Malicious Activity

Question 1

Network Flood Attack

Answer 1

Attempts to send more packets to a single server or host

Question 2

Ping Flood

Answer 2

A server is sent too many pings

Question 3

SYN Flood

Answer 3

Initiating multiple TCP sessions but never completes the three-way handshake

Question 4

Permanent Denial of Service (PDOS)

Answer 4

Attack which exploits the security flaw by refreshing a firmware, breaking the device

Question 5

Fork Bomb

Answer 5

Large number of processes is created to use the computer’s resources and processing power

Question 6

Distributed Denial of Service (DDOS)

Answer 6

A DOS with multiple machines

Question 7

DNS Amplification Attack

Answer 7

Allows an attacker to initiate DNS requests from a spoof IP address to flood a website

Question 8

DNS Cache Poisoning

Answer 8

Involves corrupting the DNS cache data of a DNS resolver with false information; To Fix -> Use DNSSEC to add digital signature to the DNS data

Question 9

DNS Tunneling

Answer 9

Uses the DNS protocol over Port 53 to encase non-DNS traffic

Question 10

Domain Hijacking

Answer 10

Altering domain name registration with the original registant’s consent

Question 11

DNS Zone Transfer Attack

Answer 11

The attackers mimic an authorized system to request and obtain the entire DNS zone data of a domain; Impossible using a public DNS

Question 12

Directory traversal

Answer 12

A type of injection attack that allows access to commands, files, and directories either connected or not connected to the web documents root directory

Question 13

File Inclusion

Answer 13

Allows an attacker to either download files from a arbitrary location or upload an executable or script file to open a backdoor

Question 14

Remember ..\ or ../ is

Answer 14

Directory traversal

Question 15

File inclusion is

Answer 15

Directory traversal

Question 16

Execution and Escalation Attack types

Answer 16

Arbitrary code execution, remote code execution, Privilege execution, and rootkits

Question 17

Arbitrary Code Execution

Answer 17

A vulnerability that allows an attacker to run a code or module that exploits a vulnerability; From the host

Question 18

Remote Code Execution

Answer 18

From the internet

Question 19

Privilege Execution

Answer 19

When a user accesses or modifies system resources that they are not entitled to normally

Question 20

Privilege Vertical Execution

Answer 20

Normal level to higher level

Question 21

Privilege Horizontal Execution

Answer 21

One user to another

Question 22

Replay Attack

Answer 22

Network based attack that involves malicious repeating or delaying valid data transmissions

Question 23

Cookie Poisoning

Answer 23

Modifying the contents of a cookie to be sent to a client’s browser and exploits the vulnerabilities in an application

Question 24

SSL Stripping

Answer 24

Tricking the encryption app to use HTTP connection and not HTTPS

Question 25

Injection Attack Types

Answer 25

LDAP, Command, Process, DLL

Question 26

Indicators of Compromise

Answer 26

Data pieces that detect potential malicious activity on a network or system