Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 18.176 Race Conditions > Flashcards

Section 18.176 Race Conditions Flashcards

Objectives 2.2 Explain common threat vectors and attack strategies. Objectives 2.3 Explain various types of vulnerabilities Objectives 2.4 Given a scenario, you must be able to analyse indicators of malicious activity. Objectives 2.5 Explain the purpose of mitigation techniques used to secure the enterprise. Objectives 2.6 Given a scenario, you must be able to apply common security techniques to computing resources.

1
Q

Race Condition

A

Software vulnerabilities related to the order and timing of events in concurrent processes

■ Exploiting race conditions allows attackers to disrupt intended program behavior and gain unauthorised access

■ Race conditions occur when multiple threads or processes access and manipulate shared resources simultaneously

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Dereferencing

A

Software vulnerability that occurs when the code attempts to remove the
relationship between a pointer and the thing that the pointer was pointing to in the memory which allows changes to be made

■ Vulnerabilities stem from unexpected conflicts and synchronisation issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Exploiting Race Conditions

A

Attackers exploit race conditions by timing their actions to coincide with
vulnerable code execution

■ Exploitation may lead to unauthorized access, data manipulation, or system
crashes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A real-world example of race condition exploitation

Dirty COW Exploit

A

Targeted Linux and Android systems, leveraging race conditions in the Copy On Write function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Types of Race Conditions

Time-of-Check (TOC)

A

Attackers manipulate a resource’s state after it is checked but before it is used

● For example, overdrawing a bank account due to a time delay between
checking and transferring funds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Types of Race Conditions

Time-of-Use (TOU)

A

● Attackers alter a resource’s state after it is checked but before it is used

● Focuses on the time when the resource is utilised, rather than the time of the initial check

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Time-of-Evaluation (TOE)

A

Attackers manipulate data or resources during the system’s decision-making or evaluation process

● Can lead to incorrect results or unexpected behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Mitigating Race Conditions

Mutex

A

Mutually exclusive flag that acts as a gatekeeper to a section of code so that only one thread can be processed at a time

○ Mutexes ensure only one thread or process can access a specific section of code at a time

Properly design and test locks to prevent deadlocks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Mitigating Race Conditions

Deadlock

A

Occurs when a lock remains in place because the process it’s waiting for is
terminated, crashes, or doesn’t finish properly, despite the processing being complete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (205 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions