Domain 2.2-2.4 Flashcards

1
Q

eliciting information

A

extracting info from the victim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

watering hole attack

A

you wait where you know the company will come and set a trap there.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Typosquatting

A

also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

memory injection

A

add code into the memory of an existing process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DLL injection

A

dynamic link library
-a windows library containing code and data.
attackers inject a path to a malicious DLL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

buffer overflows

A

overwriting a buffer of memory so it spills over into other memory areas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

race condition

A

time of check to time of use (TOCTOU), something might happen between the check and the use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

malicious update

A

update from a third party. always have a backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

os vulnerabilities

A

millions of lines of code, havent found all vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SQL injection

A

Your own Structured Query Language requests into a websites code and make it do whatever you want.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

XSS

A

are used to redirect users to websites where attackers can steal data from them. uses Javascript

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

non-persistent (reflected) XSS attack

A

script not stored on in the victim’s memory. has to be copy and pasted in the browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

persistent (stored) XSS attack

A

code that is stored in the victims cookies or the server’s database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

EOL

A

End-of-Life, manufacturer stops selling a product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

EOSL

A

End of Service Life
Support is no longer available for the product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

resource reuse

A

can allocate ram to VMs as needed. 4gb of ram can support 3 vm that need 2gb of ram each if only 2 at a time use the ram

17
Q

cloud vulnerabilities

A

63% of cloud code isn’t fixed.

18
Q

service providers

software providers

A

have access to internal services, so they can be insider threat.

check digital signature before installation

19
Q

unsecure admin accounts

A

linux root account should have direct login disabled. Should not be a lot of admin accounts out there.

20
Q

cryptographic(ways to undo the security) vulnerability

A

where attackers often target sensitive data due to lack of security implementation

21
Q

jailbraking

A

replace os, uncontrolled access

22
Q

side loading

A

downloading apps without using the app store

23
Q

mdm

A

mobile device mgmt, in charge of security

24
Q

worm

A

gets in your system through a known vulnerability

25
Q

virus types, keep spreading through system

A

program
boot sector
script virus
macro viruses
fileless virus, avoids anti virus detectoin, operates in memory

26
Q

bloatware

A

apps installed by manufacturer, take up storage space, those apps could be vulnerable

27
Q

rootkit

A

malware that runs as part of the os