Learning: 1.2 Compare and contrast types of attacks.
a downgrade attack
An attacker facilitated a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths. What type of attack does this describe?
trust
An attacker gathered Open Source Intelligence (OSINT) about a company through the internet, then contacted employees of the company and used the information gathered to extract more personally identifiable information (PII). Which of the following describes this type of social engineering attack?
typo squatting
A malicious user compromised a company's email server and bought a domain that was similar to the domain name of the company's bank. The attacker monitored the email server and altered the account numbers of legitimate pay-off notices from the bank. The attacker then used the fake domain to send the company the notices forged with the attacker's bank account number. Which of the following attacks did the attacker execute?
a Man-in-the-Middle attack
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
replay
A penetration tester cracked a company's Wired Equivalent Privacy (WEP) access point (AP) by making the AP generate a large amount of initialization vector (IV) packets, by replaying Address Resolution Protocol (ARP) packets at it. What type of attack did the pen tester use to crack the AP?
Domain Name System (DNS) client cache poisoning
A hacker placed a false name:IP address mapping in the HOSTS file on a user's workstation to redirect traffic to the attacker's computer. What type of attack did the hacker perform?
a replay attack
A hacker used a Man-in-the-Middle (MitM) attack to capture a user's authentication cookie. The attacker disrupted the legitimate user's session and then re-sent the valid cookie to impersonate the user and authenticate to the user's account. What type of attack is this?
a shim
A registry has a code library added to it, to include its files to the system folder, which can intercept and redirect calls to enable legacy mode functionality. This is a way that malware, with local administrator privileges, can run on reboot. Which of the following represents this code library?
the use of weak cipher suites and implementations
A malicious actor discovered that a company's storing and processing of data were insecure. The attacker deciphered encrypted data without authorization and impersonated a person within the organization by appropriating their encryption keys. What type of critical vulnerability did the attacker exploit?
A rogue access point (AP)
A company's computer has a mobile device tethered to it, which creates a remote backdoor into the network. What does this device become?
Scarcity and urgency
A group of college students receive a phone call from someone claiming to be from a debt consolidation firm. The solicitor tried to convince the students that for a limited time, a rare offer will expire, which could erase their student loan debt if they provide their Social Security Number and other personally identifiable information (PII). Which of the following tactics did the caller use?
Domain Name System (DNS) server cache poisoning
A hacker corrupted the name:IP records held on the HOSTS file on a server to divert traffic for a legitimate domain to a malicious IP address. What type of attack did the hacker perform?
a brute force attack
A residential internet consumer wants to add a wireless network to their home. To automate and simplify the setup process, the user installed a wireless access point capable of Wi-Fi Protected Setup (WPS) with an eight-character Personal Identification Number (PIN). What type of attack is this installation vulnerable to?
a rogue access point (AP)
A security analyst's scans and network logs show that unauthorized devices are connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device?
- a pass-the-hash attack - a replay attack
A security engineer implemented once-only tokens and timestamping sessions. What type of attacks can this type of security prevent? (Select two)
a Man-in-the-Browser (MitB) attack
A social engineer convinced a victim to visit a malicious website, which allowed the attacker to exploit vulnerabilities on the victim's web browser. Which of the following best describes this type of attack?
vishing
A social engineer impersonated an IT security staff member of a company, and called an employee to extract personally identifiable information (PII) from the employee. Which of the following attacks did the impersonator conduct?
impersonation
A social engineer intercepted an end-user's phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user's home with permission. What type of social engineering attack did the ISP and end-user fall victim to?
whaling
A social engineer suspects the upper management department of a company are more vulnerable to ordinary phishing attacks than the normal IT staff, since management staff are reluctant to learn basic security procedures. Therefore, the attacker crafted a campaign targeting these individuals. What type of attack did the social engineer perform?
a Man-in-the-Browser (MitB) attack
A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?
- consensus/social proof - familiarity/liking
A social engineer used vishing and polite behavior to persuade a target to visit a fake website with fake reviews. The attacker then persuaded the victim to enter personally identifiable information (PII) in a web form. Which of the following did the attacker use to make the site appear more legitimate? (Select two)
authority
A social engineer, after performing reconnaissance on a victim, spoofed the phone number of the doctor's office the target frequently visits. Posing as the receptionist, the attacker called the victim, and requested the victim's Social Security Number (SSN). What type of social engineering attack did the social engineer exercise?
dumpster diving
A social engineer, impersonating a suppliant, rummaged through the garbage of a high-ranking loan officer, hoping to find discarded documents and removable media containing personally identifiable information (PII). Which of the following social engineering techniques did the attacker utilize?
clickjacking
A user entered credentials into a web application login page. Unfortunately, the login form contained a malicious invisible iFrame, that allowed the attacker to intercept the user's input. What type of attack is this known as?
Watering Hole Attack
An attacker exploited a vulnerability on a website frequently visited by a group of bank employees. Once the employees visit the site, the attacker's malware infects their computers. What type of attack did the employees fall for?
spear phishing
After a social engineer used Open Source Intelligence (OSINT) to gather information about the victim, the attacker then used this information to email the victim, personalizing the message and convincing the victim to click a malicious link. What type of social engineering attack does this describe?
trust
After an attacker gathered Open Source Intelligence (OSINT) from a social media site on an employee, the attacker called the employee and extracted important information, regarding the company the employee works for. Which of the following did the social engineer successfully perform?
a DRDoS attack
After spoofing the IP address of a network host, an attacker connects to multiple servers and redirects SYN/ACK (Synchronize/Acknowledge) packets to a victim server to consume its bandwidth and crash it. What type of attack does this describe?
A Distributed Reflection Denial of Service (DRDoS) attack
An adversary spoofs a victim's IP address and attempts to open connections with multiple servers. If those servers direct their SYN/ACK (Synchronize/Acknowledge) responses to the victim server, and rapidly consume the victim's bandwidth, what has happened?
URL hijacking
An attacker bought a domain similar to the domain name of a legitimate company. The attacker then used the fake domain to host malware and launch pharming attacks. Which of the following did the attacker use?
bluejacking
An attacker came within close proximity of a victim and sent the mobile device user spam of an unsolicited text message. Once the user clicked the link in the message, the user's device was infected with Trojan malware. What type of attack did the hacker most likely infect the mobile user with?
- a dictionary word - a rainbow table
An attacker can exploit a weakness in a password protocol, to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select two)
Media Access Control (MAC) spoofing
An attacker changed the physical address of the wireless adapter interface, to redirect traffic to the hacker's computer destined for the legitimate user. What type of attack does this describe?
Cross-Site Scripting (XSS)
An attacker discovered an input validation vulnerability on a website, crafted a URL that performed code injection against it, and emailed the link to the victim. Once the user clicked the link, the web site returned the page containing the malicious code. What type of attack does this describe?
spear phishing
An attacker gathered personal information from an employee by using Open Source Intelligence (OSINT). The attacker then emailed the employee and used the employee's full name, job title, and phone number to convince the victim that the communication was legitimate. What type of scam did the attacker pull off?
Cross-Site Scripting (XSS)
An attacker hosted an exploit script on a malicious website and injected it into a trusted website. The attacker then sent the link to the victim and used open source information gathering (OSINT) and social engineering tactics, such as spear phishing, to convince the victim to click the link, which compromised the user browsing to the site. Which of the following best describes this type of attack?
skimming
An attacker installed a fraudulent Radio Frequency ID (RFID) reader to steal credit card numbers any time someone used a card to make a purchase. What type of attack does this describe?
cross-site request forgery (XSRF)
An attacker modified the HTML code of a legitimate password-change webform, then hosted the .html file on the attacker's web server. The attacker then emailed a URL link of the hosted file to a real user of the webpage. Once the user clicked the link, it changed the user's password to a value the attacker set. Based on this information, what type of attack is the website vulnerable to?
use IP spoofing
An attacker performed a Denial of Service (DoS) attack against a server, crashing it. What could the attacker do to mask the origin of the attack and make it harder for the security team to find the source of the attack?
a privacy filter
An attacker remotely compromised a closed-circuit television (CCTV) server and used it to steal a user's password. Which of the following can help prevent this type of shoulder surfing?
use IP spoofing
An attacker remotely crashed a server with a Denial of Service (DoS) attack. After searching their Security Information and Event Management (SIEM) application, the IT security team could not discover the origin of the attack. Which of the following would aid the attacker in masking the origin in this way?
urgency
An attacker sends a phishing email to bank employees, regarding their compromised bank accounts, and they need to click a link to change their passwords as soon as possible. Which of the following describes a social engineering technique the attacker used?
cross-site request forgery (XSRF)
An attacker sent a victim an email with a link to a malicious website. The victim then clicked the link, which opened a malicious payload in the browser, and changed the user's password to a legitimate website. What type of attack is the legitimate site vulnerable to?
domain hijacking
An attacker stole a website name by gaining control of and altering its registration information. The attacker then changed the IP address associated with the site, to the IP of a web server the attacker owned. What is this exploit of the website registration process known as?
Blue Snarfing
An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. Which of the following attacks is the mobile device vulnerable to?
- locate the offending radio source and disable it - boost the signal of the legitimate equipment
An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would prevent this type of network disruption? (Select two)
- a jamming attack - an interference attack
An attacker used an illegal access point (AP) with a very strong signal, and gained close physical proximity to a corporate wireless network to disrupt its services. What type of attack does this describe? (Select two)
the tool claiming to fix the problem was actually a hoax attack
An end-user received a web pop-up that claimed to identify a virus infection on their computer. The pop-up offered a link to download a program to fix the problem. After clicking the link, the security operations center (SOC) received an alert from the computer that the user downloaded a Trojan. Which of the following is most likely true about the pop-up?
a shim
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?
Domain Name System (DNS) server cache poisoning
By modifying query traffic, an attacker compromised a legitimate site's web server via a Denial of Service (DoS) attack and redirected traffic, intended for the legitimate domain to go instead to the attacker's malicious IP address. What type of attack did the hacker perform?
- a disassociation attack - a deauthentication attack
Which of the following can perform a Denial of Service (DoS) attack against a wireless network? (Select two)
Distributed Denial of Service (DDoS)
If a hacker compromised multiple computers with Trojan malware to create a botnet, what type of attack can the hacker launch?
impersonation
If a social engineer dresses up as an internet technician, and then proceeds to enter a place of business once granted permission, what type of social engineering attack does this describe?
privilege escalation
If a system is vulnerable, to which of the following can an attacker (with system access) be able to obtain keys from system memory?
Whaling
If an attacker performs open source intelligence (OSINT) gathering and social engineering on the CEO and creates an email scam for the upper management department of a company, what type of attack occurs?
Typosquatting
If an attacker purchases a fake domain that has a similar name of a real domain, and then uses the fake domain to send the legitimate company forged notices by email, which of the following attacks did the malicious user perform?
use web application firewall processing rules to filter traffic
In what way can an attacker NOT perform a Denial of Service (DoS) attack?
- Man-in-the-Middle attacks - sessions hijacking attacks
Mutual authentication prevents a client from inadvertently submitting confidential information to a non-secure server. Mutual authentication also helps avoid which of the following? (Select two)
Distributed Denial of Service (DDoS)
Through backdoor Trojan malware infections, an attacker compromised multiple computers to form zombie agent PCs with tools to create a botnet. Which of the following attacks can the hacker launch?
refactoring
Through what method can malware evade antivirus software detection so that the software no longer identifies the malware by its signature?
brute force attack
To automate and simplify the setup process of adding a wireless network, a homeowner installed a wireless access point capable of Wi-Fi Protected Setup (WPS) with an eight-character Personal Identification Number (PIN). What type of attack can a hacker perform to exploit this vulnerability?
Address Resolution Protocol (ARP) packets
To crack a Wired Equivalent Privacy (WEP) access point (AP) by making the AP generate lots of initializaiton vector (IV) packets, which of the following type of packets does the attacker generate?
Vishing
Using social engineering, an attacker called an employee to extract the name and contact information of the Chief Information Security Officer (CISO). What social engineering deception did the attacker utilize?
a downgrade attack
What type of attack can facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths?
birthday attacks
What type of brute force attack aims at exploiting collisions in hash functions?
- pass-the-hash attack - a replay attack
Which of the following attacks can the use of once-only tokens and timestamping sessions help prevent? (Select more than one)
a replay attack
Which of the following attacks consists of intercepting a key or password hash, to reuse it as a means to gain access to a resource?
Evil Twin Attack
Which of the following attacks do security professionals expose themselves to if they turn the power output down on a wireless access point (AP)?
rainbow table attacks
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?
Address Resolution Protocol (ARP) poisoning
Which of the following attacks would allow an attacker to sniff all traffic on a switched network?
- locate the offending radio source and disable it - boost the signal of the legitimate equipment
Which of the following defeats a jamming attack and prevents disruption of a wireless network when a hacker uses an illegal access point (AP) with a very strong signal in close proximity? (Select two)
urgency
Which of the following describes a social engineering technique an attacker can use if the attacker wanted the end-user to click on a link as soon as possible?
NFC
Which of the following does NOT provide encryption and is therefore, vulnerable to eavesdropping and Man-in-the-Middle attacks?
use web application firewall processing rules to filter traffic
Which of the following is a way that a Denial of Service (DoS) attack cannot be performed?
encryption algorithms, demonstrating collisions avoidance
Which of the following is a way to protect against birthday attacks?
- viruses can exploit zero days - viruses can spread via social engineering techniques
Which of the following is an example of why viruses are destructive? (Select two)
- familiarity - liking
Which of the following social engineering techniques has less of a chance of arousing suspicion and getting caught? (Select two)
address resolution protocol (APR) packet
Which of the following type of packets does an attacker generate to crack a Wired Equivalent Privacy (WEP) access point?
installing non-discretionary privilege management
Which of the following, if implemented, will NOT help mitigate the threat of tailgating?