Threats, Attacks, and Vulnerabilities Flashcards
An attacker has decided to attempt to compromise your organization’s network. They have already determined the ISP you are using and know your public IP addresses. They have also performed port scanning to discover your open ports. What communications technique can the hacker now use to identify the applications that are running on each open port facing the Internet?
Credentialed penetration test
Intrusive vulnerability scan
Banner grabbing
Banner grabbing
Banner grabbing is the communications technique a hacker can use to identify the product that is running on an open port facing the Internet
You are the security manager for a large organization. Your NIDS has reported abnormal levels of network activity and several systems have become unresponsive. While investigating the causes of these issues, you discover a rootkit on your mission-critical database server. What is the best step to take to return this system to production?
Reconstitute the system.
Run an antivirus tool.
Install a HIDS.
Reconstitute the system.
The only real option to return a system to a secure state after a rootkit is reconstitution
If user awareness is overlooked, what attack is more likely to succeed?
Man-in-the-middle
Physical intrusion
Social engineering
Social engineering
Social engineering is more likely to occur if users aren’t properly trained to detect and prevent it. The lack of user awareness training won’t have as much impact on man-in-the-middle, reverse hash-matching, or physical intrusion attacks
A pirated movie-sharing service is discovered operating on company equipment. Administrators do not know who planted the service or who the users are. What technique could be used to attempt to trace the identity of the users?
Typo squatting
Integer overflow
Watering hole attack
Watering hole attack
A watering hole attack could be used to plant phone-home-to-identity malware on the systems of subsequent visitors
You are the IT security manager for a retail merchant organization that is just going online with an e-commerce website. You hired several programmers to craft the code that is the backbone of your new web sales system. However, you are concerned that while the new code functions well, it might not be secure. You begin to review the code, systems design, and services architecture to track down issues and concerns. Which of the following do you hope to find in order to prevent or protect against XSS?
Input validation
Defensive coding
Allowing script input
Escaping metacharacters
Input validation
Defensive coding
Escaping metacharacters
A programmer can implement the most effective way to prevent XSS by validating input, coding defensively, escaping metacharacters, and rejecting all script-like input
What type of virus attempts to disable security features that are focused on preventing malware infection?
Retrovirus
Polymorphic
Companion
Retrovirus
Retroviruses specifically target antivirus systems to render them useless
What does the acronym RAT stand for?
Remote Authentication Testing
Random Authorization Trajectory
Remote Access Trojan
Remote Access Trojan
A RAT is a remote access Trojan. A RAT is a form of malicious code that grants an attacker some level of remote control access to a compromised system
What form of social engineering attack focuses on stealing credentials or identity information from any potential target?
Phishing
Tailgating
Dumpster diving
Phishing
Phishing is a form of social engineering attack focused on stealing credentials or identity information from any potential target. It is based on the concept of fishing for information. Phishing is employed by attackers to obtain sensitive information such as usernames, passwords, credit card details, or other personally identifiable information by masquerading as a trustworthy entity (a bank, a service provider, or a merchant, for example) in electronic communication (usually email)
What type of service attack positions the attacker in the communication path between a client and a server?
Session hijacking
Man-in-the-middle
Amplification
Man-in-the-middle
A man-in-the-middle attack is a communications eavesdropping attack. Attackers position themselves in the communication stream between a client and server (or any two communicating entities). The client and server believe that they’re communicating directly with each other—they may even have secured or encrypted communication links
What form of attack abuses a program’s lack of length limitation on the data it receives before storing the input in memory and can lead to arbitrary code execution?
ARP poisoning
Domain hijacking
Buffer overflow
Buffer overflow
A buffer overflow attack occurs when an attacker submits data to a process that is larger than the input variable is able to contain. Unless the program is properly coded to handle excess input, the extra data is dropped into the system’s execution stack and may execute as a fully privileged operation
What is a programmatic activity that restricts or reorganizes software code without changing its externally perceived behavior or produced results?
Buffer overflow
Pass the hash
Refactoring
Refactoring
Refactoring is restricting or reorganizing software code without changing its externally perceived behavior or produced results. Refactoring focuses on improving software’s nonfunctional elements (quality attributes, nonbehavioral requirements, service requirements, or constraints). Refactoring can improve readability, reduce complexity, ease troubleshooting, and simplify future expansion and extension efforts
What wireless attack is able to trick mobile device users into connecting into its man-in-the-middle style of attack by automatically appearing as if it is a trusted network that they have connected to in the past?
Replay
Evil twin
Bluesnarfing
Evil twin
Evil twin is an attack where a hacker operates a false access point that will automatically clone or twin the identity of an access point based on a client device’s request to connect. Each time a device successfully connects to a wireless network, it retains a wireless profile in its history
What type of hacker hacks for a cause or purpose, knowing that they may be identified, apprehended, and prosecuted?
Hacktivist
Script kiddie
Nation-state hacker
Hacktivist
A hacktivist is someone who uses their hacking skills for a cause or purpose. A hacktivist commits criminal activities for the furtherance of their cause. A hacktivist attacks targets even when they know they will be identified, apprehended, and prosecuted. They do this because they believe their purpose or cause is more important than themselves
When an attacker selects a target, they must perform reconnaissance to learn as much as possible about the systems and their configuration before launching attacks. What is the term for the gathering of information from any publicly available resource, such as websites, social networks, discussion forums, file services, and public databases?
Banner grabbing
Port scanning
Open-source intelligence
Open-source intelligence
Open source intelligence is the gathering of information from any publicly available resource. This includes websites, social networks, discussion forums, file services, public databases, and other online sources. This also includes non-Internet sources, such as libraries and periodicals
What penetration testing or hacking term refers to the concept of continuing an intrusion after an initial compromise in order to further breach an organization by focusing on new targets that may not have been accessible initially?
Man-in-the-browser
Pivot
Daisy chaining
Pivot
In penetration testing (or hacking in general), a pivot is the action or ability to compromise a system, then using the privileges or accessed gained through the attack to focus attention on another target that may not have been visible or exploitable initially. It is the ability to adjust the focus or the target of an intrusion after an initial foothold is gained
