Domain 2 : Explain various types of vulnerabilities

Question 1

Memory injection

Answer 1

These attacks involve the secret insertion of malicious code into a program’s memory space, allowing attackers to exploit vulnerabilities to gain unauthorized access or execute arbitrary commands. Legitimate applications may be susceptible to exploitation and allow attackers to leverage vulnerabilities for unauthorized access, or the execution of arbitrary commands.

Question 2

Buffer Overflow

Answer 2

A buffer overflow attack occurs when too much water is poured in, causing it to spill over and potentially damage the surrounding area. Similarly, attackers flood a program’s buffer with excessive data, which can overwrite adjacent memory spaces, disrupt program execution, and open doors for unauthorized access.

Question 3

Race conditions

Answer 3

A race condition occurs when two instructions from separate threads attempt to access the same data simultaneously. Ideally, the developer should have programmed the threads to access the data in a sequential manner. To illustrate, consider a scenario where one person is viewing a file’s attributes, while, simultaneously, another person accesses the same file. This phenomenon is referred to as TOC/TOU.

Question 4

Malicious update vulnerability

Answer 4

A malicious update vulnerability occurs when a seemingly legitimate software update contains hidden code or alterations crafted by malicious actors

Question 5

SQLI

Answer 5

SQLI is a type of cyberattack that occurs when an attacker exploits vulnerabilities in a website or an application’s input fields to manipulate the SQL queries executed on the backend database.

Question 6

Query Manipulation

Answer 6

If an application doesn’t properly validate or sanitize input, the malicious SQL code becomes a part of the query executed on a database

Question 7

Stored Procedure

Answer 7

A stored procedure is a database object that encapsulates a sequence of SQL statements. These statements can perform a variety of operations, including data manipulation, queries, and transactions. Stored procedures are stored in the database and can be invoked from applications or other database objects.

Question 8

Input validation

Answer 8

Validate and sanitize all user inputs before using them in SQL queries. Use parameterized queries or prepared statements, which automatically handle input sanitization.

Question 9

XSS

Answer 9

XSS represents a significant security concern in web applications due to its potential for malicious code injection, executed in the context of a victim’s browser. This can lead to the compromise of user data, session hijacking, and even the defacement of websites. XSS can use the HTML tags and can include JavaScript in between, which can be identified with a .js extension.

Question 10

Firmware

Answer 10

Firmware acts as the bridge between hardware and software, controlling the low-level operations of a device

Question 11

VM escape

Answer 11

While virtualization is designed to isolate VMs, the hypervisor (that is, the essential software managing these VMs) introduces an unexpected challenge. It can unintentionally create a path for lateral movement, known as moving east to west, and enable potential attackers to move from a secluded VM to the host system or other interconnected VMs

Question 12

Resource reuse

Answer 12

While resource sharing is a key advantage of virtualization, improper allocation and management of resources can lead to resource contention and performance issues. If resources such as disks are not properly sanitized before reuse, then sensitive data might be placed on the new VM

Question 13

VM sprawl

Answer 13

VM sprawl refers to the uncontrolled and excessive creation of VMs within a virtualized environment, leading to management challenges, increased resource consumption, and potential security vulnerabilities.

Question 14

Cloud Access Security Broker (CASB)

Answer 14

CASB enforces a company’s security policies, bridging the gap between on-premises infrastructure and the dynamic cloud environment. Unlike traditional group policies, the cloud lacks a unified governing mechanism. CASB assumes the crucial role of overseeing all cloud clients, ensuring their security and that all devices are patched. They have visibility across all of the platforms.

Question 15

Side-channel attacks

Answer 15

Cryptographic operations can inadvertently leak information through side-channels such as power consumption, timing, or electromagnetic radiation. Attackers skilled in exploiting these subtle indicators can compromise encryption keys or data.

Question 16

SSL stripping:

Answer 16

SSL stripping is an attack where attackers carry out an SSL downgrade attack and manage to bypass certificate-based protection, turning a session into an HTTP attack. They can then capture data such as credit card information. This is known as an HTTPS downgrade attack.

Question 17

SSL/TLS downgrade

Answer 17

In an SSL/TLS downgrade attack, SSL traffic is intercepted by a server pretending to have an older, less secure browser. To communicate with that server, SSL switches to a weaker (supposedly compatible) encryption method, and it is then easy for hackers to see private information.

Question 18

Jailbreaking

Answer 18

Jailbreaking applies specifically to Apple devices and allows users to bypass manufacturer or operating system restrictions, providing more control over the device. This is commonly known as unlocking a device. This freedom, however, exposes the device to significant security risks.

Question 19

Sideloading

Answer 19

Sideloading is generally associated with Android devices utilizing Android Application Package (APK) files. While applications can also be sideloaded on Apple devices, the practice directly violates Apple’s terms and conditions and voids the device’s warranty.

Question 20

Rooting

Answer 20

Rooting allows users to bypass manufacturer or operating system restrictions on Android devices, providing more control over a device. This is commonly known as unlocking a device. This freedom, however, exposes the device to significant security risks.

Question 21

Malware

Answer 21

Malware (short for “malicious software”) refers to any software program or code that is specifically designed to disrupt, damage, or gain unauthorized access to computer systems, networks, or devices.

Question 22

Malware

Answer 22

Malware (short for “malicious software”) refers to any software program or code that is specifically designed to disrupt, damage, or gain unauthorized access to computer systems, networks, or devices.

Question 23

Trojan

Answer 23

A Trojan can also use Portable Executable (PE) files, which are a common file format used for executable and binary files in Windows operating systems. These files contain executable code and data that can be run by the Windows operating system but require the user to give permission via a User Account Control (UAC) window. PE files can be embedded inside legitimate software or software packages.

Question 24

Race conditions

Answer 24

A race condition occurs when two instructions from separate threads attempt to access the same data simultaneously. Ideally, the developer should have programmed the threads to access the data in a sequential manner. To illustrate, consider a scenario where one person is viewing a file’s attributes, while, simultaneously, another person accesses the same file. This phenomenon is referred to as TOC/TOU. In this situation, the individual accessing the file might modify its data, inadvertently overwriting the information being viewed by the first person.

Question 25

Dos amplified

Answer 25

Amplified: Network-amplified attacks harness the power of a fundamental principle in network communications, which is the ability to send a small request that triggers a much larger response. This principle, when maliciously exploited, leads to the amplification of traffic directed at the victim. Attackers capitalize on protocols that generate significant responses for minimal input, such as the Internet Control Message Protocol (ICMP).

Question 26

Deauthentication and jamming

Answer 26

Deauthentication and jamming attacks: Wireless attacks can involve deauthentication and jamming techniques to disrupt legitimate network services. Jamming is illegal and blocks the victim from accessing the WAP. A deauthentication attack (also known as a disassociation attack) is launched when an attacker sends specially crafted deauthentication frames to one or more devices connected to a Wi-Fi network to disconnect the target computer from the network. These techniques can also be used in a wireless DoS attack.

Question 27

Software-Defined Wide Area Network

Answer 27

A software-defined wide area network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services — including MPLS, LTE and broadband internet services — to securely connect users to applications.

Question 28

Host based firewalls

Answer 28

Host-based firewall: Host-based firewalls are software firewalls that run on individual devices. They monitor and control incoming and outgoing network traffic at the device level, preventing unauthorized access and malicious activities. These firewalls can protect laptops when the user is working away from home.

Question 29

Advanced Persistent Threat (APT

Answer 29

An APT is a sophisticated and focused cyberattack launched by well-funded and highly skilled opponents, such as nation-backed agents or organized cybercriminal groups. APTs are recognized for their ability to break into a specific system or network, stay hidden for a long time, and quietly steal important data or cause damage bit by bit over an extended period.

Question 30

Conditional Access Policy

Answer 30

A Conditional Access policy is a cloud-based access control that uses signals, conditions, and enforcement mechanisms to manage and regulate user access to resources, enhancing security and ensuring compliance.

Question 31

Data Steward

Answer 31

: Data stewards are dedicated to maintaining data quality, diligently identifying and rectifying errors and inconsistencies. They also maintain detailed records and metadata, making data understandable and accessible to users. Beyond quality, they classify data based on sensitivity and collaborate with data custodians to implement the necessary controls for compliance.

Question 32

Data Owners

Answer 32

Data owners bear the responsibility of safeguarding data and overseeing the enforcement of policies that govern its proper usage to ensure the protection and responsible handling of data.

Question 33

Master Service Agreement (MSA

Answer 33

States general terms for prolonged collaboration

Question 34

Master Service Agreement (MSA

Answer 34

The MSA articulates the general terms and conditions governing a contractual relationship between the involved entities. It typically addresses aspects such as payment terms, dispute resolution mechanisms, intellectual property rights, confidentiality clauses, and liability provisions.

Question 35

Work Order (WO)/Statement of Work (SOW)

Answer 35

: While an MSA outlines the terms and conditions of a contracted partnership, a WO or SOW looks at the specifics of individual tasks or projects. The SOW typically provides a detailed breakdown of the work to be performed, the timelines for completion, the expected deliverables, and the agreed-upon compensation.

Question 36

DCHP

Answer 36

) is a network management protocol used to dynamically assign an IP address to any device, or node, on a network so it can communicate using IP.