Network and Computer Attacks
When a programmer exploits written code that doesn't check for a defined amount of memory space they are executing which of the following attacks?
Buffer overflow
DoS
Denial of Service (Dos) attack is made to deny legitimate users the ability to access network resources
Which type of attack cripples the network and prevents legitimate users from accessing network resources?
Denial-of-Service
What type of malicious procedure involves using sniffing tools to capture network communications to intercept confidential information or gather credentials that can be used to extend the attack?
Eavesdropping
What type of malicious computer programs present themselves as useful computer programs or applications?
Trojan Programs
In a buffer overflow attack, an attacker finds a vulnerability in poorly written code that doesn't check for a defined amount of memory space use. (T/F)
True
Malware is malicious software, such as a virus, worm, or Trojan Program, introduced into a network (T/F)
True
Whitelisting allows only approved programs to run on a computer. (T/F)
True
What type of malicious program cannot stand on its own and can replicate itself through an executable program attached to an e-mail?
Virus
ransomware
a type of virus that locks a target system or files on a target system until a ransom is paid
Man-in-the-middle
an attack in which attackers place themselves between the victim computer and another host computer, and then intercept messages sent from the victim to the host and pretend to be the host computer
Trojan Programs can install a specific type of program to allow an attacker to access to the attacked computer later. What means of access is the attacker utilizing?
back door
Which of the following physical security methods provides the ability to secure a company's assets and document any individuals physical time of entry?
card access
Keyloggers
hardware devices or software (spyware) that record keystrokes made on a computer and store the information for later retrieval
What is a DDoS attack?
is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic
Explain the advantages of application whitelisting?
it is to block malware from entering and executing on endpoints within a network, but one secondary benefit to application whitelisting is the ability to manage, reduce, or control the demand on resources within a network
Explain how a basic computer virus operates and how it uses other host programs.
it operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code.
What type of attack is occurring when an attacker places themselves between two parties and manipulates messages being passed back and forth?
man-in-the-middle
What types of ports do successful Trojan programs commonly use?
ports 6667, 6969, 13, 2041 etc.
How do Trojan programs operate?
they disguise themselves as useful programs and can install a backdoor or rootkit on a computer, this gives the attackers a means of regaining access to the attacked computer later
Describe the basic function and creation process of a macro virus?
works by embedding malicious code in the macros that are associated with documents, spreadsheets and other data files, causing malicious programs to run as soon as the documents are opened
A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?
worm
botnet
A group of multiple computers, usually thousands, that behave like robots to conduct an attack on a network. The computers are called zombies because their users aren't aware their systems are being controlled by one person
Which of the following sometimes displays a banner that notifies the user of its presence?
Adware
How does a buffer overflow attack work?
An attacker finds a vulnerability in poorly written code that doesn't check for a defined amount of memory space use. it occurs when a program or process attempts to write more data to a fixed length block of memory (a buffer) that the buffer is allocated to hold.
The virus signature file is maintained by what type of software?
Antivirus
Which type of program can mitigate some risks associated with malware?
Antivirus
A DDoS attack is launched against a host from a single server or workstation. (T/F)
False
Malware programs cannot be detected by antivirus programs. (T/F)
False
Which term best describes malicious programmatic behaviors that antivirus software companies use to compare known viruses to every file on a computer?
Heuristics
The acronym IDS stands for which of the following?
Intrusion Detection System
What type of hardware devices and computer programs can be used to obtain passwords by capturing key strokes on a targeted computer system?
Keyloggers
Which type of virus is written as a list of commands that can be set automatically to run as soon as a computer user opens the file?
Macro
Malware
Malicious software such as a virus, worm, or trojan program used by an attacker for economic gain or sociopolitical means
Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?
Network Security
What type of attack causes the victim's computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?
Ping of Death
What type of virus is used to lock a user's system, or cloud accounts until the system's owner complies by paying the attacker a monetary fee?
Ransomware
Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect?
Rootkit
Which type of attack is being carried out when an attacker joins a TCP session and makes both parties think he or she is the other party?
Session hijacking
Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?
Signatures
A computer hacker may use a phishing e-mail to lure a user into following a malicious link. What type of technique is being used by the computer hacker?
Social Engineering
Explain how the two different types of keyloggers are used?
Software keyloggers - behave like viruses or trojan programs Hardware keyloggers - is a small device often smaller than an inch long, can be installed in less than 30 seconds, they require physical access to the victims device in order to manipulate the keyboard
If an attacker wishes to collect confidential financial data, passwords, PINs and any personal data stored on your computer which of the following programs would they choose to use?
Spyware
When a computer hacker uses multiple compromised computers to carry our a DDOS attack, the compromised computers are usually referred to as which of the following?
Zombies
Ping of Death
a crafted ICMP packet larger than the maximum 65,535 bytes; it causes the recipient system to crash or freeze
rootkit
a program created after an attack for later use by the attacker; its usually hidden in the OS tools and is difficult to detect.
Virus
a program that attaches itself to a host program or file
Trojan
a program that disguises itself as a legitimate program or application but has a hidden payload that might send information from the attacked computers to the creator or to a recipient located anywhere in the world.
What is the difference between spyware and adware?
spyware is considered malicious program and is similar to a Trojan Horse; Adware is usually a separate program that is installed unknowingly when you install another freeware type of program or application.
What is spyware and how does it operate?
spyware program sends information from the infected computer to the person who initiated the spyware program on your computer. This information could be confidential financial data, passwords, PINs—just about any data stored on your computer. You need to make sure users understand that this information collection is possible, and spyware programs can register each keystroke entered. It's that simple. This type of technology not only exists but is prevalent. It can be used to record and send everything a user enters to an unknown person located halfway around the world. Tell users they shouldn't assume that physical security measures, such as locked doors, are enough to keep all intruders out.