Week 1 - Other Attacks

Question 1

What is an injection attack?

Answer 1

An attacker injects malicious code into your system

Question 2

What does XSS stand for?

Answer 2

Cross-Site Scripting (attacks)

Question 3

What kind of attack is XSS attacks?

Answer 3

an injection attack where the attacker inserts malicious code to target the user of a service

(malicious script in a web browser executed by a user, steals cookies and log-in info)

Question 4

What kind of attack is a SQL injection attack?

Answer 4

targets the entire website if the website is using a SQL database. Allows them to delete website data, copy it and run malicious commands.

(unlike XSS that targets a user)

Question 5

What is a brute force attack?

Answer 5

It’s a password attack that continuously tries different combinations of characters and letters to get access

Question 6

What’s a dictionary attack?

Answer 6

Similar to a brute force attack, instead of random characters it uses commonly used word passwords

(like monkey, football, password)

Question 7

What is a social engineering attack?

Answer 7

an attack method that relies on interactions with humans to carry out (tricking a person into giving out info)

Question 8

When does a phishing attack usually occur?

Answer 8

When a malicious email is sent to a victim with a malicious link to click on

Question 9

How is spear phishing different from regular phishing attacks?

Answer 9

Spear phishing targets specific individuals or groups (contain personal information)

Question 10

What is spoofing?

Answer 10

A source trying to pass off as something else (masquerading as your friend’s email address)

Question 11

What is baiting?

Answer 11

an offline attack that is used to entice a victim into doing something

(like leaving a malicious USB drive lying around)

Question 12

What is tailgating?

Answer 12

an offline attack where the attacker gains access into a restricted area by following a real employee in or impersonate a worker