Threats, Attack and Vulnerabilities

Question 1

Virus

Answer 1

Replicates, requires user action

Question 2

Trojan

Answer 2

Hidden as something else

Question 3

Worm

Answer 3

Self-replicating

Question 4

Logic bomb

Answer 4

Virus with specific activation logic

Question 5

Polymorphic virus

Answer 5

avoid signature-based detection by self-mutation

Question 6

Armored virus

Answer 6

Decompilation-resistant

Question 7

ARP poisoning is commonly used in

Answer 7

MITM

Question 8

The ARP cache

Answer 8

maps IPs to MAC addresses

Question 9

Replay attack

Answer 9

Sniffing and resubmission

Question 10

Transitive Access Attack

Answer 10

Capture credentials through access of honeypot shared folder

Question 11

Spoofing

Answer 11

Masquerade as a trusted system

Question 12

DNS Poisoning

Answer 12

redirects to malicious server, either local or through DNS provider

Question 13

Smurfing

Answer 13

ICMP Flood with a spoofed header

Question 14

Sniffer attack

Answer 14

Used for recon, based on network examination

Question 15

XMAS scan

Answer 15

Each packet has 3/6 flags to hide the scan

Question 16

Hybrid password attack

Answer 16

Bruteforce and dictionary

Question 17

Birthday attack

Answer 17

Bruteforce hash collision

Question 18

Pharming attack

Answer 18

Malicious site through DNS Poisoning

Question 19

Spearfishing

Answer 19

Directed phishing from a fake trusted person

Question 20

Vishing

Answer 20

Telephone Phishing

Question 21

Whaling

Answer 21

Phishing for high-level targets

Question 22

War chalking

Answer 22

War driving, sniffing unprotected networks en masse

Question 23

Rogue access point

Answer 23

Fake access point

Question 24

Evil twin

Answer 24

A rogue WAP with similar SSID

Question 25

Session hijacking

Answer 25

Disconnects session (DoS) and impersonates the user

Question 26

Static environment

Answer 26

Hardware that is out of direct control, as processors.

Question 27

Bluesnarfing

Answer 27

Bluetooth hijack for information retrieval

Question 28

Bluebugging

Answer 28

Using bluesnarfing for installing a backdoor

Question 29

MAC Flooding

Answer 29

Overloads CAM on switch leading to traffic being sent on all ports

Question 30

Vishing

Answer 30

Voice phishing with spoofed caller ID

Question 31

Authority Principle

Answer 31

Using an authority figure to pressure in SE attack

Question 32

Threat to act belligerently on an SE attack

Answer 32

Intimidation principle

Question 33

Using an authority figure to pressure in SE attack

Answer 33

Authority Principle

Question 34

Be personable or create a bond for SE attack

Answer 34

Familiarity Principle

Question 35

Citing professional credentials or organizational status for SE attack

Answer 35

Trust Principle

Question 36

Make a social connection claiming someone else can vouch for them in an SE attack

Answer 36

Social Proof Principle

Question 37

Claiming something is urgent in an SE attack

Answer 37

Urgency Principle

Question 38

Claiming you don’t have time for verifying your identity in an SE attack

Answer 38

Scarcity Principle

Question 39

Companion virus

Answer 39

Disguised as a legitimate program but with different extension

Question 40

File Infector Viruses

Answer 40

They infect files .com or .exe

Question 41

Macro Viruses

Answer 41

Excel and word macros, VBA

Question 42

Stealth Viruses

Answer 42

Hijack system calls to not reveal corrupted files

Question 43

Metamorphic Virus

Answer 43

Polymorphic but also changes memory payload

Question 44

Pass the hash

Answer 44

Authenticate using hashing credentials that had been intercepted

Question 45

Password spraying

Answer 45

Using very common passwords and testing it against a lot of user accounts to find matches. It exploits the weakest link in the chain, and can be more efficient than bruteforce.

Question 46

Logic bombs usually pass AV detection because they are usually

Answer 46

simple scripts

Question 47

Data Emanation

Answer 47

Interception of data due to EM leakage. Applies to WLAN.

Question 48

Bluejacking

Answer 48

Sending unwanted messages to BL devices for spam.

Question 49

Bluetooth Security Modes

Answer 49

Nonsecure, Service-level, Link-level

Question 50

Bluesnarfing can be prevented by using ____-____ mode

Answer 50

link-level

Question 51

Link-level mode protects Bluetooth by

Answer 51

Authentication on the link level, managed by hardware

Question 52

Service-level mode protects bluetooth

Answer 52

Through app policies

Question 53

Other name for a deauth attack

Answer 53

Disassociation attack

Question 54

Tool for WPS attack

Answer 54

Reaper

Question 55

On-path attack

Answer 55

General form of MITM usually with modification of content

Question 56

You can detect a rogue WAP by

Answer 56

A slightly different SSID or the lack of authentication

Question 57

Most severe WEP attack

Answer 57

IV Attack

Question 58

WEP IV

Answer 58

Initialization Vector

Question 59

Most common WPA attack

Answer 59

TKIP

Question 60

TKIP Attack mitigation

Answer 60

WPA2 with AES

Question 61

Classical attack on WPA2

Answer 61

Deauth, capture handshake and bruteforce or dictionary attack

Question 62

Ping attack

Answer 62

DoS through ICMP pings

Question 63

SYN Flood

Answer 63

Forged SYN packets that leave target waiting for ACK, halting the system meanwhile.

Question 64

DNS Amplification

Answer 64

Request sent to open DNS server with wrong source address, sending response to target

Question 65

Most common way to do MAC spoofing

Answer 65

ARP poisoning

Question 66

Main use of IP Spoofing (in DoS)

Answer 66

Confusing sysadmins, making tracing more difficult

Question 67

Use of IP Spoofing in internal network

Answer 67

Appearing as a trusted system

Question 68

ARP poisoning can be mitigated by

Answer 68

Implementing DHCP

Question 69

Common utility to forge packets

Answer 69

hping3

Question 70

Smurf attack use modified ICMP packets directed to

Answer 70

Broadcast addresses

Question 71

Smurf attacks can be mitigated by disabling

Answer 71

IP Broadcast Addressing

Question 72

Mitigation for TCP/IP Hijacking

Answer 72

Authenticated encryption, ex: IPSec

Question 73

The new exam calls MITM

Answer 73

On-path attack

Question 74

A mitigation for man-in-the-browser attacks is

Answer 74

Out-of-band transaction verification

Question 75

Domain Kiting

Answer 75

Registering a domain repeatedly on a grace period

Question 76

Domain Testing

Answer 76

Using Domain Kiting to test whether a domain is valuable by checking traffic

Question 77

ISACs

Answer 77

Information Sharing and Analysis Centers

Question 78

ISACs/ISAOs usually provide…

Answer 78

threat intelligence

Question 79

AIS

Answer 79

Automated Indicator Sharing

Question 80

TAXII, STIX and CybOX are examples of

Answer 80

Automated Indicator Sharing (AIS) Specifications

Question 81

Threat Hunting is the practice of

Answer 81

Theat Hunting uses Threat Intelligence to actively search for threat actors

Question 82

Threat Hunting and other security activities can be automated by using a ___ platform

Answer 82

SOAR (Security, Orchestration, Automation and Response)

Question 83

SIEM

Answer 83

Security Information and Event Management System

Question 84

SOAR

Answer 84

Security, Orchestration, Automation and Response

Question 85

SIEM vs SOAR

Answer 85

SOAR also assigns criticality and carries automated response once events are detected

Question 86

Third party platforms can increase unmanaged _____ _____

Answer 86

attack surface

Question 87

To reduce third-party risks, an organization needs to perform _____ _____

Answer 87

vendor management

Question 88

Shadow IT

Answer 88

Assets that are not known to the IT team and pose a possible unmanaged attack surface

Question 89

A(n) __________ is a security weakness that could be exploited by a threat.

Answer 89

vulnerability

Question 90

Term that describes the level of harm that results from a threat exploiting a vulnerability

Answer 90

Impact

Question 91

Network Mapper

Answer 91

Determine hosts, OSs and other types of network information through ICMP sweeps and other type of scans. Doesn’t scan ports.

Question 92

After systems have been identified with a network mapper, usually a ___ ____ follows.

Answer 92

port scan

Question 93

SMTP port

Answer 93

25

Question 94

FTP ports

Answer 94

20/21

Question 95

Telnet port

Answer 95

23

Question 96

Port 23

Answer 96

Telnet

Question 97

Port 25

Answer 97

SMTP

Question 98

Ports 20/21

Answer 98

FTP

Question 99

LDAP port

Answer 99

389

Question 100

389 Port

Answer 100

LDAP

Question 101

Three most common types of port-scanning

Answer 101

TCP, SYN (TCP with SYN flag), UDP

Question 102

CVE

Answer 102

Common Vulnerabilities and Exposures

Question 103

CVSS

Answer 103

Common Vulnerability Scoring System

Question 104

CVSS is based on vulnerability ______.

Answer 104

criticality

Question 105

CVSS vs CVE

Answer 105

CVSS scores a particular CVE by criticality

Question 106

OVAL

Answer 106

Open Vulnerability and Assessment Language

Question 107

An important consideration of SIEM configuration is server _______.

Answer 107

synchronization

Question 108

Alternative terms for white, gray and black box testing

Answer 108

Known, Partially Known and Unknown Environment Testing

Question 109

While known, partially known and unkown environments describe the knowledge of an attacker or pentester, to describe intent we use the terms

Answer 109

authorized, semi-authorized, unauthorized

Question 110

Red team vs Pentest

Answer 110

Pentest is more strictly defined in scope and duration

Question 111

Purple Team

Answer 111

Mix between blue and red, information sharing during the exercise

Question 112

White team

Answer 112

leads and adjudicates an exercise