Sec+ Domain 3.0 - Threats and Vulnerabilities
What type of fencing is needed to deter determined intruders?
8+ feet high with barbed wire
What is the difference between a virus and a worm?
A virus can replicate itself on a system but cannot spread to other systems without assistance. A worm does not require a host application to be transported but instead can propagate on its own.
What is the difference between polymorphic and metamorphic viruses?
Although both continually change their code, the functionality (payload) of the metamorphic virus actually changes whereas that of the polymorphic virus stays the same.
Relate session hijacking and cookies.
An attacker can hijack/reuse a magic cookie used to authenticate a user to a remote server.
Relate session hijacking to TCP sequence numbers.
An attacker can take control of an active TCP session by trying to correctly guess the next sequence number.
What log in Event Viewer contains events that are logged by applications?
Application Log
Explain the differences between black box, gray box, and white box penetration testing.
Black box: tester has no prior knowledge of the network; Gray box: tester knows what a user knows; White box: tester has admin access
What is the difference between code reviews and design reviews?
Code reviews focus on identifying insecure coding whereas design reviews determine how various parts of the system will interoperate.
What is a type of exploit of a website whereby unauthorized commands are transmitted from a trusted user?
Cross-site request forgery (XSRF)
What type of vulnerability enables attackers to inject client-side code into web pages viewed by other users?
Cross-site scripting (XSS)
What is the difference between enticement and entrapment with regard to honeypots?
Enticement is the legal use of a honeypot. Entrapment is illegal use.
What is a UDP variation of a Smurf attack?
Fraggle
What are five common types of spoofing?
IP address spoofing, MAC address spoofing, ARP cache poisoning, DNS cache poisoning, Web spoofing
What technique exploits web-based applications that construct LDAP statements based on user input?
LDAP injection
What are cookie-like data that a web site running Adobe Flash can place on your hard drive?
Locally Shared Objects (LSOs)
What is a common vulnerability scanner and port scanner?
Nessus
What is common network mapper, vulnerability scanner, and port scanner?
Nmap
What is the XML standard for vulnerability testing assessments and reporting?
Open Vulnerability and Assessment Language (OVAL)
What is the main difference between qualitative and quantitative risk assessment?
Quantitative is based on risk calculations while qualitative is based on subjective ranking of risks.
Threat x Vulnerability x Cost of asset =
Risk
What technique is used to attack data-driven applications by inserting malicious statements into an entry field for execution?
SQL injection
What log in Event Viewer contains auditing and log-on information?
Security Log
What is a DDoS in which large numbers of ICMP packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address?
Smurf attack
What log in Event Viewer contains information on system startup, service startup, time changes, and backups?
System Log
What specific logs does Event Viewer contain?
System Log, Security Log, and Application Log
What is the difference transient and persistent cookies?
Transient cookies are active only during a browsing session. Persistent cookies store user identification info over an extended period.
What is the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is a passive attempt to identify weaknesses whereas penetration testing is more thorough but more disruptive.
What is the difference between 'fail open' and 'fail closed?'
When an error/exception is encountered, a fail open system will allow access whereas a fail closed system will deny all access.
What are three common protocol analyzers?
Wireshark, Snort, and Kismet
What technique compromises the logic of an XML application or service?
XML injection
What is it called when attackers send packets to a vtictim with TCP headers that have the SYN, FIN, URG, and PSH flags set for whatever protocols are in use and observes how the victim responds?
Xmas tree attack
What type of virus makes itself difficult to detect or analyze because it contains protective code that stops debuggers from examining the code?
armored virus
What type of virus infects the master boot record (MBR) of a device?
boot sector virus
What is a common attack against Web servers in which more information is placed in a memory stack than it can hold?
buffer overflow
What is an attack in which dynamically generated content on a Web page is modified by entering HTML code into an input mechanism?
command injection
CCTV, facial recognition software, sign-in logs, and routine security audits are examples of what type of security controls?
detective security controls
What is the term for a device that, in the event of failure, responds in a way that will cause no harm to other devices or danger to personnel?
fail safe
What is the term for a system that is able to resort to a secure state when an error or security violation is encountered?
fail secure
What is the term for a system designed to shut down any nonessential components in the event of a failure, but keep the system and programs running on the computer.
fail soft
What is the process of discovering the underlying OS on a device?
fingerprinting
What is the process of accumulating data regarding a specific network environment, usually for purposes of finding methods of intrusion?
footprinting
What is included in the term 'security posture?'
initial baseline configuration, continuous security monitoring, and remediation
What type of virus infects and spreads in multiple ways?
multipartite virus
Cain & Abel, L0phtCrack, and John the Ripper are examples of what kind of software?
password crackers
How can a NIC be configured to capture all traffic on the network segment?
place it in promiscuous mode (wired) / monitor mode (wireless)
An access control system, an armed guard, a mantrap, and bollards are examples of what type of security controls?
preventive security controls
What tools are used in vulnerability scanning?
protocol analyzers, vulnerability scanners, port scanners, network mappers, password crackers
What type of MitM attack involves information (credentials) being captured over the network and then used to gain unauthorized access later?
replay attack
What type of virus is designed to avoid discovery by actively attacking the anti-virus programs attempting to detect it?
retrovirus
What is the term for a set of software tools that enable an unauthorized user to gain control of a computer system without being detected?
rootkit
Which is more secure: server-side or client-side input validation?
server-side input validation
What type of virus hides itself, copies information from uninfected data onto itself, and relays this to antivirus software during a scan?
stealth virus
What is the goal of directory traversal?
to access a file that is not intended to be accessible
What is it called when a hacker attacks a small supplier in order to gain access to a large company's network via an extranet?
transitive trust attack
What is the term for an application that checks computers and networks for weaknesses?
vulnerability scanner
What is it called when attackers identify and infect a website that is often visited by their targets?
watering hole attack
What do web client-side attacks target?
web browsers
