IS3220 CHAPTER 4 Flashcards
Unwanted software that displays advertisements and is often linked with spyware is called ___?
ADWARE
This supports multiple resource forks for file object and is a feature added to the NTFS files system to support files from POSIX, OS2 and Macintosh is called ___?
Hackers use this to hide files.
ALTERNATE DATA STREAM (ADS)
An exploit that allows a hacker to run any command line function on a compromised system is called ___?
Buffer overflow attacks and SQL injection attacks can often allow arbitrary code execution.
ARBITRARY CODE EXECUTION
The falsification of ARP replies to trick the requestor into sending frames to a system other than its intended destination is called ___?
ARP SPOOFING
A message sent by a service in response to a valid or invalid query and it can confirm communication is functioning properly or announce an error is called ___? Some disclose the product name and version number or the service.
BANNER
The act of capturing or extracting banners from services is called ___?
Hackers often perform this after port scanning to learn what service is active on a port.
BANNER GRABBING
These are commonly a platform for discussing issues, causes, or interests and is called a ___?
This is a form of Web site where the site owner posts messages, images, and videos for the public to view and potentially comment on.
BLOG
A network of zombie/bot/agent-compromised systems controlled by a hacker is called ___?
The network consists of the bots, agents, or zombies that intercommunicate over the Internet. AKA zombie.
BOTNET ARMY
A condition in which a memory buffer exceeds its capacity and extends its contents into adjacent memory and is often used as an attack against poor programming techniques or poor software quality control is called ___? Hackers can inject more data into a memory buffer than it can hold, which may result in the additional data overflowing into the net area of memory. If the overflow extends to the next memory segment designated for code execution, a skilled attacker can insert arbitrary code that will execute with the same privileges as the current program.
BUFFER OVERFLOW
The slow movement of a chip out of its socket or solder points because of expansion and contraction caused by extreme temperature fluctuations is called ___?
CHIP CREEP
A logical division of data composed of one or more sectors on a hard drive is called ___?
This is the smallest addressable unit of drive storage, usually 512, 1.024, 2,048. or 4,096 bytes, depending on the logical volume size.
CLUSTER
A tactic of pursuing and extracting information for the purpose of making a sale or performing a social engineering attack is called ___?
This presupposes little or no knowledge of the person answering the phone. It requires the caller to be able to pick up on vocal and word clues, be knowledgeable about human nature, and adapt quickly to changes in conversation.
COLD CALLING
A software interface with a system that allows code execution; this is often the focus of an attack and is called ___?
If a hacker gains access to this, he or she can perform arbitrary code execution. AKA a terminal window or a command prompt.
COMMAND SHELL
Outsiders brought into an organization to work on a temporary basis. This type of person is called ___?
This worker can be a consultant, temporary worker, seasonal worker, contractor or even day laborer. This person potentially represents a greater risk that regular, full time regular employees because they might lack loyalty, not see the company as worthy of protection, or might not be accountable after a project ends, etc.
CONTRACT WORKERS
An unknown, secret pathway of communication is called ___?
It can be timing or storage-based.
COVERT CHANNEL
The malicious insertion of scripting code onto a vulnerable Web site is called ___?
The results of this type of attack can include the corruption of the data on the Web site or identity theft of the site’s visitors.
CROSS-SITE SCRIPTING (XSS)
A form of security defense that focuses on discouraging a perpetrator with disincentives such as physical harm, social disgrace, or legal consequences is called ___? This can also be a defense that is complex or difficult to overcome, such as a strong encryption, multi factor authentication, or stageful inspection filtering.
DETERRENT
A rogue program that automatically dials a modem to a pre-defined number and sometimes this is to auto-download additional malware to the victim or to upload stolen data from the victim is called ___?
In other cases, this calls premium rate telephone numbers to rack up massive long distance charges.
DIALER
Workers who feel wronged by their employer and who may take malicious, unethical, potentially illegal actions to exact revenge on the organization is called ___?
DISGRUNTLED EMPLOYEES
An attack that uses multiple remotely controlled software agents disseminated across the Internet is called ___?
Because this attack comes from multiple machines simultaneously, it is “distributed.” This can include flooding, spam, eavesdropping, interception, MitM, session hijacking, spoofing, packet manipulation, distribution of malware, hosting phishing sites, stealing passwords, cracking encryption and more.
DISTRIBUTED DENIAL OF SERVICE (DDoS)
A form of exploitation in which the data on a DNS server are falsified so subsequent responses to DNS resolution queries are incorrect is called ___?
This can wage man-in-the-middle attacks.
DNS POISONING
A form of exploitation in which unauthorized or rogue DNS server responds to DNS queries with false, resolutions is called ___?
DNS SPOOFING
The information related to the owners and managers of a domain name accessed through domain registrar’s Web sites and who is lookups is called ___?
This might include a physical address, people’s names, email addresses, and phone numbers.
This information is useful in waging social engineering attacks.
DOMAIN REGISTRATION
A type of reconnaissance in which an attacker examines an organization’s trash or other discarded items to learn internal or private information is called ___?
The results of this are often used to wage social engineering attacks.
DUMPSTER DIVING
The act of listening in on digital or audio conversations is called ___?
This usually requires a sniffer, protocol analyzer, or packet capturing utility.
This may be able to access unencrypted communication, depending on where it occurs.
EAVESDROPPING
The process of discovering sufficient details about a potential target to learn about network or system vulnerabilities is called ___?
This often starts with operating system identification, followed by application identification, then extraction of information from discovered services.
ENUMERATION
A form of DoS that uses a software specific exploit to cause the interruption of availability is called ___?
Once you apply the appropriate patch, the system is no longer vulnerable to this particular exploit.
FLAW EXPLOITATION
An attack, usually resulting in a DoS, in which hackers direct massive amounts of traffic toward a target to fully consume available bandwidth or processing capabilities is called ___?
FLOODING
The act of researching and uncovering information about a potential attack target. AKA reconnaissance and is called ___?
FOOTPRINTING
A storage device file system developed by Apple Inc. for use on Macintosh computers and supports multiple resource forks for file objects is called ___?
HIERARCHICAL FILE SYSTEM (HFS)
A closely monitored system that usually contains a large number of files that appears to be valuable or sensitive, and serves as a trap for hackers is called ___?
It distracts hackers from real targets, detects new exportations, and learns the identities of hackers.
`HONEYPOT
An announcement message sent to hosts to adjust the routing table, Type 5 of these messages are known as redirects is called ___?
Hackers can use these to perform man-in-the-middle or session hijacking attacks.
ICMP REDIRECT
An attack that exploits the nature of a network focused IDS to collect and analyze every packet to trick the IDS into thinking an attack took place when it actually hasn’t is called ___?
The common purpose of these injection attacks is to trick signature or pattern matching detection of malicious network events.
IDS INSERTION
An exploit-based on the introduction of unauthorized content or devices to an otherwise secured infrastructure is called ___?
Three common types of these include SQL injection, IDS insertion, and rogue devices.
INSERTION ATTACK
A form of near real-time text communication; AKA chat, IRC, and SMS messaging and is called ___?
INSTANT MESSAGE (IM)
Any attack that positions the attacker inline with a session between a client and server is called ___? These typically allow the hacker to eavesdrop and manipulate the contents of the session. AKA man-in-the-midde attack.
INTERCEPTION ATTACK
Any worker or person who is physically present within the building or who has authorization to remotely connect into the network is called ___?
These are the most common cause of security violations.
INTERNAL PERSONNEL
A real-time text communication system is called ___? Hackers commonly use this as a way to communicate anonymously and control botnets.
INTERNET RELAY CHAT (IRC)
Malware that records all keyboard input and transmits the log to a hacker is called ___?
KEYSTROKE LOGGER
A somewhat secret form of communication or language hackers use based on replacing letters with numbers, symbols, or other letters that somewhat resemble the original characters is called ___?
LEETSPEAK
Malware that acts like an electronic land mine. Once a hacker places this in a system, it remains dormant until a triggering event takes place is called ___?
The trigger can be a specific time and date, the launching of a program, the typing of a specific keyword, or accessing a specific URL.
LOGIC BOMB
The act of a hacker changing the MAC address of their network interface is called ___?
Commonly used to bypass MAC filtering on a wireless access point by impersonating a valid client.
MAC SPOOFING
The largest amount of data that a datagram can hold based on the limitations of the networking devices managing a given segment is called ___?
As this changes across a communication path, a datagram may be fragmented to comply with the MTU restrictions.
MAXIMUM TRANSMISSION UNIT (MTU)
A rating on some hardware devices expressing the average length of time between significant failures is called ___?
MEAN TIME BETWEEN FAILURES (MTBF)
A rating on some hardware devices expressing the average length of time until the first significant failure is likely to happen is called ___?
MEAN TIME TO FAILURE (MTTF)
A character that has a special meaning assigned to it and recognized as part of a scripting or programming language is called ___?
This should be filtered, escaped, or blocked to prevent script injection attacks. Escaping these is a programmatic tactic to treat all characters as basic ASCII rather than as something with special meaning or purpose.
METACHARACTER
A not-for-profit organization chartered to work in the public interest is called ___?
It sponsors a vulnerability research, cataloging, and information organization: “http://cve.mitre.org/.
MITRE
A form of software transmitted to and executed on a client is called ___?
Hackers can use this code for malicious purposes.
MOBILE CODE
Another term for man-in-the-middle is ___?
MONKEY-IN-THE-MIDDLE
This is a non-regulatory federal agency within the US Department of commerce whose mission is to promote US innovation and industrial competitiveness by advancing measurement science, standards, and technology. This is known as ___?
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)
It offers file security, large volume size, large file size, and alternate data streams and is called ___? This is a file format developed by Microsoft commonly used on Windows systems.
NEW TECHNOLOGY FILE SYSTEM (NTFS)
A network mapping tool that performs network scanning, port scanning, OS identification, and other types of network probing. This is called ___?
NMAP
Any communication exchange that does not verify the identity of the endpoints of a communication and accepts any properly formed response as valid is called ___?
DNS and ARP are common examples. Hackers can easily spoof such a service.
NON-AUTHENTICATING QUERY SERVICE
A person who takes advantages of unique or abnormal situations to perform malicious actions, but who would not initiate such actions otherwise is called ___?
OPPORTUNISTIC HACKERS
A multi-tasking operating system developed jointly by Microsoft and IBM is called ___?
First released in 1987, it lost nearly its entire market share to Windows after the two companies ceased collaboration in 1990.
OS/2
A logical division of a hard drive that can be formatted with a file system is called ___?
PARTITION
An attack that seeks to obtain information from a victim by presenting false credentials or luring victims to an attack site is called ___?
This can occur face to face, over the phone, via email, on a Web side, or through IM.
PHISHING
A network scan that sends ICMP type 8 echo requests to a range of IP addresses to obtain ICMP type 0 echo responses is called ___?
It can discover active systems and identify the IP addresses in use.
PING SWEEP
This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on to the network at a later time is called ___?
This often focus’ on authentication traffic in the hope that retransmitting the same packet that allowed the real user to log into a system will grant the hacker the same access.
PLAYBACK ATTACK
A network scan that sends various constructions of TCP and UDP packets to determine the open or closed state of a port is called ___?
Tools such as mmap are used to perform port scanning.
PORT SCANNING
A variant of the UNIX operating system. Supported by Windows NT 4.0, but not in any subsequent version of Windows is called ___?
This used the ADS feature of NTFS.
POSIX
The act of obtaining a higher level of privilege or access for a user account or a session is called ___?
A tactic employed by hackers once they intrude into a network through the compromise of a normal user account.
PRIVILEGE ESCALATION
Criminals whose objective is to compromise IT infrastructures are called ___?
Whether operating as individuals, offering mercenary hacking service, or functions as members of a criminal ring, these individuals focus time and energy on becoming effective cyber attackers.
This is someone who contracts out his or her hacking skills to others.
PROFESSIONAL HACKERS
AKA man-in-the-middle, this attack occurs when a hacker is positioned between a client and a server and the client is fooled into connecting with the hacker computer instead of the real server and is called ___?
The attack performs a spoofing attack to trick the client. As a result, the connection between the client and server is proxied by the hacker. This allows the hacker to eavesdrop and manipulate the communications.
PROXY ATTACK
An attack in which a hacker modifies the proxy settings on a client to redirect traffic to another system, such as the hacker’s own machine is called ___?
The hacker may host a proxy server in addition to eavesdropping and manipulating the redirected traffics.
PROXY MANIPULATION
This is a leetspeak work derived from a common IRC typo of “owned” and is called ___?
Used to mean hacking and taking over control of a computer or network.
PWNED
The act of learning as much as possible about a target before attempting attacks is called ___?
This consists of collecting data about the target from multiple sources online and offline.
Effective when done covertly, without tipping off the target about the research.
It can also be called foot printing, discovery, research, and information gathering.
RECONNAISSANCE
People who enjoy learning and exploring, especially with computing technology. However, they might make poor choices as to when to use their newfound skills are called ___?
Bringing in unapproved software from home, experimenting on the company network, or just trying out an exploit to “see if it works” are all potential problems caused by these people.
RECREATIONAL HACKERS
A disk set management technology that gains speed and fault tolerance is called ___?
This can provide some protection against hard drive failure, but does not protect against software or data compromises, such as virus infection.
REDUNDANT ARRAY OF INDEPENDENT DISKS (RAID)
This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on to the network at a later time is called ___?
This often focus’ on authentication traffic in hopes that retransmitting the same packets that allowed the real user to log into a system will grant the hacker the same access.
REPLAY ATTACK
A business evaluation technique to determine whether an investment will earn back equivalent or greater benefit within a specific time is called ___?
RETURN ON INVESTMENT (ROI)
A hacker configures this type of wireless access point similarly to the real authorized access point that can fool users into connecting, which then serves a s MitM proxy. This is called ___?
ROGUE ACCESS POINT
A false DHCP server can provide IP address configuration leases for a unique subnet and define the default gateway since the hacker’s computer acts as a MitM router/proxy and is called ___?
ROGUE DHCP
A form of malware that hackers can upload and deploy on a target system. It often replaces multiple components of the host operating system with altered code is called ____?
It may have stealth capability, which means that when activated, it can camouflage itself, logs, other files, or resources by intercepting calls to the operating system and generating its own reply. It acts like a device driver and positions itself between the kernel (core program of an operating system) and the hardware. They often hide other forms of malware or hacker tools and can include other malware functions in addition to their stealth abilities.
ROOTKIT
The act of probing a network using custom crafted packets is called ___?
This can determine the IP addresses in use whether ports are open or closed. The tool nmap can be used to perform this .
SCANNING
A new, inexperienced, or ignorant hacker who uses pre-built attack tools and scripts instead of writing his or her own or customizing existing ones is called ___?
Even though a derogatory term in the hacker community, this still describes a serious threat to network security.
SCRIPT KIDDIE
A subdivision of computer storage medium that represents a fixed size of user-accessible data is called ___?
Magnetic disks typically have 512-byte areas; optical disks have 2048-byte areas. When a device is formatted, these are grouped into clusters.
SECTOR
___ ___ occurs when a hacker is able to take over a connection after a client has authenticated with a server. To perform this attack, a hacker must eavesdrop on the ‘meeting’ to learn details, such as the addresses of the ‘meeting’ endpoints and the sequencing numbers. With this info, the hacker can desynchronize the client, take on the clients’ addresses, and then inject crafted packets into the data stream.
SESSION HIJACKING
The content of an exploit to be executed on or against a target system is called ___?
SHELL CODE
The unused portion of the last cluster allocated to a stored file is called ___?
It may contain remnants of prior files stored in that location. Hackers can hijack this to create hidden storage compartments.
SLACK SPACE
The craft of manipulating people into performing tasks or releasing information that violates security is called ___? This relies on telling convincing lieu to manipulate people or take advantage of the victim’s desire to be helpful.
SOCIAL ENGINEERING
Unwanted and often unsolicited messages is called ___? This is not technically malicious software, but it can have a serious negative effect on IT infrastructures through sheer volume. Estimates vary, but this may represent up to 95 % of all email.
SPAM
An advancement of keystroke logging to monitor and record many other user activities is called ___?
This varies greatly, but it can collect a list of applications launched, URLs visited, email sent and received, chats sent and received and names of all files opened. It can also record network activity, gather periodic screen captures, and even recording from a microphone or Web cam. This can be linked with adware.
SPYWARE
A form of Web site/application attack in which a hacker submits expressions to cause authentication bypass, extraction of data, planting of information, or access to a command shell is called ___?
SQL INJECTION
A sudden and momentary electric current, usually of high voltage and low amperage, that flows between two objects is called ___?
Commonly coursed by low humidity environments. Humans, polyester, and plastics are prone to this type of build-up. Can sometimes damage most computer computer components.
STATIC ELECTRICITY DISCHARGE (SED)
OR
ELECTROSTATIC DISCHARGE (ESD)
This DoS attacks flood a target with traffic. It then consumes available bandwidth and processing, preventing legitimate communications and is called ___? No patches exist to mitigate this type of attack. Instead, traffic filtering is the only effective response.
TRAFFIC GENERATION
A form of unauthorized access to a system. This is any access method or pathway that circumvents access or authentication mechanisms is called ___? AKA a backdoor.
TRAPDOOR
A mechanism of distribution or delivery more than a specific type of malware. It embeds a malicious payload in a seemingly benign carrier or host program. When the host program is executed or otherwise accessed, the malware is delivered and is called ___? The gimmick of this is the act of fooling someone into accepting the program as safe.
TROJAN HORSE
The area on a storage device not contained within a partition. This space is not directly accessible by the OS and is called ___?
UNPARTITIONED SPACE
The management of traffic by a firewall or other filtering device located one or more hops away (upstream) from a private network is called ___?
UPSTREAM FILTERING
Malware that replaces URLs in HTTP GET requests for alternative addresses is called___?
These cause a different Web page to appear in the browser than the one requested by the user’s request. These replaced Web pages could be advertisement sites, generate traffic to falsify search engine optimization (SEO), or lead to fake or spoofed sites.
URL INJECTOR
___ ___ are persistent public messaging forums accessed over the NNTP (Network News Transfer Protocol). This has existed since 1980. Although the Web, email, and BitTorrent are more widely known this is still in use today and is called ___?
USENET newsgroups
Malware that needs a host object to infect is called a ___?
Most of these infect files, such as executables, device drivers, DDLs, system files, and sometimes even document, audio, video, and image files. Some viruses infect the boot sector of a storage device, including hard drives, floppies, optical discs, and USB drives. These are spread throughout the actions of users, and spread file-to-file.
VIRUS
A method of discovering active modems by dialing a range of phone numbers and is called ___?
WAR DIALING
A method of discovering wireless networks by moving around a geographic area with a detection device and is called ___?
WAR DRIVING
A tool used to view domain registration information. This is a command line function of Linux and Unix, but is also a tool on most domain registrar Web sites and is called ___?
WHOIS
Malware that does not need a host object; instead, this is a self-sustaining program in its own right and is called ___?
These are designed around specific system flaws. It scans other systems for this flaw and exploits the flaw to gain access to another victim. Once hosted on another system, it seeks to spread itself by repeating the process. These can act as carriers to deposit other forms of malicious code as they multiply and spread across networked hosts.
WORM
A tool used to create Trojan horses by embedding malware inside of a host file or program and is called ___?
WRAPPER
A network of zombie/bot/agent-comprised systems controlled by a hacker is called ___?
The network consists of the bots, agents, or zombies that intercommunicate over the Internet. AKA bonnet.
ZOMBIE ARMY
- All of the following are common or likely motivations for a hacker EXCEPT ___?
- Ego boost
- Social validation
- College credit
- Challenge
- Adventure
College credit
- Which of the following potential hackers represents the greatest threat because they likely already have physical and logical access to a target?
- Consultant
- Competitor
- Overseas black hat for hire
- Customer
- Recreational hackers under 16 years of age
Consultant
- Which of the following is NOT a significant threat to availability?
- Natural disasters
- hardware failure
- Accidental spills
- Stateful inspection filtering
- Lack of proper training
Stateful inspection filtering
- Which of the following is NOT a potential consequence of a malware infestation?
- Corruption of data
- Leaking of confidential information
- Crashing of systems
- Identity theft
- Improved throughput
Improved throughput
- What is the primary difference in network security between a wired concoction and a wireless connection to a private LAN?
- Inability to access all network resources
- Lack of realistic throughput
- Needing to be inside the building to access the network
- Ability to support encrypted sessions
- Support for multi-factor authentication
Needing to be inside the building to access the network
- Most exploits are based on the existence of which?
- Encryption
- Filtering
- Humans
- System anomalies
- Synchronization
System anomalies
- What is the first stage or step in the hacking process?
- Scanning
- Penetration
- Enumeration
- Privilege escalation
- Reconnaissance
Reconnaissance
- Which form of attack captures authentication packets to retransmit them later?
- Insertion
- Hijacking
- Replay
- Interruption
- Spoofing
Replay
- Which form of attack can potentially evade an IDS?
- Virus
- Insertion
- Man-in-the-middle
- ARP poisoning
- Rogue DHCP
Insertion
- Which expo it takes advantage of variable MTUs?
- Spoofing
- Hijacking
- Covert channels
- DoS
- Fragmentation
Fragmentation
- Which form of attack submits excessive data to a target to cause arbitrary code execution?
- Buffer overflow
- DDoS
- Insertion
- Interruption
- Fragmentation
Buffer overflow
- Which attack exploits a Web site to poison its dataset so future visitors receive corrupted content?
- Cross-site scripting
- Proxy manipulation
- Rogue DHCP
- SQL injection
- Hijacking
Cross-site scripting
- Which attack uses rogue DHCP, ARP poisoning, or ICMP redirect?
- Fragmentation
- Injection
- Man-in-the-middle
- Social engineering
- Buffer overflow
Man-in-the-middle
- Which attack is preceded by eavesdropping?
- SQL injection
- Hijacking
- IDS insertion
- Covert channel
- XSS
Hijacking
- Which attack is based on the impersonation of a legitimate host?
- DoS
- Replay
- Fragmentation
- Spoofing
- Hijacking
Spoofing
- Which attack is based not he impersonation
of a legitimate host? - Buffer overflow
- Man-in-the-middle
- DDoS
- Covert channel
- IDS insertion
Covert channel
- Which form of attack is based on malware distributed by Trojan hose or worm and that can generate massive levels of traffic toward a primary target from numerous source vectors?
- Fragmentation
- Hijacking
- DDoS
- Playback
- XSS
DDoS
- Which attack uses non-technical means to achieve results?
- Spoofing
- SQL injection
- Buffer overflow
- Covert channels
- Social engineering
Social engineering
- A hacker writes an exploit to compromise targets due to the presence of which?
- A vulnerability
- Multi-factor authentication
- Sufficient throughput
- A bot army
- Traffic filtering
A vulnerability
- What is the primary benefit to network security of knowing hacker attacks and exploits?
- Training contract workers
- Improved antivirus detection mechanisms
- Defending against specific threats
- Alterations of network subnet organization
- Reduced infrastructure cost
Defending against specific threats
