar to spear phishing but affects big targets, such as CEO

Answer 13

whaling

Question 14

in ____, also known as voice phishing, the attacker often uses a fake caller ID to appear as a trusted organization and attempt to get the individual to enter account details via the phone.

to obtain private information over the phone

Answer 14

vishing

Question 15

the term ________ is based on farming and phishing. It does not require the user to be tricked into clicking on a link. Instead, it redirects victims to a bogus website, even if they correctly entered the intended site

Answer 15

pharming

Question 16

DoS and DDoS attacks involve disruption of normal network services and include attacks based on the ICMP (Internet control message protocol) echo reply called _______ _____

Answer 16

smurf attacks

Question 17

______ is the process of making data look as if it came from a trusted or legitimate orgin

Answer 17

spoofing

Question 18

with an ___-___ ____, a third system intercepts traffic between two systems by pretending to be the other system.

Answer 18

on-path attack

Question 19

_____ _____ involve reposting captured data

Answer 19

replay attacks

Question 20

____-___ vulnerabilities do not have patches yet and aren’t detected by antimalware software

Answer 20

zero-day

Question 21

_______ _______, ____-____, and ______ ____ involve repeated guessing of logons and passwords.

Answer 21

password guessing, brute-force and dictionary attacks

Question 22

____ __________ allows a perpetrator to redirect traffic by changing the IP record for a specific domain (thus permitting attackers to send legitimate traffic anywhere they choose).

Answer 22

DNS poisoning

Question 23

_____ _______ is a layer 2 attack that deceives a device on a network and poisons the table associations of other devices

Answer 23

ARP (address resolution protocol) poisoning

Question 24

____ is an attack in which the end user executes unwanted actions on a web application while currently authenticated

Answer 24

XSRF (cross site request forgery)

Question 25

____ vulnerabilities can be used to hijack a user’s session

Answer 25

XSS

Question 26

Injection attacks include ____, ____, ___, and _____. Such attacks insert code or malicious input to try to force unauthorized activity or access

Answer 26

SQL, LDAP (lightweight directory access protocol-open, vendor neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network), DLL (dynamic link library-file used to provide functionality to other programs) and XML (extensible markup language-markup language and file format for storing, transmitting, and reconstructing arbitrary data)

Question 27

a _____ ____ ____ is an unauthorized wireless access point that is set up

Answer 27

rogue access point

Question 28

a rogue access point can serve as a type of on-path attack that is often referred to as an ___ ____

Answer 28

evil twin

Question 29

in ______, attackers generate messages that appear to come from the device itself, leading users to follow obvious prompts and establish an open Bluetooth connection to the attacker’s device

Answer 29

bluejacking

Question 30

when a user pairs with an attacker’s device, the user’s data becomes available for unauthorized access, modification, or deletion. this is an aggressive attack referred to as _______

Answer 30

bluesnarfing

Question 31

when traffic being sent across a network is unencrypted, ______ ______ enables an attacker to capture the data and decode it from its raw form into readable text

Answer 31

packet sniffing

Question 32

____ _____ _____ include the actor’s relationship to the organization, motive, intent, and capability.

Answer 32

threat actor attributes

Question 33

_________ _____ types include script kiddies, insiders, hacktivists, organized crime, competitors, and nation-states

Answer 33

threat actor

Question 34

_____-____ and ______ ___ are likely to have greater capabilities than other threat actors. competitors are more likely to want to steal intellectual property to gain a competitive advantage

Answer 34

nation-states, organized crime

Question 35

______ describes information for collection from publicly available information sources, such as publications, geospatial information, and many online resources

Answer 35

OSINT (open source intelligence)

Question 36

in a ___-___ test, the assessor has no information or knowledge about the inner workings of the system

Answer 36

black-box

Question 37

the 4 primary phases of a pen test are _____, ___, ___, and ____.

Answer 37

planning, discovery, attack, and reporting

Question 38

____-____ techniques are often tests to see whether programming constructs are placed correctly and to carry out the required actions. the assessor has knowledge about the inner workings of the system or knowledge of the source code

Answer 38

white-box

Question 39

___-___ testing uses a combination of both white and black-box techniques. the tester has some understanding of or limited knowledge of the inner workings

Answer 39

gray-box

Question 40

____ _____, _____ of ____, ____ and _______ occur (in this order) during the attack phase of a penetration test

Answer 40

initial exploitation, escalation of privilege, pivot and persistence

Question 41

a ______ ____ identifies vulnerabilities, misconfigurations and lacking security controls

Answer 41

vulnerability scan

Question 42

a _____ ____ ____ helps reduce false positives

Answer 42

credentialed vulnerability scan

Question 43

a ____ ____ can result in system malfunction and unexpected results. resulting errors can cause crashes and may allow attackers to escalate their privileges.

Answer 43

race condition

Question 44

_____ accounts and passwords provide a simple means for an attacker to gain access

Answer 44

default

Question 45

proper ____ _____, prevents input that can impact data flow, allowing an attacker to gain control of a system or remotely execute commands

Answer 45

input handling

Question 46

turning off an ____ ______ hides the network from appearing but does not effectively protect a wireless entwork from attack

Answer 46

SSID broadcast

Question 47

a ___ _____ occurs when a typical or expected behavior is identified as being irregular or malicious

Answer 47

false positive

Question 48

a ___ ____ occurs when an alert that should have been generated did not occur

Answer 48

false negative

Question 49

_____ tools collect, correlate, and display data feeds that support response activities

Answer 49

SIEM

Question 50

_____ combines security orchestration and automation with threat intelligence platforms and incident response platforms

Answer 50

SOAR

Question 51

____ ______ is a proactive approach to finding an attacker before alerts are triggered

Answer 51

threat hunting