Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISC2 - Study Notes > ISC2 - Study Notes 14 > Flashcards

ISC2 - Study Notes 14 Flashcards

1
Q

Vendors that release software purchase a certificate from a public certificate authority (CA). This certificate is associated with the software file and the vendor that released it. It includes the name of the vendor and a hash of the file.

A

Info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A buffer overflow problem starts as a programming error. However, if attackers detect it, they can launch a buffer overflow attack. Successful buffer overflow attacks allow attackers to gain elevated privileges and insert malicious code into normally protected memory areas.

A

Info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

an attacker attempts to insert operating system commands into an application or web page form. If successful, the command executes on the system hosting the application or web page.

A

Command Injection Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

??? is a relatively common attack that attempts to inject HTML or JavaScript code into a web page. The attacker modifies the code on the website, and when the user goes to the website, the code executes on the user’s system.

A ??? attack attempts to send a malicious command from the user’s system to the website.

A

XSS / CSRF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An ??? attack exploits the user’s trust of a website and downloads code onto the user’s system.

A ??? attack exploits the trust that a site has in the user’s browser and attempts to send unauthorized commands from the user’s system to the website.

A

XSS / CSRF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Some password crackers use rainbow tables to speed up the process of cracking a password. Salting hashed passwords thwarts rainbow table attacks.

PMF helps ensure the integrity of wireless network management traffic. Many devices are already using PMF.

Attackers connect the rouge AP to a wired network and then use it as a sniffer to capture traffic.

A

Info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

??? is the practice of using gathered information to create another scenario and collect additional information. The ???, or the invented scenario, increases the possibility that the person will give up additional information to the social engineer.

A

Pretexting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

??? is also known as masquerading or spoofing. In social engineering, the social engineer is attempting to masquerade as someone else.

A

Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

is the process of capturing information from credit cards at point-of-sale (POS) readers, gas pumps, and automated teller machines (ATMs). The attacker typically places a thin filament-based plastic, called a skimming film, into a card reader.

A

Skimming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

??? try to hide themselves from antivirus (AV) software by providing false or misleading information about the virus to the AV software.

A

Stealth Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ISC2 - Study Notes (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions