Threats, Attacks & Vulnerabilities .

Question 1

Malware comes in many different forms (T/F) ?

Answer 1

True!

Question 2

What are the major malware types?

Answer 2

• Virus
• Worm
• Trojan Horse
• Remote Access Trojan
• Adware
• Spyware
• Ransomware
• Logic Bomb
• Rootkit
• Back Door

Question 3

This Malware Type…

Spreads between systems based upon some user action.

Answer 3

Virus

Question 4

This Malware Type…

Spreads between systems by exploiting vulnerabilities; no user action required.

Answer 4

Worm

Question 5

This Malware Type…

Masquerades as desirable software to trick user into installing it.

Answer 5

Trojan Horse

Question 6

This Malware Type…

Trojan horse that allows an attacker to gain remote access to a system.

Answer 6

Remote Access Trojan

Question 7

This Malware Type…

Displays advertisements on the user’s system to generate ad revenue.

Answer 7

Adware

Question 8

This Malware Type…

Monitors user activity, such as keystrokes and web visits.

Answer 8

Spyware

Question 9

This Malware Type…

Encrypts user files and demands a ransom before releasing the key.

Answer 9

Ransomware

Question 10

This Malware Type…

Encrypts user files and demands a ransom before releasing the key.

Answer 10

Ransomware

Question 11

This Malware Type…

Waits until certain conditions are met before triggering a malicious action.

Answer 11

Logic Bomb

Question 12

This Malware Type…

Elevated privileges of a normal user to gain administrative rights.

Answer 12

Rootkit

Question 13

This Malware Type…

Provides an unauthorized mechanism for accessing a system.

Answer 13

Backdoor

Question 14

_________ engineering attacks manipulate individuals to gain _________ access or information.

Answer 14

• Social

- Unauthorized

Question 15

What are the different social engineering attack types?

Answer 15

• Phishing
• Spear Phishing
• Whaling
• Tailgating
• Dumpster Diving
• Shoulder Surfing
• Watering Hole

Question 16

This Attack Type…

Solicits information via email.

Answer 16

Phishing

Question 17

This Attack Type…

Solicits information via highly targeted email designed for one person.

Answer 17

Spear Phishing

Question 18

This Attack Type…

Targets high value individuals, such as senior executives.

Answer 18

Whaling

Question 19

This Attack Type…

Accessed a building by having someone hold the door open.

Answer 19

Tailgating

Question 20

This Attack Type…

Discovers sensitive information discovered in the trash.

Answer 20

Dumpster Diving

Question 21

This Attack Type…

Monitors user activity by watching them as they enter/read information.

Answer 21

Shoulder Surfing

Question 22

This Attack Type…

Places malware on a site where users are known to congregate.

Answer 22

Watering Hole

Question 23

What are the seven main mechanisms that social engineering attacks exploit?

Answer 23

• Authority
• Intimidation
• Consensus
• Scarcity
• Familiarity
• Trust
• Urgency

Question 24

_________ kiddies are generally ______-skilled attackers seeking a quick thrill.

Answer 24

• Script

- Low

Question 25

What are Advanced Persistent Threats (APTs)?

Answer 25

Extremely sophisticated attackers often sponsored by government agencies.

Question 26

________ ________ ________ uses tools like nmap to check for active systems and open ports.

Answer 26

Network Discovery Scanning

Question 27

What are the 4 common scanning techniques?

Answer 27

* TCP SYN * TCP Connect * TCP ACK * Xmas

Question 28

This Type of Scanning Technique... Scans send a single packet with the SYN flag set.

Answer 28

TCP SYN

Question 29

This Type of Scanning Technique... Scans attempt to complete the three way handshake.

Answer 29

TCP Connect

Question 30

This Type of Scanning Technique... Scans seek to impersonate an established connection.

Answer 30

TCP ACK

Question 31

This Type of Scanning Technique... Scans set the FIN, PSH, and URG flags.

Answer 31

Xmas

Question 32

Network vulnerability scanning first discovers active services on the network and then probes those services for known vulnerabilities (T/F)?

Answer 32

True!

Question 33

_____ _______ vulnerability scans use tools that specialize in probing for web application weaknesses.

Answer 33

Web application

Question 34

The vulnerability management workflow includes three basic steps, what are they?

Answer 34

- Detection - Remediation - Validation

Question 35

________ _________ goes beyond vulnerability scanning and attempts to exploit vulnerabilities.

Answer 35

Penetration Testing

Question 36

What are the five steps of Penetration Testing?

Answer 36

- Planning - Information Gathering & Discovery - Vulnerability Scanning - Exploitation - Reporting

Question 37

How many types of Penetration Tests are there?

Answer 37

Three

Question 38

What are the types of Penetration Tests?

Answer 38

- White Box - Black Box - Gray Box

Question 39

In WHITE BOX penetration tests, testers have full access to information about the target systems (T/F)?

Answer 39

True!

Question 40

In BLACK BOX penetration tests, testers conduct their work ______ ______ knowledge of the target environment.

Answer 40

without any

Question 41

This type of penetration test resides in the MIDDLE, providing testers with PARTIAL knowledge about the environment.

Answer 41

Gray Box

Question 42

______ tags is a technology that can assist with asset tracking and inventory control of mobile devices.

Answer 42

RFID

Question 43

The following Brute Force Attack is characterised as Online or Offline? - An attacker usually only has a limited number of attempts before being locked out of a system.

Answer 43

Online

Question 44

The following Brute Force Attack is characterised as Online or Offline? - The attack is performed remotely.

Answer 44

Online

Question 45

The following Brute Force Attack is characterised as Online or Offline? - An attacker can try as many times as required to crack a password.

Answer 45

Offline

Question 46

The following Brute Force Attack is characterised as Online or Offline? - The attack is performed locally.

Answer 46

Offline

Question 47

The shopping centre in your town has free Wi-Fi access. Each time you try to use the Wi-Fi, you are first directed to a web page where you need to agree to certain rules. Which technology is being described?

Answer 47

Captive Portal

Question 48

Advanced Encryption Standard is currently not susceptible to this type of attack.

Answer 48

Known Plaintext Attack

Question 49

A Ciphertext only attack is successful when the plaintext or key can be found (T/F)?

Answer 49

True!

Question 50

Which of the following attacks has access to the "crib", | Ciphertext Only Attack OR Known Plaintext Attack?

Answer 50

Known Plaintext Attack