Vulnerabilities

Question 1

A type of vulnerability that allows an attacker to run arbitrary code on a remote system, often leading to complete system compromise. RCE vulnerabilities can be exploited to execute malicious code on a target machine.

Example: An attacker exploits a web application vulnerability to upload and execute a malicious script on the server, giving them control of the system.

Answer 1

RCE (Remote Code Execution)

Question 2

A security vulnerability that allows an attacker to manipulate an SQL query by injecting malicious SQL code, potentially allowing them to read, modify, or delete data from the database.

Example: An attacker enters OR 1=1 in a login form, bypassing authentication and gaining unauthorized access to the system.

Answer 2

SQLi (SQL Injection)

Question 3

A vulnerability that allows an attacker to inject malicious scripts into web pages viewed by other users, which can steal cookies, session tokens, or perform actions on behalf of the user.

Example: An attacker submits a script in a comment section of a website, which then gets executed in other users’ browsers, stealing their session cookies.

Answer 3

XSS (Cross-Site Scripting)

Question 4

A type of attack that forces a user to perform unwanted actions on a website where they are authenticated, often without the user’s knowledge. The attacker tricks the user into submitting a request on their behalf.

Example: An attacker sends a user a link that triggers a fund transfer request on their banking website, transferring money without the user’s consent.

Answer 4

CSRF (Cross-Site Request Forgery)

Question 5

Software programmed into hardware devices that provides low-level control and functionality. It is typically embedded in the device and not easily altered.

Example: The basic functions of a router, like managing traffic, are controlled by embedded software.

Answer 5

Firmware

Question 6

Software that acts as a bridge between different applications, services, or databases, allowing them to communicate with each other.

Example: Software that enables communication between a web server and a database server.

Answer 6

Middleware

Question 7

A program that allows an operating system to interact with hardware components like printers, graphics cards, or storage devices.

Example: Software that allows a computer to print documents on a connected printer.

Answer 7

Device Driver

Question 8

The lowest-level programming language, consisting of binary code (0s and 1s) that a computer’s processor can directly execute.

Example: A program is compiled into binary instructions that a computer’s CPU can understand and execute.

Answer 8

Machine Code

Question 9

The point at which a product, service, or system is no longer supported or maintained by the manufacturer or provider.

Example: The software stopped receiving security updates after it reached this stage.

Answer 9

EOL (End of Life)

Question 10

The process of managing the development, maintenance, and eventual retirement of software applications.

Example: These tools help track the progress and bugs in a software development project.

Answer 10

ALM (Application Lifecycle Management)

Question 11

When a vendor stops providing updates, fixes, or support for a product or service.

Example: The device will no longer receive official patches or customer support after this point.

Answer 11

EOS (End of Support)

Question 12

A structured approach to software development that includes planning, design, development, testing, and maintenance.

Example: The structured approach guides teams from initial concept to final deployment and support.

Answer 12

SDLC (Software Development Life Cycle)

Question 13

A security vulnerability where an attacker can break out of a virtual machine (VM) and gain unauthorized access to the host system or other VMs.

Example: An attacker exploiting this vulnerability could execute commands on the hypervisor from within the this.

Answer 13

VM Escape (Virtual Machine Escape)

Question 14

A layer of software that enables the creation and management of virtual machines by providing virtualization resources to them.

Example: This allocates physical resources such as CPU and memory to virtual machines.

Answer 14

Hypervisor

Question 15

The practice of reusing system resources, such as memory or CPU, in different processes or tasks to optimize performance.

Example: Allocating the same memory space to multiple processes at different times to conserve resources.

Answer 15

Resource Reuse

Question 16

A security attack where a user gains higher-level access than they are authorized for, often allowing them to perform restricted actions.

Example: An attacker exploiting a vulnerability to gain administrative rights on a system.

Answer 16

Privilege Escalation

Question 17

A condition where a system’s resources, such as memory or CPU, are completely consumed, leading to system instability or crashes.

Example: A denial-of-service attack that consumes all available server resources, causing it to fail.

Answer 17

Resource Exhaustion

Question 18

When multiple sessions or users access a system at the same time, which can affect performance or security.

Example: Multiple users accessing the same server at once, potentially leading to slower response times or data conflicts.

Answer 18

Concurrent Session Usage

Question 19

The process of removing software restrictions on an iOS device, allowing the installation of apps and tweaks not approved by Apple.

Example: Installing apps from third-party sources that aren’t available in the official app store

Answer 19

Jailbreaking

Question 20

The act of installing applications or content onto a device without using the official app store or marketplace.

Example: Installing an app on a smartphone from a source other than Google Play or the Apple App Store.

Answer 20

Sideloading

Question 21

The process of gaining full administrative control over an Android device, bypassing manufacturer restrictions to modify system files.

Example: Modifying system settings or installing custom ROMs on an Android device.

Answer 21

Rooting

Question 22

Software that is not malicious but can cause unwanted effects, such as slow performance, pop-ups, or privacy concerns.

Example: A program that collects and shares non-sensitive user data without malicious intent.

Answer 22

Grayware

Question 23

Software designed to display unwanted advertisements on a user’s device, often through pop-ups or banners.

Example: A free app that shows frequent ads to users in exchange for access to its features.

Answer 23

Adware

Question 24

Malicious software that encrypts a user’s files or locks access to a system, demanding payment for restoration.

Example: A hacker encrypts important files on a computer and demands money to decrypt them.

Answer 24

Ransomware

Question 25

Malicious software that secretly monitors and collects user activity, often for malicious purposes such as identity theft.

Example: Software that tracks a user’s browsing habits and sends the data to third parties without permission.

Answer 25

Spyware

Question 26

A type of malware that disguises itself as a legitimate program or file to trick users into installing it, often causing harm or giving unauthorized access.

Example: A file disguised as a helpful software update that actually installs malicious software on a device.

Answer 26

Trojan Horse

Question 27

A type of malware that allows an attacker to remotely control an infected device without the user’s knowledge.

Example: An attacker uses this malware to monitor activities and steal sensitive information from a compromised system.

Answer 27

RAT (Remote Access Trojan)

Question 28

Software that may not be malicious but can negatively impact system performance or user experience, often bundled with other software.

Example: An unwanted toolbar that is installed along with a free download, slowing down the system.

Answer 28

PUP (Potentially Unwanted Program)

Question 29

A type of malware that replicates itself and spreads across networks without needing to attach to a host file or program.

Answer 29

Worm

Question 30

A type of malware that operates in memory and doesn’t write any files to the hard drive, making it harder to detect.

Answer 30

Fileless Virus

Question 31

A piece of malicious code triggered by a specific condition or event, such as a certain date or the presence of a particular file.

Answer 31

Logic Bomb

Question 31

A program that automatically performs tasks, often maliciously, as part of a botnet controlled by an attacker.

Answer 31

Bot

Question 32

Unnecessary or unwanted software that comes pre-installed on a device, often consuming system resources and slowing down performance.

Example: A new laptop that comes with trial software and additional apps that the user doesn’t need or want.

Answer 32

Bloatware

Question 33

A type of spyware that records keystrokes on a device, often used to steal sensitive information like passwords.

Example: A malicious program that tracks every key pressed on a keyboard, sending the data to an attacker.

Answer 33

Keylogger

Question 34

A tool used to identify security weaknesses in a system, network, or application that could be exploited by attackers.

Example: A security tool that scans a website for outdated software versions or weak configuration

Answer 34

Vulnerability Scanner

Question 35

A self-replicating type of malware that spreads through networks without needing to attach to a host file, often causing disruption.

Example: Automatically spreads across a network, infecting multiple devices without any user intervention.

Answer 35

Computer Worm

Question 36

A tool used to capture and analyze network traffic, often used by attackers to intercept sensitive data being transmitted over a network.

Answer 36

Packet Sniffer

Question 37

A method of bypassing normal authentication to gain unauthorized access to a system, often installed by malware or attackers.

Answer 37

Backdoor

Question 38

A type of malware designed to hide the presence of malicious activities or files on a system, often giving attackers full control.

Answer 38

Rootkit

Question 39

The process of copying the information stored on a Radio Frequency Identification (RFID) tag to create a duplicate, often for malicious purposes.

Example: An attacker clones an access card to gain unauthorized entry into a secure building.

Answer 39

RFID Cloning