Domain 1.2 - Compare and contrast types of attacks. Flashcards

1
Q

____________ is the process by which intruders gain access to your facilities, your network, and even your employees by exploiting the generally trusting nature of people.

A

Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Phishing?

A

A form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How is Spear Phishing different from Phishing?

A

Phishing that is tailored for a specific individual, a group, or organization is Spear Phishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Whaling is Spear Phishing for what types of users?

A

C-level corporate executives, politicians and celebrities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Vishing

A

Phishing with Voice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is it called when you follow someone through a door they just unlocked?

A

Tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Impersonation

A

Pretending to be someone you are not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If I email you a link to a Fake Anti-Virus, what is that considered?

A

A Hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Everyone else is doing it. I am going to do it to.

A

Consensus (or Social Proof)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Convincing the person who is being tricked that there is a limited supply of something can often be effective if carefully done. is the principle of

A

Scarcity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Three-way Handshake?

A

When you connect to a server your system sends a SYN packet, the server responds with a SYN/ACK, then your computer sends an ACK. This establishes the connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a SYN flood?

A

The attacker’s computer sends a SYN packet to a target server. The server responds with a SYN/ACK. The attacker does not send a final ACL, but instead sends more SYN packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does a replay attack work?

A

After a successful Man-In-the-Middle (MITM) attack occurs. in which the attacker intercepts data between a target and a service the target is reaching. The attacker uses that intercepted data to reconnect to the service as the target user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do you prevent a Buffer Overflow?

A

Prevented with Input Validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What kind of attack is this:

’ Select * FROM tblUSERS WHERE username = ‘” or ‘1’ =’1’ AND PASSWORD = ‘ ‘ or ‘1’=’1’ ‘

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When an attacler gains access to a restricted directory using HTTP, it is called ________ ________.

A

Directory Traversal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An attacker would exploit a vulnerability within a website or web application that the victim would visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser.

A

Cross-site scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does XSS Stand for?

A

Cross-Site Scripting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How do you prevent XSS?

A

Input Validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When a website acquires your credentials

A

XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

XSRF

A

Cross-site request forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

CSRF

A

Cross-site request forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Involves unauthorized commands coming from a trusted user to the website.

A

XSRF/CSRF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Cross-site request forgery uses this

A

the current authenticated users credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Best way to prevent XSRF/CSRF

A

Disable the running of scripts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

When a website uses your credentials

A

Cross-site request forgery XSRF/CSRF

27
Q

Vertical Privilege Escalation

A

requires the attacker to grant himself higher privileges

28
Q

Horizontal Privilege Escalation

A

used to assume the identity of another user with similar privileges.

29
Q

Involves a user gaining more rights and privileges than they should have.

A

Privilege Escalation

30
Q

What is ARP Spoofing?

A

ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network.

31
Q

This results of this attack link an attacker’s MAC address with the IP address of a legitimate computer or server on the network.

A

ARP Spoofing

32
Q

DNS Poisoning is what?

A

The DNS server is given information about a name server that it thinks is legitimate but isn’t. The result is the DNS server sends you to a web address of my choosing instead of the website you were attempting to reach.

33
Q

What does DNS stand for

A

Domain Name Server

34
Q

What does DNS do?

A

It ties a fully qualified domain name (FQDN) to an IP address.

35
Q

What exploit is referred to as a Zero Day?

A

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it

36
Q

What exploit takes advantage of a weakness in NTLM and Lan Manager, where it was possible for an attacker to send an authenticated copy of the password hash value with a valid username and authenticate to any remote server?

A

Pass The Hash

37
Q

What does Clickjacking involve?

A

Clickjacking involves a transparent layer onto of a link/icon you click on. When you click on the transparent/translucent layer without now it, you are redirected somewhere else.

38
Q

____________ describes when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.

A

Session hijacking

39
Q

What is it called when a squatter predicts URL typos and then registers those domain names to direct traffic to their own site.

A

URL Hijacking/Typo Squatting

40
Q

Shimming involves what?

A

A shim is a small library that is created to intercept API (Application Program Interface) calls transparently and do one of three things: handle the operation itself; change the arguments passed; or redirect the request elsewhere.

41
Q

When you change the MAC address of your device to be that of a different device in order to gain access that the other device has.

A

MAC Spoofing.

42
Q

Initialization Vector

A

A weakness in WEP that can allow the encryption algorithm to be cracked in as little at 5 min.

43
Q

Any access point added to your network that is not authorized is considered a what?

A

A Rogue Access point.

44
Q

What is an Evil Twin?

A

An attack in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.

45
Q

A technology that allows a device to connect to your wireless router at the push of a button.

A

Wi-Fi Protected Setup (WPS). this is very susceptible to brute force attacks.

46
Q

How do you detect and stop a rogue access point?

A

WIPS - WiFi Intruder Prevention System

47
Q

The gaining of unauthorized access through a bluetooth connection

A

Bluesnarfing

48
Q

Bluejacking

A

Bluejacking is the sending of unsolicited messages over Bluetooth to another device.

49
Q

NFC stands for

A

Near Field Communication

50
Q

What is the birthday theory/Probability theory.

A

With 23 people in the room, you have a 50 percent chance that 2 will have the same birthday and only 75 people are needed for a 99.9 percent chance.

51
Q

What is a rainbow table?

A

A database of Hashed Usernames and Passwords up to 14 characters, used to compared to a Username/Password hash files stolen from a server to determine usable credentials.

52
Q

What attack involves attempting a list of common words hoping to find one that works.

A

Dictionary Attack

53
Q

This attack tries every character one at a time, building up to 14 characters. Will eventually crack your password, given unlimited time and resources.

A

Brute Force Attack

54
Q

How does a downgrade attack work?

A

The attacker tries to trick the target into downgrading to a less secure method of communication. Then exploits that less secure technology. IE downgrading from TLS 1.2 to SSL V3.

55
Q

As part of your training program, you’re trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type?

A. Social engineering
B. IDS system
C. Perimeter security
D. Biometric

A

A. Social engineering

56
Q

What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request?

A. Hoaxing
B. Swimming
C. Spamming
D. Phishing

A

D. Phishing

57
Q

Which of the following is the best description of shoulder surfing?

A. Following someone through a door they just unlocked
B. Figuring out how to unlock a secured area
C. Watching someone enter important information
D. Stealing information from someone’s desk

A

C. Watching someone enter important information

58
Q

As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?

A. DoS
B. DDoS
C. Worm
D. UDP attack

A

B. DDoS

59
Q
An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute?
A. Man-in-the-middle attack
B. Backdoor attack
C. Worm
D. TCP/IP hijacking
A

A. Man-in-the-middle attack

60
Q

Which of the following involves unauthorized commands coming from a trusted user to the website?

A. ZDT
B. HSM
C. TT3
D. XSRF

A

D. XSRF

61
Q

An IV attack is usually associated with which of the following wireless protocols?

A. WEP
B. WAP
C. WPA
D. WPA2

A

A. WEP

62
Q

Which of the following types of attacks involves the sending of unsolicited messages over a Bluetooth connection?

A. Bluesmurfing
B. Bluesnarfing
C. Bluewhaling
D. Bluejacking

A

D. Bluejacking

63
Q

As the Security Administrator, you discovered that a PC was compromised while a user was browsing the internet. You discovered that while the system uses TLS it was forced to use SSL 1.0. What attack was used by the attacker?

A. Collision Attack
B. Downgrade Attack
C. Replay Attack
D. Brute Force Attack

A

B. Downgrade Attack

64
Q

Which cryptographic attack is based on having a strong probability vs a guaranteed match?

A. Brute Force Attack
B. Dictionary Attack
C. Birthday Attack
D. Known Text Attack

A

C. Birthday Attack