Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Intro To Cybersecurity > Module 3 > Flashcards

Module 3 Flashcards

1
Q

Endpoints

A
  • Refers to a network-connected hardware device
    • Ex: Computer, smartphone, tablet, wearable fitness trackers, etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malware

A
  • Malicious software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action.
    • There are millions of different types of malware (hard to classify)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the malware actions used for grouping? (hint 5)

A

Imprison, Launch, Snoop, Deceive, Evade

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the two kinds of Imprison

A
  • Ransomware: Malware that prevents a user’s endpoint device from properly and fully functioning until a fee is paid.
  • Cryptomalware: Malware that encrypts all the files on the device so that none of them can be opened until a ransom is paid.
    • new variants of cryptomalware encrypt all files on any network or attached device connected to that computer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are launch attacks and what are the 3 different kinds?

A
  • Infects a computer to launch attacks on it
  • Launch attacks include: Virus, Worm, Bot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the two different types of viruses? Why is one better than the other?

A
  • File-Based Virus: malicious computer code that is attached to a file.
    • Ex: Appender infection, armor file-based virus, split infection, mutation
  • File-less Virus: A type of malware that takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks.
    • Services are called living-off-the-land binaries (LOLBins).
  • Fileless is better than file based because it is harder to detect, easier to infect, Difficult to defend against
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Worm

A

Type of launch attack

  • Malicious program that uses a computer network to replicate. (network viruses)
    • A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an OS on the host computer. Then searches for another computer on the network with the same vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Bot

A

Type of launch attack

  • Bot: An infected computer placed under the remote control of an attacker for the purpose of launching attacks.
    • When hundreds, thousands, or even millions of bot computers are gathered into a logical computer network, they create a botnet under the control of a bot herder.
      • Infected bot computers receive instruction from a command and control (C&C) structure telling which computers to attack and how
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is “snoops” and what are the different types?

A

Category of malware that spies on its victims

  • Two types are spyware and keyloggers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is spyware and what are the different technologies used by it?

A
  • Tracking software that is deployed without the consent or control of the user.
  • Technologies:
    • Automatic download software
    • passive tracking technologies
    • system modifying software
    • tracking software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is keylogger?

A

Hardware or software that silently captures and stores each keystroke that a user types on the computer’s keyboard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is deceive and what are the different softwares in this category? (hint 3)

A
  • Category of malware that attempts to deceive the user and hide it’s true intentions
    • Includes: potentially unwanted programs (PUPs), Trojans, and remote access Trojans (RATs).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are Potentially Unwanted Programs (PUP)

A
  • Software that users do not want on their computer.
    • Often installed along with other programs and are overlooked in the process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Trojan

A
  • An executable program that masquerades as performing a benign activity but also does something malicious.
    • Ex: User downloads a calendar program but also installs malware that scans the computer (malicious activity)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Remote Access Trojan (RAT)

A

Malware that infects a computer like a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specially configured communication protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is evade and what are the 3 different types?

A
  • Category of malware that attempts to help malware or attacks evade detection.
    • Includes: backdoor, logic bomb, and rootkit
17
Q

Backdoor

A

Type of evading malware

  • Malware that gives access to a computer, program, or service that circumvents any normal security protections.
18
Q

Logic Bomb

A

Type of evading malware

  • Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it.
19
Q

What are application attacks and list the different types:

A
  • Client’s web browser makes a request to the Hypertext Transport Protocol (HTTP) to a web server which may be connected to web application servers. There are multiple attack points here. Includes:
    • scripting attacks, injection attacks, request forgery attacks, and replay attacks
20
Q

Scripting

A

Type of application attack

  • An attack that takes advantage of a website that accepts user input without validating it. (cross-site scripting (XSS)
21
Q

What is a SQL Injection? What are some other types of injections?

A

Type of application attack that introduces new input to exploit a vulnerability.

  • SQL Injection: An attack that inserts statements to manipulate a database server using Structured Query Language commands.
  • eXtenssible Markup Language (XML): Markup language designed to store information
    *
22
Q

What is requested forgery and what are the two different types

A
  • Type of application attack that fabricates a request. Includes:
    • Cross-site request forgery (CSRF): An attack that takes advantage of an authentication “token” that a website sends to a user’s web browser to imitate the identity and privileges of the victim.
    • Server site request forgery (SSRF): An attack that takes advantage of a trusting relationship between web servers.
23
Q

Replay

A

Type of application attack that copies data and then uses it for an attack.

24
Q

Resource exhaustion attacks

A
  • Type of memory vulnerability attack that depletes parts of memory and interferes with the normal operation of the program in RAM to give an attacker access to the underlying OS.
    • Ex: Memory leak: memory is not freed when the program has finished using it du to programming error
25
Q

What are the two types of memory vulnerability attacks?

A
  1. Butter overflow: An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. Extra data overflows into adjacent memory locations (hence buffer overflow
  2. Integer Overflow: Attack that changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow
26
Q

What are the different kinds of improper exception handling?

A

Type of memory vulnerability

  • Improper input handling: Programming error: that does not filter or validate user input to prevent a malicious action
  • Error Handling: A programming error that does not properly trap an error condition.
  • Pointer/object dereference: A flaw that results in a pointer given a NULL instead of valid value.
  • Race condition: A situation in software that occurs when two concurrent threads of execution access a shared resource simultaneously. (time of check/time of use race condition)
27
Q

What are the 3 different attacks that threat actors use to target external software components?

A
  • Application program interface (API): a link provided by an OS, web browser, or other platform that allows a developer access to resources at a high level. (ex website asking to know your location)
  • Device driver. software that controls and operates an external hardware device that is connected to a computer.
    • Attacker is either shimming (adding small coding library that intercepts changes in device and device driver) or refactoring (changing design of existing code)
    • Dynamic-link library (DLL).: a repository of both code and data that can be used by more than one program at the same time.
28
Q

Artificial Intelligence (AI)

A
  • technology that imitates human abilities
  • Includes machine learning: teaching a technology device to learn by itself without the continual instruction of a computer programmer, or through repeated experience
29
Q

What is Adversial artificial intelligence adn what are two risks associated with it?

A
  • Exploiting the risks associated with using AI and ML in cybersecurity. Risks:
    • Security of the ML Algorithms: A risk associated with the vulnerabilities in AI-powered cybersecurity applications and their devices.
    • Tainted training data for machine learning: A risk associated with attackers can attempt to alter the training data that is used by ML.

Intro To Cybersecurity (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions