Identifying Security Threats And Vulnerabilities 2

Question 0

List types of social engineering

Answer 0

Spoofing. Impersonation. Hoax. Phishing. Vishing. Whaling. URL hijacking. Spam & slim. Shoulder surfing. Dumpster diving. Tailgating.

Question 1

What is a social engineer attack

Answer 1

A type of attack that uses deception to trick users into providing sensitive data or violating security guidelines.

Question 2

Spoofing

Answer 2

Human based or software based social engineering attack. Goal is to pretend to be someone else for identity concealment. Can occur in IP Addresses, MAC Addresses, and email.

Question 3

Impersonation

Answer 3

Human based social engineering attack where attacker pretends to be someone they are not. Successful in situations where identity cannot easily be established

Question 4

Hoax

Answer 4

Email based or web based social engineering attack. Intended to trick the user to perform undesired actions or give up important information or money.

Question 5

Phishing

Answer 5

Email based social engineering attack where attacker sends an email that seems to come from a respected institution. Wants the user to provide private information to verify an account.

Question 6

Spear phishing

Answer 6

Email based social engineering attack targeting specific individuals or institutions

Question 7

Pharming

Answer 7

Similar to phishing social engineering attack but redirects a request for a website to a similar but fake site

Question 8

Vishing

Answer 8

Human based social engineering attack where the goal is to extract personal private information using the phone system IP based voice messaging services such as VoIP

Question 9

Whaling

Answer 9

social engineering attack a form of spear phishing that targets individuals of great wealth

Question 10

URL hijacking

Answer 10

Also called typo squatting. Exploits typos that users sometimes make when entering a URL into a browser

Question 11

Spam and slim

Answer 11

social engineering Email based threat where the users inbox is flooded with emails that carry advertising material for products. Can sometimes deliver viruses or malware.
Slim attack is Similar to spam done through instant messaging

Question 12

Shoulder surfing

Answer 12

social engineering attack where an attacker looks over shoulder to get passwords and PIN numbers

Question 13

Dumpster diving

Answer 13

Social engineering attack where the goal is to get private information by inspecting the trash

Question 14

Tailgating

Answer 14

Also called piggy backing. Human based social engineering attack where the attacker follows an employee through a secure area.

Question 15

What is a white hat hacker

Answer 15

Discovers and exposes security flaws in apps and OSs so that manufacturers can fix them Geoffrey becoming wide spread. Aka ethical hack

Question 16

What is a black hat hacker

Answer 16

Discovers and exposes security flaws for financial gain or malicious purpose.

Question 17

What is a grey hat hacker

Answer 17

Discovers and publicizes security problems without the permission or knowledge of an organization. Moral intent is in question.

Question 18

Why does social engineering work

Answer 18

Common and therefore successful. Exploits basic human trust, thought processes and behavior. Takes advantage of users who aren’t thinking critically or the human need to want to belong to groups and defer actions to the wisdom of crowds. The weakest link can compromise an entire system

Question 19

Categories of attackers

Answer 19

Malicious insider
Electronic activists
Data thief
Script kiddie
Electronic vandal
Cyberterrorist

Question 20

A malicious insider threat is

Answer 20

A threat originating from an employee in an organization who performs malicious acts. Fueled by resentment motivated by financial gain

Question 21

Electronic activist or hacktivist

Answer 21

Motivated by a desire to cause social change or promoting a message by replacing the info on public websites. Cause damage to organizations deemed socially irresponsible or unworthy

Question 22

Data thief

Answer 22

Blatantly steals resources or confidential information for personal or financial gain. Covers their tracks to avoid detection. Exploits unauthorized access or acts in collusion with a disgruntled employee

Question 23

Script kiddie

Answer 23

Aka Novice attacker has limited technical knowledge and motivated to gain and display skill

Question 24

Electronic vandal

Answer 24

Attacker wants to cause as much damage as possible

Question 25

Cyberterrorist

Answer 25

Attacker tries to disrupt computer systems to spread fear and panic.

Question 26

Basic explanation of malware

Answer 26

Most prevalent threat to computers. Is insidious and difficult to remove. A collection of different methods that can exploit vulnerabilities in your information security.

Question 27

A malicious code attack

Answer 27

A type of software attack where undesired software or malware is Inserted into a target system

Question 28

What are some potential uses of malicious code

Answer 28

Denial of Service (DOS) attacks
Hosting illicit or illegal data
Skimming personal or business info for identity theft, profit, or extortion
Displaying unsolicited ads

Question 29

A virus is

Answer 29

A piece of code that spread from one computer to another by attaching itself to other files through self replication. Code executes when the attached file is opened and interferes with the functioning of the machine.

Question 30

What is a worm

Answer 30

Malware that replicates itself across the infected system. Does not attach itself to files. Intended to interrupt network capabilities. Primary function is to spread and cripple network bandwidth

Question 31

What is adware

Answer 31

Malware that automatically displays or downloads unsolicited advertising when used. Appears as browser pop ups. Have been associated with spyware. Reduces productivity by slowing down systems.

Question 32

What is spyware

Answer 32

Malicious software intended to track and report the usage of a target system or collect other data.

Question 33

What is a Trojan horse

Answer 33

Or simply a Trojan is hidden malware that causes damage to a system or gives an attacker a platform for monitoring and controlling a system. Do not replicate themselves or attach to files. Usually propagated by social engineering when users download an email or program

Question 34

What is a rootkit

Answer 34

Malware code that is intended to take full or partial control of a system at the lowest levels. Hide themselves from monitoring or detection and modify low level system files when integrating into system. most install backdoors or spyware,

Question 35

What is a logic bomb

Answer 35

A malware piece of code that sits dormant on a target computer until it is triggered by a specific event. When detonates performs the programmed actions often includes erasing or corrupting data on target system.

Question 36

What is a botnet

Answer 36

A set of computers that have been infected by a control program called a bot that enables attackers to exploit those computers to mount attacks. These infected machines are referred to as zombies or drones. Used to coordinate DoS attacks, send spam email and mine for private info.

Question 37

What is ransomware

Answer 37

Malware in which an attacker infects a victims computer with code that restricts access to the to computer and the data on it. Then the attacker demands ransom with the threat of destroying the data.

Question 38

Polymorphic malware

Answer 38

Encrypted viruses that infect files with an encrypted copy of itself. The decryption module is altered each time the virus infects a file.

Question 39

What is an armored virus

Answer 39

Virus attempts to trick or shield themselves from antivirus software. Virus is able to obscure it’s true location in a system

Question 40

A software attack is

Answer 40

Any attack against software resources. Goal is to disrupt or disable the software running on the target system

Question 41

A password attack is

Answer 41

Attacker attempts to obtain and make use of passwords illegitimately.

Question 42

Types of password attacks

Answer 42

Guessing
Stealing 
Dictionary attack
Brute force attack 
Rainbow tables
Hybrid password attack
Birthday attack

Question 43

Guessing password attack is

Answer 43

Making individual repeated attempts to guess a password by entering different common password values

Question 44

Brute force password attacks uses

Answer 44

Attacker uses password cracking software to attempt every possible alphanumeric combination. Most effective at cracking short passwords.

Question 45

Rainbow tables password attacks

Answer 45

Sets of related plaintext passwords and their hashes. Executed by comparing the target password hash to the password hashes stored in the tables then work backward to determine a girls password from known hash

Question 46

Backdoors attacks are

Answer 46

Type of software attack where an attacker creates software mechanism called backdoors to gain access to a computer. Typically delivered through a Trojan horse or other malware

Question 47

Takeover attacks

Answer 47

Backdoors attacks can be the first step in which an attacker assumes complete control over a system.

Question 48

Application attacks

Answer 48

Software attacks that are targeted at web based and other client server applications. Can lead to an authentication breach, customer impersonation, info disclosure, source code disclosure or tampering.

Question 49

A client side attack

Answer 49

An application attack that specifically exploits the trust between a user and a server.

Question 50

List types of application attacks

Answer 50

Cross-site scripting XSS
Command injection attacks
Zero day exploit
Cookie manipulation
Locally shared object LSO
Attachment attack
Malicious add-on
Header manipulation
Buffer overflow 
Integer overflow
Arbitrary code execution

Question 51

Four types of command injection attacks

Answer 51

SQL injection
LDAP injection
XML injection
Directory reversal

Question 52

SQL injection attack

Answer 52

Command injection attack that inject a structured query language SQL into the input data intended for the server by accessing the client side of the application. Exploits and reads or modifies data in the database or executes admin operations.

Question 53

LDAP injection attack

Answer 53

Command injection attack they targets web based applications by fabricating Lightweight Directory Access Protocol statements created by user input

Question 54

XML injection attack

Answer 54

Command injection attack that injects corrupted eXtensible Markup Language query data so an attacker can gain access to the XML data structure

Question 55

Directory traversal attack

Answer 55

A command injection attack that allows access to commands, files, and directories connected to the web document root directory. Affects http based interface

Question 56

Zero day exploit application attack

Answer 56

An attacks that occurs whe on the security level of a system is at its lowest immediately after the discovery of a vulnerability

Question 57

Cookie manipulation application attack

Answer 57

Attack injects a meta tag in an HTTP header making it possible to modify s cookie stored in a browser

Question 58

Locally shared object LSO application attacks

Answer 58

Aka flash cookies. Are data that is stored on a users computer by websites that use Adobe flash player. Even after wiping the browser it can remain

Question 59

Attachment application attack.

Answer 59

An attack where the attacker can merge malicious software into a downloadable file on a web server

Question 60

Malicious add on application attack

Answer 60

An add on that is meant to look normal except when Installed malicious content is injected to target security loop holes present in the web browser

Question 61

Header manipulation application attack

Answer 61

Am attack in which data goes past the boundary of the destination buffer and corrupts adjacent memory. Causes app to crash and reboot

Question 62

Integer overflow application attacks

Answer 62

An attack which a computed result is too large to fit its assigned storage space and may trigger a buffer overflow

Question 63

Arbitrary code execution application attack

Answer 63

Aka remote code execution. Exploits application vulnerabilities by allowing an attacker to execute any command on a victims machine.

Question 64

TCP/IP basics

Answer 64

Transmission Control Protocol/Internet Protocol
Standard network protocol used
Is a layered suite of many protocols
By adding header info to the data in a network packet a protocol at a given layer on the sending host can communicate with the protocol at the corresponding layer at the receiving host.

Question 65

The logical end points of a connection between hosts are called

Answer 65

Ports

Question 66

Each host on a TCP/IP network receives ______ & _______

Answer 66

Receives a numeric address and a descriptive address

Question 67

TCP/IP layers

Answer 67

Network interface / data link layer
Internet layer
Transport layer
Application layer

Question 68

Describe the network interface/data link layer of TCP/IP

Answer 68

Enables the network software to transmit data on the physical network via the network adapter cards and network media.

Major protocol is Ethernet and wireless specs

Question 69

Describe the Internet layer of TCP/IP

Answer 69

Provides addressing, naming and routing
Major protocols: IP manages numeric host addresses across the Internet.
DHCP dynamic host configuration protocol manages automatic address assignment
ICMP Internet control message protocol
Test for communication between devices and sends error messages when network function is unavailable

Question 70

Describe the transport layer of TCP/IP

Answer 70

Provides connection and communication services.
Major protocols:
TCP Transmission Control Protocol
A connection oriented guaranteed delivery protocol. Waits for ACK (acknowledgement) and fixes errors when possible
UDP user datagram protocol
Ensures the consistent transmission of data packets or datagrams by bypassing error checking

Question 71

Describe the application layer of TCP/IP

Answer 71

Provides utilities that enable client applications on an individual system to access the networking software.
Major protocols:
NetBIOS. Network basic input output system. A simple broadcast based naming service
Sockets. A piece of software within an operating system that connects an application with a network protocol so that the application can request network services from the os
FTP. File transfer protocol. Enables the transfer of files between a users workstation and a remote host over a TCP network.

Question 72

A port scanning attack is

Answer 72

Network attack where a potential attacker scans the devices connected to the Internet to see which TCP and UDP ports are listening and which services on the system are active.

Question 73

An eavesdropping attack is

Answer 73

Also called sniffing attack uses special monitoring software to gain access to private network communications. Can be done on wired and wireless networks. Hard to detect

Question 74

Man In the middle attack is

Answer 74

A form of eavesdropping where the attacker makes an independent connection between two victims and relays info between the two as if they are directly talking over closed connection but in fact the attacker is controlling the info that travels between the two victims.

Question 75

A replay attack is

Answer 75

A network attack where an attacker captures network traffic and store it for retransmitting at a later time to gain unauthorized access to a specific host/network.

Question 76

Types of social network attacks

Answer 76

Evil twin attack and account phishing
Drive-by download 
Clickjacking
Password stealer 
Spamming

Question 77

Describe an evil twin attack

Answer 77

An attack in a social networking site where an attacker creates a social network account to impersonate a genuine user. Then users add the attacker account as a friend and has access to personal details etc.

Question 78

Describe drive-by download

Answer 78

A program thats automatically installed on a computer when a user accesses a malicious site

Question 79

Describe clickjacking

Answer 79

A social network attack that tricks a user into clicking an unintended link. Uses a combo of visible and invisible HTML frames to fool the user into thinking they are clicking what’s visible. The invisible link is layered on top of or beneath the visible from

Question 80

Describe password stealer attack

Answer 80

A social network attack where software is installed on a system and captures all the passwords and user names entered into the messaging app or social network site which is sent to the attacker

Question 81

Describe spamming attack

Answer 81

In social networking refers to sending unsolicited bulk messages in a social network site

Question 82

What is DoS attack

Answer 82

A denial of service attack a network attack where an attacker disrupts or disables systems that provide network services.
Includes flooding link to consume bandwidth
Exploit known flaws
Sending multiple service requests
Flooding email inbox

Question 83

What is a DDoS attack

Answer 83

A distributed denial of service attack a type of DoS attack that uses multiple computers in disparate networks to launch the attack simultaneously. Computers turned into zombies or drones to carry out attack

Question 84

Types of DoS attacks

Answer 84

ICMP flood
UDP Flood
SYN flood
Buffer overflow
Reflected DoS attack
Permanent DoS attack

Question 85

Describe ICMP flood attack

Answer 85

DoS attack based on sending high volumes of ICMP pings packets to a target. Aka smurf attacks and ping floods.

Question 86

Describe UDP flood attack

Answer 86

DoS attack that overwhelms the target with UDP ping requests

Question 87

Describe SYN flood attack

Answer 87

DoS attack sends countless requests for a TCP connection (SYN messages) to an FTP server, web server attached to the Internet. Target server will stop responding to legitimate request because memory resources are flooded with incomplete TCP connections

Question 88

Buffer overflow attack

Answer 88

DoS attack where too much data is fed into a fixed length memory buffer resulting in adjacent areas of memory being overwritten. Or when an excessive amount of incomplete Fragmented traffic on a network.

Question 89

Describe reflected DoS attack

Answer 89

DoS or DDoS attack where a forged source IP address is used when sending requests to a large number of computer. Causes those systems to send a reply to the target system causing a DoS condition

Question 90

Describe permanent DoS attack

Answer 90

Also called phlashing. Targets the actual hardware of a system to prevent the victim from recovering from denial of service. Forces repair or replace the hardware.

Question 91

What is a session hijacking attack

Answer 91

Exploits a computer in session to obtain unauthorized access to an organizations network or services. Involves stealing an active session cookie used to authenticate a user to a remote server and use that to control the session

Question 92

What is a P2P attack

Answer 92

Peer to peer attack launched by malware propagating through P2P networks. These networks typically share command and control architecture making detection more difficult.

Question 93

What is ARP poisoning

Answer 93

Address Resolution Protocol individual hardware addresses are matched to an IP address on a network. Poisoning or ARP spoofing occurs when an attacker redirects an IP address to the MAC address of an unintended computer

Question 94

What is a transitive access attack

Answer 94

The access given to certain members in an organization to use data in a system without needing to authenticate themselves. The list of members with this access is usually in a host file. An attack accesses the list and takes advantage of access given to steal or destroy data in a system. Attacks from the client side of a network

Question 95

What are the two DNS vulnerabilities

Answer 95

DNS poisoning. Exploits the open nature of DNS system to redirect a domain name to an IP address of the attackers choosing

DNS hijacking. An attacker sets up a rogue DNA server to respond to legitimate requests with IP Addresses to malicious or non existent websites.

Question 96

What is wireless security

Answer 96

Any method of securing wireless LAN network to prevent unauthorized network access and network data theft. Wireless networks are more vulnerable to attacks. Wireless transmission can be scanned or sniffed out of the air so use relevant security protocols to avoid

Question 97

What is a rogue access point

Answer 97

An unauthorized wireless access point on a network. Not easily detected and can allow private network access to unauthorized users. Can allow man in the middle attacks. Protect from by installing IDS.

Question 98

Describe evil twins in wireless networking attack

Answer 98

Access points on a wireless network that fool users into believing they are legitimate by having similar names as trusted ones. Typically found in public Wi-Fi hotspots and connect from available networks on a lost. More dangerous than rogue access points

Question 99

What is jamming in terms of wireless wireless networking

Answer 99

Also called interference. An attack where radio waves disrupts 802.11 wireless signals. Causes the 802.11 signals to wait before transmitting and the wait can be indefinite. Attackers my use radio Transceiver to intercept transmission and inject jamming packets

Question 100

What is bluejacking

Answer 100

Attack sends out unwanted Bluetooth signals from Bluetooth enabled devices. Close range attack that sends out unsolicited messages along with images and video. Can lead to device malfunctions through viruses and Trojan horses.

Question 101

What is bluesnarfing

Answer 101

Attacker gain access to unauthorized information on a wireless device using Bluetooth transmission. Exploits private information, email messages, images and video

Question 102

What is a near field communication (NFC) attack

Answer 102

NFC is a standard of communication between mobile devices in close proximity. An attacker could eavesdrop on the RF signals emitted and corrupt data as it is being transferred by flooding the area with excess of RF signals

Question 103

What is war driving

Answer 103

Locate wireless access points while traveling to obtain unauthorized Internet access and steal data. Can be automated using GPS and software

Question 104

What is ear chalking

Answer 104

Using symbols to mark off sidewalks or walks to indicate open wireless network offering Internet access.

Question 105

What is an IV attack

Answer 105

An initialization vector is a number added to a key that constantly changes in order to prevent identical text from producing the same ciphertext upon encryption. An attack allows the attacker to predict or control the initialization vector to bypass

Question 106

What is packet sniffing

Answer 106

Used as an attack on wireless networks where an attacker captures data and registers data flow to be analyzed to launch a more effective attack on a network. In the benign form helps an organization monitor their own network against attackers

Question 107

Describe wireless replay attacks

Answer 107

Weak or no encryption on a wireless network allows attacker to capture packers and replay them to manipulate data stream

Question 108

Describe sinkhole attacks

Answer 108

Takes advantage of routing on a wireless network by creating a single node through which traffic is funneled. Tricks other nodes into redirecting their traffic. Attackers can intercept data packets and slow a network.

Question 109

List some environmental threats and vulnerabilities

Answer 109

Fire
Hurricanes and tornadoes
Flood
Extreme temperature 
Extreme humidity

Question 110

Describe WEP attack

Answer 110

Wired Equivalent Privacy algorithm was the earliest way to secure wireless networks. Used a stream bit cipher to encrypt data and relied on IV to randomize identical strings of text. Extremely vulnerable to IV attack. Should not be used

Question 111

Describe WPA/WPA2 attacks

Answer 111

Superseded WEP. Wi-Fi Protected Access protocol. Generates 128 bit key for each packet. Uses RC4 stream cipher. WPA2 uses AES block cipher for encryption. If secured with Weak passwords are susceptible to brute force password cracking attacks. Allows attacker to inject malicious packets into the wireless data stream.

Question 112

What is a WPS attack

Answer 112

The Wi-Fi Protected setup feature is a flaw in WPA & WPA2. Was intended to strengthen wireless security encryption but can be cracked easily

Question 113

Physical security refers to

Answer 113

The implementation and practice of control mechanisms intended to restrict physical access to facilities. Challenged by facility intrusions, electrical grid failures, fire, personnel illness and data network interruptions.

Question 114

List four physical security threats

Answer 114

Internal
External
Natural
Man made

Question 115

What is a hardware attack

Answer 115

An attack that targets a computers physical components and peripherals.destruction of hardware. Theft of data. Disrupts and causes loss

Question 116

What is Keylogging attacks

Answer 116

Hardware attack that captures sensitive data with a variety of software or hardware like keyghost or key grabber