Types of Attacks (2) Flashcards

1
Q

Your manager has been hearing a lot about social-engineering attacks and wonders why such attacks are so effective. Which of the following identifies reasons why the attacks are so successful? (Choose three.)

Authority

DNS poisoning

Urgency

Brute force

Trust

A

Authority

Urgency

Trust

There are a number of reasons why social-engineering attacks are successful, including these three reasons: The victim believes he is receiving communications from a person of authority. Also, the attacker speaks with a sense of urgency, which makes the victim want to help out as quickly as possible. Trust is correct because social engineering works based on the fact that we trust people, especially people in need or people of authority. Social engineering is effective for a number of other reasons, such as intimidation, consensus or social proof, scarcity of the event, and familiarity or liking of a person. Most social-engineering experts have mastered being likeable, which transforms into trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A user calls and asks you to send sensitive documents immediately because a salesperson needs them to close a multimillion-dollar deal and the salesperson’s files are corrupted. She demands you do this immediately, or she’ll have you fired. What form of social engineering is this?

Familiarity

Intimidation

Consensus

A

Intimidation

Intimidation occurs when an attacker threatens the victim using bullying tactics or threats to get the victim to take an action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An attacker tricks a user into clicking a malicious link that causes an unwanted action on a web site the user is currently authenticated to. What type of exploit is this?

Cross-site request forgery

Cross-site scripting

Replay

A

Cross-site request forgery

Cross-site request forgeries occur when an attacker tricks a user into executing unwanted actions on a web site she is currently authenticated to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your server is being flooded with DNS lookup requests, which is causing the server to be unavailable for legitimate clients. What sort of general attack is this?

Buffer overflow

Domain hijacking

Amplification

A

Amplification

An amplification attack involves sending a small amount of data to an unsuspecting third party, which sends a larger amount of data to the target

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A user calls you stating that his browser performed an unintended action after he clicked a button on a web page. What sort of attack has taken place?

Replay

Shimming

Click-jacking

A

Click-jacking

A click-jacking attack involves tricking the user into clicking an object that causes some evil action as a result. Users think they are clicking a link for a legitimate purpose, but they are unwittingly downloading malware or performing some other malicious activity with the click

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A downloaded hardware driver does not match the checksum from the manufacturer, yet it installs and seems to behave as it should. Months later, you learn that sensitive information from your device has been leaked online. Which term best describes this type of attack?

Refactoring

Collision

ARP poisoning

A

Refactoring

A refactoring attack involves changing the internal code of the driver while maintaining the external behavior so it appears to be behaving normally

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A user is attempting to log into a web application but notices that the version of TLS being used is lower than expected. What sort of attack is this?

Weak implementations

Known plain text/cipher text

Downgrade

A

Downgrade

A downgrade attack involves forcing a connection to abandon a high-quality encryption protocol for a lower quality, more insecure protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have received a SMS text message from the bank stating that access to your bank account has been blocked. The message asks you to click a link to reactivate the account right away. What type of attack is this?

Skimming

Card cloning

Smishing

A

Smishing

A smishing attack occurs when the attacker uses SMS text messaging to send a phishing style message to a user’s mobile phone, trying to trick the user into compromising security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An attacker obtains a connection to your LAN and then uses SETH to perform a MiTM attack between your system and the company RDP server, which enables the attacker to collect the logon information for the RDP server. What type of attack has occurred?

Reconnaissance

Credential harvesting

Impersonation

A

Credential harvesting

Credential harvesting occurs when the attacker collects logon information and then uses that information to gain access to system at a later time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following mechanisms can be used by an attacker as a method in an influence campaign to trick the victim into compromising security?

Intimidation

Malicious flash drive

Social media

A

Social media

Social media is a tool that can be used as an influence campaign during a social-engineering attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following represent reasons why social-engineering attacks are so effective? (Choose two.)

URL redirection

Consensus

Domain reputation

Scarcity

Malicious code execution

A

Consensus

Scarcity

There are a number of reasons why social engineering is effective, such as intimidation, consensus or social proof, scarcity of the event, and familiarity or liking of a person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You receive a call from the network administrator who was supposed to be on vacation. She informs you that there was an update to the financial system, and she needs you to temporarily change your password to “N3wSyst3m” so that the software can receive initial updates. What type of social-engineering technique is being used here?

Impersonation

Eliciting information

Prepending

A

Impersonation

Impersonation is when the attacker pretends to be a different individual in order to trick someone into compromising security. It is common for the attacker to impersonate the network administrator in order to get users to make changes, but it is also common for the attacker to impersonate a frustrated user so that the administrator helps give the user access to the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is a layer 2 attack that involves the attacker sending a large number of frames to the switch in order to trick the switch into sending all new frames to every port on the switch?

MAC cloning

MAC spoofing

MAC flooding

A

MAC flooding

MAC flooding occurs when the attacker sends a large number of frames to the switch, causing it to fill its MAC address table so old entries are removed from the table to make space for the new entries. This causes known MAC addresses to be removed from the MAC address table, which results in the switch flooding all frames (sends the frames to all ports on the switch)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of physical attack involves the attacker creating a component that contains a wireless controller embedded inside it that enables the attacker to send commands to the device from a nearby phone or PC?

Card cloning

Spraying

Malicious USB cable

A

Malicious USB cable

A malicious USB cable is used as a physical attack on systems because the USB cable must be physically connected to the system that an attacker wishes to exploit. Once the cable is connected, it can receive commands wirelessly to execute payloads on the target system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following attack types involves an attacker manipulating data input in order to exploit vulnerabilities in the algorithm used by the system?

Adversarial AI attack

Supply-chain attack

Cloud-based attack

A

Adversarial AI attack

Artificial intelligence (AI), also known as machine learning, may be vulnerable to adversarial machine-learning attacks, in which the attacker sends malicious input into the learning system in order to compromise the system. The attack is based on the fact that machine-learning systems use models of data for their training, which may be tainted training data for machine learning (ML). The learning system may respond differently in production scenarios to different data input during an attack. This attack type is designed to test the security of the machine-learning algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of DDoS attack involves consuming bandwidth with traffic coming from many different sources so that the company cannot access the Internet?

Application

Network

Physical

A

Network

A network-based distributed denial of service attack involves using up network resources such as bandwidth or processing power of network devices such as routers and switches so that network access is slow or crashes

17
Q

To execute a script you created, you first run the set-executionpolicy unrestricted command. What type of script file are you about to execute?

Bash

Python

PowerShell

A

PowerShell

To execute PowerShell scripts on a Windows system, you must first set the execution policy on the system to allow scripts to execute. You can configure the execution policy on many systems at once with Group Policies, or you can use the set-executionpolicy cmdlet in PowerShell