Security 1.2 Flashcards

1
Q

Phishing

A

Sending a false email pretending to be legitimate to steal valuable information from the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Spear phishing

A

Attacks that target specific users with inside information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Whaling

A

An attack on a powerful or wealthy individual like a CEO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vishings

A

An attack through a phone or voice communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tailgating

A

loosely following individuals with keys to get access to secure areas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Impersonation

A

aking on the identity of an individual to get access into the system or communications protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dumpster diving

A

Going through a business’s or person’s trash to find thrown away valuable information or possessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Shoulder surfing

A

Watching as a person enters information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hoax

A

False information that deceives the user into compromising security by making them believe they are at risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Watering hole attack

A

A security attack that targets a specific highly secured group by infecting a commonly visited website by the group’s members.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Social engineering

A

The practice of using social tactics to gain information from people or get people to do something.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Authority

A

The actor acts as an individual of authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Intimidation

A

Frightening or threatening the victim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Consensus

A

Convince based on what’s normally expected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Scarcity

A

Limited resources and time to act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Familiarity

A

The victim is well known

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Trust

A

Gain their confidence, be their friend

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Urgency

A

Limited time to act, rush the victim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

DoS (Denial of Service)

A

Flooding a target machine or resource with many requests to overload the system and prevent use of its resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

DDoS (Distributed Denial of Service)

A

DoS launched from multiple sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Man-in-the-middle

A

The attacker alters the communication between two parties who believe they are directly communicating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Buffer overflow

A

A program attempts to write more data than can be held in a fixed block of memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Injection

A

Occurs from processing invalid data, inserts code into the vulnerable computer program and changes the course of execution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Cross-site scripting (XXS):

A

Found in web applications, allows for an attacker to inject client-side scripts in web pages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Cross-site request forgery (XSRF)

A

Unauthorized commands are sent from a user that is trusted by the website. Allows the attacker to steal cookies and harvest password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Privilege escalation

A

An attack that exploits a vulnerability that allows them to gain access to resources that they normally would be restricted from accessing

27
Q

ARP poisoning

A

The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP

28
Q

Amplification

A

The amount of traffic sent by the attacker is originally small but then is repeatability multiplied to place a massive strain on the victim’s resources, in an attempt to cause it to fail or malfunction.

29
Q

DNS poisoning

A

Is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.

30
Q

DNS poisoning

A

Is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.

31
Q

Amplification process

A
- Bot C&C sends sends a message to the 
  botnet
- Botnet request a spoofed DNS message
  to the DNS open Resolver
 -DNS Resolvers sends amplified DNS
  Reponses to the Web server
32
Q

Domain hijacking

A

he act of changing the registration of a domain name without the permission of the victim.

33
Q

Man-in-the-browser

A

A proxy Trojan horse that infects web browsers and capture browser session data.

34
Q

Zero day

A

The aim is to exploit flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general. Meaning that there is no direct or specific defense to the attack; which puts most systems vulnerable assets at risk

35
Q

Replay

A

Is a network-based attack where a valid data transmission is rebroadcasted, repeated, or delayed

36
Q

Pass the hash

A

An authentication attack that captures and uses the hash of a password. The attacker then attempts to log on as the user with the stolen hash. This type of attack is commonly associated with the Microsoft NTLM (New Technology LAN Manager) protocol.

37
Q

Clickjacking

A

Deceives the user into clicking on a malicious link by adding the link to a transparent layer over what appears to be a legitimate web page.

38
Q

Session hijacking

A

An attack in which an attacker attempts to impersonate the user by using their legitimate session token.

39
Q

URL hijacking

A

Redirects the user to a false website based on misspelling the URL, is also referred to

40
Q

Drive manipulation

A

Shimming
Refactoring
Mac Spoofing
IP spoofing

41
Q

Shimming

A

The process of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code

42
Q

Refactoring

A

Rewrites the internal processing of code without changing its behavior.

43
Q

Replay

A

This is a passive attack where the attacker captures wireless data, records it, and then sends it on to the original recipient without them being aware of the attacker’s presence.

44
Q

IV (Initialization Vector)

A

A random number used to increase security by reducing predictability and repeatability.

45
Q

Evil Twin

A

Has same SSID (Service Set Identifier) as a proper access point (AP). Once a user connects to it, all wireless traffic goes through it instead of the real AP

46
Q

Rogue AP (Access Point):

A

An unauthorized WAP (Wireless Access Point) or Wireless Router that allows for attackers to bypass many of the network security configurations and opens the network and its users to attacks.

47
Q

Jamming

A

Disabling a wireless frequency with noise to block the wireless traffic

48
Q

WPS( Wifi Protected Setup)

A

Allows users to easily configure a wireless network, sometimes by using only a PIN. The PIN can be found through a brute force attack

49
Q

BlueJacking

A

Sending unsolicited messages to the Bluebooth

50
Q

Bluesnarfing

A

Gaining unauthorized access to, or stealing information from a Bluetooth device

51
Q

RFID

A

Communicates with a tag placed in or attached to an object using radio signals. Can be jammed with noise interference, the blocking of radio signals, or removing/disabling the tags themselves.

52
Q

NFC (Near Field Communication)

A

A wireless technology that allows for smartphones and other devices to establish communication over a short distance.

53
Q

Disassociation

A

Removes clients from a wireless network

54
Q

crytographic attacks

A

(Attack that uses codes, ciphers, numbers, and crytographics)

  • Birthday
  • Text
  • Rainbow attacks
  • Dictionary
  • Brute Force
  • Collisions
  • Downgrade
  • weak implmentations
55
Q

Birthday

A

Used to find collisions in hashes and allows the attacker to be able to create the same hash as the user. Exploits that if the same mathematical function is performed on two values and the result is the same, then the original values are the same.

56
Q

Plain text

A

The attacker has both the plaintext and its encrypted version.

57
Q

Cipher text

A

he attacker has access only to the encrypted messages.

58
Q

Rainbow tables

A

Large pregenerated data sets of encrypted passwords used in password attacks

59
Q

Dictionary

A

A password attack that creates encrypted versions of common dictionary words and then compares them against those in a stolen password file. Guessing using a list of possible passwords.

60
Q

Brute force

A

A password-cracking program that tries every possible combination of characters through A to Z

61
Q

Collision

A

When two different inputs produce the same hash value.

62
Q

Downgrade

A

orces a system to lessen its security, this allows for the attacker to exploit the lesser security control. It is most often associated with cryptographic attacks due to weak implementations of cipher suite
ex -ssl attack

63
Q

Weak implementations

A

The main cause of failures in modern cryptography systems are because of poor or weak implementations instead of a failure caused by the algorithm itself.