Network Security module 3
What is the code that allows you to create a fork bomb using notepad?
%0|%0
A link to the device platform that allows a developer to access resources at a high level is known as what?
API
API
Application Programming Interface
Malware that gives access to a computer, program, or service that circumvents any normal security protections.
Backdoor
What type of attack is a pre-cursor to the collision attack?
Birthday
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer?
Blocking Ransomware
Password spraying cyber-attack can be categorized as what type of attack?
Brute Force
Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?
Buffer Overflow
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
Buffer Overflow Attack
What type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
An attack that takes advantage of an authentication "token" that a website sends to a user's web browser to imitate the identity and privileges of the victim.
CSRF
What attack is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
CSRF
CSRF
Cross Site Request Forgery
What enables attackers to inject client-side scripts into web pages viewed by other users?
Cross Site Scripting
XSS
Cross site scripting
Jose receives a security report that none of the employees in his organization can access the internal server. When he logs on to the server, he receives a message that all the files on the server have been encrypted and that he must pay a fee of $600 in bitcoins to decrypt the files. What type of malware was installed on the server?
Cryptomalware
What attack targets the external software component that is a repository of both code and data?
DLL injection attack
What is known as out-of-the-box configuration?
Default Settings
An application lists all the files and subdirectories in its web folder. This indicates that the application has what weakness?
Directory Listing
What word is used today to refer to network-connected hardware devices?
Endpoint
What attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?
Error Based SQL Injection
XML
Extensible Markup Language
Which type of malware relies on LOLBins?
Fileless virus
What code provides instructions to the hardware?
Firmware
What provides unauthorized access to another user's system resources or application files at the same level/role within an organization?
Horizontal Privilege Escalation
Hardware or software that silently captures and stores each keystroke that a user types on the computer's keyboard.
Keylogger
Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it.
Logic Bomb
Malicious software that enters a computer system without the user's knowledge or consent and then performs an unwanted and harmful action.
Malware
Debra downloads an application on her workplace computer. As she installs the application, she notices an option to install an additional program. She unchecks the box to choose not to install the additional software. What type of malware did Debra prevent from being installed on her system?
PUP
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this?
PUP
Software apps installed on a device before the purchase are known as what?
PUP
Software that users do not want on their computer.
PUP
What is also known as a "dot dot slash" attack?
Path Traversal
PUP
Potentially Unwanted Program
What type of malware does not harm the system but only targets the data?
Ransomware
What term refers to changing the design of existing code?
Refactoring
Casey reports that she received an alert saying she was connected to a server. However, she did not connect to that server today. What attack is most likely happening?
Replay attack
Malware that can hide its presence and the presence of other malware on the computer.
Rootkit
John downloaded new calendar software and installed it. Since then, he's noticed unexpected new activity, such as pop-up windows, on the computer. What should he do first?
Run antimalware software
James has recently run a vulnerability scan and determined that the current version of SQL installed on the server is vulnerable and out of date. What is the server most vulnerable to?
SQL injection
An attack that takes advantage of a trusting relationship between web servers.
SSRF
What manipulates the trusting relationship between web servers?
SSRF
SSRF
Server side request forgery
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes what?
Session Hijacking
SQL
Structured Query Language
What race condition can result in a NULL pointer/object dereference?
Time of check/time of use race condition
An executable program that masquerades as performing a benign activity but also does something malicious.
Trojan
What is known as a network virus?
Worm
A markup language designed to store information.
XML
An attack that inserts statements to manipulate a database server using eXtensible Markup Language (XML).
XML injection
An attack that takes advantage of a website that accepts user input without validating it.
XSS
What type of attack is based on a website accepting user input without sanitizing it?
XSS
What is technology that imitates human abilities?
ai
An infected computer placed under the remote control of an attacker for the purpose of launching attacks.
bot
Malware that encrypts all the files on the device so that none of them can be opened until a ransom is paid.
cryptomalware
An attack that changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.
integer overflow attack
An attack that depletes parts of memory and interferes with the normal operation of the program in RAM to give an attacker access to the underlying OS.
resource exhaustion attacks
A software check of the state of a resource before using that resource.
time of check/time of use
Malicious program that uses a computer network to replicate.
worm
