IS3220 CHAPTER 4 Flashcards
Unwanted software that displays advertisements and is often linked with spyware is called ___?
ADWARE
This supports multiple resource forks for file object and is a feature added to the NTFS files system to support files from POSIX, OS2 and Macintosh is called ___?
Hackers use this to hide files.
ALTERNATE DATA STREAM (ADS)
An exploit that allows a hacker to run any command line function on a compromised system is called ___?
Buffer overflow attacks and SQL injection attacks can often allow arbitrary code execution.
ARBITRARY CODE EXECUTION
The falsification of ARP replies to trick the requestor into sending frames to a system other than its intended destination is called ___?
ARP SPOOFING
A message sent by a service in response to a valid or invalid query and it can confirm communication is functioning properly or announce an error is called ___? Some disclose the product name and version number or the service.
BANNER
The act of capturing or extracting banners from services is called ___?
Hackers often perform this after port scanning to learn what service is active on a port.
BANNER GRABBING
These are commonly a platform for discussing issues, causes, or interests and is called a ___?
This is a form of Web site where the site owner posts messages, images, and videos for the public to view and potentially comment on.
BLOG
A network of zombie/bot/agent-compromised systems controlled by a hacker is called ___?
The network consists of the bots, agents, or zombies that intercommunicate over the Internet. AKA zombie.
BOTNET ARMY
A condition in which a memory buffer exceeds its capacity and extends its contents into adjacent memory and is often used as an attack against poor programming techniques or poor software quality control is called ___? Hackers can inject more data into a memory buffer than it can hold, which may result in the additional data overflowing into the net area of memory. If the overflow extends to the next memory segment designated for code execution, a skilled attacker can insert arbitrary code that will execute with the same privileges as the current program.
BUFFER OVERFLOW
The slow movement of a chip out of its socket or solder points because of expansion and contraction caused by extreme temperature fluctuations is called ___?
CHIP CREEP
A logical division of data composed of one or more sectors on a hard drive is called ___?
This is the smallest addressable unit of drive storage, usually 512, 1.024, 2,048. or 4,096 bytes, depending on the logical volume size.
CLUSTER
A tactic of pursuing and extracting information for the purpose of making a sale or performing a social engineering attack is called ___?
This presupposes little or no knowledge of the person answering the phone. It requires the caller to be able to pick up on vocal and word clues, be knowledgeable about human nature, and adapt quickly to changes in conversation.
COLD CALLING
A software interface with a system that allows code execution; this is often the focus of an attack and is called ___?
If a hacker gains access to this, he or she can perform arbitrary code execution. AKA a terminal window or a command prompt.
COMMAND SHELL
Outsiders brought into an organization to work on a temporary basis. This type of person is called ___?
This worker can be a consultant, temporary worker, seasonal worker, contractor or even day laborer. This person potentially represents a greater risk that regular, full time regular employees because they might lack loyalty, not see the company as worthy of protection, or might not be accountable after a project ends, etc.
CONTRACT WORKERS
An unknown, secret pathway of communication is called ___?
It can be timing or storage-based.
COVERT CHANNEL
The malicious insertion of scripting code onto a vulnerable Web site is called ___?
The results of this type of attack can include the corruption of the data on the Web site or identity theft of the site’s visitors.
CROSS-SITE SCRIPTING (XSS)
A form of security defense that focuses on discouraging a perpetrator with disincentives such as physical harm, social disgrace, or legal consequences is called ___? This can also be a defense that is complex or difficult to overcome, such as a strong encryption, multi factor authentication, or stageful inspection filtering.
DETERRENT
A rogue program that automatically dials a modem to a pre-defined number and sometimes this is to auto-download additional malware to the victim or to upload stolen data from the victim is called ___?
In other cases, this calls premium rate telephone numbers to rack up massive long distance charges.
DIALER
Workers who feel wronged by their employer and who may take malicious, unethical, potentially illegal actions to exact revenge on the organization is called ___?
DISGRUNTLED EMPLOYEES
An attack that uses multiple remotely controlled software agents disseminated across the Internet is called ___?
Because this attack comes from multiple machines simultaneously, it is “distributed.” This can include flooding, spam, eavesdropping, interception, MitM, session hijacking, spoofing, packet manipulation, distribution of malware, hosting phishing sites, stealing passwords, cracking encryption and more.
DISTRIBUTED DENIAL OF SERVICE (DDoS)
A form of exploitation in which the data on a DNS server are falsified so subsequent responses to DNS resolution queries are incorrect is called ___?
This can wage man-in-the-middle attacks.
DNS POISONING
A form of exploitation in which unauthorized or rogue DNS server responds to DNS queries with false, resolutions is called ___?
DNS SPOOFING
The information related to the owners and managers of a domain name accessed through domain registrar’s Web sites and who is lookups is called ___?
This might include a physical address, people’s names, email addresses, and phone numbers.
This information is useful in waging social engineering attacks.
DOMAIN REGISTRATION
A type of reconnaissance in which an attacker examines an organization’s trash or other discarded items to learn internal or private information is called ___?
The results of this are often used to wage social engineering attacks.
DUMPSTER DIVING
The act of listening in on digital or audio conversations is called ___?
This usually requires a sniffer, protocol analyzer, or packet capturing utility.
This may be able to access unencrypted communication, depending on where it occurs.
EAVESDROPPING
The process of discovering sufficient details about a potential target to learn about network or system vulnerabilities is called ___?
This often starts with operating system identification, followed by application identification, then extraction of information from discovered services.
ENUMERATION
A form of DoS that uses a software specific exploit to cause the interruption of availability is called ___?
Once you apply the appropriate patch, the system is no longer vulnerable to this particular exploit.
FLAW EXPLOITATION
An attack, usually resulting in a DoS, in which hackers direct massive amounts of traffic toward a target to fully consume available bandwidth or processing capabilities is called ___?
FLOODING
The act of researching and uncovering information about a potential attack target. AKA reconnaissance and is called ___?
FOOTPRINTING
A storage device file system developed by Apple Inc. for use on Macintosh computers and supports multiple resource forks for file objects is called ___?
HIERARCHICAL FILE SYSTEM (HFS)
A closely monitored system that usually contains a large number of files that appears to be valuable or sensitive, and serves as a trap for hackers is called ___?
It distracts hackers from real targets, detects new exportations, and learns the identities of hackers.
`HONEYPOT
An announcement message sent to hosts to adjust the routing table, Type 5 of these messages are known as redirects is called ___?
Hackers can use these to perform man-in-the-middle or session hijacking attacks.
ICMP REDIRECT
An attack that exploits the nature of a network focused IDS to collect and analyze every packet to trick the IDS into thinking an attack took place when it actually hasn’t is called ___?
The common purpose of these injection attacks is to trick signature or pattern matching detection of malicious network events.
IDS INSERTION
An exploit-based on the introduction of unauthorized content or devices to an otherwise secured infrastructure is called ___?
Three common types of these include SQL injection, IDS insertion, and rogue devices.
INSERTION ATTACK
A form of near real-time text communication; AKA chat, IRC, and SMS messaging and is called ___?
INSTANT MESSAGE (IM)
Any attack that positions the attacker inline with a session between a client and server is called ___? These typically allow the hacker to eavesdrop and manipulate the contents of the session. AKA man-in-the-midde attack.
INTERCEPTION ATTACK
Any worker or person who is physically present within the building or who has authorization to remotely connect into the network is called ___?
These are the most common cause of security violations.
INTERNAL PERSONNEL
A real-time text communication system is called ___? Hackers commonly use this as a way to communicate anonymously and control botnets.
INTERNET RELAY CHAT (IRC)
Malware that records all keyboard input and transmits the log to a hacker is called ___?
KEYSTROKE LOGGER
A somewhat secret form of communication or language hackers use based on replacing letters with numbers, symbols, or other letters that somewhat resemble the original characters is called ___?
LEETSPEAK
Malware that acts like an electronic land mine. Once a hacker places this in a system, it remains dormant until a triggering event takes place is called ___?
The trigger can be a specific time and date, the launching of a program, the typing of a specific keyword, or accessing a specific URL.
LOGIC BOMB
The act of a hacker changing the MAC address of their network interface is called ___?
Commonly used to bypass MAC filtering on a wireless access point by impersonating a valid client.
MAC SPOOFING
The largest amount of data that a datagram can hold based on the limitations of the networking devices managing a given segment is called ___?
As this changes across a communication path, a datagram may be fragmented to comply with the MTU restrictions.
MAXIMUM TRANSMISSION UNIT (MTU)
A rating on some hardware devices expressing the average length of time between significant failures is called ___?
MEAN TIME BETWEEN FAILURES (MTBF)
A rating on some hardware devices expressing the average length of time until the first significant failure is likely to happen is called ___?
MEAN TIME TO FAILURE (MTTF)
A character that has a special meaning assigned to it and recognized as part of a scripting or programming language is called ___?
This should be filtered, escaped, or blocked to prevent script injection attacks. Escaping these is a programmatic tactic to treat all characters as basic ASCII rather than as something with special meaning or purpose.
METACHARACTER
A not-for-profit organization chartered to work in the public interest is called ___?
It sponsors a vulnerability research, cataloging, and information organization: “http://cve.mitre.org/.
MITRE