Unit 5 - Module 4 - Theats

Question 1

What do you call a manipulation technque that exploits human error to gain private information, access , or valuables?

Answer 1

Social Engineering

Question 2

These are the stages or what?

1) Prepare
2) Establish Trust
3) Use persuasion tactics
4) Disconnect from the target ( Dissapear after wards )

Stages of __________

Answer 2

Social Engineering

Question 3

What social engineering tactic temps people into compromising their security?

Answer 3

Baiting

Question 4

What digital communications trick people into revealing sensitive data or deploying malicious software?

Answer 4

Phishing

Question 5

What is a type of bait used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money?

Answer 5

Quid pro quo

Question 6

What social engineering tact is used which unauthorized people follow an authorized person into a restricted area?

Answer 6

Tailgating

Question 7

What type of attack is when a threat actor compromises a website frequently visited by a specific group of users?

Answer 7

Watering Hole

Question 8

What do you call the use of digital communications to trick people into revealing sensitive data or deploying malicous software?

Answer 8

Phishing

Question 9

What do you call the exploitation of electronic voice communication to obtain sensitive information or impersonate a known source?

Answer 9

Vishing

Question 10

What do you call a subnet of email phising in which specific people are purposefully targeted, such as the accountants of a small business?

Answer 10

Spear Phishing

Question 11

What do you call the spear phishing attempts that are aimed at high-ranking executives in an organization?

Answer 11

Whaling

Question 12

What do you call the technique where attackers impersonate customer service reps on social media?

Answer 12

Angler Phishing

Question 13

What malware is used to gather and sell information without consent?

Answer 13

Spyware

Question 14

What do you call malicious code written to interfere with computer operations and cause damage to data and software?

Answer 14

Virus

Question 15

What malware can duplicated and spread itself across systems on its own?

Answer 15

Worm

Question 16

What malware looks like a legitmate file or program?

Answer 16

Trojan

Question 17

What type of malicious attack is when the attackers encrypt an organization’s data and demand payment to restore access?

Answer 17

Ransomware

Question 18

What do you call software designed to harm device or networks?

Answer 18

Malware

Question 19

What do you call advertising-supported software?

Answer 19

Adware

Question 20

What do you call malicious adware that falls into a sub-category of malware?

Answer 20

Potentially unwanted application (PUA)

Question 21

What do you call malware that does not need to be installed by the user becuase it uses legitimate programs that are already installed on the computer?

Answer 21

Fileless Malware

Question 22

What do you call malware that provides remote, administrative access to a computer?

Answer 22

Rootkit

Question 23

What do you call a type of malware that comes packed with malicious code which is delivered and installed onto a target system?

Answer 23

Dropper

Question 24

What do you call the “robot network” which is a collection of infected computers from malware that are under the control of a single threat actor, known as the “bot-herder”?

Answer 24

Botnet

Question 25

What is the form of malware that installs software to illegally mine cryptocurrencies?

Answer 25

Cryptojacking

Question 26

What is malicious code or behavior that’s used to take advantage of coding flaws in a web application?

Answer 26

Web-based exploits

Question 27

What is malicious code inserted into a vulnerable application?

Answer 27

Injection Attack

Question 28

What do you call an injection attack that inserts code into a vulnerable website or web application?

Answer 28

Cross-site scripting (XSS)

Question 29

What kind of attack are these?

1) Reflected
2) Stored
3) DOM-based

Answer 29

Cross-site scripting attacks

Question 30

What do you call an instance when malicious script is sent to a server and activated during the server’s responce?

Answer 30

Reflected XSS attack

Question 31

What do you call an instance when malicious script is injected directly on the server?

Answer 31

Stored XSS Attack

Question 32

What is an instance when malicious script exists in the webpage a browser loads?

Answer 32

DOM-based XSS attack

Question 33

What is a coding techinique that executes SQL statementes before passing them onto the database?

Answer 33

Prepared Statement

Question 34

What programming removes user input which could interpreted as code?

Answer 34

Input Sanitization

Question 35

What programming ensures user input meets a system’s expections?

Answer 35

Input Validation

Question 36

What model is this? ( What guide )

1) Define the scope
2) Identify Threats
3) Characterize the enviroment
4) Analyze threats

Answer 36

Threat Model Steps

Question 37

What is a popular threat modeling framework that’s used across many industries?

Answer 37

PASTA

Process for Attack Simulation and Threat Analysis