Domain 2.2-2.4

Question 1

eliciting information

Answer 1

extracting info from the victim

Question 2

watering hole attack

Answer 2

you wait where you know the company will come and set a trap there.

Question 3

Typosquatting

Answer 3

also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright)

Question 4

memory injection

Answer 4

add code into the memory of an existing process.

Question 5

DLL injection

Answer 5

dynamic link library
-a windows library containing code and data.
attackers inject a path to a malicious DLL

Question 6

buffer overflows

Answer 6

overwriting a buffer of memory so it spills over into other memory areas

Question 7

race condition

Answer 7

time of check to time of use (TOCTOU), something might happen between the check and the use.

Question 8

malicious update

Answer 8

update from a third party. always have a backup.

Question 9

os vulnerabilities

Answer 9

millions of lines of code, havent found all vulnerabilities.

Question 10

SQL injection

Answer 10

Your own Structured Query Language requests into a websites code and make it do whatever you want.

Question 11

XSS

Answer 11

are used to redirect users to websites where attackers can steal data from them. uses Javascript

Question 12

non-persistent (reflected) XSS attack

Answer 12

script not stored on in the victim’s memory. has to be copy and pasted in the browser

Question 13

persistent (stored) XSS attack

Answer 13

code that is stored in the victims cookies or the server’s database.

Question 14

EOL

Answer 14

End-of-Life, manufacturer stops selling a product

Question 15

EOSL

Answer 15

End of Service Life
Support is no longer available for the product

Question 16

resource reuse

Answer 16

can allocate ram to VMs as needed. 4gb of ram can support 3 vm that need 2gb of ram each if only 2 at a time use the ram

Question 17

cloud vulnerabilities

Answer 17

63% of cloud code isn’t fixed.

Question 18

service providers

software providers

Answer 18

have access to internal services, so they can be insider threat.

check digital signature before installation

Question 19

unsecure admin accounts

Answer 19

linux root account should have direct login disabled. Should not be a lot of admin accounts out there.

Question 20

cryptographic(ways to undo the security) vulnerability

Answer 20

where attackers often target sensitive data due to lack of security implementation

Question 21

jailbraking

Answer 21

replace os, uncontrolled access

Question 22

side loading

Answer 22

downloading apps without using the app store

Question 23

mdm

Answer 23

mobile device mgmt, in charge of security

Question 24

worm

Answer 24

gets in your system through a known vulnerability

Question 25

virus types, keep spreading through system

Answer 25

program
boot sector
script virus
macro viruses
fileless virus, avoids anti virus detectoin, operates in memory

Question 26

bloatware

Answer 26

apps installed by manufacturer, take up storage space, those apps could be vulnerable

Question 27

rootkit

Answer 27

malware that runs as part of the os