Threat & Vulnerability Management Flashcards

1
Q

cross-site request forgery

A

an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SQL injection

A

placement of malicious code in SQL statements, via web page input.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Rootkit

A

A rootkit is a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cross-site scripting

A

An XSS will allow an attacker to execute arbitrary JavaScript within the browser of a victim user (such as creating pop-ups)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Command and control (C2) phase

A

the adversary is testing that they have control over any implants that have been installed. This can be conducted using web, DNS, and email protocols to control the target and relies on an established two-way communication infrastructure to control the target system using remote access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Delivery phase

A

the adversary is firing whatever exploits they have prepared during the weaponization phase. At this stage, they still do not have access to their target, though.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Advanced Persistent Threat (APT)

A

An APT refers to the ongoing ability of an adversary to compromise network security by using a variety of tools and techniques to obtain and maintain access. Primarily focused espionage and strategic advantage, but some target companies purely for commercial gain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

integer overflow

A

arithmetic operation results in a large number to be stored in the space allocated for it. a number greater than 0xffffffff, an integer overflow occurs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Password spraying

A

a type of brute force attack in which multiple user accounts are tested with a dictionary of common passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Port 22

A

SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Port 20,21

A

FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Port 23

A

Telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Port 25

A

SMTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Port 53

A

DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Port 69

A

TFTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Port 80

A

HTTP

17
Q

Port 443

A

HTTPS or SSTP

18
Q

Port 88

A

Kerberos

19
Q

Port 110

A

POP3 (non -encrypted)

20
Q

Port 995

A

POP3 (encrypted)

21
Q

Port 119

A

Network News Transfer Protocol (NNTP)

22
Q

Port 123

A

Network time protocol (NTP)

23
Q

Ports 137, 138, 139.

A

NetBIOS over TCP/IP (NBT, or sometimes NetBT)

24
Q

Port 143

A

Internet Message Access Protocol (IMAP)

25
Q

Port 993

A

IMAP over SSL (IMAPS)

26
Q

Simple Network Management Protocol (SNMP)

A

161 – SNMP (Agents receive requests)

162 – SNMP (Controller receives data)

27
Q

Port 389

A

Lightweight Directory Access Protocol (LDAP)

28
Q

Port 636

A

LDAPS

29
Q

Port445

A

Server Message Block (SMB)

30
Q

Port 500

A

Internet Key Exchange (IKE)

31
Q

Port 989/990.

A

FTPS

32
Q

Port 1433

A

SQL

33
Q

Port 1723

A

Point-to-Point Tunneling Protocol (PPTP

34
Q

Port 1812,1813

A

RADIUS

35
Q

Port 3389

A

Remote Desktop Protocol (RDP)

36
Q

MITRE ATT&CK framework

A

provides explicit pseudo-code examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors.

37
Q

CVSS 3.1 Metrics

A

access vector (AV), access complexity (AC), privileges required (PR), user interaction (UI), scope (S), confidentiality (C), integrity (I), and availability (A).

38
Q

parameterized query

A

(also known as a prepared statement) is a means of pre-compiling a SQL statement so that all you need to supply are the “parameters” (think “variables”) that need to be inserted into the statement for it to be executed.

39
Q

Nikto

A

a web application scanner that can perform comprehensive tests against web servers for multiple items