Threats, Attacks, And Vulnerabilities

Question 1

Malware Components

Answer 1

Propagation
Delivery Method
Payload

Question 2

Malware Propagation Methods

Answer 2

Viruses
Worms
Trojan Horses and Remote Access Trojan (RAT)
Polymorphic Malware

Question 3

Types of Malware Payload

Answer 3

Adware
Spyware
Ransomware
Botnet

Question 4

Malware Delivery Methods

Answer 4

Backdoor
Logic Bomb
Root kits

Question 5

Adware Results

Answer 5

Redirect search queries
Display pop-up ads
Replace legitimate adds

Question 6

Spyware Results

Answer 6

Log keystrokes
Monitor activity
Search for sensitive data

Question 7

Ransomware Results

Answer 7

Encrypt data and sell encryption key

Question 8

Logic Bomb Triggers

Answer 8

Date/Time reached
File contents
API call results

Question 9

Root Kit Payloads

Answer 9

Backdoors
Botnet agents
Adware
Spyware
Anti-theft mechanisms (positive)

Question 10

Types of Root Kits

Answer 10

User mode: normal privilege, easy to write, and hard to detect
Kernel mode: full system privilege, hard to write, and easy to detect

Question 11

Define a Armored Virus

Answer 11

Virus written to prevent reverse engineering via obfuscation, blocking system debuggers, and preventing sandboxing

Question 12

Define Zero Day Vulnerabilities

Answer 12

Unknown vulnerabilities to the vendor/creator

Question 13

Ethical Disclosure Process

Answer 13

Notify vendors
Provide vendor with reasonable amount of time to patch
Disclose vulnerability to the public

Question 14

Types of Threat Agents

Answer 14

Script Kiddies
Hacktivist
Organized Crime
Corporate Espionage
Nation States
Insiders

Question 15

Define DoS and DDos

Answer 15

Denial of Service and Distributed Denial of Service

Question 16

Define DDoS Amplification Factor

Answer 16

Number of replies divided by the number of request (#reply/#request)

Question 17

Eavesdropping Methods

Answer 17

Network Device Tap
DNS Poisoning
ARP Poisoning
Replay Attack
MITM

Question 18

Define XMAS Tree Packet

Answer 18

All packet header flags are 1

Used crash system and/or determine OS

Question 19

Define DNS Poisoning

Answer 19

Redirect user to alternate DNS server for untrusted IP address resolution

Question 20

Define ARP Poisoning

Answer 20

Redirect network traffic from legitimate IP address to attacker’s spoofed MAC address, Local Networks only

Question 21

Define Typosquating

Answer 21

Redirect URL based on misspelling, goes by several other names

Question 22

Define Domain Hijacking

Answer 22

Stealing a legitimate domain name, reroute to fake or alternate website

Question 23

Criteria for an Effective Hash

Answer 23

Any change in input creates completely different output
One way (not reversible)
Collision resistant (no two inputs create same output)

Question 24

One Attack All Hashing Algorithms Are Subject To

Answer 24

Collisions

Question 26

Types of Password Attacks

Answer 26

Brute force
Dictionary
Hybrid
Rainbow table

Question 27

Password Frequency Analysis Techniques

Answer 27

Patterns (i.e. common letters)

Diagraphs

Question 28

Types of Knowledge Based Attacks

Answer 28

Known Plain Text
Chosen Plain Text
Known Cipher Text

Question 29

Define a Downgrade Attack

Answer 29

Force encryption to use smaller key space and/or less secure protocols

Question 30

Define Watering Hole Attacks

Answer 30

Exploit commonly visited websites to deliver malware

Question 31

Define 802.11

Answer 31

IEEE standard for WiFi

Question 32

Wireless Encryption Options

Answer 32

WEP
WPA
WPA2

Question 33

WEP Encryption

Answer 33

RC4

Question 34

WPA Encrytpion

Answer 34

TKIP

Question 35

WPA2 Encryption

Answer 35

AES

Question 36

Define Rogue Access Point

Answer 36

Unauthorized access points

Question 37

Define an Evil Twin

Answer 37

Malicious network using same SSID as a legitimate network in the vicinity

Question 38

Define Disassociation Attacks

Answer 38

Attacker spoofs network de-authentication message forcing reconnect to false network

Question 39

Define Bluejacking

Answer 39

Spam via Bluetooth

Question 40

Define Bluesnarfing

Answer 40

Forced pairing via Bluetooth

Question 41

Define SQL Injection Attacks

Answer 41

Unexpected query data input into data-base driven web.

Question 42

Define XSS

Answer 42

Cross Site Scripting is when attackers embed script into a web page.

Question 43

Define XSRF (also called CSRF or “Sea Surf”)

Answer 43

Execute malicious scripts across multiple tabs/sites without user’s knowledge utilizing authentication cookies

Question 44

Define Clickjacking

Answer 44

Hidden elements redirect users clicks for alternative purposes

Question 45

Define Cursor Jacking

Answer 45

Attacker hides or relocates user’s cursor

Question 46

Define Directory Traversal Attack

Answer 46

Execute directory traversal commands for unauthorized access to alternate file directories

Question 47

Define Buffer Overflow Attack

Answer 47

User input exceeds space in application for stored variable

Question 48

Buffer Overflow Attack Results

Answer 48

DoS
Data Loss
Privilege Escalation

Question 50

Define Session Hijacking

Answer 50

Stolen or guessable hashed authentication cookies used to authenticate attacker

Question 51

Define Refactoring

Answer 51

Repurposing source code embedded with malicious scripts

Question 52

Define Shimming

Answer 52

A legitimate driver “wrapped” in malware

Question 53

Driver Manipulation Protection Method(s)

Answer 53

Code Signing: hashing of digital signatures, certificates

Question 54

Social Engineering Persuasion Methods

Answer 54

Authority
Intimidation
Consensus
Scarcity
Urgency
Familiarity/Liking

Question 55

Types of Impersonation Attacks

Answer 55

Phishing
Spear Phishing
Whaling
Pharming
Vishing
Smishing 
Spim
Spoofing

Question 56

Define Phishing

Answer 56

Generic email scams

Question 57

Define Spear Phishing

Answer 57

Targeted phishing attempts

Question 58

Define Whaling

Answer 58

Targeted phishing attacks on senior executives

Question 59

Define Pharming

Answer 59

Phishing via fake websites

Question 60

Define Vishing

Answer 60

Phishing via Voice over IP or Phone

Question 61

Define Smishing

Answer 61

Phishing via SMS text

Question 62

Define Spim

Answer 62

Instant message spam

Question 63

Types of Physical Social Engineering

Answer 63

Shoulder Surfing
Dumpster Diving
Tailgating/Piggybacking

Question 64

Vulnerability Assessment Modes

Answer 64

Active (Intrusive)

Passive (Non-intrusive)

Question 65

Define a Honeypot

Answer 65

Attractive decoy machine for intelligence gathering on attackers

Question 66

Define a Honeynet

Answer 66

Attractive decoy network for intelligence gathering on attackers

Question 67

Purpose of Protocol Analyzers

Answer 67

Peek into network traffic, sniff packets

Question 68

Types of Scanners

Answer 68

Port Scanners
Vulnerability Scanners
Application Scanners

Question 69

Define Threat

Answer 69

External force
Man-made or natural
Uncontrollable

Question 70

Define Vulnerability

Answer 70

Security weakness

Semi-Controllable

Question 71

Define Risk

Answer 71

Known threat plus a vulnerability

Question 72

Risk Factors

Answer 72

Impact

Probability

Question 73

Threat Assessment Surveys

Answer 73

Baseline Report
Attack Surface Review
Code Review
Architecture Review

Question 74

Define White Box Testing

Answer 74

Test with full knowledge of network, application, or system.
Active and authenticated testing.

Question 75

Types of Penetration Testing

Answer 75

White Box
Black Box
Gray Box

Question 76

Define Black Box Testing

Answer 76

Test without prior knowledge of network, application, or system

Question 77

Define Gray Boxing

Answer 77

Test with limited knowledge of network, application, or system

Question 78

Define Pivoting

Answer 78

Attacker gaining a foothold before switching target

Question 79

Define False Positive

Answer 79

Alert generated for non-issue

Question 80

Define False Negative

Answer 80

Issue fails to generate an alert

Question 81

Vendor Vulnerabilities

Answer 81

End-of-life
End-of-sale
End-of-support

Question 82

Memory Vulnerabilities

Answer 82

Memory leak

Null Pointer/Dereferencing

Question 83

Define Memory Leak

Answer 83

Application fails to return unused memory

Question 84

Define Null Pointer/Dereferencing

Answer 84

Empty memory pointer

May provide attacker with debugging info or other vulnerabilities

Question 85

Define Race Condition

Answer 85

Security controls dependent on user or computer action receive missed or unexpected input.

Question 86

Initialization Vector Roles

Answer 86

Build Decryption Tables

Compute RC4 key stream

Question 87

Define System Sprawl

Answer 87

Uncontrolled/undocumented growth of a network or system

Question 88

Vendor Diversity Issues

Answer 88

Lack of Innovation

Technical Inefficiencies

Question 89

Prevention Objective of Fuzz Testing

Answer 89

Crashes
Memory leaks
Failed validation

Question 90

Contrast Structured vs. Unstructured Attacks

Answer 90

Structure attacks are intentional and specific in target.

Unstructured attacks are generic and broad in target scope.

Question 91

Vulnerability Scanner Scanning Methods

Answer 91

Dictionary scanning

Database scanning

Question 92

Race Condition Results

Answer 92

Privilege Escalation
DoS
Null Pointer Error

Question 93

Define a Crib

Answer 93

Plain text in a knowledge based attack

Question 94

Define Banner Grabbing

Answer 94

Act of getting software banner information (name and version) to reveal insecure or vulnerable system information

Question 95

Primary Threat Assessment Concerns

Answer 95

Technical Resources

Funds

Question 96

Define IPC

Answer 96

Instructions Per Cycle

Question 97

IP Spoofing Protection Methods

Answer 97

Encryption
Packet filtering
Key-based authentication

Question 98

Purpose of an Anti-Malware Live Boot CD

Answer 98

Bypasses infected OS to clean device of malware

Question 99

Passive Reconnaissance Methods

Answer 99

Impersonation

Packet sniffing

Question 100

RTOS Vulnerabilities

Answer 100

IPC attacks

Priority Inversion

Question 101

WEP Weaknesses

Answer 101

24 bit IV
Encryption algorithm
Key management

Question 102

Define a Retro Virus

Answer 102

Destroys virus countermeasures by altering anti-virus definitions and key files

Question 103

Define Smurf Attack

Answer 103

Spoof source address in ICMP packets and sends packets to amplification network

Question 104

Define a Fraggle Attack

Answer 104

Spoof source address using UDP directed to port 7 (echo) and port 19 (CharGen - Character Generation)

Question 105

Define a Salami Attack

Answer 105

Small amounts of data, information, or valuables leaked over a period of time

Question 106

Define a Null Scan

Answer 106

Turns off all flags in a TCP headers

Question 107

Define a Teardrop Attack

Answer 107

Attacker sends fragmented UDP packets with overlapping offsets, when system re-builds the packets, an invalid UDP packet is created causing the system to crash or reboot

Question 108

Define NACK

Answer 108

Negative Acknowledgment; denies client access to LAN/WAN resources

Question 109

Define ping of death

Answer 109

ICMP packet over 65,536 bytes

Question 110

Define a Banana Attack

Answer 110

Uses a router to change the destination address of a frame

Question 111

Define a Land Attack

Answer 111

SYN packet has exact same address for sender and receiver which is the address of the server

Question 112

Define Spark Jamming

Answer 112

Rapid blasts of high-intensity, short-duration RF burst

Question 113

Define Random Pulse Jamming

Answer 113

Random radio signal pulses of varying amplitude and frequency

Question 114

Define Random Noise Jamming

Answer 114

Produce RF signals using random amplitude and frequencies

Question 115

Define an Analytic Attack

Answer 115

Mathematical attack targeting the complexity of a cryptosystem’s algorithm

Question 116

Define a Side-Channel Attack

Answer 116

Attack based on information gained from the physical implementation of a cryptosystem such as length of time required for encryption/decryption

Question 117

MAC Flooding Results

Answer 117

Switch will act like a hub

Question 118

Explain a TCP SYN Scan

Answer 118

Port scan which does not complete the three-way TCP handshake but rather listens for SYN/ACK packets (port is listening) or RST/ACK packets (port is not listening)

Question 119

Double vs Single Blind Test

Answer 119

Double Blind Test: Administrator does not know a pen test is being conducted and hacker conducts black box testing
Single Blind Test: Administrator knows pen test is being conducted or hacker conducts a white box test

Question 120

Goal of MAC Spoofing

Answer 120

Bypass 802.1x port-based security