ISCS 376 Final Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

The ______________________ are hacker that are generally legally hacking for the government of their country. They are usually well trained and will have a set a focused target.

Nation State Actor

T/F: Keyloggers can come packaged with other types of malware, such as Trojans.

True

A __________________ is an attack on hashed password that utilizes the same logic as the birthday problem. Which is to say, even if there are many different possible hashing outputs, you are likely to find two different inputs with the same hash.

birthday attack

A _________________ can be used to perform a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack.

botnet

A ______________________ is an attempt to manually guess a password, pin, or any other passphrase-like authentications in order to gain access to an account or system.

brute-force attack

A _____________________ is a condition where a process attempts to store more data into a memory variable than that variable accepts. Basically it writes too much data into an application's memory and causes the application to crash.

buffer overflow

The most common exploit of an Internet-exposed network service or a web server is a ______________________.

buffer overflow

A ________________ is similar to a brute-force but instead of systematically working through otherwise random passwords, a dictionary attack goes after common passwords first.

dictionary attack

A ____________________, (also known as a deauthentication attack) is when an attacker manages to cause a user's connection to Wi-Fi to get broken, or deauthenticated.

disassociation attack

How can you prevent piggybacking?

double entry doors, security guards, and turnstiles

A _________________ is an attack that forces a system to utilize a weaker form of encryption or security. This way, the attacker can have an easier time breaking the weaker encryption as opposed to the previously implemented one.

downgrade attack

A ______________________ is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker or Cracker.

penetration test

A ________________ can occur when a system incorrectly manages memory allocations in such a way that memory that is no longer being utilized or needed is not release.

memory leak

A computer programs that can copy itself and infect computer without the permission or knowledge of the owner.

Virus

__________ is phishing using the telephone as a means to find a target.

Vishing (Voice Phishing or VoIP Phishing)

A ___________ can autonomously replicate itself across networks.

worm

What is one way to prevent the spread of viruses?

you should enable email attachment scanning

A ____________________ or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer

zero-day attack

What are the characteristics of a virus?

- replication mechanism - activation mechanism - objective

What are the 6 Cryptographic Attacks?

1. Birthday Attack 2. Rainbow Tables 3. Dictionary 4. Weak Implementation 5. Bruteforce 6. Downgrade

What are the two attack that can cause you to be redirected to a spoofed website?

1. DNS Poisoning 2. Altered hosts file

What are the 8 wireless attacks that can occur?

1. Replay Attack 2. Evil Twin/Rogue AP 3. Jamming 4. WPS Attack 5. Bluejacking 6. Bluesnarfing 7. NFC 8. Disassociation

What are the 6 types of actors?

1. Script Kiddies 2. Hacktivist 3. Organized Crime 4. Nation States/APT 5. Insider Threats 6. Competitors

What are the principles (reasons for effectiveness) of Social Engineering?

1. authority 2. intimidation 3. scarcity 4. urgency 5. familiarity/ liking 6. trust

How to detect a rootkit?

A malware scanner is a utility that can find a rootkit

Malware which consists of a program designed to hide or obscure the fact that a system has been compromised.

A rootkit

A false email message warning the recipient of a virus that is going around.

A virus hoax

A self-replicating computer program. It uses a network to send copies of itself to other nodes, and it may do without any user intervention.

A worm

What is the difference between a Trojan horse and a Worm?

A worm self-replicates while a trojan horse does not.

An _________________________ describes a group of well organized attackers, possibly from an enemy country, who use very sophisticated and targeted attacks against your organization.

Advanced Persistent Threat (APT)

The method for finding a host's link layer (hardware) address when only its IP or some other Network Layer address is known.

ARP Poisoning

______________________ is used to later launch a man-in-the-middle attack.

ARP Poisoning

________________________ refers to the act of attempted to gather information from a group, website, etc. by the use of scanners, software, or a similar method requiring technical knowledge.

Active reconnaissance

Software installed that automatically displays and downloads advertising material when a user is online.

Adware

What type of malware is typically downloaded secretly and has the potential to continue to install more of itself or other malware as long as the user is online?

Adware

___________ comes in the form of banners, pop-ups, browser search bars, etc.

Adware

What is an example of a replay attack?

An example of this would be an attacker capturing part of a communication stream and then later sending that communication stream to the server while pretending to be the client.

How can you prevent SQL Injections?

Any procedure that construct SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives.

A computer virus that is wrapped in layers of encryption and complex code to make it difficult for researchers to take apart in a lab.

Armored virus

A jargon term for a collection of software robots, or bots, that run autonomously and automatically.

Botnet

When someone tries to pass themselves off as someone else. A simple strategy used to obtain information and/or access for a future attack.

Impersonating

______________ is a short ranged wireless communication, that can be tampered with like any other wireless communication.

NFC

A ____________ attack is one that uses a method of bypassing normal authentication and can take form of any type of virus that has found a way around conventional security.

Backdoor

Why would the end user's browser allow the XSS script to execute?

Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.

_____________________ is a testing technique where the internal workings of the item being tested are not known by the tester. You are working "in the dark".

Black box testing

______________________ allows hackers to gain access to data stored on a Bluetooth enabled phone using Bluetooth wireless technology without alerting the phone's user of the connection made to the device.

Bluejacking

A condition where a process attempts to store more data into a memory variable than that variable accepts. Basically it writes too much data into an application's memory and causes the application to crash.

Buffer overflow

Tricking a user into clicking a link other than what they had initially intended to.

Clickjacking

How to prevent a logic bomb from occuring?

Code review and change management processes are the best way to stop logic bombs from showing up in your applications

_____________________ are perpetrated by individuals that are a part of the targeted group/company.

Insider Threats

When an attacker manages to sneak malicious code into a "legitimate" device driver.

Driver manipulation

When attackers sort through the garbage of a company to gain information used for a subsequent attack.

Dumpster diving

What is the wireless version of the phishing scam?

Evil twin

_______________ attacks are when malicious scripts are injected into benign or otherwise trusted websites.

Cross-Site Scripting (XSS)

A type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.

Cross-site Request Forgery (XSRF)

A maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources.

DNS Poisoning

What type of attack is this example showing? You are trying to connect to PayPal, but the URL changes to a different site (one that looks just like PayPal asking for your financial information).

DNS Poisoning

Type of attack that is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.

Denial of Service (DoS)

Type of attack that includes large numbers of compromised systems (zombies/bots) attack a single target in attempt to crash it.

Distributed Denial of Service (DDoS)

When an attacker manages to take control of somebody else's domain. This can be accomplished a number of ways, but getting admin access is generally involved.

Domain hijacking

A term for a rogue, or counterfeit, Wi-Fi access point that appears to be a legitimate one offered on the premises. These WAPs have been set up by a hacker to eavesdrop on wireless communications among Internet surfers

Evil Twin

A _________________ is a person that uses hacking to promote a cause or push a political agenda.

Hacktivist

To prevent XSS or XSRF attacks, use _____________________ and __________________________.

Input Validation and restrict the use of special characters in input

____________________, also called data validation, is the process of ensuring that a program operates on clean, correct, and useful data.

Input validation

What is well known for containing Trojans?

Keygens (Key Generators)

A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

Logic bomb

A technique for changing a factory-assigned MAC address of a network interface on a networked device in order to deceive certain securities.

MAC spoofing

A form of active eavesdropping, or network sniffing, in which the attacker makes independent connections with the victims and relays messages between them.

Man-in-the-middle attack

A computer virus that infects multiple targets within the same system.

Multipartite virus

Why do attackers use keyloggers?

Often used covertly and remotely using software in order to record sensitive information such as passwords, credit numbers, etc.

_____________________________ is publicly available information that any corporation or individual can utilize in order to keep up to date on many types of attacks and threats

Open-source intelligence (OSINT)

_________________________ is characterized by the lack of technical expertise used to glean information.

Passive reconnaissance

In a _____________________, after the initial attack, the attacker will continue to monitor the target network.

Persistent Penetration Attack

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Phishing

When an authorized person allows (intentionally) others to pass through on their security principles.

Piggybacking

A type of stealth virus that attempts to avoid detection and removal by frequently changing its file and process names.

Polymorphic virus

______________________ can prevent the installation of rogue access points.

Port Security

____________________ is the act of exploiting a bug or design flaw in a software application to gain access to resources which normally would have been protected from an application or user.

Privilege escalation

A _________________ is when multiple events try to be processed by a system at the same time, potentially causing them to be processed in the wrong order.

Race Condition

Locks your computer or encrypts your data and threatens to delete it unless you pay a ransom to the attacker.

Ransomware

A software that is used by a malicious attacker to remotely control a system without being allowed explicitly by the owner.

Remote Access Trojan (RAT)

An attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.

SQL Injection

A _________________ is some form of unskilled hacker who has no real skill of their own. They will utilize common or easily implemented vulnerabilities that can be found online.

Script Kiddie

Using direct observation techniques, such as looking over someone's shoulder, to get information.

Shoulder Surfing

An email spoofing fraud attempt that targets a specific organization in order to seek unauthorized access to confidential data.

Spear phishing

__________________ are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information.

Spear phishing

__________________ targets specific employees of a company.

Spear phishing

_________________ is claiming to be something it/you are not.

Spoofing

A type of malware that is installed on computers and that collects information about users without their knowledge.

Spyware

_________ is secretly installed on the user's personal computer or on a shared computer. It can negatively affect confidentiality.

Spyware

The act of an unauthorized, or authorized, person who follows someone to a restricted area without the consent of the authorized person.

Tailgating

How do hackers use a SQL Injection?

They attempt to have the receiving server pass information to a back-end database from which it can compromise the stored data

How do attackers use Denial of Service (DoS) attacks?

They commonly attack web servers of a single external user. They are often accomplished using buffer overflows or by using multiple servers and/or routers to overwhelm another router or host.

The _____________ describes a class of computer threats that appears to perform a desirable function, but, in fact, performs undisclosed malicious function.

Trojan horse

An attack that relies on typographical errors made by users when inputting a web address in a browser.

URL hijacking or Typo squatting

How can you prevent a hoax virus?

User training and email spam filters are needed to stop a virus hoax from affecting your company.

______________________ can utilize a pin which is inherently unsecure and easily brute-forced. This type of attack is possible because of the simple nature of the pin.

WSP Attack

When an attacker finds a website or service frequented by whichever specific group that the attacker is targeting.

Watering Hole Attack

A type of spear-phishing that targets executives and high-profile targets.

Whaling

_____________________ is a testing technique whereby explicit knowledge of the internal workings of the item being tested is used to select the test data.

White box testing

______________________ can easily occur on a network because wireless traffic traverses over an otherwise easily accessible medium, air.

Wireless jamming

Unlike cross-site scripting, which exploits the trust a user has for a particular site, _________________ exploits the trust that a site has in a user's browser.

XSRF

An attacker can use __________ to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted.

XSS

A type of attack or threat that is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer.

Zero-day attack or also called zero-day vulnerabilities

What is the comparison between a virus and a hoax virus?

a hoax virus can create as much damage as a real virus. Users are ticked into changing system configuration and technical support resources are consumed by increased user calls.

Threats posed by ________________ are, simply, threats perpetrated by competing groups in order to gain some sort of edge or handicap their rivals.

competitors

How does the principles of Social Engineering help an attacker?

could help an attacker trick a victim into divulging information or unwittingly aiding in an attack

ARP Poisoning allows traffic to be redirected through a malicious machine by sending ___________________________ updates to a victim.

false hardware address

XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge and employs some type of social networking to pull it off, such as _______________.

forums

Weak encryption based attacks target the ___________________ or the algorithm itself, that is used in implementing password based authentication.

implementation

How are backdoors installed?

installed by malware so that other malware has an easier time accessing the user's computer. It is often introduced as a rootkit.

An __________________ is when some integer is expected, but an integer outside of the expect range is forced into the application.

integer overflow

What can happen if a buffer overflow is successful?

it can lead to a DoS

What must happen in order for a remote access trojan to be effective?

it needs to be launched on the victim's computer, this usually requires human interaction. Normally accomplished through email, like most virus, or through fake downloads masquerading as legitimate software

Records every keystroke on a device, trying to pick out patterns that synchronize with certain information.

keylogger

A ____________ is a type of malicious attack that is set off by a specific event, date, or time. It is not able to be discovered by an antivirus scan.

logic bomb

A _______________________ is when there is an interruption of network traffic for spying, and possibly accompanied by the insertion of malicious code.

man-in-the-middle attack

A ____________________ is a table of common hashes for plaintext while using various hashing algorithms. These tables are pre-calculated so an attacker has to do little work to utilize one.

rainbow table

A ________________ is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.

replay attack

A _______________ is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator or has been created to allow an attacker to conduct a man-in-the-middle attack.

rogue access point

A ___________ hides its processes, applications, and files from being detected.

rootkit

What is the form of malware that a Watering Hole Attack might use?

the associated malware is usually some form of spyware to collect information of the target group. Effective against targets even if they are trained against social engineering attacks, as it exploits an otherwise trusted website.

How do hackers use vishing?

the hacker will typically use a war dialer to send a recorded message stating that there is an error with a victims credit card or bank account and leave a number to call back. If the victim calls back, they will usually be asked personal information, such as SS# or account numbers.

How to prevent a rootkit?

the most effective action would be to reformat and reinstall the operating system

Why would an attacker want to use a rootkit?

to replace vital system executables which may then be used to hide processes and files the attacker has installed along with the presence of the rootkit itself.

Bluejacking is when ___________________ are sent to Bluetooth-enabled phones.

unsolicited messages

How can you prevent Dumpster Diving?

use a shredder or shredding service

How do you prevent phishing?

user training needs to happen in order to be effective in stopping phishing attempts

How can you prevent Shoulder Surfing?

using password masking, privacy screens, and proximity readers instead of key-punch locks

What is the most common way Trojans are installed?

via a thumb drive

How do most network viruses spread?

via email

A __________ is a security threat to a system that requires interaction from a user.

virus

A ___________________ is a computer program designed to search for and map systems for weaknesses in an application, computer, or network.

vulnerability scanner

What are the attacks that can be performed against an NFC communication

• Eavesdropping: Simply listening in to traffic. • Replay: Data is replayed to emulate older traffic. • MitM: An attacker intercepts NFC traffic, changes or monitors it, and forwards it to its final destination.


Conjuntos de estudio relacionados

Organizational Communciation Chapter 4

View Set

Chapter 26: The Child with Hematologic or Immunologic Dysfunction

View Set

Chapter 3 Test Review: Nutrition for Wellness

View Set