Terms Deck 1 Flashcards

1
Q

social engineering

A

The process of taking advantage of human behavior to attack a network or gain access to resources that would otherwise be inaccessible. Social engineering emphasizes the well-known fact that poorly or improperly trained individuals can be persuaded, tricked, or coerced into giving up passwords, phone numbers, or other data that can lead to unauthorized system access, even when strong technical security measures can otherwise prevent such access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

phishing

A

An attempt to acquire sensitive information by masquerading as a trustworthy entity via electronic communication, usually email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

vishing

A

An attack in which the attacker uses fake caller ID to appear as a trusted organization and attempts to get the individual to enter account details by phone. Also known as voice phishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

spam

A

Unsolicited messages typically sent to a large number of recipients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

spam over Internet messaging (SPIM)

A

A type of unsolicited messaging that is specifically sent over instant messaging platforms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

spear phishing

A

A targeted version of phishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

dumpster diving

A

A technique used by an attacker that involves gathering useful information from discarded data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

shoulder surfing

A

Looking over someone’s shoulder to obtain information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

pharming

A

An attack that redirects victims to a bogus website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

tailgating

A

Following closely behind someone who has authorized physical access in an environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

eliciting information

A

The use of varying techniques that can directly or indirectly lead to sensitive data loss or other compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

whaling

A

The use of spear phishing tactics against high-profile targets such as executives within a company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

identity fraud

A

The use of a person’s personal information without authorization to deceive or commit a crime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

hoax

A

A situation that seems like it could be legitimate but often results from people seeking to carry out various threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

impersonation

A

A method by which someone assumes the character or appearance of someone else.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

watering hole attack

A

An attack in which the attacker focuses on a site frequently visited by the target. Similar to spear phishing but does not use email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

typo squatting

A

An attack that most commonly relies on typographic errors made by users on the Internet. Also known as URL hijacking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

influence campaign

A

Coordinated actions that seek to affect the development, actions, and behavior of the targeted population.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

malware

A

Malicious software used to cause damage or gain unauthorized access to systems.

20
Q

ransomware

A

A form of malware that attempts to hold a person or company hostage, often for monetary gain.

21
Q

trojan horse

A

A form of malware that appears to be useful software but has code hidden inside that attacks a system directly or allows the system to be infiltrated by the originator of the code when it is executed. A Trojan horse is software hidden inside other software. It is commonly used to infect systems with viruses, worms, or remote-control software.

22
Q

worm

A

A type of virus designed primarily to reproduce and replicate itself on as many computer systems as possible. A worm does not normally alter files; instead, it remains resident in a computer’s memory. Worms typically rely on access to operating system capabilities that are invisible to users.

23
Q

potentially unwanted program (PUP)

A

Software that often is not wanted, although it may not be explicitly malicious.

24
Q

virus

A

A piece of malicious code that spreads to other computers by design, although some viruses also damage the systems on which they reside. Viruses can spread immediately upon being received or can implement other unwanted actions, or they can lie dormant until a trigger in their code causes them to become active. The hidden code a virus executes is called its payload.

25
Q

bot

A

Short for robot, an automated computer program that needs no user interaction. Bots allow hackers to take control of a system. Many bots used together can form a botnet.

26
Q

crypto-malware

A

Malware that is specifically designed to find potentially valuable data on a system and encrypt it.

27
Q

logic bomb

A

A virus or Trojan horse designed to execute malicious actions when a certain event occurs or when a specified period of time goes by.

28
Q

spyware

A

Software that communicates information from a user’s system to another party without notifying the user.

29
Q

keylogger

A

A tool that monitors and sends keystrokes typed from an infected machine.

30
Q

remote access trojan (RAT)

A

A backdoor Trojan installed on a system that allows a remote attacker to take control of the targeted system.

31
Q

rootkit

A

A piece of software that can be installed and hidden on a computer, mainly for the purpose of compromising the system.

32
Q

rainbow table

A

A table that consists of a large set of precomputed hash values for every possible combination of characters. May be used in brute-force cracking of passwords that have been hashed.

33
Q

password attack

A

An attack on a password using manual or automated techniques, such as dictionary, brute-force, spraying, and rainbow table attacks.

34
Q

skimming

A

An attack that involves copying data from a physical card by using a specialized terminal.

35
Q

adversarial artificial intelligence (AI)

A

Techniques such as machine learning used to solve a variety of problems and challenges used by an adversary.

36
Q

privilege escalation

A

A method of software exploitation that takes advantage of a program’s flawed code. Usually, this crashes the system and leaves it in a state in which arbitrary code can be executed or an intruder can function as an administrator.

37
Q

cross-site scripting (XSS)

A

A web attack in which malicious executable code is placed on a website to allow the attacker to hijack a user session to conduct unauthorized access activities, expose confidential data, and log successful attacks back to the attacker.

38
Q

buffer overflow

A

An attack that occurs when the data presented to an application or a service exceeds the storage space allocation that has been reserved in memory for that application or service.

39
Q

race condition

A

A way in which a program executes sequences of code. It typically occurs when code sequences are competing for the same resource or interfering by acting at the same time.

40
Q

time-of-check to time-of-use (TOCTOU)

A

A race condition that takes advantage of the time delay between checking and use.

41
Q

integer overflow

A

A software programming error that can facilitate malicious code or a buffer overflow.

42
Q

cross-site request forgery (CSRF)

A

A web attack that exploits existing site trust, such as unexpired banking session cookies, to perform actions on the trusting site using the already existing trusted account.

43
Q

memory leak

A

A programming error that reduces performance of a system and can cause an entire application or computer to become unresponsive. It has an impact on a system’s availability.

44
Q

Secure Sockets Layer (SSL) stripping

A

A technique that involves removing the encryption between a client and a website.

45
Q

shimming

A

A sophisticated hack that requires the installation of a piece of code between two components that is capable of intercepting calls and redirecting them elsewhere.