Threats, Attacks, and Vulnerabilities (1) Flashcards
You have been contacted by your company’s CEO after she received a personalized but suspicious e-mail message from the company’s bank asking for detailed personal and financial information. After reviewing the message, you determine that it did not originate from the legitimate bank. Which of the following security issues does this scenario describe?
Dumpster diving
Phishing
Whaling
Whaling
Whaling is a type of phishing attack that is targeted at a specific high-level user. The victim is usually a high-profile member of the organization who has much more critical information to lose than the average user. The messages used in the attack are usually crafted and personalized toward the specific victim user
During your user awareness training, which of the following actions would you advise users to take as the best security practice to help prevent malware installation from phishing messages?
Forward suspicious messages to other users
Do not click links in suspicious messages
Check e-mail headers
Do not click links in suspicious messages
To help prevent malware from being installed, make your users aware that a best security practice is to never click links in a suspicious message. The link can take the user to a malicious website that could automatically install malware on their computer through their web browser
Negative company financial information was carelessly thrown in the trash bin without being shredded, and a malicious insider retrieved it and posted it on the Internet, driving the stock price down. The CEO wants to know what happened—what was the attack?
Smishing
Dumpster diving
Prepending
Dumpster diving
Dumpster diving occurs when discarded documents (not necessarily confidential) that were improperly destroyed (or not destroyed at all) are reconstructed and read (or simply read as is)
Max, a security administrator, just received a phone call to change the password for a user in the HR department. The user did not provide verification of their identity and insisted that they needed the password changed immediately to complete a critical task. What principle of effective social engineering is being used?
Consensus
Intimidation
Urgency
Urgency
Max is being subjected to a social engineering attack that relies on the principle of urgency—he is being rushed, with the attacker hoping that the “criticality” of the task forces Max to bypass best security practices
Which of the following best describes a birthday attack? (Choose two.)
A password attack that uses precomputed hashes in its word list
Two unique pieces of plaintext can have the same hash value under certain circumstances
In a room with 23 people, the odds of any two having the same birthdate is 50 percent
A password attack that attempts every single possible combination of characters and password lengths to discover a password
Two unique pieces of plaintext can have the same hash value under certain circumstances
In a room with 23 people, the odds of any two having the same birthdate is 50 percent
The birthday attack looks for an input that provides the same hashed value, regardless of what the original input was. Remembering a birthday attack is easy if you understand the underlying principle that in a room with 23 people, the odds of any two having the same birthdate is 50 percent, and the odds increase commensurate with the number of people in a room
You suspect that your server has been compromised because it has been running slowly and is unresponsive. Using a network analyzer, you also notice that large amounts of network data are being sent out from the server. Which of the following is the most likely cause?
The server has a rootkit installed.
The server is infected with spyware.
The server is part of a botnet.
The server is part of a botnet.
If your system has been infected with a worm or virus and has become part of a botnet, at certain times, it may take part in distributed denial-of-service attacks on another system on the Internet and may exhibit slow responsiveness and a large amount of network data being sent out of the system
Antivirus software may not be able to identify which of the following?
Trojans
Logic bombs
Polymorphic viruses
Logic bombs
Logic bombs are simply scripts that are designed to automatically execute at a particular time or under particular circumstances. While logic bombs typically perform malicious actions, they are not malicious code outright, and often are not detected by antivirus programs, especially if they reside within a trusted application
While testing exception handling with a web application, you encounter an error that displays a full URL path to critical data files for the application. Which one of the following types of vulnerabilities would this application be susceptible to?
Buffer overflow
Session hijacking
Directory traversal
Directory traversal
Directory traversal is a vulnerability that allows an attacker who knows the details of an application server’s directory tree to manually traverse the directory using input commands in the URL location bar or input forms in the application. Error messages should never display the full paths of files to prevent hackers from discovering the directory structure
Your web application currently checks authentication credentials from a user’s web browser cookies before allowing a transaction to take place. However, you have had several complaints of identity theft and unauthorized purchases from users of your site. Which of the following is the mostly likely cause?
Cross-site scripting
Session hijacking
Header manipulation
Session hijacking
Session hijacking occurs when a malicious hacker is able to access a user’s session cookie and then use the session information to make unauthorized requests as the user
During testing of a web application, you discover that due to poor input validation, you can easily crash the server by entering values in the input forms much greater than the system can handle. What type of vulnerability is this?
Session hijacking
Buffer overflow
Privilege escalation
Buffer overflow
Buffer overflows are caused primarily by poor input validation that allows illegal data to be entered into the application, causing processing limits to be exceeded
Your web server is being flooded by a denial-of-service attack. Using a network analyzer, you see that IP broadcast replies are being sent back to the address of your server from multiple addresses. Which type of network attack is this?
On-path
Back door
Smurf
Smurf
A smurf attack uses a spoof attack combined with a DDoS attack to exploit the use of IP broadcast addressing and ICMP. By spoofing the address of the web server in an IP broadcast, the attacker causes all the replies from other systems on the network to the broadcast to be sent back to the web server, causing a denial of service
During a denial-of-service attack, a network administrator blocks the source IP address with the firewall, but the attack continues. What is the most likely cause of the problem?
The denial-of-service worm has already infected the firewall locally.
The attack is coming from multiple distributed hosts.
A firewall can’t block denial-of-service attacks.
The attack is coming from multiple distributed hosts.
A distributed denial-of-service (DDoS) attack comes from multiple geographically distributed hosts, making it difficult for the network administrator to block it
A few systems have been infected with malware; log analysis indicates the users all visited the same legitimate website to order office supplies. What is the most likely attack the users have fallen victim to?
Replay
Watering hole
ARP poisoning
Watering hole
The users most likely fell victim to a watering hole attack. The third-party supplier could be hosting malware with your organization as the target
Which of the following types of wireless attacks utilizes a weakness in WEP key generation and encryption to decrypt WEP encrypted data?
IV attack
War driving
PSK attack
IV attack
The IV (initialization vector) attack uses the weakness in the 24-bit generated IV that is paired with the WEP encryption key. The IV can be discovered over time on busy networks that use repeated IV values, which can then be used by the hacker to decrypt the cipher stream without knowing the WEP key
Threat actors are generally categorized by which of the following? (Choose all that apply.)
Intent
Resources
Internal/external
Nationality
Intent
Resources
Internal/external
Threat actors are generally categorized using the following attributes: level of sophistication, resources/funding, intent/motivation, and whether they are internal or external in nature