Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Second Sem > Information Assurance - 5 > Flashcards

Information Assurance - 5 Flashcards

1
Q

It allows attackers to insert malicious inputs into an application or relay malicious code through an application to another system.

A

INJECTION ATTACKS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • an open-source Expression Language (EL) for Java objects
  • enables the evaluation of EL expressions in Apache Struts, which is the commonly used development framework for Java-based web applications in enterprise environments.
A

OGNL INJECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Injection is involved in four prevalent attack types

A
  1. OGNL injection,
  2. Expression Language Injection,
  3. command injection,
  4. SQL injection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

has the ability to create or change executable code, it is also capable of introducing critical security flaws to any framework that uses it.

A

OGNL INJECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

very serious server-side vulnerabilities, as they can lead to complete compromise of the application’s data and functionality, as well as the server that is hosting the application. Expression Language Injection attacks can also use the server as a platform for further attacks against other systems.

A

EXPRESSION LANGUAGE INJECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • the goal is to hijack a vulnerable application in order to execute arbitrary commands on the host operating system.
  • made possible when an application passes unsafe user-supplied data (forms, cookies, HTTP headers, etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application.
A

COMMAND INJECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

most often found in older, legacy code, such as CGI scripts. By identifying a critical vulnerability, attackers can insert malicious code in an application, gaining functionality and ultimately executing specific commands that infect the targeted user and system networks.

A

COMMAND INJECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

attack consists of an insertion or injection of a SQL query via the input data from the client to the application.

A

SQL INJECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

exploit can read sensitive data from the database, modify database data (viz., insert, update, or delete), execute administrative operations on the database

A

SQL INJECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

a type of cyberattack conducted by a threat actor (or cyber spy) who accesses, steals, or exposes classified data or intellectual property (IP) with malicious intent, in order to gain an economic, political, or competitive advantage in a corporate or government setting.

A

CYBER ESPIONAGE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

malicious theft of data, information, or intellectual property from and/or through computer systems

A

Cyber espionage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

METHODS OF ESPIONAGE ATTACKS

A
  1. social engineering,
  2. malware distribution,
  3. advanced persistent threat (APT),
  4. watering hole attacks,
  5. spear phishing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TYPES OF ESPIONAGE ATTACKS

A
  1. ZERO-DAY EXPLOITS
  2. WATERING HOLE ATTACKS
  3. PHISHING ATTACKS
  4. ADVANCED PERSISTENT THREATS (APTS)
  5. SUPPLY CHAIN ATTACKS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Attackers may exploit previously unknown vulnerabilities (zero-days) in software or hardware to gain unauthorized access to systems for espionage purposes.

A

ZERO-DAY EXPLOITS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • long-term targeted attacks aimed at high-value targets, such as government agencies, defense contractors, or large corporations.
  • These attacks often involve sophisticated techniques to gain persistent access to systems and exfiltrate sensitive data over an extended period.
A

ADVANCED PERSISTENT
THREATS (APTS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In this type of attack, cyber spies compromise websites frequently visited by their targets, infecting them with malware. When the targets visit these sites, their devices become infected, allowing the attackers to gather information.

A

WATERING HOLE ATTACKS

15
Q

Cyber spies may use phishing emails to trick individuals into revealing sensitive information such as login credentials or downloading malware onto their systems.

A

PHISHING ATTACKS

16
Q

may target the supply chain of a company, compromising vendors or third-party services to gain access to their ultimate target’s network or data.

A

SUPPLY CHAIN ATTACKS

17
Q

TARGETS
OF
CYBER ESPIONAGE

A
  1. INTERNAL INFORMATION OF THE COMPANY
  2. INTELLECTUAL INFORMATION
  3. INFORMATION ON CLIENT AND CUSTOMER
  4. INTELLIGENCE CONCERNING MARKET AND COMPETITORS
    5.
18
Q

sensitive information held privately by an agency or organization for internal operational purposes. Some examples are operational data, research and development data, and salaries.

A

INTERNAL INFORMATION OF THE COMPANY

19
Q

target data related to proprietary formulas, secret projects, internal plans, or any other kind of private information related to projects and development. Really, it includes anything the attacker might be able to sell or profit from.

A

INTELLECTUAL INFORMATION

20
Q

Data related to the marketing and services directed at the company’s customers is another kind of information cyber espionage operations target. It might include a list of clients, what services are provided, and at what cost.

A

INFORMATION ON CLIENT AND CUSTOMER

21
Q

Another target of a cyber spying attack can be data regarding the marketing goals of an organization, as well as the knowledge it has obtained about its competitors, exposing the business to unfair market conditions.

A

INTELLIGENCE CONCERNING MARKET AND COMPETITORS

22
Q

HOW TO PREVENT
CYBER ESPIONAGE

A
  1. CHECK ACCESS TO DATA POLICY
  2. SUPPORT BYOD
  3. MONITOR UNEXPECTED BEHAVIOR
  4. PROTECT CRITICAL INFRASTRUCTURE
23
Q

Monitor access to sensitive, critical information. Often, data is easily available and accessible on the network to all users. Reviewing the organization’s policy and determining who needs access to what is the first step in protecting sensitive data

A

CHECK ACCESS TO DATA POLICY

24
Q

relatively inexpensive solution, but to avoid the risks that can be incurred, management and maintenance software must be installed. Use a device control mechanism to restrict Universal Serial Bus (USB) devices and encrypt data. This prevents intentional or unintentional data leakage.

A

SUPPORT BYOD (BRING YOUR OWN DEVICE)

25
Q

Configure firewalls and alerts to recognize normal behavior within the organization and to generate alerts for unexpected or abnormal behavior. As an example, most email leaks caused by malware can be prevented with minimal configuration to the firewall.

A

MONITOR UNEXPECTED BEHAVIOR

26
Q

One option available is to create multiple networks, one for intellectual property and another for corporate use. Then, only allow users to access the network they need. Additionally, determine what parts of each network must be accessed by each individual, and create policies to provide users with the necessary permissions.

A

PROTECT CRITICAL INFRASTRUCTURE

Second Sem (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions