InfoSec Threats Flashcards

1
Q

Examples of a Natural threat.

A
  • Natural Disasters
  • Power Failures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a threat?

A

The potential occurence of an undesirable event that couyld cause damage or disruption to an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Examples of Unintentional Threats.

A
  • Unskilled Admins
  • Negligent workers
  • Accidents
  • Lazy/Untrained employees
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Examples of Intentional Internal Threats.

A
  • Disgruntled Employees
  • Fired Employees
  • Service Providers
  • Contractors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Examples of Intentional ExternalThreats.

A
  • Hackers
  • Criminals
  • Terrorists
  • Foreign agencies
  • Other corporations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the following Threat Actors/Agents
a) Black Hats
b) White Hats
c) Gray Hats
d) Suicide Hackers
e) Script Kiddies

A

a) Offensive hackers that intentionally cause malicious or destructive events.
b) Individuals who use hacking skills for protective purposes.
c) Individuals who work both offensively and defensively.
d) Individuals who want to cause destruction and aren’t worried about the consequences.
e) Unskilled hackers who use pre-built tools and scripts without real knowledge of what they are using.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe Malware.

A

Malware is malicious software that damages and disables computer systems and also gives partial or full control of system to the malware creator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe these Common Technqiues to distribute malware:
a) Black hat SEO
b) Social Engineered Click-Jacking
c) Spear-Phishing Sites
d) Malvertising
e) Compromised Legitimate Websites
f) Drive-by Downloads
g) Spam Emails

A

a) Ranking malware sites highly in search results.
b) Tricking users to click on ‘innocent-looking’ web pages.
c) Mimic legitimite institutions to steal login credentials.
d) Embed malware into ad-netoworks.
e) Embed malware into legitimate websites
f) Exploits flaws in browers to install malware when visiting a page.
g) Coaxing recipients to click on emails that have embedded malware within links/attachments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe these components of Malware:
a) Crypter
b) Downloader
c) Dropper
d) Exploit
e) Injector
f) Obfuscator
g) Packer
h) Payload
i) Malicious Code

A

a) Encrypts malware to make reverse-engineering/analysis difficult.
b) Trojan that downloads other malware.
c) Trojan that covertly installs malware.
d) Is the code that breaches system vulnerabilities
e) A program that injects code into other processes.
f) A program that conceals its code, making it harder to detect.
g) A program that compresses malware files into a single executables to evade detection.
h) The software that allows control of a computer system after the exploit.
i) A command that defines the malware’s function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Trojan?

A

It is a program that contains malicious code which is hidden inside another apparently harmless program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Virus?

A

Is a self-replicating program that attaches itself to other files, boot sector or program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Ransomware?

A

A type of malware that restrict use and access of data. Demands an online payment to unlock restriction to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Worm?

A

A malicious program that replicates, spreads and executes without being attached to another file/document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are Rootkits?

A

Hard to detect malware that replace OS system calls and utilities to avoid detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Adware?

A

Programs that generate unsolicited ads and pop-ups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Spyware?

A

Stealth programs that records the user’s interaction without their knowledge.

17
Q

What is a Keylogger?

A

Programs that monitor the users keystrokes without their knowledge.

18
Q

What is a BotNet?

A

A collection of compromised computers that are connected to perform a distributed task.

19
Q

What is Fileless Malware?

A

Malware that resides in the systems RAM.

20
Q

What is a Vulnerability?

A

Is a weakness that can be exploited by threat agents.

21
Q

Describe these technological vulnerabilities:
a) TCP/IP protocols
b) OS
c) Network Device

A

a) HTTP, FTP, ICMP, SNMP and SMTP are weak protocols.
b) OS that is inherently weak or unpatched.
c) Routers, firewalls and swtiches are vulnerable due to weak passwords, lack of authentication and device vulnerabilities.

22
Q

Describe these Network Security Vulnerabilities:
a) User Account
b) System Account
c) Internet Service
d) Default Password
e) Network Device

A

a) Insecure transmission of user account details.
b) Weak password for system accounts.
c) Misconfiguration of Internet Services
d) Devices that store their default passwords and settings.
e) Misconfigured network devices

23
Q

Describe a Risk.

A

Refers to the potential loss or damage of an asset in the presence of a vulnerability.

24
Q

What is System Sprawl?

A

Undocumented or unrealized assets that exists within network systems.

25
Q

What is a Zero-Day

A

Unknown vulnerabilities that have not been patched.

26
Q

What are Legacy Platform Vulnerabilities?

A

Vulnerabilities in obsolete or familiar code.