Threats, Attacks, and Vulnerabilities 2 Flashcards
A __________ _________ attack is where an attacker gains the same level of authorization as the administrator.
Privilege escalation
___________ ___________ is where an attacker will ring up a help desk and ask them to reset the password for a user account.
Active reconnaissance
XSS targets _________, while remote exploits target ______ ______ .
Servers, end users
_____________ is wireless authentication that starts off by inserting a password, meaning that you only need to press a button to gain access to the wireless network.
WPS
A ________ attack is an interception attack where the data is forwarded at a later time and can be prevented by using Kerberos authentication that uses updated sequence numbers and timestamps.
Replay
A ___________ is where an attacker will ask you to look into the Windows\System32 folder to find an icon, such as a bear. If you find this icon, they will then ask you to delete the bear, as it is a virus. But when you do this, you will, in fact, delete a system file.
HOAX
My airplane was delayed and my free time on the wireless captive portal expired. I can use ________ _______ to bypass the captive portal for another session of free wireless access.
MAC spoofing
Digital signatures are susceptible to a ___________ _______, a hash-collision attack.
Birthday attack
__________ and _________ are both used for driver manipulation.
Shimming and refactoring
An auditor discovers that 50 new desktops have not been hardened properly, and puts it down to the fact that __________ ___________ had not been implemented early in the deployment.
Security baseline
______ ______ of failure is where one person, device, or service could cause damage to the company’s systems if it failed.
Single point
__________ _____ could inadvertently violate security policies and become vulnerable to a cybercrime or phishing attack.
Untrained users
__________ _______ is where proprietary code is tested by a consultant for security flaws.
Regression testing
________ prevents duplicate passwords from being stored and slows down brute-force attacks.
Salting
_________ __________ is where an arithmetic calculation exceeds the maximum size an application can accept. It can be mitigated by using input validation.
Integer overflow
____________ _______ on your network will not be patched and could be used for pivoting as they become vulnerable.
Undocumented assets
A __________ attack uses a legitimate website with links—for example, a Like button, a Share button, a free trial, or an Isn’t This Funny? link.
Clickjacking
A ____ ___________ is where two threads access the same data at the same time and either cause the computer to crash or give an illegal operation error.
Race condition
_____‐____ ________ ________attack is where a user is logged into a legitimate website and clicks on a link where an embedded program is located. This is also known as a one‐click attack, XRSF, or CSRF.
Cross-site reverse forgery
_______ ________ password attacks can detect every available combination of characters and can be stopped by using an account lockout or by salting the password using bcrypt or PBKDF2.
Brute Force
Both smurf attacks and DDoS attacks are known as _________ attacks.
Amplification
Using SSL instead of TLS for data in transit could lead to a POODLE attack that is known as a ___________ attack.
Downgrade
To protect data in transit, you should use encryption where plaintext is changed to ___________.
Ciphertext
An attacker will try and log into your control panel to launch a ________
__________ attack.
Domain hijacking
