Domain 1.0: Attacks, Threats, and Vulnerabilities

Question 1

Virus

Answer 1

Malicious computer program, infect systems and spread copies of themselves.

Question 2

Worms

Answer 2

Similiar to virus, does not require host to replicate

Question 3

Trojan

Answer 3

Disguised malicious code within useful application

Question 4

Logic bombs

Answer 4

Trigger on a particular condition

Question 5

Rootkits

Answer 5

Installed and hidden on a computer mainly for the purpose of compromising the system

Question 6

Ransonware

Answer 6

Encrypts the disk using crypto-malware and demand the ransom payment to provide decryption to release the data.

Question 7

Spyware

Answer 7

Monitors browser & OS activity. Logs keystrokes and may impact computer performance.

Question 8

What can cause a computer to run slowly and generate pop-up advertisement?

Answer 8

Spyware and adware

Question 9

Armored virus

Answer 9

Armored viruses use special tricks to make the tracing, disassembling, and understanding of their code more difficult.

Question 10

Phishing

Answer 10

Social Engineering attack done mainly through email across a large audience

Question 11

Spear Phishing

Answer 11

Social engineering attack via email that aims an individual, or a group of individuals

Question 12

Whaling

Answer 12

Same as spear phishing, but with big or high-value targets such as CEO.

Question 13

Vishing

Answer 13

This is the term for voice phishing. Often uses fake caller ID to appear as trusted organization and attempt to get the individual to enter account details via the phone.

Question 14

Pharming

Answer 14

Based on farming and phishing. It does not require user to be tricked into clicking on a link. Instead, it redirects victims to a bogus website, even if they correctly entered the intended site.

Question 15

DoS and DDoS

Answer 15

DoS - Denial of Service. DDoS - Distributed Denial of Service.

They involve disruption of normal network service and include attacks based on the ICMP echo reply called Smurf attacks.

Question 16

Spoofing

Answer 16

Process of making data look as if it came from a trusted or legitimate origin.

Question 17

On-path attack

Answer 17

A third system intercepts traffic between two systems by pretending to be the other system

Question 18

Replay attacks

Answer 18

Reposting captured data

Question 19

Zero-day vulnerability

Answer 19

Not detected by the antimalware software yet. No patches exist for them too.

Question 20

What includes repeated guessing of logons and passwords?

Answer 20

Password guessing, brute-force and dictionary attacks.

Question 21

Dictionary attacks

Answer 21

A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password

Question 22

DNS poisoning

Answer 22

Redirect traffic by changing the IP record for a specific domain

Question 23

ARP poisoning

Answer 23

Layer 2 attack that deceives a device on a network and poisons the MAC table associated with devices.

Question 24

What does XSRF stand for? What is it?

Answer 24

Cross Site Request Forgery

An attack in which the end user executes unwanted actions on a web application while currently authenticated.

Question 25

What does XSS stand and what is it?

Answer 25

Cross Site Scripting - it’s a vulnerability that can be used to hijack a user’s session

Question 26

Injection Attacks

Answer 26

It’s attack that includes SQL, LDAP, DLL and XML. These attacks insert code or malicious input to try to force unauthorized activity or access.

Question 27

Rogue access point

Answer 27

Unauthorized wireless access point

Question 28

What kind of attack rogue access point can provide to attackers?

Answer 28

On-path attack, which is also referred as evil twin.

Question 29

Bluejacking

Answer 29

Tricks user into accepting the prompt to establish bluetooth connection with an attacker’s device.

Question 30

Bluesnarfing

Answer 30

Following bluejacking, user’s data becomes available for unauthorized access, modification and deletion.

Question 31

What is the danger of unencrypted network traffic

Answer 31

They can be captured by packet sniffer and decode them from its raw form into readable form.

Question 32

Threat actor attributes include the actor’s relationship to the following:

Answer 32

Organization, motive, intent and capability.

Question 33

What are threat actor types?

Answer 33

Script kiddies, insiders, hacktivists, organized crime, competitors and nation-states.

Question 34

OSINT

Answer 34

Open Source Intelligence describes information for collection from publicly available information sources such as publications, geospatial information, and many online resources.

Question 35

Black-box test

Answer 35

the assessor have no information or knowledge about the inner workings of the system

Question 36

Four primary phases of a penetration test

Answer 36

planning, discovery, attack and report.

Question 37

White-box techniques

Answer 37

Often tests to see whether programming constructs are placed correctly and to carry out the required actions. The assessor have knowledge about the inner workings of the system or knowledge of the source code.

Question 38

Gray box testing

Answer 38

Combination of white and black box techniques. The test have some understanding or limited knowledge of the inner workings.

Question 39

What occurs during the attack phase of a penetration test?

Answer 39

Initial exploitation, escalation of privilege, pivot and persistence.

Question 40

Vulnerability scan

Answer 40

Identifies vulnerabilities, misconfigurations and lacking security controls

Question 41

Credentialed vulnerability scan reduces what issue?

Answer 41

False posiitives

Question 42

What is a race condition?

Answer 42

A race condition occurs when two or more threads can access shared data and they try to change it at the same time.

It can result in system malfunction and unexpected results. Resulting errors can cause crashes and may allow attackers to escalate their privileges.

Question 43

What problem can default accounts and password pose?

Answer 43

They can provide a simple means for an attacker to gain access.

Question 44

What attack can proper input handling prevent?

Answer 44

It prevents input that can impact data flow, which would allow an attacker to gain control of a system or remotely execute commands.

Question 45

What will happen if we turn off SSID broadcast?

Answer 45

It hides the network from appearing, but does not effectively protect a wireless network from attack.

Question 46

What is a false positive?

Answer 46

Typical or expected behavior is identified as irregular or malicious

Question 47

What is false negative?

Answer 47

An alert should been generated did not occur at all.

Question 48

SIEM

Answer 48

System Information and Event Management is a tool that collect, correlate, and display data feeds that support response activities.

Question 49

SOAR

Answer 49

Security Orchestration, Automation and Response - it combines security orchestration & automation with threat intelligence platforms and incident response platforms.

Question 50

Threat Hunting

Answer 50

Proactive approach to finding an attacker before alerts are triggered.

Question 51

Rogue access point

Answer 51

Unauthorized wireless access point set up

Question 52

What is bluejacking?

Answer 52

Attackers generate messages that appears to come from the device itself, leading users to follow obvious prompts and establish open Bluetooth connection to the attacker’s device.

Question 53

What is bluesnarfing?

Answer 53

Following successful & unauthorized Bluetooth connection, user’s data becomes open for unauthorized access, modification and deletion.

Question 54

What is danger of unencrypted traffic across the network?

Answer 54

Attacker can use packet sniffer to capture and decode them from its raw form into readable text.

Question 55

What does threat actor attributes include the actor’s relationship to?

Answer 55

Organization, motive, intent and capability

Question 56

What are types of threat actor?

Answer 56

Script kiddie, insiders, hacktivists, organized crime, competitors and nation-states.