Network Threats and Attacks

Question 1

Malicious software includes viruses, worms, Trojans, ransomware, and spyware that can infect systems, steal data, or disrupt operations.

Answer 1

Malware

Question 2

A fraudulent attempt to obtain sensitive information (such as usernames, passwords, and financial details) by impersonating a trusted entity via email or other communication channels.

Answer 2

Phishing

Question 3

Overwhelm a network or website with excessive traffic or requests, causing it to become unavailable.

Answer 3

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

Question 4

An attacker intercepts and possibly alters communication between two parties without their knowledge.

Answer 4

Man-in-the-Middle (MitM) Attacks

Question 5

Attackers insert malicious SQL queries into input fields to manipulate a database, potentially gaining unauthorized access to data.

Answer 5

SQL Injection

Question 6

Injecting malicious scripts into web pages viewed by other users, compromising their browsing experience or stealing their data.

Answer 6

Cross-Site Scripting (XSS)

Question 7

Attacks that target vulnerabilities in software or hardware that are not yet known to the vendor or public, giving no time for patches.

Answer 7

Zero-Day Exploits

Question 8

Includes brute force attacks, dictionary attacks, and credential stuffing, aiming to gain unauthorized access by exploiting weak or stolen passwords.

Answer 8

Password Attacks

Question 9

Malicious or negligent actions by employees or trusted individuals within an organization that can compromise security.

Answer 9

Insider Threats

Question 10

Unauthorized devices (e.g., rogue access points) added to a network that can be used to eavesdrop or gain access.

Answer 10

Rogue Devices

Question 11

Unauthorized interception of network traffic to capture sensitive data.

Answer 11

Eavesdropping/Sniffing

Question 12

Manipulating individuals into divulging confidential information or performing actions that compromise security.

Answer 12

Social Engineering

Question 13

Malicious advertisements that can infect systems when clicked on.

Answer 13

Malvertising

Question 14

Internet of Things devices with security weaknesses that can be exploited by attackers.

Answer 14

IoT Vulnerabilities

Question 15

Malicious software is automatically downloaded and installed when a user visits a compromised website.

Answer 15

Drive-By Downloads

Question 16

Unauthorized copying, transfer, or retrieval of data from an organization’s network.

Answer 16

Data Exfiltration

Question 17

Intercepting and analyzing data packets in transit to obtain sensitive information.

Answer 17

Packet Sniffing

Question 18

Manipulating DNS records to redirect users to malicious websites or hijack their traffic.

Answer 18

DNS Spoofing/Cache Poisoning

Question 19

Repeatedly trying all possible combinations of passwords or encryption keys until the correct one is found.

Answer 19

Brute Force Attacks

Question 20

Scanning for and exploiting vulnerabilities in wireless networks.

Answer 20

Wardriving

Question 21

Illegally using a victim’s computer or network resources to mine cryptocurrency.

Answer 21

Cryptojacking

Question 22

Exploiting vulnerabilities in applications or scripts without writing malicious files to disk, making them harder to detect.

Answer 22

Fileless Attacks

Question 23

Long-term targeted attacks by well-funded and organized adversaries with the goal of stealing information or maintaining a persistent presence.

Answer 23

Advanced Persistent Threats (APTs)

Question 24

Attackers compromise websites frequently visited by their target audience, infecting visitors with malware.

Answer 24

Watering Hole Attacks

Question 25

Encrypting a victim’s data and demanding a ransom for decryption keys.

Answer 25

Ransomware

Question 26

Illegally acquiring usernames and passwords through various means, such as keyloggers or phishing, to gain unauthorized access.

Answer 26

Credential Theft

Question 27

Also known as session fixation, attackers take control of a user’s active session to impersonate them and perform malicious actions.

Answer 27

Session Hijacking

Question 28

Attackers use DNS queries to create covert communication channels for data exfiltration or command and control.

Answer 28

DNS Tunneling

Question 29

Malicious software that permanently damages or “bricks” a device, rendering it unusable.

Answer 29

BrickerBot (Permanent Denial-of-Service)

Question 30

Hijacking a network of compromised devices to mine cryptocurrencies, consuming resources and slowing down systems.

Answer 30

Crypto-Mining Botnets

Question 31

Exploiting insecure file upload functionality to execute malicious scripts or upload malware.

Answer 31

File Upload Vulnerabilities

Question 32

Manipulating the Address Resolution Protocol to associate an attacker’s MAC address with a legitimate IP address.

Answer 32

ARP Spoofing/Poisoning

Question 33

Malware or malicious code introduced to a network through infected USB drives or devices.

Answer 33

USB-based Attacks

Question 34

Impersonating high-level executives to trick employees into transferring money or sensitive information.

Answer 34

Business Email Compromise (BEC)

Question 35

Cybercriminals can subscribe to ransomware services, making it easier for less technically skilled attackers to launch attacks.

Answer 35

Crypto Ransomware-as-a-Service (RaaS)

Question 36

Redirecting website traffic to a fraudulent site using DNS manipulation or malware.

Answer 36

Pharming

Question 37

Scammers use phone calls or VoIP to impersonate trusted entities and obtain sensitive information.

Answer 37

Vishing (Voice Phishing)

Question 38

Fake systems or networks designed to attract attackers and study their tactics, techniques, and procedures.

Answer 38

Honeypots

Question 39

Hidden or undocumented methods for accessing a system or application, often created by attackers for future access.

Answer 39

Backdoors

Question 40

Malware targeting vulnerable Internet of Things devices to use them for malicious purposes.

Answer 40

Crypto-Malware Attacks on IoT Devices

Question 41

Attackers leverage social media platforms to spread malware, conduct phishing, or gather information about targets.

Answer 41

Social Media Attacks

Question 42

Unauthorized alteration or modification of data, which can lead to misinformation and financial or reputational damage.

Answer 42

Data Manipulation

Question 43

Techniques used by malware to generate random domain names for command and control servers to evade detection.

Answer 43

Domain Generation Algorithms (DGA)

Question 44

Compromised IoT devices are used to form botnets for various malicious activities.

Answer 44

IoT Botnets

Question 45

Exploiting vulnerabilities in application programming interfaces (APIs) to gain unauthorized access or cause disruptions.

Answer 45

API Attacks

Question 46

Attackers target vulnerabilities in the Domain Name System Security Extensions (DNSSEC) to compromise DNS integrity.

Answer 46

DNSSEC Exploitation

Question 47

Vulnerabilities in Bluetooth connections can be exploited for unauthorized access or data theft.

Answer 47

Bluetooth Attacks

Question 48

Manipulating a router’s DNS settings through vulnerabilities in the router’s firmware.

Answer 48

Drive-By Pharming

Question 49

Attackers compromise a product or service at the source, often through a third-party supplier, to distribute malware or compromise security.

Answer 49

Supply Chain Attacks

Question 50

Concealing malicious code or data within seemingly harmless files or images to evade detection.

Answer 50

Steganography