Domain 2 (Threats, Vulnerabilities, and Mitigations) Flashcards

Practice Questions unofficial sources

1
Q

____ attacks seek to undermine confidentiality

A

Disclosure

Making sensitive information available to individuals or the general public without the owner’s consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

___ ___ are violations of confidentiality

A

Data Breaches

When confidentiality data loss occurs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

___ ___ removes sensitive information from an organization’s control

A

Data Exfiltration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

___ attacks seek to undermine integrity

A

Alteration

Hacker seeking to intentionally alter information, or a service disruption accidentally affecting data stored in a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

____ attacks seek to undermine availability

A

Denial

Denial-of-service attacks try to either overwhelm a system or cause it to crash, to deny legitimate users the access they need

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

___ risks involve monetary loss to the organization

A

Financial

Might include the cost of restoring damaged equipment and data, conducting an incident response investigation, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

___ risk impacts how stakeholders view our organization; may be difficult to quantify

A

Reputational

When the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, and other stakeholders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

___ risk jeopardizes our ability to meet our major goals and objectives

A

Strategic

Organization may become less effective in meeting major goals and objectives as a result of a breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

___ risk affects our ability to carry out day to day activities

A

Operational

May slow down business processes, delay delivery of customer orders, or require implementation of time heavy workarounds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

___ risk involves potential violations of laws or regulations

A

Compliance

Could include HIPAA if a hospital loses patient medical records, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

First step of end of life process for a product; Product will no longer be offered for purchase, but the vendor will continue to support existing customers

A

End of Sale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Next step of end of life process for a product; Vendor will reduce or eliminate support for existing users of the product; may become vulnerable

A

End of Support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Last step of end of life process for a product; Vendor will no longer provide any support or updates for the product; is vulnerable and exposed to risk

A

End of Life

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This limits user permissions; when a user should only have the minimum necessary set of permissions required to do their job

A

Least Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Processes and practices used to design systems; A set of well defined practices and processes used to build complex technical systems

A

IT architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When new devices are connected to a network, but old devices are not promptly disconnected, leading to security vulnerabilities; devices not managed using a full system lifecycle

A

System Sprawl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Every piece of malware that you encounter will have two components:

A

A propagation mechanism and a payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The way that a malware object spreads from one system to another

A

Propagation Mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The malicious action that the malware performs

A

Malware Payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Spreads from system to system based upon some type of user action

A

Viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Spreads from system to system without any user interaction; they reach out and exploit system vulnerabilities; uses one infected system as the bae for spreading to other parts of the local area network or the broader internet

A

Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Infected about 10% of the Internet, was the first major worm outbreak, written by Robert Morris, eye opening event for security

A

The RTM Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Created in 2010, infiltrated Iranian nuclear facility, first worm to cross the virtual/physical barrier in a major way

A

Stuxnet Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Virus that hides itself; pretends to be legitimate software that the user may want to download and install, software performs as normal, but also carries malicious hidden payload

A

Trojan Horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Provide backdoors to hacked systems; provide hackers with the ability to remotely access and control infected systems

A

RAT Remote Access Trojans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

OSI Model

A

7 layers from top to bottom: Application, Presentation, Session, Transport, Network, Data Link, Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Layer 1 OSI

A

Physical layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Layer 2 OSI

A

Data Link Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Layer 3 OSI

A

Network layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Layer 4 OSI

A

Transport layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Layer 5 OSI

A

Session layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Layer 6 OSI

A

Presentation layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Layer 7 OSI

A

Application layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

TCP model

A

4 layers from top to bottom: application, transport, internet, network interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Layer 1 TCP

A

Network Interface layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Layer 2 TCP

A

Internet layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Layer 3 TCP

A

Transport layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Layer 4 TCP

A

Application layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Gathers information without the user’s knowledge or consent, information is then reported back to the malware author

A

Spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Malware that blocks access to data; blocks a user’s legitimate use of a computer or data until they are paid

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Malware that takes over the computing capacity of a user’s system to mine cryptocurrencies

A

Crypto-malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Spyware techniques

A

Logging keystrokes, monitoring web browsing, searching hard drives and cloud storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Capturing every key that a user presses and then reporting back to the malware author

A

Logging keystrokes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Tracks user data then may use it to target advertising to the user or report it back to the malware author

A

Monitoring web browsing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

When malware reaches inside a system and searches services used by the user, seeking out sensitive information

A

Searching hard drives and cloud storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Adware and spyware that often come bundled with software that the user wants to download

A

Bloatware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Malware that embeds itself in other programs; programmer provides workaround access for themselves in the future

A

Backdoors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Malware that embeds itself in other programs; delivers a triggered payload; set to execute a payload when certain conditions are met

A

Logic Bombs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Backdoor mechanisms

A

hardcoded accounts, default passwords, unknown access channels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Where there’s a specific username and password that will always grant access to the system

A

Hardcoded accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

When there are passwords that users might not remember or know to change

A

Default passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Where there’s a way to gain access to a system without going through the normal authentication process

A

Unknown access channels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

A special superuser account that provides unrestricted access to system resources; normally reserved for system administrators

A

The root account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

A type of malware that originally were designed for privilege escalation; now also describes software techniques designed to hide other software on a system

A

Rootkits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Run with normal user privileges, are easy to write and difficult to detect

A

User mode rootkits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Run with system privileges, are difficult to write and easy to detect

A

Kernel mode rootkits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

A form of malware that remain in memory; seek to avoid detection by simple antivirus software; never write any data to disk, operate completely within memory

A

Fileless viruses

56
Q

Network of infected machines; collections of zombie computers used for malicious purposes

57
Q

A sequence of instructions written in a programming language to automate our work; can be found on operating systems, hosted on websites, and within our own applications

58
Q

These are designed to be run at the command line and integrate with the operating system; allow the script developer to manipulate files and perform other operating system tasks

A

Shell scripts

59
Q

These run within a software application and integrate with that application; allow interaction with the application in a programmatic matter

A

Application scripts

60
Q

These allow the creation of general purpose code; allow us to write scripts that carry out virtually any task

A

Programming Languages

61
Q

A scripting language used on Linux and Mac systems; a powerful scripting language that system administrators love because it integrates directly with the Mac and Linux operating systems

62
Q

A scripting language that allows Window administrators to automate routine Windows tasks.

A

Powershell

63
Q

Scripts that run within an application environment, allowing the automation of tasks within that application

64
Q

A macro script for applications used with Microsoft Office productivity suite

A

Visual Basic (VBA)

65
Q

A powerful general purpose programing language used to create a diverse set of scripts; used to write code to perform virtually any task

66
Q

Hackers that operate with permission and good intent; work with the full permission of the target company and have the motivation of finding security flaws that they can fix

A

White hat hackers/Authorized attackers

67
Q

Hackers that operate illegally with malicious intent; those who don’t have permission to hack

A

Black hat hackers/Unauthorized attackers

68
Q

Hackers that operate without permission but with good intent; fit somewhere in the middle as they don’t have permission and their activity is usually illegal, but they hack with the motivation of helping their victims improve their security; this is frowned upon by both security professionals and law enforcement

A

Grey hat hackers/Semi-authorized attackers

69
Q

Ethical disclosure when you find a vulnerability

A

1 Notify the vendor of the vulnerability
2 Provide the vendor reasonable time to create a patch
3 Disclose the vulnerability publicly

70
Q

A vulnerability in a product that has been discovered by at least one researcher but has not yet been patched by the vendor

A

Zero-Day vulnerability

71
Q

The time between the discovery of a zero-day vulnerability and the release of a security update

A

window of vulnerability

72
Q

Attackers that are well-funded and highly skilled, typically government sponsored, have access to zero days and other sophisticated weapons, work methodically to gain access to a target, targets typically have military or economic value

A

APT Advanced Persistent Threats

73
Q

Manipulating people into divulging information or performing an action that undermines security

A

Social Engineering

74
Q

Six main reasons that social engineering attacks are successful

A

authority, intimidation, scarcity, urgency, familiarity

75
Q

A sophisticated form of email phishing that targets businesses and individuals. Typically involves attackers impersonating a business or executive to trick employees, partners, or customers into transferring funds or sensitive information

A

BEC Business Email Compromise

76
Q

A BEC scam that involves impersonating a high ranking executive

77
Q

A complex form of BEC where the attacker infiltrates a vendor’s email to send a fake invoice with fake payment details to trick the client

A

Vendor Email compromise

78
Q

A form of BEC aimed at obtaining employee tax information for use in identity theft

A

W-2 Solicitation

79
Q

False information that is spread unintentionally, unknowingly

A

Misinformation

80
Q

False information that is spread intentionally, with the goal of deceiving others; deliberate intent to deceive

A

Disinformation

81
Q

Form of disinformation, strategically spreading biased or misleading information to promote a political cause or point of view

A

Propaganda

82
Q

This refers to false news stories that appear credible and are spread over social media; creation and sharing of false information disguised as news from credible sources

A

“fake news”

83
Q

These involve the use of artificial intelligence to create realistic false images or videos; can manipulate speech, actions, video, etc. to create a fabricated event

84
Q

Can spread disinformation through exploiting search engine optimization tactics to ensure false content appears high in search results, giving it an air of credibility

A

SEO Search Engine Optimization

85
Q

A mathematical function that converts a variable length input into a fixed length output; produces different output for each input, must be computationally difficult to retrieve the input from the output, must be computationally difficult to find two different inputs that generate the same output

A

Hash Function

86
Q

This states that collisions become very common when the sample becomes large enough

A

the Birthday Problem

87
Q

When the attacker guesses all possible password combinations; only effective against short, non-complex passwords

A

Brute Force attack

88
Q

Attacks that assume people use words as passwords and they try all the words in the English language against the password file

A

Dictionary attacks

89
Q

An attack that assumes people uses words as passwords and tries all of them against the password file, but also takes variations of the words into account

A

Hybrid attacks

90
Q

This attack precomputes common password hashes

A

Rainbow Table Attack

91
Q

An attack where the attacker exploits the user reusing passwords across sites

A

Credential Stuffing

92
Q

The language used by relational databases that allows users and applications to create, update, delete, and retrieve data

A

SQL Structured Query Language

93
Q

This occurs when the web application inspects the input provided by a user to make sure that it’s in an appropriate format; this protects against unsafe user input by checking it on the server before executing commands; SQL injection prevention technique

A

Input Validation

94
Q

This precompiles SQL code on the database server to prevent user input from altering query structure; SQL injection prevention technique

A

Parameterized SQL

95
Q

These attacks occur when an attacker embeds malicious scripts in a third-party website that are later run by innocent visitors to that site; can take place without the victim’s knowledge

A

Cross-Site Scripting XSS

96
Q

Cross site request forgery can be referred to as

A

CSRF, XSRF, and “sea surf”

97
Q

These attacks leverage the fact that users are often logged into multiple sites at the same time and use one site to trick the browser into sending malicious requests to another site without the user’s knowledge

A

Cross-Site Request Forgery

98
Q

A request forgery attack that targets servers, rather than users, by manipulating servers into retrieving malicious data from what it believes to be a trusted source

A

Server-Side Request Forgery SSRF

99
Q

When the developer fails to check that the input provided by the user is short enough to fit in the buffer; user content may overflow from the area reserved for input into an area reserved for other purposes, creating unexpected results

A

Buffer Overflow Attacks

100
Q

Areas of memory set aside by developers to store user-supplied content

101
Q

A process that is possible if cookies are not randomly generated; using cookies to figure out user’s passwords

A

Cookie Guessing

102
Q

A process that is possible if cookie values are not encrypted in transit; an attacker eavesdrops on a user’s connection and steal the cookie value to use the cookie to login as the user

A

Session Replay

103
Q

Code execution attacks where the attacker runs commands of his or her choice

A

Arbitrary Code Execution

104
Q

These occur when an attacker exploits a vulnerability in a system that allows the attacker to run commands on the system

A

Code Execution Attacks

105
Q

Code execution attacks that take place over a network connection

A

Remote code execution

106
Q

Attacks that seek to take normal user accounts and transform them into accounts with administrative rights

A

Privilege Escalation Attack

107
Q

This occurs when developers fail to check on the backend whether a user is authorized to access a particular function of an application

A

Broken Access Control

108
Q

These occur when an insecure web application accidentally exposes sensitive information to eavesdroppers

A

Cryptographic Failures

109
Q

These occur when an attacker is able to insert code into a request sent to a website and then trick that website into passing the code along to a backend server where it’s executed

A

Injection Flaws

110
Q

This traces security issues back to the initial creation of code, which fails to meet security requirements

A

Insecure Design

111
Q

These occur because web applications depend upon a large number of complex systems that each have their own security settings. An error anywhere in those settings could jeopardize the security of the entire system

A

Security Misconfigurations

112
Q

An attack that uses directory navigation references to try to move up and down the directory structure

A

Directory Traversal Attack

113
Q

In a Linux file system, this references the current directory

A

. (a single period)

114
Q

In a Linus file system, this references the directory one lever higher in the hierarchy

A

.. (two periods)

115
Q

This occurs when the proper functioning of a security control depends upon the timing of actions performed by the user or computer; wrong time may cause the software to behave in an unexpected manner

A

Race Condition

116
Q

When software checks to see whether an activity is authorized and then some time elapses before it performs that action

A

Time of Check/Time of Use/Talk to Vulnerability

117
Q

When the attacker guesses repeatedly at the encryption key until they get the correct value for that key, can take a long time but require little information to start

A

Brute-Force Attacks

118
Q

List of all possible keys; The set of all possible encryption keys usable with an algorithm

119
Q

The attacker tries to break the code through some statistical analysis of the ciphertext to try to detect patterns; knowing things such as the most common letters in the English language and what that may look like in ciphertext

A

Frequency Analysis Attack

120
Q

When the attacker can create an encrypted message of their choice because they have a copy of ciphertext and plaintext

A

Chosen Plaintext attack

121
Q

Attacker searches for possible collisions in a hash function that may allow an attacker to exploit that function

A

Birthday Attack

122
Q

A mathematical problem that describes the probability of two people in a room sharing the same month and day of birth

A

Birthday Problem

123
Q

An attack that leverages a botnet to overwhelm a target; requests come from all over the place, so it is hard to distinguish them from genuine users; bandwith is a limiting factor

A

Distributed Denial of Service Attack

124
Q

This attack tricks browsers into using unencrypted communications

A

SSL stripping

125
Q

A service that translates common domain names into IP addresses for the purpose of network routing

A

DNS Domain Name System

126
Q

An attack that consists of registering domain names similar to official sites, hoping that users will make a typo and visit their sit

A

Typosquatting

127
Q

An attack where the attack takes over a domain registration from the true owner without permission

A

Domain Hijacking

128
Q

Attacks that place content on a legitimate site that automatically forwards a user from that legitimate site to a malicious site

A

URL redirection

129
Q

A threat intelligence capability that helps cybersecurity analysts identify whether traffic is coming from a known and trusted domain, or whether that domain is associated with past malicious activity

A

Domain reputation

130
Q

These attacks depend on capturing initialization vectors (IVs)

A

WEP(Wired Equivalent Privacy) attacks

131
Q

A type of DOS attack where attackers will cruise neighborhoods and commercial areas, using tools that capture information about wifi networks

A

Wardriving attacks

132
Q

Not safe network connections

A

WEP or WPA

133
Q

Safe network connections

A

WPA2 or WPA3

134
Q

A type of DOS attack where attackers will cruise neighborhoods and commercial areas using aircraft, drones, or other aerial vehicles, to capture information about wifi networks

A

Warflying attacks

135
Q

these occur when someone connects an unauthorized wireless access point to an enterprise network

A

Rogue access points

136
Q

When wireless access points may force a wireless device to immediately disconnect from the network

A

Disassociation

137
Q

An attack where the attacker send Bluetooth spam to a user’s device, usually trying to entice the user to take some action that will lead to a more advanced attack; are rare today

A

Bluejacking

138
Q

An attack where the attacker exploits a firmware flaw in older bluetooth devices, forces pairing between a victim’s device and their own and steal information from the device; rare today

A

Bluesnarfing