Security: Explain common social-engineering attacks, threats, and vulnerabilities. Flashcards
CompTIA A+ 220-1102 Exam Criteria
What is a Phishing Scam?
Unsolicited email – Hope to get bites to take credentials – usually through a link.
Can be a target attack for specific company – Spear Phishing
What is Vishing?
Voice over IP attempts – getting data by capturing the traffic
What is whaling?
Trying to manipulate people in Power or sending Phishing emails to executives to get critical information.
What is Shoulder Surfing?
Looking over someone shoulder and gaining information
What is Dumpster Diving?
Search info via trash
What is tailgating?
Piggybacking – an accomplice that tries to enter without authority through a mantrap.
What is an Evil twin?
Rogue access point: Set up an AP within the range of your access point. Setting up an SSID spoof with the same SSID – Can be used with roaming devices – gathering information this way.
What is DDoS?
DDoS Attack means “Distributed Denial-of-Service (DDoS) Attack” and it is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites.
What is the difference of DoS and DDoS
What is the Difference between DoS and DDoS Attacks? A denial-of-service (DoS) attack overloads a server with traffic, thereby shutting it down.
A distributed denial-of-service (DDoS) attack is a DoS attack in which numerous computers or machines flood a targeted resource.
In essence they are they same how ever with DDoS it is a specified target with numerous computers.
What is a Zero day attack?
Moment of exploits not known at the point of attack. No fixes and only the attacker knows when It happens. Need patches to fix it over time.
What is an On Path attack?
From source to destination, abstractly could go through quite a few networks could be in a single network, but when they say on path attack, what you have is that a threat actor that’s trying to get in the middle. Hence, the old the old designation of that communication path so that they can either eavesdrop, they can basically take the source of the communication completely out of that communication altogether. And they can do it a couple of different ways. A couple of ways that they can do it is there’s something known as spoofing. One could be ARP spoofing or one could be IP spoofing.
What is ARP Spoofing?
ARP spoofing: A hacker sends fake ARP packets that link an attacker’s MAC address with an IP of a computer already on the LAN. ARP poisoning: After a successful ARP spoofing, a hacker changes the company’s ARP table, so it contains falsified MAC maps. The contagion spreads.
What is ARP Spoofing vs IP spoofing?
ARP spoofing – Links a perpetrator’s MAC address to a legitimate IP address through spoofed ARP messages. It’s typically used in denial of service (DoS) and man-in-the-middle assaults. IP address spoofing – Disguises an attacker’s origin IP. It’s typically used in DoS assaults.
What are some of the common ways of a Password attack?
Brute force – trying to run every possible combination via physical input
Dictionary attack – load a whole dictionary and run through rules to generate a password
What does a SQL do?
Structured Query Language (Injection) manipulates the data base server by In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution which will gain sensitive data.
7-Eleven breach—a team of attackers used SQL injection to penetrate corporate systems at several companies, primarily the 7-Eleven retail chain, stealing 130 million credit card numbers. HBGary breach—hackers related to the Anonymous activist group used SQL Injection to take down the IT security company’s website
