Security Plus

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following answers can be used to describe characteristics of a cross-site scripting attack? - Exploits the trust a user's web browser has in a website - A malicious script is injected into a trusted website - User's browser executes attacker's script - Exploits the trust a website has in the user's web browser - A user is tricked by an attacker into submitting unauthorized web requests

- Exploits the trust a user's web browser has in a website - A malicious script is injected into a trusted website -User's browser executes attacker's script

URL Potential Indicator of a directory traversal attack

/../etc/password

Botnet

A collection of intermediary compromised systems that can be used as a platform for a DDoS attack

DLL

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources

Rootkit

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network

Race Condition

A malfunction in preprogrammed sequential access to a shared resouce

Bot

A malware-infected network host under remote control of a hacker

Media Access Control (MAC) Flooding

A network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table

Integer Overflow

A programming error where an application tries to store a numeric value in a variable that is too small to hold it

Evil Twin

A rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. They replace the legitimate access point by advertising its own presence with the same Service Set Identifier (SSID) and appears as a legitimate access point to a connecting host

Spraying Attack

A short list of commonly used passwords tried against large number of user accounts

Memory Leak

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required

Shoulder Surfing

A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information

Phishing

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information

Worm

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth.

PUP

A type of computer program not explicitly classified as malware by AV software, that may adversely affect the computer's security and performance, compromise the user's privacy, or display unsolicited ads, and is downloaded with the user's consent.

Trojan Horse

A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.

Session ID

A unique identifier assigned by the website to a specific user, A piece of data that can be stored in a cookie, or embedded as an URL parameter, and stored in a visitor's browser

Which of the following enables the exchange of information between computer programs? - API - UI - Device Drivers - SDK

API

An attacker managed to associate their MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. What kind of attack is currently taking place? - ARP Poisoning - Replay Attack - Cross-Site Requested Forgery - DNS Poisoning

ARP Poisoning

ML

An AI feature that enables it to accomplish tasks based on training data without explicit human instructions

Buffer Overflow

An application writes to an area of memory it is not supposed to have access to

Brute-Force Attack

An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found

Network Replay Attack

An attacker intercepts sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized requests

Null-Pointer Dereference

An attempt to read a variable value from and invalid memory address

SSRF

An exploit that allows an attacker to take control over a server and use it as a proxy for unauthorized actions

Which of the following statements can be used to describe the characteristics of an on-path attack? - An on-path attack is also known as MITM attack - In an on-path attack, attackers place themselves on the communication route between two devices - In an on-path attack, attackers intercept or modify packets sent between two communicating devices - In an on-path attack, attackers do not have access to packets exchanged during the communication between two devices - In an on-path attack, attackers generate forged packets and inject them in the network

An on-path attack is also known as MITM attack, In an on-path attack, attackers place themselves on the communication route between two devices, In an on-path attack, attackers intercept or modify packets sent between two communicating devices

Which cryptographic attack relies on the concepts of probability theory? - KPA - brute-force - dictionary - birthday

Birthday

What is the function of a C2 server?

Botnet Control

While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?

Consensus

Downgrade Attack

Cryptographic attack that forces a network protocol to revert to its older less secure version

Which of the following describes an application attack that relies on executing a library of code? - Memory Leak - DLL Injection - Pointer Dereference - Buffer Overflow

DLL Injection

NFC is vulnerable to?

Data Interception, Replay Attacks, Denial-of-Service

Plaintext

Data in an unencrypted form

A wireless disassociation attack is a type of? - Cryptographic Attack - Downgrade Attack - Deauthentication Attack - Brute-Force Attack - Denail-of-Service Attack

Deauthentication & Denail-of-Service Attack

A wireless jamming attack is a type of? - Cryptographic Attack - Denial-of-Service Attack - Brute-Force Attack - Downgrade Attack

Denial-of-Service Attack

Dot-Dot-Slash Attack is also referred to as:

Directory Traversal Attack

SSL Stripping is an example of? - Brute-Force Attack - Downgrade Attack - Watering Hole Attack - On-Path Attack - Denial-of-Service Attack

Downgrade Attack & On-Path Attack

RFID

Enables identification and tracking of tags attached to objects

Buffer Overflow

Exploit that relies on overwriting contents of memory to cause unpredictable results in an application

Cross-Site Forgery Attack

Exploits the trust a website has in the user's web browser, a user is tricked by an attacked into submitting unauthorized web requests, a website executes an attacker's request

What type of malware resides only in RAM?

Fileless Virus

Bluesnarfing

Gaining unauthorized access to a bluetooth device

Tailgating

Gaining unauthorized access to restricted areas by following another person

Malware

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems

Which of the following refers to the contents of a rainbow table entry? - hash/password - ip address/domain name - username/password - account name/hash

Hash/Password

RFID Badge

Identification badge that can be held within a certain distance of a reader device to authenticate its holder

Which social engineering attack relies on identity theft?

Impersonation

A situation in which a web form field accepts data other than expected is an example of?

Improper Input Validation

Which of the following answers refers to a countermeasure against code injection? - Fuzzing - Input Validation - Code Signing - Normalization

Input Validation

What are two programming aspects that are critical in securing application development?

Input validation & Error and Exception Handling

Which of the following is an example of spyware? - keylogger - vulnerability scanner - computer worm - packet sniffer

Keylogger

Rainbow Table

Lookup tables used to speed up the process of password guessing

Which of the following falls into the category of Layer 2 attacks? - MAC Cloning - ARP Poisoning - MAC Flooding - DNS Poisoning - MAC Spoofing

MAC Cloning, ARP Poisoning, MAC Flooding, & MAC Spoofing

An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as? - ARP Poisoning - On-Path Attack - MAC Spoofing - Replay Attack - MAC Cloning

MAC Spoofing & MAC Cloning

Cloning

Making an unauthorized copy of a payment card.

Logic Bomb

Malicious code that is activated by a specific event

Spyware

Malicious software collecting information about users without their knowledge or consent

Dictionary Attack

Password attack that takes advantage of a predefined list of words

Spear Phishing

Phishing scams targeting a specific group of people

Whaling

Phishing scams targeting people holding high positions in an organization or buisness

Which of the following is used in URL phishing? - Prepending - Typosquatting - Pretexting - Domain hijacking

Prepending

Feigned Ignorance

Pretending to be ignorant of a topic in order to exploit the person's tendency to educate

Confidential Bait

Pretending to divulge confidential information in hopes of receiving confidential information in return

Bracketing

Providing a high and low estimate in order to entice a more specific number

Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action

Ransomware

Which of the following is an example of cryptomalware? - backdoor - ransomware - keylogger - rootkit

Ransomware

Which of the following terms refer to software/hardware driver manipulation techniques? - Prepending - Fuzz Testing - Refactoring - Shimming - Sideloading

Refactoring & Shimming

What is the purpose of a DoS attack?

Resource Exhaustion

Which of the follow indicates an SQL injection attack attempt? - DELETE FROM itemDB WHERE itemID='1'; - SELECT * FROM users WHERE userName = 'Alice' AND password ='' OR '1' = '1'; - DROP TABLE itemDB; - SELECT * FROM users WHERE email = '[email protected]' AND password = '';

SELECT * FROM users WHERE userName = 'Alice' AND password = '' OR '1' = '1';

Which of the following provide randomization during the encryption process? - Salting - Rainbow Tables - Obfuscation - Initialization Vector (IV) - Shimming

Salting & Initialization Vector (IV)

Deliberate False Statements

Saying something wrong in the hopes that the person will correct the statement with true information

Denial of the Obvious

Saying something wrong in the hopes that the person will correct the statement with true information

An attacker impersonating a software beta tester replies to a victim's post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario?

Scarcity, Familiarity, Trust

Bluejacking

Sending unsolicited messages over bluetooth

Which of the following alters the external behavior of an application and at the same time does not introduce nay changes to the applications code? - Shimming - Refactoring - API Call - Sideloading

Shimming

Which of the following answers refer to smishing? - social engineering technique - email communication - spam over internet telephony (SPIT) - text messaging - spam over internet messaging (SPIM)

Social Engineering Technique & Text Messaging. Def: Phishing attacks that involve the use of messages sent using SMS (Short Message Service)

What type of spam relies on text-based communication?

Spam Over Internet Messaging (SPIM)

RFID is vulnerable to?

Spoofing, Eavesdropping, Data Interception, Replay Attacks, Denial-of-Service Attacks

Which password attack bypasses account-lockout policies? - birthday attack - spraying attack - dictionary attack - replay attack

Spraying Attack

Which of the following facilitate(s) privilege escalation attacks? - System/Application Vulnerability - Principle of Least Authority - Social Engineering Techniques - Mandatory Access Control ( MAC ) - System/Application Misconfiguration

System/Application Vulnerability -Social Engineering Techniques -System/Application Misconfiguration

Pass the Hash

Technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest

NFC

Technology that is used for contactless payment technology

Refactoring

The practice of modifying an applications code without changing it's external behavior

URL Hijacking ( a.k.a. "Typosquatting" )

The practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers

Dumpster Diving

The practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks

Skimming

Theft of personal data from a payment card

Which of the following terms refers to a vulnerability caused by race conditions? - Mean Time to Failure - Replay Attack - Mean Time between Failures - Time-of-Check to Time-of-Use

Time-to-Check to Time-of-Use

Which of the following answers refer to the characteristic features of pharming? - domain hijacking - traffic redirection - fraudulent website - password attack - credential harvesting

Traffic Redirection, Fraudulent Website & Credential Harvesting

Hash Collision

Two different inputs create the same hash

RAT

Type of Trojan that enables unauthorized remote access to a compromised system

What can be used for: - GPS tracking - capturing keystrokes - sending and receiving commands - delivering and executing malware

USB Cable

Spam

Unsolicited advertising message

An attacker impersonates a company's managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario?

Urgency, Authority, & Intimidation

Elicitation

Use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated

Flattery

Using praise to coax a person into providing information

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

Virus Hoax

The practice of using a telephone system to manipulate user into disclosing confidential information

Vishing

Which of the terms listed below refers to a platform used for watering hole attacks? - mail gateways - websites - PBX systems - web browsers

Websites


Kaugnay na mga set ng pag-aaral

Approach to Chest X-Ray and CT, Dr. Zagurovskaya

View Set

C.P. Chemistry: Reaction Rates and Equilibrium

View Set

Management Final Review - Rutgers - Hamilton - (PREFERRED)

View Set

Psychology 101 Launchpad - Psychological Disorders

View Set

ISDS Final: Chapter 2 Practice Test

View Set

Exam 3 PrepU Questions (Chapters 25-31)

View Set

BA 300 Unit 1: Group and Organizational Influences (Pressures T&N pp. 207, 199-201, 211, 215-218) & (Culture (T&N, pp. 128-129, 132-137, and 139-142)

View Set