Domain 2 (Threats, Vulnerabilities, and Mitigations) Flashcards
Practice Questions unofficial sources
1
Q
____ attacks seek to undermine confidentiality
A
Disclosure
Making sensitive information available to individuals or the general public without the owner’s consent
2
Q
___ ___ are violations of confidentiality
A
Data Breaches
When confidentiality data loss occurs
3
Q
___ ___ removes sensitive information from an organization’s control
A
Data Exfiltration
4
Q
___ attacks seek to undermine integrity
A
Alteration
Hacker seeking to intentionally alter information, or a service disruption accidentally affecting data stored in a system
5
Q
____ attacks seek to undermine availability
A
Denial
Denial-of-service attacks try to either overwhelm a system or cause it to crash, to deny legitimate users the access they need
6
Q
___ risks involve monetary loss to the organization
A
Financial
Might include the cost of restoring damaged equipment and data, conducting an incident response investigation, etc.
7
Q
___ risk impacts how stakeholders view our organization; may be difficult to quantify
A
Reputational
When the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, and other stakeholders
8
Q
___ risk jeopardizes our ability to meet our major goals and objectives
A
Strategic
Organization may become less effective in meeting major goals and objectives as a result of a breach
9
Q
___ risk affects our ability to carry out day to day activities
A
Operational
May slow down business processes, delay delivery of customer orders, or require implementation of time heavy workarounds
10
Q
___ risk involves potential violations of laws or regulations
A
Compliance
Could include HIPAA if a hospital loses patient medical records, etc.
11
Q
First step of end of life process for a product; Product will no longer be offered for purchase, but the vendor will continue to support existing customers
A
End of Sale
12
Q
Next step of end of life process for a product; Vendor will reduce or eliminate support for existing users of the product; may become vulnerable
A
End of Support
13
Q
Last step of end of life process for a product; Vendor will no longer provide any support or updates for the product; is vulnerable and exposed to risk
A
End of Life
14
Q
This limits user permissions; when a user should only have the minimum necessary set of permissions required to do their job
A
Least Privilege
15
Q
Processes and practices used to design systems; A set of well defined practices and processes used to build complex technical systems
A
IT architecture
16
Q
When new devices are connected to a network, but old devices are not promptly disconnected, leading to security vulnerabilities; devices not managed using a full system lifecycle
A
System Sprawl
17
Q
Every piece of malware that you encounter will have two components:
A
A propagation mechanism and a payload
17
Q
The way that a malware object spreads from one system to another
A
Propagation Mechanism
17
Q
The malicious action that the malware performs
A
Malware Payload
18
Q
Spreads from system to system based upon some type of user action
A
Viruses
19
Q
Spreads from system to system without any user interaction; they reach out and exploit system vulnerabilities; uses one infected system as the bae for spreading to other parts of the local area network or the broader internet
A
Worm
20
Q
Infected about 10% of the Internet, was the first major worm outbreak, written by Robert Morris, eye opening event for security
A
The RTM Worm
21
Q
Created in 2010, infiltrated Iranian nuclear facility, first worm to cross the virtual/physical barrier in a major way
A
Stuxnet Worm
22
Q
Virus that hides itself; pretends to be legitimate software that the user may want to download and install, software performs as normal, but also carries malicious hidden payload
A
Trojan Horse
23
Provide backdoors to hacked systems; provide hackers with the ability to remotely access and control infected systems
RAT Remote Access Trojans
24
OSI Model
7 layers from top to bottom: Application, Presentation, Session, Transport, Network, Data Link, Physical
25
Layer 1 OSI
Physical layer
26
Layer 2 OSI
Data Link Layer
27
Layer 3 OSI
Network layer
28
Layer 4 OSI
Transport layer
29
Layer 5 OSI
Session layer
30
Layer 6 OSI
Presentation layer
31
Layer 7 OSI
Application layer
32
TCP model
4 layers from top to bottom: application, transport, internet, network interface
33
Layer 1 TCP
Network Interface layer
34
Layer 2 TCP
Internet layer
35
Layer 3 TCP
Transport layer
36
Layer 4 TCP
Application layer
37
Gathers information without the user's knowledge or consent, information is then reported back to the malware author
Spyware
38
Malware that blocks access to data; blocks a user's legitimate use of a computer or data until they are paid
Ransomware
39
Malware that takes over the computing capacity of a user's system to mine cryptocurrencies
Crypto-malware
40
Spyware techniques
Logging keystrokes, monitoring web browsing, searching hard drives and cloud storage
41
Capturing every key that a user presses and then reporting back to the malware author
Logging keystrokes
42
Tracks user data then may use it to target advertising to the user or report it back to the malware author
Monitoring web browsing
43
When malware reaches inside a system and searches services used by the user, seeking out sensitive information
Searching hard drives and cloud storage
44
Adware and spyware that often come bundled with software that the user wants to download
Bloatware
45
Malware that embeds itself in other programs; programmer provides workaround access for themselves in the future
Backdoors
46
Malware that embeds itself in other programs; delivers a triggered payload; set to execute a payload when certain conditions are met
Logic Bombs
47
Backdoor mechanisms
hardcoded accounts, default passwords, unknown access channels
48
Where there's a specific username and password that will always grant access to the system
Hardcoded accounts
49
When there are passwords that users might not remember or know to change
Default passwords
50
Where there's a way to gain access to a system without going through the normal authentication process
Unknown access channels
51
A special superuser account that provides unrestricted access to system resources; normally reserved for system administrators
The root account
52
A type of malware that originally were designed for privilege escalation; now also describes software techniques designed to hide other software on a system
Rootkits
53
Run with normal user privileges, are easy to write and difficult to detect
User mode rootkits
54
Run with system privileges, are difficult to write and easy to detect
Kernel mode rootkits
55
A form of malware that remain in memory; seek to avoid detection by simple antivirus software; never write any data to disk, operate completely within memory
Fileless viruses
56
Network of infected machines; collections of zombie computers used for malicious purposes
Botnet
57
A sequence of instructions written in a programming language to automate our work; can be found on operating systems, hosted on websites, and within our own applications
A script
58
These are designed to be run at the command line and integrate with the operating system; allow the script developer to manipulate files and perform other operating system tasks
Shell scripts
59
These run within a software application and integrate with that application; allow interaction with the application in a programmatic matter
Application scripts
60
These allow the creation of general purpose code; allow us to write scripts that carry out virtually any task
Programming Languages
61
A scripting language used on Linux and Mac systems; a powerful scripting language that system administrators love because it integrates directly with the Mac and Linux operating systems
Bash
62
A scripting language that allows Window administrators to automate routine Windows tasks.
Powershell
63
Scripts that run within an application environment, allowing the automation of tasks within that application
Macros
64
A macro script for applications used with Microsoft Office productivity suite
Visual Basic (VBA)
65
A powerful general purpose programing language used to create a diverse set of scripts; used to write code to perform virtually any task
Python
66
Hackers that operate with permission and good intent; work with the full permission of the target company and have the motivation of finding security flaws that they can fix
White hat hackers/Authorized attackers
67
Hackers that operate illegally with malicious intent; those who don't have permission to hack
Black hat hackers/Unauthorized attackers
68
Hackers that operate without permission but with good intent; fit somewhere in the middle as they don't have permission and their activity is usually illegal, but they hack with the motivation of helping their victims improve their security; this is frowned upon by both security professionals and law enforcement
Grey hat hackers/Semi-authorized attackers
69
Ethical disclosure when you find a vulnerability
1 Notify the vendor of the vulnerability
2 Provide the vendor reasonable time to create a patch
3 Disclose the vulnerability publicly
70
A vulnerability in a product that has been discovered by at least one researcher but has not yet been patched by the vendor
Zero-Day vulnerability
71
The time between the discovery of a zero-day vulnerability and the release of a security update
window of vulnerability
72
Attackers that are well-funded and highly skilled, typically government sponsored, have access to zero days and other sophisticated weapons, work methodically to gain access to a target, targets typically have military or economic value
APT Advanced Persistent Threats
73
Manipulating people into divulging information or performing an action that undermines security
Social Engineering
74
Six main reasons that social engineering attacks are successful
authority, intimidation, scarcity, urgency, familiarity
75
A sophisticated form of email phishing that targets businesses and individuals. Typically involves attackers impersonating a business or executive to trick employees, partners, or customers into transferring funds or sensitive information
BEC Business Email Compromise
76
A BEC scam that involves impersonating a high ranking executive
CEO fraud
77
A complex form of BEC where the attacker infiltrates a vendor's email to send a fake invoice with fake payment details to trick the client
Vendor Email compromise
78
A form of BEC aimed at obtaining employee tax information for use in identity theft
W-2 Solicitation
79
False information that is spread unintentionally, unknowingly
Misinformation
80
False information that is spread intentionally, with the goal of deceiving others; deliberate intent to deceive
Disinformation
81
Form of disinformation, strategically spreading biased or misleading information to promote a political cause or point of view
Propaganda
82
This refers to false news stories that appear credible and are spread over social media; creation and sharing of false information disguised as news from credible sources
"fake news"
83
These involve the use of artificial intelligence to create realistic false images or videos; can manipulate speech, actions, video, etc. to create a fabricated event
Deepfakes
84
Can spread disinformation through exploiting search engine optimization tactics to ensure false content appears high in search results, giving it an air of credibility
SEO Search Engine Optimization
85
A mathematical function that converts a variable length input into a fixed length output; produces different output for each input, must be computationally difficult to retrieve the input from the output, must be computationally difficult to find two different inputs that generate the same output
Hash Function
86
This states that collisions become very common when the sample becomes large enough
the Birthday Problem
87
When the attacker guesses all possible password combinations; only effective against short, non-complex passwords
Brute Force attack
88
Attacks that assume people use words as passwords and they try all the words in the English language against the password file
Dictionary attacks
89
An attack that assumes people uses words as passwords and tries all of them against the password file, but also takes variations of the words into account
Hybrid attacks
90
This attack precomputes common password hashes
Rainbow Table Attack
91
An attack where the attacker exploits the user reusing passwords across sites
Credential Stuffing
92
The language used by relational databases that allows users and applications to create, update, delete, and retrieve data
SQL Structured Query Language
93
This occurs when the web application inspects the input provided by a user to make sure that it's in an appropriate format; this protects against unsafe user input by checking it on the server before executing commands; SQL injection prevention technique
Input Validation
94
This precompiles SQL code on the database server to prevent user input from altering query structure; SQL injection prevention technique
Parameterized SQL
95
These attacks occur when an attacker embeds malicious scripts in a third-party website that are later run by innocent visitors to that site; can take place without the victim's knowledge
Cross-Site Scripting XSS
96
Cross site request forgery can be referred to as
CSRF, XSRF, and "sea surf"
97
These attacks leverage the fact that users are often logged into multiple sites at the same time and use one site to trick the browser into sending malicious requests to another site without the user's knowledge
Cross-Site Request Forgery
98
A request forgery attack that targets servers, rather than users, by manipulating servers into retrieving malicious data from what it believes to be a trusted source
Server-Side Request Forgery SSRF
99
When the developer fails to check that the input provided by the user is short enough to fit in the buffer; user content may overflow from the area reserved for input into an area reserved for other purposes, creating unexpected results
Buffer Overflow Attacks
100
Areas of memory set aside by developers to store user-supplied content
Buffers
101
A process that is possible if cookies are not randomly generated; using cookies to figure out user's passwords
Cookie Guessing
102
A process that is possible if cookie values are not encrypted in transit; an attacker eavesdrops on a user's connection and steal the cookie value to use the cookie to login as the user
Session Replay
103
Code execution attacks where the attacker runs commands of his or her choice
Arbitrary Code Execution
104
These occur when an attacker exploits a vulnerability in a system that allows the attacker to run commands on the system
Code Execution Attacks
105
Code execution attacks that take place over a network connection
Remote code execution
106
Attacks that seek to take normal user accounts and transform them into accounts with administrative rights
Privilege Escalation Attack
107
This occurs when developers fail to check on the backend whether a user is authorized to access a particular function of an application
Broken Access Control
108
These occur when an insecure web application accidentally exposes sensitive information to eavesdroppers
Cryptographic Failures
109
These occur when an attacker is able to insert code into a request sent to a website and then trick that website into passing the code along to a backend server where it's executed
Injection Flaws
110
This traces security issues back to the initial creation of code, which fails to meet security requirements
Insecure Design
111
These occur because web applications depend upon a large number of complex systems that each have their own security settings. An error anywhere in those settings could jeopardize the security of the entire system
Security Misconfigurations
112
An attack that uses directory navigation references to try to move up and down the directory structure
Directory Traversal Attack
113
In a Linux file system, this references the current directory
. (a single period)
114
In a Linus file system, this references the directory one lever higher in the hierarchy
.. (two periods)
115
This occurs when the proper functioning of a security control depends upon the timing of actions performed by the user or computer; wrong time may cause the software to behave in an unexpected manner
Race Condition
116
When software checks to see whether an activity is authorized and then some time elapses before it performs that action
Time of Check/Time of Use/Talk to Vulnerability
117
When the attacker guesses repeatedly at the encryption key until they get the correct value for that key, can take a long time but require little information to start
Brute-Force Attacks
118
List of all possible keys; The set of all possible encryption keys usable with an algorithm
Keyspace
119
The attacker tries to break the code through some statistical analysis of the ciphertext to try to detect patterns; knowing things such as the most common letters in the English language and what that may look like in ciphertext
Frequency Analysis Attack
120
When the attacker can create an encrypted message of their choice because they have a copy of ciphertext and plaintext
Chosen Plaintext attack
121
Attacker searches for possible collisions in a hash function that may allow an attacker to exploit that function
Birthday Attack
122
A mathematical problem that describes the probability of two people in a room sharing the same month and day of birth
Birthday Problem
123
An attack that leverages a botnet to overwhelm a target; requests come from all over the place, so it is hard to distinguish them from genuine users; bandwith is a limiting factor
Distributed Denial of Service Attack
124
This attack tricks browsers into using unencrypted communications
SSL stripping
125
A service that translates common domain names into IP addresses for the purpose of network routing
DNS Domain Name System
126
An attack that consists of registering domain names similar to official sites, hoping that users will make a typo and visit their sit
Typosquatting
127
An attack where the attack takes over a domain registration from the true owner without permission
Domain Hijacking
128
Attacks that place content on a legitimate site that automatically forwards a user from that legitimate site to a malicious site
URL redirection
129
A threat intelligence capability that helps cybersecurity analysts identify whether traffic is coming from a known and trusted domain, or whether that domain is associated with past malicious activity
Domain reputation
130
These attacks depend on capturing initialization vectors (IVs)
WEP(Wired Equivalent Privacy) attacks
131
A type of DOS attack where attackers will cruise neighborhoods and commercial areas, using tools that capture information about wifi networks
Wardriving attacks
132
Not safe network connections
WEP or WPA
133
Safe network connections
WPA2 or WPA3
134
A type of DOS attack where attackers will cruise neighborhoods and commercial areas using aircraft, drones, or other aerial vehicles, to capture information about wifi networks
Warflying attacks
135
these occur when someone connects an unauthorized wireless access point to an enterprise network
Rogue access points
136
When wireless access points may force a wireless device to immediately disconnect from the network
Disassociation
137
An attack where the attacker send Bluetooth spam to a user's device, usually trying to entice the user to take some action that will lead to a more advanced attack; are rare today
Bluejacking
138
An attack where the attacker exploits a firmware flaw in older bluetooth devices, forces pairing between a victim's device and their own and steal information from the device; rare today
Bluesnarfing
