Threats and Vulnerabilities Flashcards

1
Q

What is DOS Attack?

A
  • Denial Service of Attack
  • A machine floods a victim with requests
  • TCP SYN Flood (Multiple TCP sessions)
  • Smurf Attack (ICMP Flood)
  • DDOS (Multiple computer flood similar to BotNet and Zombie)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is MITM Attack?

A
  • Man In The Middle (On-Path Attack)
  • Attacker in between victim and destination
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Session Hijacking?

A

An attacker guesses the session ID that is in use between a
client and a server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is DNS Poisioning?

A

Involves corrupting the DNS cache to redirect users to malicious websites, making it a potent technique for intercepting web traffic and stealing sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Rogue DHCP Server?

A

A DHCP server on a network which is not under the administrative control of the network administrators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Spoofing?

A

An attacker masquerades as another person by falsifying their identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is IP Spoofing?

A

Modifying the source address of an IP packet to hide the identity of the sender or impersonate another client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is MAC Spoofing?

A
  • A technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device.
  • Affect every computer on this network subnet.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is MAC Filtering?

A

Relies on a list of all known and authorized MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is ARP Spoofing?

A
  • A type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network.
  • Results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network.
  • Targets single host’s traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is VLAN Hopping?

A

Attacker exploits misconfigurations to gain unauthorized access to different VLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Double Tagging?

A
  • Attacker exploits trunk port vulnerabilities to direct traffic to another VLAN
  • VLAN Hopping Attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Switch Spoofing?

A

An attacker modifying a device’s MAC address to appear as an authorized switch port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Malware?

A

Designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Virus?

A

Made up of malicious code that is run on a machine without the user’s knowledge and infects it whenever that code is run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Worm?

A

A piece of malicious software that can replicate itself without user
interaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is Trojan Horse?

A

A piece of malicious software disguised as a piece of harmless or
desirable software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is RAT?

A
  • Remote Access Trojan
  • Provides the attacker with remote control of a victim machine
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Ransomware?

A

Restricts access to a victim’s computer system or files until a ransom or payment is received

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Spyware?

A

Gathers information about you without your consent

21
Q

What is Keylogger?

A

Captures any key strokes made on the victim machine

22
Q

What is Rootkit?

A

Designed to gain administrative control over a computer system or network device without being detected

23
Q

What is Rogue Access Point?

A

A wireless access point that has been installed on a secure network without authorization from a local network administrator

24
Q

What is Shadow IT?

A

Use of IT systems, devices, software, applications, or services without the explicit approval of the IT department

25
Q

What is Evil Twin?

A

Wireless access point that uses the same name as your own network

26
Q

What is Deauthentication?

A

Attempts to interrupt communication between an end user and the wireless access point

27
Q

What is Dictionary Attack?

A

Guesses the password by attempting to check every single word or phrase contained within a word list, called a dictionary

28
Q

What is Brute Force Attack?

A

Tries every possible combination until they figure out the password

29
Q

What is Hybrid Attack?

A

Combination of dictionary and brute force attacks

30
Q

What is Wireless Interception?

A

Captures wireless data packets as they go across the airwaves

31
Q

What is Insider Threat?

A

An employee or other trusted insider who uses their authorized network access in unauthorized ways to harm the company`

32
Q

What is Dumper Diving?

A

Scavenging for personal or confidential information in garbage or
recycling containers

33
Q

What is Shoulder Surfing?

A

Coming up behind an employee and trying to use direct observation to obtain information

34
Q

What is Piggybacking?

A

Similar to tailgating, but occurs with the employee’s knowledge or
consent

35
Q

What is Tailgaiting?

A

Entering a secure portion of the organization’s building by following an authorized person into the area without their knowledge or consent

36
Q

What is Whaling Attack?

A

Focused on key executives within an organization or other key leaders, executives, and managers in the company

37
Q

What is Phishing?

A

Sending an email in an attempt to trick a user to click a link and divulge personal information such as credit card and bank account information.

38
Q

What is Social Engineering?

A

Is a hacker term for tricking people into revealing their password or some form of security information.

39
Q

What is Spearphishing?

A

More targeted form of phishing

40
Q

What is Logic Bomb?

A

A specific type of malware that is tied to either a logical event or a specific time

41
Q

What is On-Path Attack?

A
  • An attack where the penetration tester places their workstation between two hosts to capture, monitor, and relay communications.
  • Known as MITM Attack
42
Q

What is ARP Poisoning?

A
  • Corrupts ARP cache by associating attacker’s MAC with IP addresses of LAN devices
  • Affects all hosts in a LAN
43
Q

What is Deauthentication Attack?

A
  • Attacker captures packets used in association/authentication processes to crack shared passphrase
  • Wireless
44
Q

What is a Frequency Jamming?

A

Denying wireless service to authorized users as legitimate traffic is jammed by the overwhelming frequencies of illegitimate traffic.

45
Q

What is Exploit?

A

A malicious technique or software crafted to exploit vulnerabilities in computer systems, often leading to unauthorized access or system compromise?

46
Q

What is QoS?

A
  • Quality of Service
  • A set of technologies that help a network perform well by controlling traffic and prioritizing applications
47
Q

What is MAC Flooding?

A
  • An attack that targets switches on LAN.
  • Involves sending multiple packets with fake MAC addresses to overflow switch address table.
48
Q

What is Bluejacketing?

A

A cyberattack that involves sending unwanted messages to a Bluetooth-enabled device using Bluetooth.