Network + Ch1

Question 1

What is Typosquatting?

Answer 1

URL hijacking where a malicious domain mimics a legitimate one(g00gle vs google.com)

Question 2

How does Pretexting work?

Answer 2

The attacker creates a false story to trick a victim into giving up sensitive information.

Question 3

What is Pharming?

Answer 3

A poisoned DNS redirects users to fake websites instead of legitimate ones.

Question 4

What is Vishing?

Answer 4

Voice phishing using spoofed numbers to extract information via phone calls.

Question 5

What is the difference between Smishing and Spear Phishing?

Answer 5

Smishing is phishing through SMS, while Spear phising is a targeted phishing attack on specific individuals.

Question 6

What is Whaling?

Answer 6

A form of spear phishing targeting high-profile individuals, like CEOs or executives

Question 7

Define Watering Hole Attack

Answer 7

Infects websites commonly visited by a specific group to target those users.

Question 8

What is Tarpitting?

Answer 8

Intentionally slowing down server responses to discourage spam or malicious attacks

Question 9

What makes a Worm different from a Virus?

Answer 9

A worm self-replicates without user interaction, while a virus requires user action to spread.

Question 10

What is a Fileless Virus?

Answer 10

Malware that runs in memory without leaving files on the disk, making it hard to detect?

Question 11

How can you protect against Ransomware?

Answer 11

Maintain offline backups not connected to the system.

Question 12

What is a Logic Bomb?

Answer 12

Malicious code triggered by a specific event or date

Question 13

What is a Spraying Attack?

Answer 13

An attack using common passwords only a few times to avoid detection or lockout

Question 14

What are Rainbow Tables used for?

Answer 14

Precomputed hash chains used to crack passwords quickly

Question 15

What is a Birthday Attack?

Answer 15

An attack that exploits hash collisions to find two inputs with the same hash

Question 16

What is Cross-Site Scripting(XSS)?

Answer 16

An attack that injects JavaScript into a website to steal information or manipulate content.

Question 17

What is the difference between Persistent and Non-Persistent XSS?

Answer 17

Persistent XSS stores malicious scripts permanently on the website, while Non-Persistent XSS injects them temporarily

Question 18

What is an LDAP Injection Attack?

Answer 18

An attack that manipulates LDAP queries to access unauthorized data

Question 19

What is Pass the Hash?

Answer 19

A replay attack where an intercepted hash is reused to authenticate without cracking it.

Question 20

What is Bluejacking?

Answer 20

Sending unsolicited messages over Bluetooth to other devices

Question 21

What is Bluesnarfing?

Answer 21

Accessing data from a mobile device via Bluetooth without permission

Question 22

What are Rules of Engagement in penetration testing?

Answer 22

They define the scope, purpose, and limitations of a penetration test

Question 23

What is Wardriving?

Answer 23

Driving around to search for open WiFi networks using specialized tools.

Question 24

What is UEBA used for?

Answer 24

User and Entity Behavior Analytics monitors network activity to detect unusual behavior patterns

Question 25

What is SOAR?

Answer 25

Security Orchestration, Automation and Response automates repetitive security tasks and responses