Threats Flashcards
You have implemented a secure web gateway that blocks access to a social networking site. How would you categorize this type of security control?
It is a technical type of control (implemented in software) and acts as a preventive measure.
A company has installed motion-activated floodlighting on the grounds around its premises. What class and function is this security control?
It is a Physical security control and it’s function is both detecting and deteering
A firewall appliance intercepts a packet that violates policy. It automatically updates its Access Control List to block all further packets from the source IP. What TWO functions is the security control performing?
Preventative and Corrective
You were visiting a website but accidentally misspelt the name. You were taken to the same website that you intended to visit. After you exit the website, your system becomes unstable. Which of the following attacks has occurred?
A. Typosquatting
B. Spear Phishing
C. Whaling
D. Prepending
A
A. Typosquatting: Typosquatting is a technique used by cybercriminals to trick users into visiting malicious websites by exploiting typographical errors. They register domain names that are very similar to popular websites, often containing common typing mistakes, in an attempt to capture user traffic. When users mistakenly enter these domains, they may encounter fraudulent or malicious content, such as phishing attempts or malware distribution.
B. Spear Phishing: Spear phishing is a targeted form of phishing that aims to deceive specific individuals or organizations. Unlike regular phishing attacks, which are more indiscriminate, spear phishing attackers research their targets to personalize their messages and make them appear more legitimate. They may gather information about the target’s interests, work, or relationships to increase the chances of success. By luring victims into clicking on malicious links or providing sensitive information, spear phishing attacks can lead to data breaches or further network compromises.
C. Whaling: Whaling is a type of phishing attack that specifically targets high-profile individuals, such as executives or high-ranking officials within organizations. Similar to spear phishing, whaling attacks are customized and often impersonate trusted entities. The goal is to manipulate these influential individuals into divulging confidential information or performing actions that could harm the organization’s security or reputation. Whaling attacks can have severe consequences due to the authority and access these individuals possess.
D. Prepending: Prepending refers to a technique used in computer networking or network security. It involves adding data or a specific string of characters at the beginning (or “prepended”) of an existing data field or message. This technique is commonly used in network security to add additional identification or categorization information to packets or logs, allowing for more efficient analysis or filtering. Prepending can also be used in other contexts, such as manipulating data for specific purposes or formatting requirements.
Which of the following attack reverse a cryptography hash function?
A. Dictionary attack
B. Password spraying attack
C. Brute-force attack
D. Rainbow table attack
D
A. Dictionary attack: A dictionary attack is a method used to crack passwords or encryption by systematically trying all the words or phrases in a pre-existing list, known as a “dictionary.” The attacker compares each entry in the dictionary against the target password or encryption key until a match is found. This attack is effective against weak or commonly used passwords that can be found in the dictionary.
B. Password spraying attack: A password spraying attack is a technique used to gain unauthorized access to user accounts by trying a small number of commonly used passwords against a large number of usernames. Unlike traditional brute-force attacks that attempt multiple passwords against a single user, password spraying attacks try a few passwords across many accounts to avoid triggering account lockouts or detection systems. This method relies on the fact that many users choose weak passwords, making it more likely to find a successful match.
C. Brute-force attack: A brute-force attack is a trial-and-error method used to crack passwords or encryption by systematically trying all possible combinations of characters until the correct one is found. This approach does not rely on any specific knowledge about the target, but rather relies on the computational power and time available to the attacker. Brute-force attacks can be time-consuming and resource-intensive, especially against complex and lengthy passwords.
D. Rainbow table attack: A rainbow table attack is a type of precomputed hash-based attack used to crack passwords or encryption. It involves using a precomputed table of hashed values, known as a “rainbow table,” to quickly look up and find the original plaintext or password that corresponds to a given hash. This attack is particularly effective against unsalted hash functions, where the same plaintext will always produce the same hash. By comparing the hashes in the rainbow table against the target hash, the attacker can retrieve the original password more efficiently than traditional brute-force methods.
An attacker inserted a piece of malicious code into a live process. Which of the following type of attack is taking place?
A. Buffer overflow
B. DLL Injection
C. Privilege escalation
D. Replay attack
B
A. Buffer overflow: A buffer overflow occurs when a program attempts to store more data in a buffer (temporary storage area) than it can handle. This can lead to the overflowed data overwriting adjacent memory locations, potentially causing the program to crash, behave unexpectedly, or even allow an attacker to execute arbitrary code. Exploiting buffer overflows is a common technique in many types of cyber attacks, such as remote code execution or privilege escalation.
B. DLL Injection: DLL (Dynamic Link Library) injection is a technique used to insert malicious code into a running process by forcing it to load an unauthorized DLL file. By taking advantage of the way programs load DLLs, an attacker can inject their own code into a target process, potentially gaining unauthorized access or control. DLL injection attacks are often used for various purposes, including information theft, privilege escalation, or bypassing security mechanisms.
C. Privilege escalation: Privilege escalation is the act of gaining higher levels of access or privileges within a system or network than originally assigned. It involves exploiting vulnerabilities or misconfigurations to elevate privileges from a lower privileged account to a higher privileged one. By escalating privileges, attackers can gain greater control over a system, access sensitive information, or perform unauthorized actions. Privilege escalation attacks can be used to bypass security controls, install malware, or conduct further malicious activities.
D. Replay attack: A replay attack is a type of network attack where an attacker intercepts and maliciously retransmits captured data to deceive a system into accepting the repeated transmission as valid. In a replay attack, the attacker typically captures network traffic or messages containing sensitive data, such as authentication credentials or encrypted information. They then replay these captured data or messages to trick the system into accepting them, potentially bypassing security measures or gaining unauthorized access. Replay attacks can be mitigated by using techniques like message authentication codes (MACs) or timestamping to ensure the integrity and freshness of transmitted data.
An attacker is using the hashes to crack an authentication protocol. Which type of attack is occurring?
A. Replay attack
B. Pass the Hash
C. Buffer overflow
D. Privilege escalation
B
B. Pass the Hash: Pass the Hash is a method used in cyber attacks to authenticate and gain unauthorized access to a system or network by using the hash value of a user’s password instead of the actual password. In this attack, the attacker captures the password hash of a user from one system and then uses it directly on another system where the same password hash is accepted for authentication. By passing the hash, the attacker can bypass the need for the actual password and gain access to the targeted system.
A group of attackers stole sensitive information in an attack. After this attack, you found that they had been in the network for several months during the investigation. Which type of attackers were these?
A. Advanced Persistent Threat (APTs)
B. Hacktivists
C. Script Kiddies
D. Insider Threat
A
A. Advanced Persistent Threat (APTs): APTs are sophisticated, long-term cyber attacks carried out by skilled adversaries. They involve stealthy tactics and focus on specific targets. APTs aim to steal intellectual property, conduct espionage, or disrupt critical infrastructure.
B. Hacktivists: Hacktivists use hacking as a form of activism. They promote social or political causes through digital means, such as website defacements or data leaks. Hacktivists often operate anonymously and align themselves with ideological or social movements.
C. Script Kiddies: Script Kiddies engage in hacking using pre-written tools or scripts. They lack deep technical knowledge and rely on existing hacking resources. Their actions include basic attacks like website defacements or password cracking.
D. Insider Threat: Insider Threat refers to the risk posed by authorized individuals who misuse their access. This can be employees, contractors, or business partners. Insider threats involve actions like data theft, system sabotage, or unauthorized access. Organizations implement measures to mitigate this risk.
An employee receives an email that appears to be from the CEO asking for sensitive company information. What
type of attack is this an example of?
A. Phishing
B. Vishing
C. Whaling
D. Spear phishing
D
Which form of authentication is based on something the user has?
A. Password
B. Fingerprint
C. Security token
D. PIN
C.
A. Password: Password-based authentication is a form of authentication that relies on something the user knows. The user provides a secret password that should match the stored password on the system for successful authentication.
B. Fingerprint: Fingerprint-based authentication falls under the category of biometric authentication. It is based on something the user is, specifically their unique fingerprint patterns. The user’s fingerprint is scanned and compared against a stored template for authentication.
C. Security token: Security token-based authentication is based on something the user has. A security token is a physical device that generates one-time passwords or other unique credentials. The user possesses this token, which is often a small electronic device or a smartphone application, and uses it as an additional authentication factor.
D. PIN: A PIN (Personal Identification Number) is typically used as a secondary authentication factor alongside another form of authentication, such as a password or security token. It is a numeric code that the user knows and must enter correctly to authenticate.
In this case, the correct answer is C. Security token because it represents something the user has in their possession, distinguishing it from options A (password), B (fingerprint), and D (PIN) which fall under the categories of something the user knows or something the user is.
Which of the following is the most critical step in responding to a security incident?
A. Reporting the incident to law enforcement
B. Notifying customers of the incident
C. Documenting the incident
D. Identifying the root cause of the incident
