CompTIA Security+ Types of Attacks
What type of attack involves the hacker sending too much data to an application that typically results in the hacker gaining remote access to the system with administrative permissions? A. Buffer overflow B. SQL injection C. Folder traversal D. Cross-site scripting
Correct - A. A buffer overflow attack is when the hacker sends too much data to an application, causing the data to get stored beyond the buffer area. If the hacker can access the area beyond the buffer, they can run whatever code they want, which typically results in them gaining administrative access to the system. Wrong - B, C, and D are incorrect. An SQL injection attack is when the hacker inserts SQL commands into an application to control the flow of the application. Folder traversal is when the hacker places ../.. In the URL to try to navigate out of the web site folder and to access information on the web server. Cross-site scripting is when the hacker finds a way to send client-side script to the server so that it is processed by a client, such as submitting script into a field in a web site which is then stored as data in the web site database. When a user visiting the site displays the data, the code executes on the client system.
What type of attack is a smurf attack? A. DDoS B. DoS C. DNS poison D. MiTM
Correct - A. A smurf attack is an example of a DDoS attack. It involves the hacker spoofing the IP address so that ping messages appear to come from the victim. When all of the systems that were pinged reply to the ping message, they overburden the victim's system. Wrong - B, C, and D are incorrect; they are not the types of attacks for a smurf attack.
Which of the following methods is a popular method to protect against dictionary attacks? A. Password complexity B. Account lockout C. Network firewall D. Intrusion detection system
Correct - A. Implementing password complexity is a way to countermeasure dictionary attacks on the network. Wrong - B, C, and D are incorrect. Implementing an account lockout policy is a potential way to protect against a dictionary attack, but for certification exams we associate account lockout as a method of protecting against brute-force attacks. A network firewall will not protect you from internal password attacks, and an intrusion detection system may notify you of the suspicious traffic, but will not protect against the password attack.
What is the term used for a phishing attack that is targeted toward a specific person such as the executive of a company? A. Whaling B. Phishing C. Pharming D. Spim
Correct - A. Whaling is the term for targeting the phishing attack to "the big fish" in the company. With a whaling attack the e-mail message is typically personalized by using the name of that individual. Wrong - B, C, and D are incorrect. Phishing is sending a generic e-mail to a mass group of people in hopes that someone clicks the link that goes to the fake web site. Pharming is modifying DNS or the hosts file to lead people to the wrong site. Spim is spamming (sending unsolicited e-mails) through instant messenger applications.
What file can the hacker modify after compromising your system that could lead you to the wrong web site? A. sam B. hosts C. lmhosts D. services
Correct - B. The hosts file on a system is used to resolve domain names to IP addresses and can be used by the hacker to lead you to the wrong web site if the hacker gains access to this file. Wrong - A, C, and D are incorrect. The sam file is where the user accounts on a Windows systems are stored. The lmhosts file is used to resolve NetBIOS names to IP addresses, and the services file is used to match port numbers to friendly names such as HTTP.
Your manager has been reading a lot about popular password attacks such as dictionary attacks and brute-force attacks. Your manager is worried that your company is susceptible to such attacks. Which of the following controls will help protect against a brute-force attack? A. Password complexity B. Account lockout C. Network firewall D. Intrusion detection system
Correct - B. To protect against a brute-force attack, you need to take the time away from the hacker. Implementing an account lockout policy takes time away from the hacker so that they can try logging only a few times before the account is locked and unusable. Wrong - A, C, and D are incorrect. Implementing password complexity is a way to countermeasure dictionary attacks on the network. A network firewall will not protect you from internal password attacks, and an intrusion detection system may notify you of the suspicious traffic, but will not protect against the password attack.
Your manager has called you into the office and has expressed concerns about a number of news reports on social engineering attacks. Your manager would like to know what can be done to protect the company against social engineering attacks. A. Use a firewall. B. User awareness and training. C. Install antivirus software. D. Implement physical security.
Correct - B. User awareness and training is the only way to protect against social engineering attacks. Wrong - A, C, and D are incorrect. Technology solutions such as firewalls, antivirus software, and physical security will always help a little, but to truly protect against social engineering attacks, you need to educate the users so they are aware of security best practices.
You are monitoring network traffic and you notice a packet with pass' or 1=1-- in the content of the packet. What type of attack has occurred? A. Buffer overflow B. SQL injection C. Folder traversal D. Cross-site scripting
Correct - B. When you see a packet with pass' or 1=1-- you are most likely being attacked with an SQL injection attack. An SQL injection attack is when the hacker inserts SQL commands into an application to control the flow of the application. Wrong - A, C, and D are incorrect. A buffer overflow attack is when the hacker sends too much data to an application, causing the data to get stored beyond the buffer area. Folder traversal is when the hacker places ../.. In the URL to try to navigate out of the web site folder and access information on the web server. Cross-site scripting is when the hacker finds a way to send client-side script to the server so that it is processed by a client, such as submitting script into a field in a web site which is then stored as data in the web site database. When a user visiting the site displays the data, the code executes on the client system.
When looking at the web server log files, you notice that a lot of the requests that have hit the web site are navigating to the /scripts/..%c0%af../winnt/system32 folder. What type of attack is occurring? A. Buffer overflow B. SQL injection C. Folder traversal D. Cross-site scripting
Correct - C. This is an example of folder traversal. Folder traversal is when the hacker places ../.. In the URL to try to navigate out of the web site folder and to access information on the web server. The hacker will typically try to access operating system files and also try to run cmd.exe from the URL. Wrong - A, B, and D are incorrect. A buffer overflow attack is when the hacker sends too much data to an application, causing the data to get stored beyond the buffer area. An SQL injection attack is when the hacker inserts SQL commands into an application to control the flow of the application. Cross-site scripting is when the hacker finds a way to send client-side script to the server so that it is processed by a client, such as submitting script into a field in a web site which is then stored as data in the web site database.
Which of the following controls will help protect against tailgating? A. Locked doors B. Electronic keypads C. Swipe cards D. Mantrap
Correct - D. A mantrap is an area between two locked doors. The second door cannot be opened until the first door is locked, which helps employees entering the facility notice anyone who may try to enter along with them. Wrong - A, B, and C are incorrect. Although a locked door using a key, electronic keypad, or swipe card is a good idea (better than not having the door locked), they will not stop someone from entering the facility behind an employee without the employee noticing.
A hacker tries to compromise your system by submitting script into a field in a web application that is then stored as data in the web site database. The hacker is anticipating when you navigate to the site that your browser will parse the script and execute it. What type of attack is this? A. Buffer overflow B. SQL injection C. Folder traversal D. Cross-site scripting
Correct - D. Cross-site scripting is when the hacker finds a way to send client-side script to the server so that it is processed by a client, such as submitting script into a field in a web site which is then stored as data in the web site database. When a user visiting the site displays the data, the code executes on the client system. Wrong - A, B, and C are incorrect. A buffer overflow attack is when the hacker sends too much data to an application, causing the data to get stored beyond the buffer area. An SQL injection attack is when the hacker inserts SQL commands into an application to control the flow of the application. Folder traversal is when the hacker places ../.. In the URL to try to navigate out of the web site folder and to access information on the web server.
John has been studying hacking techniques used by hackers and decides to send a packet to your system, but ensures that he alters the source IP address of the packet so it looks like it came from someone else. What type of attack is this? A. Phishing B. Pharming C. Spim D. Spoofing
Correct - D. Spoofing is when someone alters the source address of a message. IP spoofing is the altering of the source IP address, MAC spoofing is when the hacker alters the source MAC address, and e-mail spoofing is when the hacker alters the source e-mail address of a message. Wrong - A, B, and C are incorrect. A phishing attack involves the hacker tricking a user into navigating to the wrong web site and inputting user account information for the hacker to see. Pharming is poisoning DNS or the hosts file in order to lead an individual to the wrong web site. Spim is sending spam messages to instant messenger users.
The hacker has managed to poison everyone's ARP cache so that all traffic to the Internet is being sent to the hacker's system before they route it out to the Internet. What type of attack is this? A. DDoS B. DoS C. Phishing D. MiTM
Correct - D. When the hacker positions himself between two systems and is receiving a copy of all traffic before passing it on to the real destination, this is a man-in-the-middle (MiTM) attack. Wrong - A, B, and C are incorrect. A DDoS attack is a distributed denial of service attack, which involves the hacker using multiple systems to perform a denial of service attack. A denial of service (DoS) attack involves the hacker causing a system to not perform its job role by overburdening the system with traffic. A phishing attack involves the hacker tricking a user into navigating to the wrong web site and inputting user account information for the hacker to see.
Card # 14 Front With a dictionary attack how does the password-cracking software attempt to figure out the passwords of the different user accounts? A. Calculates all possible passwords B. Uses the passwords stored in the SAM database C. Uses the entries in the /etc/passwd file D. Reads the passwords from a word list file
Correct - D. With a dictionary attack the passwords are read from a dictionary word list file, which contains all the words in a particular language. Wrong - A, B, and C are incorrect. A brute-force password attack would calculate all possible passwords. Password attack tools do not try to use the passwords of the SAM database because those passwords are unreadable and would have to be cracked themselves. The /etc/passwd file is the user account database on a Linux system.
What type of attack results in the victim's system not being able to perform its job function? A. Man-in-the-middle B. Spoofing C. Denial of service D. Port scanning
Wrong - A, B, and D are incorrect. A man-in-the-middle attack is when the hacker places himself between two systems and is able to view all parts of the conversation. A spoofing attack is when the hacker alters the source address to make the data appear as if it came from someone else. A port scanning attack is when the hacker scans your system for open ports.