Threats, Attacks & Vulnerabilities . Flashcards

1
Q

Malware comes in many different forms (T/F) ?

A

True!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the major malware types?

A
  • Virus
  • Worm
  • Trojan Horse
  • Remote Access Trojan
  • Adware
  • Spyware
  • Ransomware
  • Logic Bomb
  • Rootkit
  • Back Door
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This Malware Type…

Spreads between systems based upon some user action.

A

Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This Malware Type…

Spreads between systems by exploiting vulnerabilities; no user action required.

A

Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This Malware Type…

Masquerades as desirable software to trick user into installing it.

A

Trojan Horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This Malware Type…

Trojan horse that allows an attacker to gain remote access to a system.

A

Remote Access Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This Malware Type…

Displays advertisements on the user’s system to generate ad revenue.

A

Adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This Malware Type…

Monitors user activity, such as keystrokes and web visits.

A

Spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This Malware Type…

Encrypts user files and demands a ransom before releasing the key.

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This Malware Type…

Encrypts user files and demands a ransom before releasing the key.

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This Malware Type…

Waits until certain conditions are met before triggering a malicious action.

A

Logic Bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This Malware Type…

Elevated privileges of a normal user to gain administrative rights.

A

Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This Malware Type…

Provides an unauthorized mechanism for accessing a system.

A

Backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_________ engineering attacks manipulate individuals to gain _________ access or information.

A
  • Social

- Unauthorized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the different social engineering attack types?

A
  • Phishing
  • Spear Phishing
  • Whaling
  • Tailgating
  • Dumpster Diving
  • Shoulder Surfing
  • Watering Hole
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This Attack Type…

Solicits information via email.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This Attack Type…

Solicits information via highly targeted email designed for one person.

A

Spear Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This Attack Type…

Targets high value individuals, such as senior executives.

A

Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This Attack Type…

Accessed a building by having someone hold the door open.

A

Tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This Attack Type…

Discovers sensitive information discovered in the trash.

A

Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

This Attack Type…

Monitors user activity by watching them as they enter/read information.

A

Shoulder Surfing

22
Q

This Attack Type…

Places malware on a site where users are known to congregate.

A

Watering Hole

23
Q

What are the seven main mechanisms that social engineering attacks exploit?

A
  • Authority
  • Intimidation
  • Consensus
  • Scarcity
  • Familiarity
  • Trust
  • Urgency
24
Q

_________ kiddies are generally ______-skilled attackers seeking a quick thrill.

A
  • Script

- Low

25
What are Advanced Persistent Threats (APTs)?
Extremely sophisticated attackers often sponsored by government agencies.
26
________ ________ ________ uses tools like nmap to check for active systems and open ports.
Network Discovery Scanning
27
What are the 4 common scanning techniques?
* TCP SYN * TCP Connect * TCP ACK * Xmas
28
This Type of Scanning Technique... Scans send a single packet with the SYN flag set.
TCP SYN
29
This Type of Scanning Technique... Scans attempt to complete the three way handshake.
TCP Connect
30
This Type of Scanning Technique... Scans seek to impersonate an established connection.
TCP ACK
31
This Type of Scanning Technique... Scans set the FIN, PSH, and URG flags.
Xmas
32
Network vulnerability scanning first discovers active services on the network and then probes those services for known vulnerabilities (T/F)?
True!
33
_____ _______ vulnerability scans use tools that specialize in probing for web application weaknesses.
Web application
34
The vulnerability management workflow includes three basic steps, what are they?
- Detection - Remediation - Validation
35
________ _________ goes beyond vulnerability scanning and attempts to exploit vulnerabilities.
Penetration Testing
36
What are the five steps of Penetration Testing?
- Planning - Information Gathering & Discovery - Vulnerability Scanning - Exploitation - Reporting
37
How many types of Penetration Tests are there?
Three
38
What are the types of Penetration Tests?
- White Box - Black Box - Gray Box
39
In WHITE BOX penetration tests, testers have full access to information about the target systems (T/F)?
True!
40
In BLACK BOX penetration tests, testers conduct their work ______ ______ knowledge of the target environment.
without any
41
This type of penetration test resides in the MIDDLE, providing testers with PARTIAL knowledge about the environment.
Gray Box
42
______ tags is a technology that can assist with asset tracking and inventory control of mobile devices.
RFID
43
The following Brute Force Attack is characterised as Online or Offline? - An attacker usually only has a limited number of attempts before being locked out of a system.
Online
44
The following Brute Force Attack is characterised as Online or Offline? - The attack is performed remotely.
Online
45
The following Brute Force Attack is characterised as Online or Offline? - An attacker can try as many times as required to crack a password.
Offline
46
The following Brute Force Attack is characterised as Online or Offline? - The attack is performed locally.
Offline
47
The shopping centre in your town has free Wi-Fi access. Each time you try to use the Wi-Fi, you are first directed to a web page where you need to agree to certain rules. Which technology is being described?
Captive Portal
48
Advanced Encryption Standard is currently not susceptible to this type of attack.
Known Plaintext Attack
49
A Ciphertext only attack is successful when the plaintext or key can be found (T/F)?
True!
50
Which of the following attacks has access to the "crib", | Ciphertext Only Attack OR Known Plaintext Attack?
Known Plaintext Attack