Chapter 9 - Malware, Vulnerabilities, & Threats Flashcards Preview

Security + > Chapter 9 - Malware, Vulnerabilities, & Threats > Flashcards

Flashcards in Chapter 9 - Malware, Vulnerabilities, & Threats Deck (27)
Loading flashcards...
1
Q

How is spyware different from other malware?

9 - 300

A

because it works on behalf of a third party

2
Q

What is a rootkit?

9 - 301

A

software program that has the ability to hide certain things from the operating system

3
Q

what is a trojan horse?

9 - 305

A

programs that enter a system or network under the guise of another program

4
Q

what file extension belongs in both columns of allowed and not allowed for email attachments?

9 - 307

A

.pdf

5
Q

what is a logic bomb?

9 - 307

A

programs or code snippets that execute when a certain predefined event occurs

6
Q

what is a backdoor attack?

9 - 308

A

2 different meanings

  1. troubleshooting and developer hooks into systems that often circumvented normal authentication
  2. gaining access to a network and inserting a program or utility that creates an entrance for an attacker
7
Q

what is a botnet?

9 - 309

A

software running on infected computers called zombies, under the control of a bot herder

8
Q

what is ransomware?

9 - 309

A

software delivered through a trojean takes control of a system and demands that a third party be paid

9
Q

tell me the 8 kinds of viruses

9 - 310

A

polymorphic - change form to avoid detection
stealth - masking themselves from applications
retrovirus - attack or bypass the antivirus software database
multipartite - attack system in multiple ways
armored - difficult to detect or analyze
companion - also known as a trojan, attach to program and create program with a different filename extension
phage - modify and alter programs or databases
macro - exploits the enhancements made to application programs

10
Q

what does it mean to use the “layered approach” with antivirus software?

9 - 317

A

it means you put the antivirus software at the gateways, the servers, and at the dekstop

11
Q

two of the most common types of DoS attacks are what?

9 - 319

A

ping of death - send ICMP packets that are larger than the system can handle
buffer overflow - put more data into the buffer than it can hold

12
Q

DDoS uses one computer to target multiple or multiple computers to target one ?

9 - 321

A

multiple computers to target one computer

13
Q

what is spear phishing?

9 - 323

A

unique form of phishing in which the message is made to look as if it came from someone you know

14
Q

is a man in the middle attack an active or passive attack?

what’s another name for this kind of attack?

9 - 324

A

active

TCP/IP hijacking

15
Q

what is a smurf attack?

9 - 326

A

spoofing the target machine’s IP address and broadcasting to that machine’s routers so that the routers think the target is sending out the broadcast. target system becomes overloaded.

16
Q

tell me the 5 kinds of password attacks

9 - 327

A

brute force - guess until you get it right
dictionary - use common words to guess password
hybrid - combines dictionary with brute force
birthday - if your key is hashed, given enough time, another value can be created that will give the same hash value
rainbow table - identifying a stored value

17
Q

what is privilege escalation?

9 - 328

A

user gaining more privileges than they should have because you forgot to remove the backdoor

18
Q

malicious insider threat?

9 - 332

A

someone on the inside who sells you out

19
Q

client-side attack?

9 - 333

A

targets vulnerabilities in client applications that interact with a malicious server

20
Q

typo squatting is the same as what?

9 - 333

A

URL hijacking

21
Q

what is the strategy of watering hole attack?

9 - 334

A

to identify a site that is visited by those they are targeting, and poison that site

22
Q

tell me about Cross-Site Request Forgery

9 - 335

A

XSRF, session riding, one click attack, all the same thing

unauthorized commands coming from a trusted user to the website

23
Q

what is a directory traversal attack?

9 - 337

A

when attacker gains access to restricted directories through HTTP

24
Q

should you or should you not allow ActiveX without prompting you?

9 - 340

A

don’t allow it without a prompt

25
Q

what’s the difference between risk, threat, and vulnerability?

9 - 344,345

A

risk - what is the likelihood of an attack being successful?
threat - what are the dangers associated with the risk
vulnerabilites? - where is the system weak?

26
Q

DNS spoofing?

9 - 322

A

associates IP addresses with a domain

27
Q

what is a SQL injection

9 - 335

A

type sql code into username field and start extracting data