Malicious Techniques and Procedures Flashcards
What can be done to mitigate RDP brute-force attacks? Choose more than one option.
A. Block port 3389 at the firewall
B. Install a PKI certificate on the server
C. Enable user MFA
D. Do not expose servers with RDP to the Internet
C. Enable user MFA
D. Do not expose servers with RDP to the Internet
C (Enable user MFA): Enabling Multi-Factor Authentication (MFA) on RDP sessions adds an extra layer of security. Even if attackers can guess a password, they would still need the second factor to gain access.
D (Do not expose servers with RDP to the Internet): One of the most effective ways to mitigate brute-force attacks on RDP is to avoid exposing RDP to the public internet entirely. Instead, use a VPN or other secure methods to access RDP.
Which type of attack uses bots to flood a victim network with useless traffic?
A. DDoS
B. Buffer overflow
C. Privilege escalation
D. DoS
A. DDoS
A Distributed Denial of Service (DDoS) attack involves multiple bots or compromised systems (often part of a botnet) flooding a victim’s network or server with excessive, meaningless traffic. This overloads the system and causes a denial of service, making the targeted system or network unavailable to legitimate users.
Which type of XSS attack is remembered by the server?
A. Refracted
B. Reflected
C. Persistent/stored
D. MiTM
B. Reflected
In a reflected XSS (Cross-Site Scripting) attack, the malicious script is not stored on the server. Instead, it is immediately reflected back to the user, typically via a URL or input form. The server does not remember the malicious content, but the attack is executed when the victim clicks on a specially crafted link or submits malicious data. The key here is that the attack is reflected by the server, not stored.
Which WiFi protocols are deprecated?
A. SSL
B. WEP
C. WPA3
D. TLS
B. WEP
Wired Equivalent Privacy (WEP) is an outdated and insecure Wi-Fi protocol. It was the original security protocol for wireless networks, but it has been deprecated due to numerous vulnerabilities that can be easily exploited. WEP has been largely replaced by more secure protocols like WPA (Wi-Fi Protected Access) and WPA2.
You need to ensure special characters are removed from a web form field. Which technique should you use?
A. Fuzzing
B. Input sanitization
C. Input validation
D. Memory allocation checking
B. Input sanitization Input sanitization involves cleaning user input by removing or escaping special characters to prevent malicious data (like script injections) from being processed or stored. This technique ensures that only safe data is passed through the system, such as removing characters that could be used in XSS (Cross-Site Scripting) or SQL injection attacks.
Which XML tag should be limited in its inclusion for server-side apps?
A. HR
B. ENTITY
C. H1
D. BODY
B. ENTITY
In XML, ENTITY tags define external references to files or data, which can be dangerous in server-side applications if they allow an attacker to include malicious files or data, potentially leading to XML External Entity (XXE) attacks. Limiting the use of ENTITY references in server-side applications is important for security to prevent such attacks.
What is the result of using the slowhttptest tool against a web site?
A. The server is rebooted
B. The site stops responding
C. The site homepage is defaced
D. An XSS page is placed on the server
B. The site stops responding.
This tool simulates a specific type of denial-of-service (DoS) attack known as a slow HTTP attack. By sending HTTP requests very slowly, it can exhaust the server’s resources, leading to a degraded performance or complete outage.
Which two parameters are using with the hping3 command to forge network traffic or to inject fake data into the payload of the packet? Choose more than one option.
A. Target IP
B. Destination port number
C. Host name
D. Domain Name
A. Target IP
B. Destination port number
A (Target IP): With hping3, the target IP is a fundamental parameter as it specifies the destination IP address to which the forged packets are sent. The tool can generate custom packets directed to this IP address.
B (Destination port number): hping3 allows you to specify a destination port number. By using this parameter, you can target a specific service or port on the target machine, allowing for testing and forging packets with particular payloads directed at certain ports.
Which action can help prevent buffer overflows?
A. Firewall rules
B. DDoS mitigation
C. Input validation
D. The use of customer-managed encryption keys
C. Input validation
Buffer overflows occur when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. Input validation ensures that the data received by a program meets expected parameters (such as length, format, and type), which can prevent the program from accepting malicious data that could trigger a buffer overflow.
Which techniques are the most effective in mitigating SQL injection attacks? Choose more than one option.
A. Memory allocation checking
B. Input validation
C. Input sanitization
D. Fuzzing
B. Input validation
C. Input sanitization
B (Input validation): Input validation ensures that data received from users is checked against a set of rules before being processed by the system. For SQL injection, this can involve ensuring that input conforms to expected formats (e.g., numbers only for a numeric field, or enforcing strict length and type constraints). By rejecting malformed or suspicious input, you can prevent SQL injection attacks.
C (Input sanitization): Input sanitization involves cleaning or filtering user inputs to remove potentially harmful characters or scripts, such as SQL control characters (‘, –, etc.). Sanitizing input before passing it into SQL queries is a key defense against SQL injection, as it ensures that user input does not interfere with the structure of SQL statements.
What is the result of a SYN flood attack?
A. Multiple injection attacks on the server
B. Multiple half-open connections on the server
C. Multiple buffer overflows on the server
D. Multiple closed sessions on the server
B. Multiple half-open connections on the server
A SYN flood attack is a type of Denial-of-Service (DoS) attack where an attacker sends a flood of SYN (synchronize) requests to a target server, often with fake or spoofed IP addresses. The server responds by sending SYN-ACK responses, but the attacker never sends the final ACK to complete the handshake. This results in half-open connections, where the server is waiting for the final handshake that never occurs, causing the server to exhaust its resources and potentially become unresponsive.
Which command starts the BeEF service?
A. start-beef
B. beef-start
C. run beef
D. beef-xss -h
D. beef-xss -h
What can be done to mitigate the possibility of reverse shell attacks?
A. MFA
B. Firewall rules
C. PKI certificates
D. Antimalware scanner
D. Antimalware scanner
