Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ (SY0-501) Terms, Concepts, & Acronyms > Threats, Vulnerabilities & Attacks > Flashcards

Threats, Vulnerabilities & Attacks Flashcards

1
Q

ARP spoofing

A

A hacker sends fake ARP packets that link an attacker’s MAC address with an IP of a computer already on the LAN.

Common source of MitM attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

brute force attack

A

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

fraggle attack

A

A DoS attack where the attacker sends spoofed UDP traffic to a router’s broadcast address intending for a large amount of UDP traffic to be returned to the target computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

wireless disassociation attack

A

Attack where an attacker spoofs the MAC address of a wireless access point to force a target device to try and re­ associate with the WAP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

replay attack

A
  • Attacker replays data that was already part of an earlier communication session.
  • Third party captures data from a session between 2 parties with the intent of using it to impersonate one of the parties.
  • Attackers typically modifies the data before replaying it
  • Timestamps or sequence numbers thwart replay attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

web application attack

A

An application attack that focuses on those applications that run in web browsers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Trojan horse

A

A type of malware that hides itself on an infected system and can cause damage to a system or give an attacker a platform for monitoring and/or controlling a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IM

A

Instant Messaging

A type of communication service which involves a private dialogue between two persons via instant text-based messages over the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

armored virus

A

A virus that can conceal its location or otherwise render itself harder to detect by anti-malware programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

session hijacking

A

A type of hijacking attack where the attacker exploits a legitimate computer session to obtain unauthorized access to an organization’s network or services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

evil twin

A

A wireless access point that deceives users into believing that it is a legitimate network access point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

pass the hash attack

A

A network-based attack where the attacker steals hashed user credentials and uses them as­ is to try to authenticate to the same network the hashed credentials originated on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

attack surface

A

The portion of a system or application that is exposed and available to attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

rootkit

A

Type of malware that has system-level access to a computer

Often able to hide themselves from users and AV software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

amplification attack

A

A network-based attack where the attacker dramatically increases the bandwidth sent to a victim.

Used during a DDoS attack by implementing an amplification factor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NTFS

A

New Technology File System

A proprietary journaling file system developed by Microsoft. Windows operating systems use NTFS for storing organizing and finding files on a hard disk efficiently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

DDoS

A

Distributed Denial of Service

A network-based attack where an attacker hijacks or manipulates multiple computers (through the use of zombies or drones) on disparate networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

IV

A

Initialization Vector; A technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SQL

A

Structured Query Language

A programming and query language common to many large scale database systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

race condition

A

A software vulnerability that can occur when the outcome from execution processes is directly dependent on the order and timing of certain events and those events fail to execute in the order and timing intended by the developer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

side-channel attack

A

An attack in which an attacker gleans information from the physical implementation of a cryptographic technique and uses that information to analyze and potentially break the implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

zero day vulnerability

A

A software vulnerability that a malicious user is able to exploit before the vulnerability is publicly known or known to the developers and before those developers have a chance to issue a fix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

adaptive chosen ciphertext attack

A

A cryptographic attack where the attacker repeatedly encrypts a selected cipher text message and tries to find the matching plain text.

Each subsequent attack is based on the results of the previous attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

PTZ

A

Pan-Tilt-Zoom

A type of internet camera where the user can control the movement and position of the lens from a remote location using controls on an Internet browser or software application. Panning refers to horizontal movement of the lens where tilting describes vertical movement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

IDF

A

Intermediate Distribution Frame

  • A distribution frame in a central office or customer premises which cross connects the user cable media to individual user line circuits.
  • May serve as a distribution point for multipair cables from the main distribution frame (MDF) or combined distribution frame (CDF) to individual cables connected to equipment in areas remote from these frames.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

chosen ciphertext attack

A

A cryptographic attack where the attacker analyzes a selected cipher text message and tries to find the matching plain text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

dictionary attack

A

A type of password attack that compares encrypted passwords against a predetermined list of possible password values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

IR

A

Infrared Radiation

Electromagnetic radiation (EMR) with wavelengths longer than those of visible light and is therefore invisible to the human eye.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

POTS

A

Plain Old Telephone Service

A voice-grade telephone service employing analog signal transmission over copper loops.

It was the standard service offered until 1988 when it was replaced by ISDN (Integrated Services Digital Network).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

social engineering

A

Any activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

NFC

A

Near Field Communications

A mobile device communication standard that operates at very short range often through physical contact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

RFID

A

Radio Frequency Identifier

  • Technology that uses electromagnetic fields to automatically identify and track tags or chips
  • These are attached to objects and store information about those objects
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

GPU

A

Graphics Processing Unit

A specialized processor originally designed to accelerate graphics rendering.

GPUs can process many pieces of data simultaneously, making them useful for machine learning, video editing, and gaming applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

OS

A

Operating System

System software that manages computer hardware and software resources and provides common services for computer programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

malicious actor

A

Sn entity that is partially or wholly responsible for an incident that affects or has the potential to affect an organization’s security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

XSS

A

Cross-Site Scripting

A web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

DNS hijacking

A

A hijacking attack where an attacker sets up a rogue DNS server This rogue DNS server responds to legitimate requests with IP addresses for malicious or non-existent websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

clickjacking

A

A type of hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

black hat

A

A hacker who exposes vulnerabilities without organizational consent for financial gain or for some malicious purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

threat actor

A

An entity that is partially or wholly responsible for an incident that affects or has the potential to affec organization’s security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

shoulder surfing

A

A human-based attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

IP address spoofing

A

An attack in which an attacker sends IP packets from a false (or spoofed) source address to communicate with targets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

IEEE

A

Institute of Electrical and Electronic Engineers

A professional association of electrical and electronics engineers that develops industry standards for a variety of technologies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

DEP

A

Data Execution Prevention

A security feature that prevents code from executing in memory regions marked as nonexecutable.

It helps prevent damage from malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

MFD

A

Multi-Function Device

An office machine which incorporates the functionality of multiple devices in one so as to have a smaller footprint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

logging

A

The act of recording data about activity on a computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

backdoor attack

A

Attack where hackers install malware to bypass normal network security requirements

Attack is designed to be subtle, and can be hidden within another type of software like a file converter, software update, or suggested download.

Once installed, it’s common for backdoor attackers to remain undetected for as long as possible to spread throughout the network. Once detected, it can be hard to know if you truly have patched all of the areas a backdoor may have reached.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

SDK

A

Software Development Kit

Collection of software development tools in one installable package

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

hardware attack

A

An attack that targets a computer’s physical components and peripherals including its hard disk motherboard keyboard network cabling or smart card reader and is designed to destroy hardware or acquire sensitive information stored on the hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

driver manipulation

A

A software attack where the attacker rewrites or replaces the legitimate device driver or application programming interface (API) to enable malicious activity to be performed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

passive reconnaissance

A

The process of collecting information about an intended target of a malicious hack without the target knowing what is occurring. This can include:

  • physical observation of an enterprise’s building
  • sorting through discarded computer equipment in an attempt to find equipment that contains data
  • dumpster diving for discarded paper with usernames and passwords
  • eavesdropping on employee conversations
  • researching the target through common Internet tools such as Whois
  • impersonating an employee in an attempt to collect information
  • packet sniffing

Compare with active reconaissance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

spyware

A

Surreptitiously installed malware that is intended to track and report the usage of a target system or collect other data the attacker wishes to obtain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

smishing

A

A human-based attack where the attacker extracts personal information by using SMS text messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

wardriving

A
  • Act of searching for Wi-Fi networks, usually from a moving vehicle, using a laptop or smartphone
  • Software for wardriving is freely available on the internet
  • Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

watering hole attack

A

Attack in which an attacker targets a specific group discovers which websites that group frequents then injects those sites with malware so that visitors to the sites will become infected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

hacker

A

Someone who excels at programming or managing and configucing computer systems or has the skills to gain access to computer systems through unauthorized or unapproved means

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

SEH

A

Structured Exception Handler

  • Extension built into code to handle any kind of errors that come up during the course of running the program
  • SEHs are part of a chain of error handling in a program
  • If exception gets through the chain without being handled, program typically crashes
  • SEH exploit overwrites the SEH and causes a buffer overflow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

USB

A

Universal Serial Bus

Industry standard that establishes specifications for cables and connectors and protocols for connection, communication and power supply (interfacing) between computers, peripherals and other computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

backdoor

A

Type of malware that negates or bypasses normal authentication procedures to access a system.

Can grant remote access to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

APT

A

Advanced Persistent Threat

A stealthly threat actor that gains unauthorized access to a computer network and remains undetected for an extended period of time.

Typically uses multiple attack vectors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

man-in-the-middle attack

A

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

buffer overflow attack

A

Attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

online brute force attack

A

A Cryptographic attack where the attacker tries to enter a succession of passwords using the same interface as the target user application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

MOTD

A

Message of the Day

A file on Unix-like systems that contains a message of the day used to send a common message to all users in a more efficient manner than sending them all an email message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

script kiddie

A

An inexperienced hacker with limited technical knowledge who relies on automated tools to hack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

CSRF

A

Cross Site Request Forgery

A web application attack that takes advantage of the trust established between an authorized user of a website and the website itself.

AKA XSRF.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

OSINT

A

Open Source Intelligence

A methodology for collecting analyzing and making decisions about data from public sources such as media, public records, social media, industry publications.

Threat actors often use OSINT to find a way in the door.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

reconnaissance

A

A penetration testing technique where the tester tries to gather as much information as possible about the target(s)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

SSD

A

Solid State Drive

70
Q

DHE

A

Data-Handling Electronics

Data Handling refers to the process of gathering, recording and presenting information in a way that is helpful to others - for instance, in graphs or charts.

71
Q

UTP

A

Unshielded Twisted Pair

A type of nework cable unshielded from electromagnetic interference.

72
Q

privilege escalation

A

The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application

73
Q

hijacking

A

A group of network-based attacks where an attacker gains control of the communication between two systems often masquerading as one of the entities

74
Q

attacker

A

A term for users who gain unauthorized access or cause damage to computers and networks for malicious purposes.

75
Q

OVAL

A

Open Vulnerability Assessment Language

International information security community standard that:

  • Promotes open and publicly available security content
  • Standardizes the transfer of this information across the entire spectrum of security tools and services
76
Q

cracker

A

A user who breaks encryption codes defeats software copy protections or specializes in breaking into systems

77
Q

PBX

A

Private Branch Exchange

A telephone exchange or switching system that serves a private organization

Permits sharing of central office trunks between internally installed telephones

Provides intercommunication between internal telephones within the organization without the use of external lines.

78
Q

eavesdropping attack

A

Eavesdropping, also known as a network eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet.

Targets electronic devices like computers and smartphones.

Typically occurs when using unsecured networks, such as public wifi connections or shared electronic devices.

Methods:

  • Keystroke logging
  • MitM attacks
  • Network sniffers
79
Q

insider

A

Present and past employees contractors partners and any entity that has access to proprietary confidential information and whose actions result in compromised security

80
Q

DNS poisoning

A

A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker’s choosing

81
Q

spear phishing

A

An email-based or web-based form of phishing that targets a specific individual or organization

82
Q

SQL injection

A

An attack that injects a database query into the input data directed at a server by accessing the client side of the application

83
Q

DLL injection

A

An attack where malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries (DLL) that are loaded at runtime.

84
Q

hacktivist

A

A hacker who gains unauthorized access to and causes disruption in a computer system in an attempt to achieve political or social change

85
Q

attack

A

Any technique used to exploit a vulnerability in an application or physical computer system without the authorization to do so.

86
Q

keylogger

A

A hardware device or software application that recognizes and records every keystroke made by a user

87
Q

STP

A

Shielded Twisted Pair

A type of nework cable shielded from electromagnetic interference.

88
Q

source code

A

Collection of code, with or without comments, written using a programming language

Access to source code enables a someone to change how a piece of software functions

89
Q

ASLR

A

Address Space Layout Randomization

A memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.

90
Q

warchalking

A

Attacker uses symbols to mark up a sidewalk or wall to indicate the presence and status of a nearby wireless network

91
Q

LDAP injection attack

A

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input

92
Q

adaptive chosen plaintext attack

A

A cryptographic attack where the attacker repeatedly encrypts a selected plain text message and analyzes the resulting cipher-text to crack the cipher.

Each subsequent attack is based on the results of the previous attack.

93
Q

software attack

A

Any attack that targets software resources including operating systems applications services protocols and files

94
Q

ransomware

A

Software that enables an attacker to take control of a user’s system or data and to demand payment for return of that control

95
Q

zombie

A

A computer that has been infected with malware and is being used by an attacker to mount an attack.

Also called a bot

96
Q

spoofing

A

A network-based attack where the goal is to pretend to be someone else for the purpose of identity concealment

97
Q

downgrade attack

A

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages

98
Q

memory leak

A

A software vulnerability that can occur when software does not release allocated memory when it is done using it potentially leading to system instability

99
Q

ARP poisoning

A

After a successful ARP spoofing, the hacker changes the target’s ARP table, so it contains falsified MAC entries, spreading the contagion.

100
Q

P2P

A

Peer to Peer

A distributed application architecture that partitions tasks or workloads between peers.

Peers are equally privileged equipotent participants in the application.

Vulnerable to drive-by software downloads and identity theft.

101
Q

EMP

A

Electromagnetic Pulse

A short burst of electrical interference caused by an abrupt and rapid acceleration of charged particles which can short-circuit and damage electronic components.

102
Q

MAC address spoofing

A

An attack in which an attacker falsifies the factory-assigned MAC address of a device’s network interface card (NIC)

Attacker takes advantage of flawed h/w drivers or configuration changes to make the MAC address for a router or laptop match one already verified on a network

Related: MAC flooding attacke

103
Q

MTU

A

Maximum Transmission Unit

Largest packet or frame size that can be sent in a packet- or frame-based network such as the internet.

The internet’s transmission control protocol (TCP) uses the MTU to determine the maximum size of each packet in any transmission.

104
Q

known plaintext attack

A

Attack where the attacker has access to plaintext and the corresponding cipher-text and tries to derive the correlation between them

105
Q

rainbow table attack

A

A type of password attack where an attacker uses a set of related plaintext passwords and their hashes to crack passwords

106
Q

chosen plaintext attack

A

A cryptographic attack where the attacker encrypts a selected plain text message and analyzes the resulting cipher text to crack the cipher.

107
Q

DNS spoofing

A

A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker’s choosing

108
Q

SPIM

A

Spam over Internet Messaging

May be more harmful that email Spam:

  • User is more likely to click on the link because it is real-time
  • Bypasses the enterprise AV and firewalls
109
Q

banner grabbing

A

The act of collecting information about network hosts by examining text-based welcome screens or MOTDs that are displayed by some hosts.

110
Q

dumpster diving

A

A human-based attack where the goal is to reclaim important information by inspecting the contents of trash containers\

111
Q

sniffing attack

A

A network attack that uses a protocol analyzer to gain access to private communications on the network wire or across a wireless network

112
Q

rogue access point

A

An unauthorized wireless access point on a corporate or private network that allows unauthorized individuals to connect to the network

113
Q

jailbreaking

A

The process of removing software restrictions on an iOS device allowing the user to run apps not downloaded from the official App Store

114
Q

malware

A

Malicious code such as viruses Trojans or worms which is designed to gain unauthorized access to make unauthorized use of or damage computer systems and networks

115
Q

USB OTG

A

USB On-The-Go

A cable used to connect mobile devices to other devices in a master/slave role.

It is one of many methods that can be used to connect a mobile device to external media.

116
Q

crypto-malware

A

A form of ransomware that uses encryption to render the victim’s data inaccessible

117
Q

EMI

A

Electromagnetic Interference

A disruption of electrical current that occurs when a magnetic field around one electrical circuit interferes with the signal being carried on an adjacent circuit.

118
Q

cookie manipulation

A

An application attack where an attacker injects a meta tag in an HTTP header making it possible to modify a cookie stored in a browser

119
Q

malicious code

A

Undesired or unauthorized software that is placed into a target system to disrupt operations or to redirect system resources for the attacker’s benefit

120
Q

bluesnarfing

A

Unauthorized access to, or theft of information from a bluetooth device.

Can access info like email, contact lists, calendars, and text messages

Attackers use tools like:

  • hcitool
  • obexftp
121
Q

cryptographic attack

A

A software attack that exploits weaknesses in cryptographic system elements such as code ciphers protocols and key management systems

122
Q

XSRF (CSRF)

A

Cross-Site Request Forgery

A web application attack that takes advantage of the trust established between an authorized user of a website and the website itself.

123
Q

ANT

A

Proprietary open access multicast wireless sensor network technology similar to Bluetooth but consumes less energy

Developed by ANT Wireless a division of Garmin

Primarily used in sports and fitness sensors

124
Q

pharming

A

An attack in which a request for a website typically an e-commerce site is redirected to a similar-looking but fake website

125
Q

RAT

A

Remote Access Trojan

Specialized Trojan horse that specifically aims to provide an attacker with unauthorized remote access to or control of a target computer

126
Q

man-in-the-browser attack

A

A type of network-based attack that combines a man-in-the-middle attack with the use of a Trojan horse to intercept and modify web transactions in real time

127
Q

RTBH

A

Remotely Triggered Black Hole

  • Filtering technique that provides the ability to drop undesirable traffic before it enters a protected network
  • Helps combat DDoS attacks
128
Q

POODLE

A

Padding Oracle on Downgrade Legacy Encryption

  • A man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0.
  • Another variant exploits cipher block chaining (CBC) encryption in TLS.
129
Q

takeover attack

A

A type of software attack where an attacker gains access to a remote host and takes control of the system

130
Q

domain hijacking

A

A type of hijacking attack where the attack.er steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking

131
Q

MDF

A

Main Distribution Frame

A signal distribution frame or cable rack used in telephony to interconnect and manage telecommunication wiring between itself and any number of intermediate distribution frames and cabling from the telephony network it supports.

132
Q

typosquatting

A

An attack in which an attacker registers a domain name with a common misspelling of an existing domain so that a user who misspells a URL they enter into a browser is taken to the attacker’s website

133
Q

MBR

A

Master Boot Record

Information in the first sector of any hard disk or diskette that identifies how and where an operating system is located so that it can be booted (loaded) into the computer’s main storage or RAM.

134
Q

port scanning attack

A

A network-based attack where an attacker scans computers and other devices to see which ports are listening in an attempt to find a way to gain unauthorized access

135
Q

virus

A

A self-replicating piece of malicious code that spreads from computer to computer by attaching itself to different files

136
Q

polymorphic malware

A

Malicious code that is designed to avoid detection by altering its decryption module each time it infects a new file

137
Q

DoS

A

Denial of Service; A network-based attack where the attacker disables systems that provide network services by consuming a network link’s available bandwidth consuming a single system’s available resources or exploiting programming flaws in an application or operating system

138
Q

data exfiltration

A

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network

139
Q

hybrid password attack

A

An attack that uses multiple attack methods including dictionary rainbow table and brute force attacks when trying to crack a password

140
Q

adware

A

Software that automatically displays or downloads advertisements when it is used.

141
Q

offline brute force attack

A

A cryptographic attack where the attacker steals the password and then tries to decode it by systematically guessing possible keystroke combinations that match the encrypted password

142
Q

logic bomb

A

A piece of code that sits dormant on a target computer until it is triggered by the occurrence of specific conditions such as a specific date and time

143
Q

URL hijacking

A

An attack in which an attacker registers a domain name with a common misspelling of an existing domain so that a user who misspells a URL they enter into a browser is taken to the attacker’s website

144
Q

vishing

A

A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP­ based voice messaging services (VoIP).

145
Q

threat

A

Any event or action that could potentially cause damage to an asset

146
Q

brandjacking

A

An activity whereby someone acquires or assumes the online identity of another entity for to acquire their brand equity.

Often targets politicians, celebrities or businesses

147
Q

rogue system

A

An unknown or unrecognized device that is connected to a network often with malicious intent

148
Q

ciphertext-only attack

A

A cryptographic attack where the attacker has access to the cipher text and tries to use frequency analysis or other methods to break the cipher

149
Q

XML

A

Extensible Markup Language

A widely adopted markup language used in many documents websites and web applications

150
Q

bluejacking

A

Practice of sending unsolicited messages to nearby bluetooth devices.

Messages are typically text but can also be images or sounds.

151
Q

hoax

A

An email-based IM-based or web-based attack that is intended to trick the user into performing unnecessary or undesired actions such as deleting important system files in an attempt to remove a virus or sending money or important information via email or online forms

152
Q

DLL

A

Dynamic Link Library

Microsoft’s implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems.

The files are executable like an .exe file.

153
Q

tailgating

A

A human-based attack where an attacker enters a secure area by following a legitimate employee without the employee’s knowledge or permission

154
Q

worm

A

A self-replicating piece of malicious code that travels through a network

Does not need user interaction to execute

155
Q

Vector

A

The method that malware uses to propagate itself or infect a computer.

156
Q

botnet

A

A group of infected computers that act as software robots and function together in a network, usually the internet, for malicious purposes.

157
Q

active reconnaissance

A

Hacking or pentesting method used to collect information about a computer system or network

Uses tools such as network and vulnerability scanners to gather information

Engages targets and is almost always illegal

158
Q

birthday attack

A

A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory.

Attacker is able to create the same hash as a user’s actual password (e.g., hash collision)

Defense: increase number of bits used in hash

159
Q

jamming

A

In wireless networking the phenomenon by which radio waves from other devices interfere with the 802.11 wireless signals used by computing devices and other network devices

160
Q

client-side attack

A

Occurs when a user downloads malicious content

161
Q

XML injection

A

Attack that injects corrupted XML query data so that an attacker can gain access to the XML data structure and input malicious code or read private data

162
Q

network tap

A

A security control on network devices that creates a copy of network traffic to forward to a sensor or monitor like an IDS

163
Q

phishing

A

A type of email-based social engineering attack in which the attacker sends email from a supposedly reputable source such as a bank to tty to elicit private information from the victim

164
Q

OTA

A

Over the Air

Refers to various methods of distributing new software configuration settings and even updating encryption keys to devices like mobile phones set-top boxes electric cars or secure voice communication equipment.

165
Q

pivoting

A

A penetration testing technique where the tester compromises one central host (the pivot) that allows the tester to access other hosts that would otherwise be inaccessible

166
Q

password attack

A

Any attack where the attacker tries to gain unauthorized access to and use of passwords

167
Q

whaling

A

A form of spear phishing that targets particularly wealthy individuals or organizations

168
Q

NIST

A

National Institute of Standards & Technology

NIST is part of the U.S. Department of Commerce

NIST includes the Information Technology Laboratory (ITL) that publishes monthly bulletins focusing on ITL’s research and collaborative activities in cybersecurity.

169
Q

piggy backing

A

A human-based attack where an attacker enters a secure area by following a legitimate employee with the employee’s knowledge or permission

170
Q

frequency analysis

A

A cryptographic analysis technique where an attacker identifies repeated letters or groups of letters and compares them to how often they occur in plain-text in an attempt to fully or partially reveal the plain-text message

CompTIA Security+ (SY0-501) Terms, Concepts, & Acronyms (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions