Network Security
worm
Known as a network virus
Domain Name System
is a name system for matching computer names and ip addresses. A dns based attack subsitiutes a DNS address so that the computer is silently redirected to a different device. URL redirction and Domain reputation are two consequences.
Dns poisoning
modifies a local lookup table on a device to point to a different domain. Two locations for DNS poisoning local host table and external DNS server
PUP
potenially unwanted program or potentially unwanted application
Bash
programming language interpreter for linux/unix OS. Used to create BASH scripts
Python
programming language that can run on several platforms.
Which of the following malware does not harm the system but only targets the data?
ranomware
PowerShell
task automation tool from Microsoft. Administrative tasks are performed by cmdlets, which are specialized .NET classes that implement a specific operation PowerShell allows attackers to inject code from the Powershell environment into other processes without first storing any malicious code on the hard disk.
Keyloggers
tools that log user activity by capturing keystrokes, collecting screenshots, and recording application windows opened by a user.
Which of the following statements are true for artificial intelligence (AI)? [Choose all that apply]`
A self-driving car is an example of AI Machine Learning or ML is a subset of AI AI focuses on the broad idea of making a system execute a task
directory listing
An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?
Embedded system
Are devices that contain a central processing unit of their own. This CPU runs an operating system and some applications to perform certain specialized functions. Examples of embedded systems include: Automatic Teller Machine (ATM) Printers Digital watches
Man in the browser
At attack that infects vulnerable web browsers. It can allow the attacker to capture browser session data, including keystrokes. Usually begins with a trojan infecting the computer and installing an extension.
Session Hijacking
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following
Development
In which type of software environment are you most likely to find Microsoft Visual Studio and Eclipse?
Fork Bomb
Is a virus that goes into an infinite loop that does not stop.
6NF sixth normal form
What is the highest level of normalization that you can achieve with a database?
Check out the existing code
You have a version control system installed. Several developers work with this system. A new developer wants to work on the code. What is the first task that the developer must perform?
field prgrammable gate array (FPGA)
a programmable chip that does not have any pre-programmed functions, unlike many other chips. It can be programmed as required. When FPGA needs to be used, it needs to be first programmed and configured as per need. For example, any chip that you find in a system or any device has a pre-defined function.
Denial of service attack
attack is deliberate attempt to prevent authorized users from accessing a system by overwhelming it with requests. Distrubted denial of service (DDos)- Using hundreds or thousands of devices flooding the server with requests.
A USB can be used to drop which of the following types of malware? [Choose all that apply]
backdoor, trojan, keyboard loggers, worms
Which of the following type of attack is a pre-cursor to the collision attack?
birthday
Password spraying cyber-attack can be categorized as which of the following type of attack?
brute force
Which of the following attacks is based on a website accepting user input without sanitizing it?
cross site scripting XSS
fileless virus
Which type of malware relies on LOLBins?
Visual Basic for
Is an event driven Microsoft programming language. refers to a programming language you can use to create macros. It is a descendant of the BASIC programming language that is used in all Office products, as well as some other types of software.
DNS hijacking
Is intended to infect an external DNS server with IP addresses that point to malicious sites. attacker sets up a rogue DNS server that responds to legitimate requests with IP addresses for malicious or non-existent websites
Media Access Control (MAC) attacks
MAC cloning - threat actors discover a valid MAC address of a device connected to a switch. they spoof the address on the switch changes its MAC address
Session Replay
Makes a copy of legitimate transmission before sending it to the recipent. Attackers use the copy at a later time
error based sql injection
Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?
CSRF(Cross-Site Request Forgery)
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
Dynamic link library injection attack (DLL)
Which of the following attacks targets the external software component that is a repository of both code and data?
cross site scripting
Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?
path traversal
Which of the following is also known as a "dot dot slash" attack?
horizontal privilege escalation
Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization?
You can add more resources to the system to gain optimal application performance
Which of the following statements is true for the scalability of a system?
buffer overflow
Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?
Layer 2 attacks
Data Link Layer (transfers data frames b/n systems) A compromise at layer 2 can affect the entire communication - Address Resolution Protocol (ARP) poisoning - Media access control (MAC) flooding - MAC cloning
Until loop
Which of the following loop runs until a statement becomes true?
Server-side request forgery
Which of the following manipulates the trusting relationship between web servers?
Capture and Replay tools
Wireshark - popular GUI packet capture and analysis tool Tcpdump- command line packet analyzer Tcpreplay- tool for editing packets and then replaying the packets back onto the network to observe their behavior
