Types of Attacks Flashcards

1
Q

You are inspecting a user’s system after she has complained about slow internet speeds. After analyzing the system, you notice that the default gateway in the Address resolution protocol (ARP) cache is referencing an unknown MAC address. What type of attack has occurred?

A

ARP poisoning
The attacker alters the ARP cache to redirect communication to a particular IP address to the wrong MAC address, which maps to the attacker’s machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You want to implement a security control that limits tailgating in a high security environment. Which of the following protective controls would you use?

A

Mantrap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following descriptions best describes a buffer overflow attack?

a) Injecting database code into a web page
b) Using a dictionary file to crack passwords
c) Sending too much data to an application that then enables the attacker to run arbitrary code
d) Altering the source address of a packet

A

Sending too much data to an application that then enables the attacker to run arbitrary code.
The attacker sends more data to an application or service than it is expecting. The extra data is sent and flows out of the area of memory (the buffer) assigned to the application. If the attacker can write information beyond the buffer, he can run whatever code he wants, usually codes that will give remote shell access to the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?

A

A SQL injection attack
It occurs when an attacker inserts database (SQL) statements into the application, such as a web site, which then passes the SQL commands to a backend database to be processed. The end result could lead the attacker bypassing the authentication or manipulating the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A user on your network received an e-mail from the bank stating that there has been a security incident at the bank. The e-mail asks the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of attack involves the attacker modifying the source IP address of the packet?

A

Spoofing.

The attacker modifies the source address of the packet. In IP spoofing, the source IP address is modified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following files might an attacker modify after gaining access to your system in order to achieve DNS redirection?

A

Hosts. The hosts file on the local computer is used to resolve fully qualified domain names (FQDNs) to IP addresses that could be used to redirect an unsuspecting person to the wrong site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of attack involves the attacker sending too much data to a service or application that typically results in the attacker gaining administrative access to the system?

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following methods could be used to prevent address resolution protocol (ARP) poisoning on the network?

A

Static ARP entries and physical security.
ARP poisoning can be countered by adding static entries and by implementing physical security so that unauthorized people cannot gain access to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your system?

A

Patching.
The best countermeasure is to ensure that you keep up to date with system and application patches. As the vendor finds the vulnerabilities, that vendor will fix the issues through a patch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is the term for a domain name that is registered and deleted repeatedly so that the registrant can avoid paying for the domain name?

A

Domain kitting.
It is a vulnerability in the domain name system in which attackers register a DNS name and then cancels it within the five-day grace and re-creates it to get the five day period again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You receive many calls from customer stating that the website seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requested on that web server at a high rate. What type of attack is occurring?

A

Denial of service (DoS).
The results of DoS is keeping your system so busy servicing bogus requests that it cannot service valid requests from your customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of attack is a smurf attack

A

Distributed denial of service (DDoS).
It involves the attacker pinging a number of systems but spoofing the address of the ICMP packet so that all those systems reply to an intended victim. The victim is overburdened with the ICMP replies that would cause the DoS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your manager has ensured that a policy is implemented that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?

A

Dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of attack involves the attacker inserting a client-side script in the web page?

A

Cross-site scripting (XSS).
It involves the attacker inserting script code into a webpage so that it is then processed and executed by a client system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your manager has read about SQL injection attacks and is wondering what can be done to protect against them for applications that were developed in-house. What would you recommend?

A

Input validation.
A SQL injection attack involves the attacker inserting database code into an application (such as website) where it is not expected. The best countermeasure to this is to have your programmers validate any information passed into an application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An attacker sitting in an internet café ARP poisons everyone connected to the wireless network so that all traffic passes through the attacker’s laptop before she routers the traffic to the internet. What type of attack is this?

A

Man-in-the-middle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following best describes a zero-day attack?

A

An attack that uses an exploit that the product vendor is not aware of yet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What type of file on your hard drive stores preferences from web sites?

A

Cookies.

It is a text file on the hard drive of your system that stores preference for specific website.

20
Q

What type of attack involves the attacker disconnecting one of the parties from a communication and continues the communication while impersonating that system?

A

Session hijacking.
The attacker takes over a conversation by impersonating one of the parties involved in the conversation after the attacker kicks that party off.

21
Q

What type of password attack involves the use of dictionary file and modifications of the words in the dictionary file?

A

Hybrid attack.
The attacker uses dictionary file and a brute force attack to try to guess the user’s password. The software uses modifications of the dictionary words by placing numbers at the end of each word.

22
Q

Which of the following countermeasures is designed to protect against a brute-force password attack?

A

Account lockout

23
Q

Three employees within the company have received phone calls from an individual asking about personal finance information. What type of attack is occurring?

A

Vishing.
It is a form of social engineering attack in which the attacker calls a user trying to trick the person into divulging secure information over the phone or a Voice over IP.

24
Q

Tom was told to download a free tax program to complete his taxes this year. After downloading and installing the free software, Tom notices his system is running slowly and he receives a notification from his antivirus software. What type of malware has he installed?

A

Trojan

25
Q

Jeff recently reports that he is receiving a large number of unsolicited text messages to his phone. What type of attack is occurring?

A

Bluejacking.

It is when the attacker sends text message to a Bluetooth device.

26
Q

An employee is suspected of sharing company secrets with a competitor. After seizing the employee’s laptop, the forensic analyst notices that a number of personal photos on the laptop have been emailed to a third party over the internet. When the analyst compares the hashes of the personal images on the hard drive to what is found in the employee’s mailbox, the hashes don’t match. How was the employee sharing company secrets?

A

Steganography

27
Q

You arrive at work today to find someone outside the building digging through her purse. As you approach the door, the person says, “I forgot my pass at home. Can I go in with you?” What type of attack could be occurring?

A

Tailgating

28
Q

Your manager has requested that the combo padlocks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social-engineering attack is your manager hoping to avoid with this charge?

A

Tailgating

29
Q

Your manager has been hearing a lot about social-engineering attacks and wonder why such attacks are so effective. Which of the following identifies reasons why the attacks are so successful?

A

Authority, Urgency, Trust

30
Q

Jane is the lead security officer for your company and is monitoring network traffic. Jane notices suspicious activity and asks for your help in identifying the attack.

A

Directory traversal
It occurs when the attacker navigates the folder structure of the web server in URL to call upon commands found in the operating system of the web server.

31
Q

A user calls and asks you to send sensitive documents immediately because a salesperson needs them to close a multi-million-dollar deal and the sales person’s files are corrupted. She demands you do this immediately or she’ll be fired. What form of social engineering is this?

A

Intimidation

32
Q

An attacker tricks a user into clicking a malicious link that causes an unwanted action on a website the user is currently authenticated to. What type of exploit is this?

A

Cross-site request forgery

33
Q

Your server is being flooded with DNS lookup requests, which is causing the server to be unavailable for legitimate clients. What sort of general attack is this?

A

Amplification attack
It involves sending a small amount of data to an unsuspecting third party, which sends a larger amount of data to the target.

34
Q

A user calls you stating that his browser performed an unintended action after he clicked a button on a webpage. What sort of attack has taken place?

A

Click jacking

35
Q

A downloaded hardware driver does not match the checksum from the manufacturer, yet it installs and seems to behave as it should. Months later, you learn that sensitive information from your device has been leaked online. Which term describes this attack?

A

Refactoring
It involves changing the internal code of the driver while maintaining the external behavior so it appears to be behaving normally.

36
Q

A user is attempting to log into a web application but notices that the version of TLS being used is lower than expected. What sort of attack is this?

A

Downgrade attack.
It involves forcing a connection to abandon a high-quality encryption protocol for a lower quality, more insecure protocol.

37
Q

You have received a SMS text message from the bank stating that access to your bank account has been blocked. The message asks you to click a link to reactivate the account right away. What type of attack is this?

A

Smishing
It occurs when the attacker uses SMS text messaging to send a phishing style message to a user’s mobile phone, trying to trick the user into compromising security.

38
Q

An attacker obtain a connection to your LAN and then uses SETH to perform a MiTM attack between your system and the company RDP server, which enables the attacker to collect the logon information for the RDP server. What type of attack has occurred?

A

Credential harvesting

Attackers collect logon information and then uses that information to gain access to system at a later time.

39
Q

Which of the following mechanisms can be used by an attacker as a method in an influence campaign to trick the victim into compromising security?

A

Social media.

It is a tool that can be used as an influence campaign during a social-engineering attack.

40
Q

Which of the following represent reasons why social-engineering attacks are so effective?

A

Consensus, scarcity.

41
Q

You received a call from the network administrator who was supposed to be on vacations. She informs you that there was an update to the financial system, and she needs you to temporarily change the password to N3wSyst3m” so that the software can receive initial updates. What type of social engineering technique is being used here?

A

Impersonation

The attacker is pretending to be someone else.

42
Q

Which of the following is a layer 2 attack that involves the attacker sending a large number of frames to the switch in order to trick the switch into sending all new frames to every port on the switch?

A

MAC flooding

43
Q

What type of physical attack involves the attacker creating a component that contains a wireless controller embedded inside it that enables the attacker to send commands to the device from a nearby phone or PC?

A

Malicious USB cable.
It is a physical attack on systems because the USB cable must be physically connected to the system that an attacker wishes to exploit.

44
Q

Which of the following attack types involves an attacker manipulating data input in order to exploit vulnerabilities in the algorithm used by the system?

A

Adversarial AI attack.
The attacker sends malicious input into the learning system in order to compromise the system. The attack is based on the fact that machine-learning systems use models of data for their training, which may be tainted training data for machine learning (ML). The learning system may respond differently in production scenarios to different data input during an attack. This attack type is designed to test the security of the machine-learning algorithm.

45
Q

What type of DDoS attack involves consuming bandwidth with traffic coming from many different sources so that the company cannot access the Internet?

A

Network

46
Q

To execute a script you created, you first run the set-execution policy unrestricted command. What type of script file are you about to execute?

A

PowerShell.
First, you must set the execution policy on the system to allow scripts to execute. You can configure the execution policy on many systems at once with Group Policies, or you can use the set-executionpolicy cmdlet in PowerShell.