Module 3 Flashcards
What are the 3 CIA Triad
Confidentiality, Integrity, Availability
Anything of value to the organization. It includes people, equipment, resources, and data
Asset
A weakness in a system, or its design, that could be exploited by a threat
vulnerability
A potential danger to a company’s assets, data, or network functionality
threat
A mechanism that takes advantage of a vulnerability
exploit
Counter-measure that reduces the likelihood or severity of a potential threat or risk.
mitigation
The likelihood of a threat to exploit the vulnerability of an asset, with the aim of negatively affecting an organization
risk
A path by which a threat actor can gain access to a server, host, or network.
attack vector
____ or data exfiltration is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world
Data loss
What should be done to confidential data no longer required by a company
shredded
Hackers are also called as ____
threat actors
Ethical hackers who use their programming skills for good, ethical, and legal purposes.
White Hat Hackers
These are individuals who commit crimes and do arguably unethical things, but not for personal gain or to cause damage
Gray Hat Hackers
These are unethical criminals who compromise computer and network security for personal gain, or for malicious reasons, such as attacking networks
Black Hat Hackers
These are teenagers or inexperienced hackers running existing scripts, tools, and exploits, to cause harm, but typically not for profit.
Script Kiddies
These are usually gray hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards
Vulnerability Broker
These are gray hat hackers who publicly protest organizations or governments by posting articles, videos, leaking sensitive information, and performing network attacks.
Hacktivists
These are black hat hackers who are either self-employed or working for large cybercrime organizations
Cyber criminals
These are either white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups, and corporations
State-Sponsored
Penetration Testing Tool which repeatedly make guesses in order to crack the password
Password Crackers
Penetration Testing Tool used to intentionally hack into a wireless network to detect security vulnerabilities.
Wireless Hacking Tools
Tools that are used to probe network devices, servers, and hosts for open TCP or UDP ports.
Network Scanning and Hacking Tools
These tools are used to probe and test a firewall’s robustness using specially crafted forged packets
Packet Crafting Tools
These tools are used to capture and analyze packets within traditional Ethernet LANs or WLANs
Packet Sniffers
Tools used by threat actors to discover a computer’s security vulnerabilities.
Fuzzers to Search Vulnerabilities
These tools are used by white hat hackers to sniff out any trace of evidence existing in a computer.
Forensic Tools
These tools are used by black hats to reverse engineer binary files when writing exploits.
Debuggers
This is when a threat actor captures and “listens” to network traffic.
Eavesdropping Attack
If threat actors have captured enterprise traffic, they can alter the data in the packet without the knowledge of the sender or receiver (type of threat actor attack)
Data Modification Attack
This happens when a threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet
IP Address Spoofing Attack
Type of attack where threat actors could use a valid account to obtain lists of other users, network information, change server and network configurations, and modify, reroute, or delete data.
Password-Based Attacks
A ___ attack prevents normal use of a computer or network by valid users. It can also flood a computer or the entire network with traffic until a shutdown occurs because of the overload.
Denial of Service Attack
This attack occurs when threat actors have positioned themselves between a source and destination. They can now actively monitor, capture, and control the communication transparently
Man-in-the-Middle Attack
If a threat actor obtains a secret key, that key is referred to as a compromised key. A compromised key can be used to gain access to a secured communication without the sender or receiver being aware of the attack
Compromised-Key Attack
___ require human action to propagate and infect other computers.
viruses
____ hides by attaching itself to computer code, software, or documents on the computer.
virus
This type of malware is a program that looks useful but also carries malicious code. They are often provided with free online programs such as computer games.
trojan horses
Type of malware that can display unsolicited advertising using pop-up web browser windows, new toolbars, or unexpectedly redirect a webpage to a different website
adware
Type of malware that denies a user access to their files by encrypting the files and then displaying a message demanding a ransom for the decryption key.
ransomware
Used by threat actors to gain administrator account-level access to a computer. They are very difficult to detect because they can alter firewall, antivirus protection, system files, and even OS commands to conceal their presence.
Rootkit
Like adware but, used to gather information about the user and send to threat actors without the user’s consent.
spyware
What does CVE stand for?
Common Vulnerabilities and Exposures
A self-replicating program that propagates automatically without user actions by exploiting vulnerabilities in legitimate software. The intent of is usually to slow or disrupt network operations
worm
What does CWE stand for?
Common Weaknesses Enumeration
List of known instances of vulnerabilities within a product or a
system
Common Vulnerabilities and Exposures (CVE)
Dictionary of weaknesses that may lead to vulnerability
Common Weaknesses Enumeration (CWE)
Threat actors use this attack to do unauthorized discovery and mapping of systems, services, or vulnerabilities. This attack precedes access attacks or DoS attack
Reconnaissance Attacks
This type of attack exploits known vulnerabilities in authentication services, FTP services, and web services. The purpose of is to gain entry to web accounts, confidential databases, and other sensitive information
access attacks
In this attack, the threat actor attempts to discover critical system passwords using various methods
Password Attacks
In this attack, the threat actor device attempts to pose as another device by falsifying data
spoofing attack
_____ is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information. Some techniques are performed in-person while others may use the telephone or internet
Social engineering
A threat actor pretends to need personal or financial data to confirm the identity of the recipient.
Pretexting
A threat actor sends fraudulent email which is disguised as being from a legitimate, trusted source to trick the recipient into installing malware on their device, or to share personal or financial information
Phishing
A threat actor creates a targeted phishing attack tailored for a specific individual or organization.
Spear phishing
Also known as junk mail, this is unsolicited email which often contains harmful links, malware, or deceptive content
Spam
Sometimes called “Quid pro quo”, this is when a threat actor requests personal information from a party in exchange for something such as a gift
Something for Something
A threat actor leaves a malware infected flash drive in a public location. A victim finds the drive and unsuspectingly inserts it into their laptop, unintentionally installing malware
Baiting
This type of attack is where a threat actor pretends to be someone they are not to gain the trust of a victim.
Impersonation
This is where a threat actor quickly follows an authorized person into a secure location to gain access to a secure area.
Tailgating
This is where a threat actor inconspicuously looks over someone’s shoulder to steal their passwords or other information.
Shoulder surfing
This is where a threat actor rummages through trash bins to discover confidential documents
Dumpster diving
Similar to a DoS attack, but it originates from multiple, coordinated sources.
Distributed DoS Attack (DDoS)
Two major types of DoS attacks
Overwhelming Quantity of Traffic and Maliciously Formatted Packets
Threat actors use Internet Control Message Protocol (ICMP) echo packets (pings) to discover subnets and hosts on a protected network, to generate DoS flood attacks, and to alter host routing tables.
ICMP attacks
Threat actors attempt to prevent legitimate users from accessing information or services using DoS and DDoS attacks.
Amplification and
reflection attacks
Threat actors spoof the source IP address in an IP packet to perform blind spoofing or non-blind spoofing.
Address spoofing attacks
Threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication. They could eavesdrop by inspecting captured packets, or alter packets and forward them to their original destination.
Man-in-the-middle attack (MITM)
Threat actors gain access to the physical network, and then use an MITM attack to hijack a session
Session hijacking
This is used to perform host verification and DoS attacks. (ICMP Message)
ICMP echo request and echo reply
This is used to perform network reconnaissance and scanning attacks (ICMP Message)
ICMP unreachable
This is used to map an internal IP network. (ICMP Message)
ICMP mask reply
This is used to lure a target host into sending all traffic through a compromised device and create a MITM attack (ICMP Message)
ICMP redirects
This is used to inject bogus route entries into the routing table of a target host. (ICMP Message)
ICMP router discovery
Address Spoofing Attack where the threat actor can see the traffic that is being sent between the host and the target.
Non-blind spoofing
Address Spoofing Attack where the threat actor cannot see the traffic that is being sent between the host and the target; used in DoS attacks
Blind spoofing
What does TCP stand for?
Transmission Control Protocol
What does UDP stand for?
user datagram protocol
3 TCP Services
Reliable delivery, flow control and stateful communication
Protocol that defines an automated service that matches resource names, such as www.cisco.com, with the required numeric network address, such as the IPv4 or IPv6 address.
Domain Name Service (DNS)
4 kinds of DNS attacks
*DNS open resolver attacks
*DNS stealth attacks
*DNS domain shadowing attacks
*DNS tunneling attacks
Involves the threat actor gathering domain account credentials in order to silently create multiple sub-domains to be used during the attacks.
DNS Domain Shadowing Attacks
Threat actors who use _______ place non-DNS traffic within DNS traffic
DNS tunneling
Occurs when a rogue DHCP server is connected to the network and provides false IP configuration parameters to legitimate clients
DHCP spoofing attack
Only authorized individuals, entities, or processes can access sensitive information. It may require using cryptographic encryption algorithms such as AES to encrypt and decrypt data. (CIA security triad)
Confidentiality
Refers to protecting data from unauthorized alteration. It requires the use of cryptographic hashing algorithms such as SHA (CIA security triad)
Integrity
Authorized users must have uninterrupted access to important resources and data. It requires implementing redundant services, gateways, and links. (CIA security triad)
Availability
A system, or group of systems, that enforces an access control policy between networks
Firewalls
What does ESA stand for?
Email Security Appliance
What does SMTP stand for?
Simple Mail Transfer Protocol
What does WSA stand for?
Web Security Appliance
Guarantees that the sender cannot repudiate, or refute, the validity of a message sent.
Data Non-Repudiation
___ functions are used to ensure the integrity of a message. They guarantee that message data has not changed accidentally or intentionally
Hash
What are the three well-known hash functions?
MD5 with 128-bit Digest (Legacy)
SHA Hashing Algorithm (Legacy)
SHA-2
HMAC
hash message authentication code
Encryption class where they use the same pre-shared key, also called a secret key, to encrypt and decrypt data. A pre-shared key is known by the sender and receiver before any encrypted communications can take place.
Symmetric Encryption
_____ algorithms, also called public-key algorithms, are designed so that the key that is used for encryption is different from the key that is used for decryption.
Asymmetric
What does IKE stand for?
Internet Key Exchange
What does SSL stand for?
Secure Socket Layer
This protocol provides a secure remote access connection to network devices
Secure Shell (SSH)
This computer program provides cryptographic privacy and authentication. It is often used to increase the security of email communications.
Pretty Good Privacy (PGP)
An asymmetric mathematical algorithm where two computers generate an identical shared secret key without having communicated before. The new shared key is never actually exchanged between the sender and receiver.
Diffie-Hellman (DH)
Role of the red team in pen testing?
Offensive team
Role of the blue team in pen testing?
defense team
Role of the purple team in pen testing?
offense and defense
Role of the white team in pen testing?
arbiters
Role of the yellow team in pen testing?
builders
Role of the orange team in pen testing?
offensive and builders
Role of the green team in pen testing?
defense and builders
What does MFA mean?
Multi-Factor Authenticator
Phishing in SMS
Smishing
Phishing in voice or calls
vishing
What does IP stand for?
Internet Protocol
What does ARP stand for?
address resolution protocol
What does DNS stand for?
domain name system/service
What does DHCP stand for?
dynamic host configuration protocol
What does FTP stand for?
file transfer protocol
What does TFTP stand for?
trivial FTP
What does NFS mean?
network file system
What does VoIP mean?
voice over IP
What does VoLTE stand for?
voice over long term evolution
What does IPS stand for?
Intrusion Prevention System
What does IDS stand for?
Intrusion Detection System
