Domain 3: Threats and Vulnerablilities

Question 1

OVAL

Answer 1

open vulnerability assessment language.

Question 2

IRC

Answer 2

internet relay chat (used by bots, zombies and control centers).

Question 3

SPIM

Answer 3

spam over instant messaging.

Question 4

XSS

Answer 4

cross-site scripting (cookie stealing).

Question 5

Viruses

Answer 5

simple, needs user interaction. single host.

Question 6

Worms

Answer 6

no user interaction. replicates fast.

Question 7

Trojan Horse

Answer 7

concealed as a “good” program.

Question 8

Backdoor

Answer 8

Illicit server process.

Question 9

Steganography

Answer 9

hiding program or message inside an image.

Question 10

Logic Bomb

Answer 10

waits for activity or date. inside job.

Question 11

Rootkit

Answer 11

hides malicious activity.

Question 12

Replay

Answer 12

successful logon captured by a protocol analyzer.

Question 13

Phishing

Answer 13

sent to millions, no targeting.

Question 14

Spear Phishing

Answer 14

targeting an individual.

Question 15

Whaling

Answer 15

high-value targets.

Question 16

Vishing

Answer 16

phishing over VoIP.

Question 17

Pen Testing Tool

Answer 17

program used by ethical hackers to send exploits

Question 18

Vulnerability Assessment Tool

Answer 18

tool that determines vulnerability by passive techniques

Question 19

Return Address Pointer

Answer 19

a memory location for resuming processing

Question 20

Pharming

Answer 20

redirecting users to malicious sites via DNS

Question 21

Open Relay

Answer 21

way of forwarding spam

Question 22

Alternate Date Streams

Answer 22

technique for hiding files

Question 23

Buffer Overflow

Answer 23

corrupting the memory of a host