Threats, Attacks, and Vulnerabilities

Question 1

Passive Information Gathering vs. Active Information Gathering

Answer 1

Passive Information Gathering
* where you gather open-source or publicly available information without the organization being aware that the information has been accessed

Active Information Gathering
* probe the organization using DNS Enumeration, Port Scanning, and OS Fingerprinting techniques

Question 2

Vishing

Answer 2

Phising conducted over voice and phone calls

Question 3

Phishing

Answer 3

An attempt to fraudulently obtain information from a user

Question 4

Spear Phishing

Answer 4

Like phishing but usually targeting a specific indivdual/group

Question 5

Whaling

Answer 5

Form of spear phishing that targets any high-value target in an organization

Like CEO, CFO, CIO, CSO etc.

Question 6

Pharming

Answer 6

Phishing attempt to trick a user to access a different or fake website

Question 7

Smishing/Spimming

Answer 7

Phishing conducted of text messaging (SMS)

Question 8

What kind of attack is an example of IP spoofing?

Answer 8

On-path attack

On-path attacks intercept communications between two systems

Question 9

What ports would web-based attacks likely appear on?

Answer 9

Port 80 (HTTP) and port 443 (HTTPS)

Question 10

Zero-day attack

Answer 10

Attack against a vulnerability that is unknown to the original developer or manufacturer

Question 11

When you see ‘dot-dot-slash (../)’ sequence, it is most likely a…

Answer 11

Directory Traversal Attack

aims to access files and directories stored outside webroot folder

Question 12

Spoofing

Answer 12

the act of disguising a communication from an unknown source as being known, trusted source

Question 13

Smurf Attack

Answer 13

Uses a single ping with a spoofed source address sent to the broadcast address of a network

Question 14

What team monitors and manages defenders’ and attackers’ technical environment during a cybersecurity training excercise?

Answer 14

White team

judge, enforce rules, observes, scores and resolves any problems

Question 15

Zombie

Answer 15

a computer connected to the internet that has been compromised by as hacker, computer virus, or trojan horse program adn can be used to perform malicious attacks of one sort or another under remote direction

Question 16

SYN Flood

Answer 16

A variant of DoS where the attacker initiates multiple TCP sessions but never completes the 3-way handshake

Question 17

Privilege Escalation

Answer 17

Occurs when a user is able to gain the rights of another user or adminstrator

Vertical Privilege Escalation and Horizontal Privilege Escalation

Question 18

SQL Injections

Answer 18

SQL injections target data stored in enterprise databases by exploiting flaws in client-facing applications, most commonly web applications

Question 19

What is a way to identify rogue devices on a wired network?

Answer 19

Router and switch-based MAC address reporting

Question 20

MAC Address

Answer 20

A hardware identifier that uniquely identifies each device on a network

Question 21

A computer is infected with malware that has infected the Windwos kernal to hide. What type of malware is this?

Answer 21

Rootkit

Question 22

Rootkit

Answer 22

Software designed to gain administrative level control over a system without detection

Question 23

Threat Vectors

Answer 23

• Direct Access
• Wireless
• Email
• Supply Chain
• Social Media

Question 24

Bluetooth Attacks

Answer 24

Bluejacking (sending) and Bluesnarfing (taking)

Question 25

Race Condition

Answer 25

occur when the outcome from execution process is directly dependent on the order and timing of certain events

those events fail to execute in the order and timing inteded by the developer

Question 26

What technique should be used to mitigate the risk of data remanence when moving virtual hosts from one server to another in the cloud?

Answer 26

Use full-disk encryption

this will ensure that all data is encrypted and cannot be exposed to other organizations

Question 27

Shoulder Surfing

Answer 27

type of social engineering technique used to obtain personal identification numbers (PINs), passwords, and other confidential data by looking over the victim’s shoulder

Question 28

Integer Overflow Attack

Answer 28

occurs when an arithmetic operation results in a large number to be stored in the space allocated for it

Question 29

Threat Hunting

Answer 29

the utilization of insights gained from threat research and threat modeling to proactively discover evidence of an adversarial TTP within a network or system

Question 30

Banner Grabbing

not on exam objectives?

Answer 30

conducted by actively connecting to the server using telnet or netcat and collecting the web server’s response

this banner usually contains the server’s operating system and the version number of the service (SSH) being run

this is the fastest and easiest way to determine the SSH version being run on this web server

Question 31

True Positive Alert

Answer 31

Malicious activity is identified as an attack

Question 32

True Negative Alert

Answer 32

Legitimate activity is identified as legitimate trafic

Question 33

False Positive Alert

Answer 33

Legitimate activity is identified as an attack

Question 34

False Negative Alert

Answer 34

Malicious activity is identified as legitimate traffic

Question 35

Private IP Adresses

should this be in a diff section?

Answer 35

Private IP Adresses are either:
10.x.x.x
172.16-31.x.x
192.168.x.x

ALL other IP addresses are considered publicly routable over the internet (except localhost and APIPA addresses)

Question 36

Network Mapping

should this be in a diff section?

Answer 36

the study of the physical and logical connectivity of networks

helps develop adequate detailed network documentation

Question 37

Signature-based Monitoring

Answer 37

analyzes frames and packets of network traffic for predetermined attack patterns

attack patterns are known as signatures

Question 38

Anomaly-based Monitoring

Answer 38

definition?

zero-day attacks are best mitigated with behavior- or anomaly-based detection methods

Question 39

Polymorphic Virus

Answer 39

Polymorphic viruses change their signature each time they run to avoid antivirus software

Question 40

Fileless Virus

Answer 40

reside in memory

often take advantage of PowerShell to perform actions once they have used a vulnerability in a browser or broswer plug-in to inject themselves into system memory

Question 41

XSRF or CSRF

Cross-site Request Forgery

Answer 41

sends forged requests to a website, supposedly from a trusted user

Question 42

War Driving/Flying

Answer 42

When dial-up modems were in heavy use, hackers would conduct ware dialing exercises to many phones numbers to find modems that would answer

When wireless networks became the norm, the same type of language was used, leading to terms like war driving, walking and even war flying

Question 43

ARP Poisoning

Answer 43

consists of abusing the weaknesses in ARP to corrupt the MAC-to-IP mapping of other devices on the network

Question 44

DoS

Denial-of-service

Answer 44

may target a memory leak

Question 45

Uncredtialed Scans

Answer 45

Uncredentialed scans are generally unable to detect many vulnerabilities on a device

Question 46

Rogue Anti-virus

Answer 46

a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool

“Your computer is infected with a virus, click here to remove it!”

Question 47

Password Spraying

Answer 47

when an attacker uses common passwords to attempt to access several accounts

Question 48

SSL Stripping/HTTP Downgrade

Answer 48

STRIPS THE S FROM HTTPS

combines an on-path attack with a downgrade attack

attacker MUST sit in the middle of the conversation, victim does not see any significant problem except browser isnt encrypted

Question 49

Shimming

Answer 49

filling in the space between two objects

Windows includes it’s own shim, malware authors write their own shims

Question 50

Refactoring

Answer 50

metamorhpics malware

make it appear different each time, can intelligently redesign itself, difficult to match with signature-based detection

Question 51

Initialization Vector (IV)

Answer 51

way to add randomization to the encryption scheme being used

WEP, SSL implementations

Question 52

Visual Basic for Applications (VBA)

Answer 52

programming language developed and owned by Microsoft

with VBA you can create macros

Question 53

Shadow IT

Answer 53

use of IT-related hardware or software by a department or individual without the knowledge or approval of IT

Question 54

Non-intrusive Scan

Answer 54

simply identify and report on a vulnerability

gathers information

Question 55

Intrusive Scan

Answer 55

attemp to exploit a vulnerability when it is found

Question 56

Non-credentialed Scan

Answer 56

the scanner cannot login to the remote device

Question 57

Credentialed Scan

Answer 57

youu’re a normal user, emulates an insider attack

Question 58

Common Vulnerabilities and Exposures (CVE)/ Common Vulnerability Scoring System (CVSS)

Answer 58

list of publicly disclosed computer security flaws

Question 59

Fake Telemetry

Answer 59

machine learning

train the machine with actual data but then send the machine learning model fake telemetry to think that the malware is actually good

i used the word in the definition D:

Question 60

DNS Sinkhole

Answer 60

A DNS that hands out incorrect IP addresses

an attacker can redirect users to a malicious site

Question 61

DNS Posioning

Answer 61

attempt to insert incorrect or malicious entries into a trusted DNS server

Question 62

Pass the hash

Answer 62

process of harvesting an account’s cached credentials when the user logs in to a SSO system

allows the attacker to use the credentials on other systems

Question 63

Cognitive Password Attack

Answer 63

form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity

like finding personal info on social media and using that information to crack your password