Hacking Flashcards
Cybercriminal (Black Hat)
A hacker who violates computer security for personal gain.
Social Engineering
Tricking people into breaking normal security rules and procedures and/or divulging personal information.
Trojan
A malicious program that pretends to be benign/normal.
The word “malware” comes from the term?
Malicious Software
Phishing
Sending a fake email that looks like it’s from a real company, to fool people
Hactivist
Subversive use of computer systems to promote a political/social agenda.
Asymmetric encryption
Uses a key-pair, a public key and a private key
Which type of attack does not require human assitance?
Worm
Zero-day exploit
Taking advantage of a software vulnerability on the day it is discovered, before the developers can patch it.
Which form is for Biometrics
It is a known and registered physical attribute of a user specifically used for verifying their identity
Ransomware
A virus that encrypts your files then demands payment to decrypt them
Malicious Insider
A hacker who uses their access to harm their employer.
DDOS
A malicious attempt to make an internet/network server unavailable to legitimate users.
Pharming
Having users directed to a fake website instead of a genuine website, to fool them
What is cyber security?
the practice of protecting systems, networks, and programs from digital attacks.
Which backup strategy includes only the files and software that have changed since the last full backup?
Incremental
Certified Ethical Hacker (White Hat)
An expert hacker who uses abilities for good, ethical, legal purposes.
Hacker
Is a person who breaks into computers, usually by gaining access to administrative controls.
Virus
A malicious file that can attach to other files and replicate when the user shares the file.
Which of these is regularly used to secure online communication?
Public-key encryption
Static heuristic
Decompile and look for source code, and compare against heuristic database of existing, known viruses.
Dynamic heuristic
Lets the program run in a controlled situation (sandbox) while antivirus observes actions.
Strange actions e.g. deleting files and duplicating, quarantines the program.
Physical security
Fire detection and supression systems, CCTV, locks, biometrics, and ensuring that the hardware is in a safe location.
Encryption
Converting data into an illegible, scrambled format so it cannot be understood by unauthorsised parties. Uses an encryption algorithm and a unique key.
Key needed to convert other format back to plaintext
Audit trails
Improve accountability by keeping track of who made what changes (and when) during development.
Blagging
Creating and using an invented scenario to engage a targeted victim in divulging personal info.
Acceptable Use Policy
A collection of rules and procedures that employees are required to follow in order to protect their organisation’s systems and networks.
Quid pro quo
QPP means “something for something”. Provides a benefit in exchange for information. e.g You won an iPad!
Baiting
The promise of cash or goods that people with malicious intent use to entice victims e.g. offering free music or movie downloads to trick users into revealing their login credentials.