Types of Attacks Flashcards
You are inspecting a user’s system after she has complained about slow internet speeds. After analyzing the system, you notice that the default gateway in the Address resolution protocol (ARP) cache is referencing an unknown MAC address. What type of attack has occurred?
ARP poisoning
The attacker alters the ARP cache to redirect communication to a particular IP address to the wrong MAC address, which maps to the attacker’s machine
You want to implement a security control that limits tailgating in a high security environment. Which of the following protective controls would you use?
Mantrap
Which of the following descriptions best describes a buffer overflow attack?
a) Injecting database code into a web page
b) Using a dictionary file to crack passwords
c) Sending too much data to an application that then enables the attacker to run arbitrary code
d) Altering the source address of a packet
Sending too much data to an application that then enables the attacker to run arbitrary code.
The attacker sends more data to an application or service than it is expecting. The extra data is sent and flows out of the area of memory (the buffer) assigned to the application. If the attacker can write information beyond the buffer, he can run whatever code he wants, usually codes that will give remote shell access to the system.
You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?
A SQL injection attack
It occurs when an attacker inserts database (SQL) statements into the application, such as a web site, which then passes the SQL commands to a backend database to be processed. The end result could lead the attacker bypassing the authentication or manipulating the data.
A user on your network received an e-mail from the bank stating that there has been a security incident at the bank. The e-mail asks the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?
Phishing
What type of attack involves the attacker modifying the source IP address of the packet?
Spoofing.
The attacker modifies the source address of the packet. In IP spoofing, the source IP address is modified.
Which of the following files might an attacker modify after gaining access to your system in order to achieve DNS redirection?
Hosts. The hosts file on the local computer is used to resolve fully qualified domain names (FQDNs) to IP addresses that could be used to redirect an unsuspecting person to the wrong site.
What type of attack involves the attacker sending too much data to a service or application that typically results in the attacker gaining administrative access to the system?
Buffer overflow
Which of the following methods could be used to prevent address resolution protocol (ARP) poisoning on the network?
Static ARP entries and physical security.
ARP poisoning can be countered by adding static entries and by implementing physical security so that unauthorized people cannot gain access to the network.
As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your system?
Patching.
The best countermeasure is to ensure that you keep up to date with system and application patches. As the vendor finds the vulnerabilities, that vendor will fix the issues through a patch.
Which of the following is the term for a domain name that is registered and deleted repeatedly so that the registrant can avoid paying for the domain name?
Domain kitting.
It is a vulnerability in the domain name system in which attackers register a DNS name and then cancels it within the five-day grace and re-creates it to get the five day period again.
You receive many calls from customer stating that the website seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requested on that web server at a high rate. What type of attack is occurring?
Denial of service (DoS).
The results of DoS is keeping your system so busy servicing bogus requests that it cannot service valid requests from your customer.
What type of attack is a smurf attack
Distributed denial of service (DDoS).
It involves the attacker pinging a number of systems but spoofing the address of the ICMP packet so that all those systems reply to an intended victim. The victim is overburdened with the ICMP replies that would cause the DoS.
Your manager has ensured that a policy is implemented that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?
Dumpster diving
What type of attack involves the attacker inserting a client-side script in the web page?
Cross-site scripting (XSS).
It involves the attacker inserting script code into a webpage so that it is then processed and executed by a client system.
Your manager has read about SQL injection attacks and is wondering what can be done to protect against them for applications that were developed in-house. What would you recommend?
Input validation.
A SQL injection attack involves the attacker inserting database code into an application (such as website) where it is not expected. The best countermeasure to this is to have your programmers validate any information passed into an application.
An attacker sitting in an internet café ARP poisons everyone connected to the wireless network so that all traffic passes through the attacker’s laptop before she routers the traffic to the internet. What type of attack is this?
Man-in-the-middle
Which of the following best describes a zero-day attack?
An attack that uses an exploit that the product vendor is not aware of yet.