Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security + > Transcender Sec + Tests > Flashcards

Transcender Sec + Tests Flashcards

1
Q

A hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?

A

escalation of privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

There are two type of privilege escalation:__________________.

A

vertical and horizontal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

With ___________ privilege escalation, the attacker obtains higher privileges by performing operations that allow the attacker to run unauthorized code.

A

vertical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

With _________ privilege escalation, the attacker obtains the same level of permissions as he already has but uses a different user account to do so.

A

horizontal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A _______ is a term for lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms.

A

backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

______________ are also referred to as maintenance hooks

A

Backdoors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

backdoor

A

term for lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

escalation of privileges

A

An example would be when a hacker has used a design flaw in an application to obtain unauthorized access to the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This hacker technique detects vulnerabilities through techniques such as social engineering, accessing supposedly confidential information on publicly available databases, dumpster diving, and shoulder surfing.

A

Passive reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Passive reconnaissance is an attempt to gain information about targeted computers and networks _________ actively engaging with the systems.

A

without

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In _________ reconnaissance the attacker engages with the target system, typically conducting a port scan to determine find any open ports.

A

active

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Active reconnaissance accesses the system ___________ to detect vulnerabilities. Tools and techniques such as network mapping, port scans, and network sniffing are used to test the system and identify potential sources of attack.

A

directly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

________ use a compromised system to attack another system.

A

Pivots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Pivots

A

Using a compromised system to attack another system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Initial exploitation _________ one system so that it can be used in a pivot test against another system.

A

compromises

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Persistence is when the compromised system is used in an attack at some point ______ the initial exploitation occurred.

A

after

17
Q

An example of __________ would be when a student’s notebook computer contracts malware at a coffee shop, but the school network is not affected until the student logs in to the school network.

A

persistence

18
Q

What are maintenance hooks

A

Maintenance hooks are another name for back doors- hole in coding that a programmer adds so that he can get in and bypass security

19
Q

__________ can be caused by a programmer failing to free up memory once the process using that memory has been completed. C and C++ are particularly prone to ___________.

A

Memory leaks

memory leaks

20
Q

Integer overflows happen when a number _________ to fit into the data type “integer” is not rejected and is allowed to corrupt the program.

A

is too large

21
Q

Pointer differences occur when

A

a pointer (which points to the proper memory location) has the reference changed. This results in the pointer pointing to an inaccurate value

22
Q

Integer overflows

A

happens when a number is too large to fit into the data type “integer” is not rejected and is allowed to corrupt the program.

23
Q

A buffer overflow is an example of improper ______________________, and the impact can include ___________.

A
  • input handling being allowed by the
    application code
  • crashing the application
24
Q

Examples of improper input handling include failure to validate the _________ _________, the length of the data, proper date ranges.

A

type of data in an input field

Security + (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions