Threats, Attacks, and Vulnerabilities Flashcards

1
Q

An attacker has decided to attempt to compromise your organization’s network. They have already determined the ISP you are using and know your public IP addresses. They have also performed port scanning to discover your open ports. What communications technique can the hacker now use to identify the applications that are running on each open port facing the Internet?

Credentialed penetration test

Intrusive vulnerability scan

Banner grabbing

A

Banner grabbing

Banner grabbing is the communications technique a hacker can use to identify the product that is running on an open port facing the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are the security manager for a large organization. Your NIDS has reported abnormal levels of network activity and several systems have become unresponsive. While investigating the causes of these issues, you discover a rootkit on your mission-critical database server. What is the best step to take to return this system to production?

Reconstitute the system.

Run an antivirus tool.

Install a HIDS.

A

Reconstitute the system.

The only real option to return a system to a secure state after a rootkit is reconstitution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If user awareness is overlooked, what attack is more likely to succeed?

Man-in-the-middle

Physical intrusion

Social engineering

A

Social engineering

Social engineering is more likely to occur if users aren’t properly trained to detect and prevent it. The lack of user awareness training won’t have as much impact on man-in-the-middle, reverse hash-matching, or physical intrusion attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A pirated movie-sharing service is discovered operating on company equipment. Administrators do not know who planted the service or who the users are. What technique could be used to attempt to trace the identity of the users?

Typo squatting

Integer overflow

Watering hole attack

A

Watering hole attack

A watering hole attack could be used to plant phone-home-to-identity malware on the systems of subsequent visitors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are the IT security manager for a retail merchant organization that is just going online with an e-commerce website. You hired several programmers to craft the code that is the backbone of your new web sales system. However, you are concerned that while the new code functions well, it might not be secure. You begin to review the code, systems design, and services architecture to track down issues and concerns. Which of the following do you hope to find in order to prevent or protect against XSS?

Input validation

Defensive coding

Allowing script input

Escaping metacharacters

A

Input validation

Defensive coding

Escaping metacharacters

A programmer can implement the most effective way to prevent XSS by validating input, coding defensively, escaping metacharacters, and rejecting all script-like input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of virus attempts to disable security features that are focused on preventing malware infection?

Retrovirus

Polymorphic

Companion

A

Retrovirus

Retroviruses specifically target antivirus systems to render them useless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the acronym RAT stand for?

Remote Authentication Testing

Random Authorization Trajectory

Remote Access Trojan

A

Remote Access Trojan

A RAT is a remote access Trojan. A RAT is a form of malicious code that grants an attacker some level of remote control access to a compromised system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What form of social engineering attack focuses on stealing credentials or identity information from any potential target?

Phishing

Tailgating

Dumpster diving

A

Phishing

Phishing is a form of social engineering attack focused on stealing credentials or identity information from any potential target. It is based on the concept of fishing for information. Phishing is employed by attackers to obtain sensitive information such as usernames, passwords, credit card details, or other personally identifiable information by masquerading as a trustworthy entity (a bank, a service provider, or a merchant, for example) in electronic communication (usually email)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What type of service attack positions the attacker in the communication path between a client and a server?

Session hijacking

Man-in-the-middle

Amplification

A

Man-in-the-middle

A man-in-the-middle attack is a communications eavesdropping attack. Attackers position themselves in the communication stream between a client and server (or any two communicating entities). The client and server believe that they’re communicating directly with each other—they may even have secured or encrypted communication links

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What form of attack abuses a program’s lack of length limitation on the data it receives before storing the input in memory and can lead to arbitrary code execution?

ARP poisoning

Domain hijacking

Buffer overflow

A

Buffer overflow

A buffer overflow attack occurs when an attacker submits data to a process that is larger than the input variable is able to contain. Unless the program is properly coded to handle excess input, the extra data is dropped into the system’s execution stack and may execute as a fully privileged operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a programmatic activity that restricts or reorganizes software code without changing its externally perceived behavior or produced results?

Buffer overflow

Pass the hash

Refactoring

A

Refactoring

Refactoring is restricting or reorganizing software code without changing its externally perceived behavior or produced results. Refactoring focuses on improving software’s nonfunctional elements (quality attributes, nonbehavioral requirements, service requirements, or constraints). Refactoring can improve readability, reduce complexity, ease troubleshooting, and simplify future expansion and extension efforts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What wireless attack is able to trick mobile device users into connecting into its man-in-the-middle style of attack by automatically appearing as if it is a trusted network that they have connected to in the past?

Replay

Evil twin

Bluesnarfing

A

Evil twin

Evil twin is an attack where a hacker operates a false access point that will automatically clone or twin the identity of an access point based on a client device’s request to connect. Each time a device successfully connects to a wireless network, it retains a wireless profile in its history

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of hacker hacks for a cause or purpose, knowing that they may be identified, apprehended, and prosecuted?

Hacktivist

Script kiddie

Nation-state hacker

A

Hacktivist

A hacktivist is someone who uses their hacking skills for a cause or purpose. A hacktivist commits criminal activities for the furtherance of their cause. A hacktivist attacks targets even when they know they will be identified, apprehended, and prosecuted. They do this because they believe their purpose or cause is more important than themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When an attacker selects a target, they must perform reconnaissance to learn as much as possible about the systems and their configuration before launching attacks. What is the term for the gathering of information from any publicly available resource, such as websites, social networks, discussion forums, file services, and public databases?

Banner grabbing

Port scanning

Open-source intelligence

A

Open-source intelligence

Open source intelligence is the gathering of information from any publicly available resource. This includes websites, social networks, discussion forums, file services, public databases, and other online sources. This also includes non-Internet sources, such as libraries and periodicals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What penetration testing or hacking term refers to the concept of continuing an intrusion after an initial compromise in order to further breach an organization by focusing on new targets that may not have been accessible initially?

Man-in-the-browser

Pivot

Daisy chaining

A

Pivot

In penetration testing (or hacking in general), a pivot is the action or ability to compromise a system, then using the privileges or accessed gained through the attack to focus attention on another target that may not have been visible or exploitable initially. It is the ability to adjust the focus or the target of an intrusion after an initial foothold is gained

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the term for an attack or exploit that grants the attacker greater privileges, permissions, or access than what may have been achieved by the initial exploitation?

Impersonation

Piggybacking

Privilege escalation

A

Privilege escalation

Privilege escalation is an attack or exploit that grants the attacker greater privileges, permissions, or access than may have been achieved by the initial exploitation

17
Q

What type of information-gathering tactics rely on direct interaction with the target while attempting to avoid being detected as malicious?

Passive reconnaissance

Banner grabbing

Active reconnaissance

A

Active reconnaissance

Active reconnaissance is the idea of collecting information about a target through interactive means. By directly interacting with a target, the attacker can collect accurate and detailed information quickly but at the expense of potentially being identified as an attacker rather than just an innocent, benign, random visitor

18
Q

What type of test of security controls is performed with an automated vulnerability scanner that seeks to identify weaknesses while listening in on network communications?

Active

Passive

External

A

Passive

A passive test of security controls is being performed when an automated vulnerability scanner is being used that seeks to identify weaknesses while listening in on network communications

19
Q

What is the term used to describe systems that are no longer receiving updates and support from their vendors?

Passive

Embedded

End-of-life

A

End-of-life

End-of-life systems are those that are no longer receiving updates and support from their vendor. If an organization continues to use an end-of-life system, the risk of compromise is high because any future exploitation will never be patched or fixed. It is of utmost important to move off end-of-life systems in order to maintain a secure environment

20
Q

What is present on a system for ease of installation and initial configuration in order to minimize support calls from new customers?

Default configuration

Resource exhaustion trigger

Buffer overflow flaw

A

Default configuration

Default configurations should never be allowed to remain on a device or within an application. Defaults are such for ease of installation and initial configuration in order to minimize support calls from new customers