N2K - Flash Cards - Threats, Vulnerabilities, and Mitigations - Explain Common Threat Vectors and Attack Surfaces

1
Q

What is bluejacking?

A

An attack that sends unsolicited messages over a Bluetooth Connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the greatest security risk of instant messaging (IM)?

A

Sender Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of attack targets a more vulnerable company or resource that provides your company with third-party products or services?

A

Supply Chain Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the risk of default credentials?

A

They are well-known and easily exploited by attackers when left unchanged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is impersonation or pretexting?

A

When an attacker presents as someone else to gain access to information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which threat vector is exemplified by creating bogus content resembling trusted logos and emblems to deceive users?

A

Brand Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which attack surface type introduces malware or unauthorized access to systems through USB drives or external storage?

A

Removable Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which tool is used to automate spoofing or cloning Bluetooth devices and can allow one to spoof the MAC address of a given device?

A

Spooftooph (Kali Linux)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the term for the types of attacks that include impersonation, pretexting, vishing and smishing?

A

Human Vectors / Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of an airgap?

A

To ensure that a secure computer network is physically isolated from unsecured networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which Bluetooth attack targets IoT devices?

A

Bluetooth Low Energy (BLE) Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is bluesnarfing?

A

the act of gaining unauthorized access to a device (and the network it is connected to) through its Bluetooth Connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is SMS phishing?

A

A phishing attack that uses SMS or text messages to send malware or malicious links to mobile devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does a supply-chain attack work?

A

Hackers compromise a third-party managed service provider (MSP) and use their access to the company network to leverage an attack on the target company once inside their network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which type of threat vector is exemplified by concealing malicious code within JPG files to exploit vulnerabilities in software or deceive users?

A

Image-Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the purpose of using a sandbox when testing applications?

A

It runs untested or untrusted software from unverified or untrusted third parties, suppliers, users, or websites in an isolated environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which vulnerable software classification does not require the installation of software or applications on user devices?

A

Agentless

18
Q

Which vulnerability occurs when vendors are inconsistent with releasing updates needed to patch security issues?

A

Patching Fragmentation

19
Q

What are some examples of social engineering attacks?

A

Spoofing
Misrepresentation
Dumpster Diving

20
Q

When automating next steps after a port scan, what typically are the next steps?

A

Probing the open service ports for vulnerabilities, checking and recording configurations present, and producing a report on the configurations

21
Q

Which Bluetooth attack sends unsolicited messages over a Bluetooth connection?

A

Bluejacking

22
Q

What is the most effective way to prevent social engineering attacks?

A

User Training

23
Q

What is spimming?

A

An instance of spam sent over an instant message (IM) application

24
Q

What is a command injection attack?

A

An attack in which an attacker tries to execute commands via a vulnerable software application that the attacker is not supposed to be able to execute on a system

25
Q

To what does social engineering refer?

A

Social engineering refers to an attacker’s attempt to obtain sensitive information by using deception and fraud or by manipulating common human traits like trust and greed.

26
Q

What is vishing?

A

A special type of phishing that uses Voice over IP (VOIP)

27
Q

When does smishing occur?

A

When hackers send fake text messages to trick users into clicking bogus links

28
Q

Which type of threat vector delivers malicious content through email attachments?

A

File-Based

29
Q

Which threat vector consists of exploiting social engineering tactics or vulnerabilities to deceive or manipulate targets over phone communications?

A

Voice Calls

30
Q

Which vulnerable software classification requires the installation of software or applications on user devices?

A

Client-Based

31
Q

Why would an attacker alter an email header?

A

To obscure the sender’s identity and perform impersonation

32
Q

What is another name for voice phishing?

A

Vishing

33
Q

What does removable media control prevent?

A

Infection from malicious files found on USB drives, SD cards, CDs, DVDs, and other removable devices

Unauthorized copying or removal of project files

34
Q

To which two attacks are bluetooth networks susceptible?

A

Bluejacking and Bluesnarfing

35
Q

What occurs when an attacker profiles and compromises websites that the intended victim accesses?

A

Watering Hole Attack

36
Q

What is the term for the act of gaining unauthorized access to a device (and the network it is connected to) through its Bluetooth connection?

A

Bluesnarfing

37
Q

What are the three most common message-based threat vectors?

A

Email
Short Message Service (SMS)
Instant Messaging (IM)

38
Q

What is an Xmas Attack?

A

An attack that looks for open service ports

39
Q

What is voice phishing?

A

A phishing attack that uses voice calls to trick a victim into revealing information

40
Q

Which threat vector arises from unpatched vulnerabilities that are exploited by attackers due to lack of updates or support?

A

Unsupported systems/applications or legacy systems