Network Attacks Flashcards

1
Q

Denial of Service (DoS) Attack

A

Occurs when one machine continually floods a victim with requests for services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TCP SYN Flood

A

Occurs when an attacker initiates multiple TCP sessions, but never
completes them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Smurf Attack (ICMP Flood)

A

▪ Occurs when an attacker sends a ping to a subnet broadcast address with
the source IP spoofed to be that of the victim server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Distributed Denial of Service (DDoS) Attack

A

▪ Occurs when an attacker uses multiple computers to ask for access to the
same server at the same time
● Botnet
o A collection of compromised computers under the control
of a master node
● Zombie
o Any of the individually compromised computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

On-Path/ Man-in-the-Middle (MITM) Attack

A

Occurs when an attacker puts themselves between the victim and the
intended destination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Session Hijacking

A

Occurs when an attacker guesses the session ID that is in use between a
client and a server and takes over the authenticated session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DNS Poisoning

A

Occurs when an attacker manipulates known vulnerabilities within the
DNS to reroute traffic from one site to a fake version of that site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DNSSEC

A

Uses encrypted digital signatures when passing DNS information between
servers to help protect it from poisoning
▪ Ensure server has the latest security patches and updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Rogue DHCP Server

A

A DHCP server on a network which is not under the administrative
control of the network administrators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Spoofing

A

Occurs when an attacker masquerades as another person by falsifying
their identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IP Spoofing

A

Modifying the source address of an IP packet to hide the identity of the
sender or impersonate another client
▪ IP spoofing is focused at Layer 3 of the OSI model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MAC Spoofing

A

Changing the MAC address to pretend the use of a different network
interface card or device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

MAC Filtering

A

Relies on a list of all known and authorized MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ARP Spoofing

A

Sending falsified ARP messages over a local area network
▪ ARP spoofing attack can be used as a precursor to other attacks
▪ Set up good VLAN segmentation within your network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

VLAN Hopping

A

Ability to send traffic from one VLAN into another, bypassing the VLAN
segmentation you have configured within your Layer 2 networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Double Tagging

A

Connecting to an interface on the switch using access mode with the
same VLAN as the native untagged VLAN on the trunk

17
Q

Switch Spoofing

A

Attempting to conduct a Dynamic Trunking Protocol (DTP) negotiation
▪ Disable dynamic switchport mode on your switchports

18
Q

Malware

A

Designed to infiltrate a computer system and possibly damage it without
the user’s knowledge or consent

19
Q

Virus

A

Made up of malicious code that is run on a machine without the user’s
knowledge and infects it whenever that code is run

20
Q

Worm

A

A piece of malicious software that can replicate itself without user
interaction

21
Q

Trojan Horse

A

A piece of malicious software disguised as a piece of harmless or
desirable software

22
Q

Remote Access Trojan (RAT)

A

Provides the attacker with remote control of a victim machine

23
Q

Ransomware

A

Restricts access to a victim’s computer system or files until a ransom or
payment is received

24
Q

Spyware

A

Gathers information about you without your consent

25
Q

Key Logger

A

Captures any key strokes made on the victim machine

26
Q

Rootkit

A

Designed to gain administrative control over a computer system or
network device without being detected

27
Q

Rogue Access Point

A

A wireless access point that has been installed on a secure network
without authorization from a local network administrator

28
Q

Shadow IT

A

▪ Use of IT systems, devices, software, applications, or services without the
explicit approval of the IT department

29
Q

Evil Twin

A

Wireless access point that uses the same name as your own network

30
Q

Deauthentication

A

Attempts to interrupt communication between an end user and the
wireless access point

31
Q

Dictionary Attack

A

Guesses the password by attempting to check every single word or
phrase contained within a word list, called a dictionary

32
Q

Brute Force Attack

A

Tries every possible combination until they figure out the password
▪ Use a longer and more complicated password

33
Q

o Social Engineering

A

Any attempt to manipulate users to reveal confidential information or
perform actions detrimental to a system’s security
▪ The weakest link is our end users and employees

34
Q

Phishing

A

Sending an email in an attempt to get a user to click a link
▪ Sending out emails to capture the most people and doesn’t really target
any particular person or group

35
Q

Whaling

A

Focused on key executives within an organization or other key leaders,
executives, and managers in the company

36
Q

Tailgating

A

Entering a secure portion of the organization’s building by following an
authorized person into the area without their knowledge or consent

37
Q
A