Weak Points #2

Question 1

Cognitive Password

Answer 1

A cognitive password is a form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity.

Question 2

SQL Injection: Breaking a valid SQL Request

Answer 2

Use a single quote:
The single quote character (‘) is the character limiter in SQL. With a single quote,’ you delimit strings, and therefore you can test whether the programmer has properly escaped the strings in the targeted application.

If not escaped directly, you can end any string supplied to the application and add other SQL code after it. This is a common technique for SQL injections.

Question 3

RADIUS

Answer 3

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple-A) management for users who connect and use a network service.

The RADIUS protocol utilizes an obfuscated password created from the shared secret and creates an MD5 hash of the authentication request to protect the communications.

Question 4

Data Sanitization: Clearing

Answer 4

Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques.

Clearing involves overwriting data once (and seldom more than three times) with repetitive data (such as all zeros) or resetting a device to factory settings.

Question 5

Armored Virus

Answer 5

A type of virus that use various techniques to protect it from being reverse engineered. This includes changing its code during execution and encrypting its payloads.

Question 6

COPE Policy

Answer 6

Corporate Owned, Personally Enabled:
A business model in which an organization provides its employees with mobile computing devices and allows the employees to use them as if they were personally owned

Can facilitate MDM/MAM

Question 7

Cookies: Secure Attribute

Answer 7

When a cookie has the Secure attribute, the user agent includes the cookie in an HTTP request only if transmitted over a secure channel (typically HTTPS).

Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie’s confidentiality.

Question 8

Port Scanning

Answer 8

Using a tool like nmap, an attacker can create an SYN scan across every port in the range against the desired target. A port scan or SYN scan may trigger an alert in your IDS.

While scanners support more stealthy scans, default scans may connect to each port sequentially.

Question 9

Prepending

Answer 9

Used in data URL phishing

Adding code to the beginning of a presumably safe file

Activates when the file is opened

Question 10

XSS Characteristics

Answer 10

Exploits the trust a user’s web browser has in a website

A malicious script is injected into a trusted website

User’s browser executes attacker’s script

Question 11

Session ID Characteristics

Answer 11

A unique identifier assigned by the website to a specific user

A piece of data that can be stored in a cookie, or embedded as a URL parameter

Stored in a visitor’s web browser

Question 12

Null-pointer Dereference

Answer 12

An attempt to read a variable value from an invalid memory address

Question 13

Integer Overflow

Answer 13

A programming error where an application tries to store a numeric value in a variable that is too small to hold it

Question 14

SSRF

Answer 14

Server-Side Request Forgery:

Allows an attacker to take control over a server and use it as a proxy for unauthorized actions

Question 15

XSRF Characteristics

Answer 15

Exploits the trust a website has in the user’s web browser

A user is tricked by an attacker into submitting unauthorized web requests

Website executes attacker’s request

Question 16

Memory Leak

Answer 16

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required

Question 17

SSL Stripping is a combination of…

Answer 17

Downgrade attack

On-path attack

Question 18

Shimming

Answer 18

Alters the external behavior of an application and at the same time does not introduce any changes to the application’s code

Question 19

Refactoring

Answer 19

The practice of modifying an application’s code without changing its external behavior

Question 20

Encryption Randomization (2 Methods)

Answer 20

IV

Salting

Question 21

Biggest impact on domain reputation:

Answer 21

Distribution of spam

Question 22

Threat Actors: Competitors

Answer 22

Threat actors that engage in illegal activities to get the know-how and gain market advantage

Question 23

Vulnerability Databases

Answer 23

CVE (Common Vulnerabilities & Exposures)

NVD (National Vulnerability Database)

Question 24

TTP

Answer 24

Tactics, Techniques, & Procedures:
A key concept in cybersecurity and threat intelligence.

The purpose is to identify patterns of behavior which can be used to defend against specific strategies and threat vectors used by malicious actors.

Question 25

CVSS

Answer 25

Common Vulnerability Scoring System:

An industry standard for assessing the severity of computer system security vulnerabilities

Question 26

DNS Sinkhole

Answer 26

An example of fake telemetry

A DNS server that has been configured to hand out non-routable addresses for a certain set of domain names

Computers that use the sinkhole fail to access the real site

Question 27

Microservice

Answer 27

Independent and self-contained code components that can be put together to form an application

Question 28

VM Escape Countermeasures

Answer 28

Sandboxing

Patch management

Question 29

SQL Injection Countermeasures

Answer 29

Stored procedures

Input validation

Question 30

HOTP Characteristics

Answer 30

Valid for only one login session

Based on a cryptographic hash function & secret cryptographic key

Not vulnerable to replay attacks

Question 31

NIC Teaming

Answer 31

The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy

Question 32

Restoring from incremental backups (requirements)

Answer 32

All copies of incremental backups made since last full backup
Copy of last full backup

Question 33

Sequential-Access Backup Media

Answer 33

Magnetic tapes

Question 34

Non-persistence Characteristics

Answer 34

Last known-good configuration
Live boot media
Known state reversion

Question 35

Session Affinity

Answer 35

A method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server

Question 36

Transparent Proxy Characteristics

Answer 36

Doesn’t require client-side configuration

Redirects client’s requests & responses without modifying them

Clients might be unaware of the proxy service

Question 37

Nontransparent Proxy

Answer 37

Modifies client’s requests & responses

Requires client-side configuration

Question 38

MDM: Containerization

Answer 38

The isolation of corporate applications and data from other parts of the mobile device

Question 39

UEM

Answer 39

Unified Endpoint Management:

A software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables

Question 40

RADIUS Characteristics

Answer 40

Primarily used for network access

Combines authentication & authorization

Encrypts only the password in the access-request packet

Question 41

TACACS+ Characteristics

Answer 41

Encrypts the entire payload of the access-request packet

Primarily used for device administration

Separates authentication & authorization