Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 19.181 Execution and Escalation Attacks > Flashcards

Section 19.181 Execution and Escalation Attacks Flashcards

Objective 2.4 Given a scenario, you must be able to analyse indicators of malicious activity

1
Q

Arbitrary Code Execution

A

Vulnerability allows an attacker to run their code without restrictions and lets attackers execute their code on the target system (Physically be on the system)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Remote Code Execution

A

Type of arbitrary code execution that occurs remotely, often over the internet (Dont have to be physically on the system)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Privilege Escalation

A

Gaining higher-level permissions than originally assigned which allows attackers to operate with elevated privileges, such as administrator or
root access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privilege Escalation 2 types of escalation

Vertical Privilege Escalation

A

Going from normal user to higher privilege (e.g., admin or root)

● Commonly associated with code execution leading to admin-level permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Privilege Escalation 2 types of escalation

Horizontal Privilege Escalation

A

Accessing or modifying resources at the same level as the attacker

● Occurs when a user attempts to access resources for which they don’t
have permissions at the same level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why are privileges so important

Understanding Privileges

A

Application and process privileges are required for executing functions, reading, and writing data

● Applications inherit the permissions of the user running them (e.g., system, admin, or user)

● Understanding and managing privileges is crucial for system security

● Attackers aim to gain higher privileges to perform malicious actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Rootkits

A

Class of malware that conceals its presence by modifying system files, often at the kernel level

■ Can be challenging to detect and provides attackers with persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Ring Levels

Ring Zero

A

○ The kernel (center) with the highest privileges

○ Kernel mode rootkits (Ring Zero) are more dangerous due to their
extensive control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Rings1 to 3

A

User-level components with decreasing privileges as the ring number increases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Kernel Mode Rootkit

A

● Embedded in the kernel (Ring Zero)

● Has maximum control and privileges

● Highly dangerous due to the extensive system access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

User Mode Rootkit

A

● Attached to user-level components (Rings 1 to 3)

● Has administrator-level privileges

● Utilises operating system features for persistence, e.g., registry or task
scheduler

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (205 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions