1.2 Compare and contrast types of attacks Flashcards
1
Q
An attacker came within close proximity of a victim and sent the mobile device user spam of an unsolicited text message. Once the user clicked the link in the message, the user’s device was infected with Trojan malware. What type of attack did the hacker most likely infect the mobile user with?
A
Bluejacking
2
Q
A social engineer intercepted an end-user’s phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user’s home with permission. What type of social engineering attack did the ISP and end-user fall victim to?
A
Impersonation
3
Q
If an attacker purchases a fake domain that has a similar name of a real domain, and then uses the fake domain to send the legitimate company forged notices by email, which of the following attacks did the malicious user perform?
A
Typosquatting
4
Q
A penetration tester cracked a company’s Wired Equivalent Privacy (WEP) access point (AP) by making the AP generate a large amount of initialization vector (IV) packets, by replaying Address Resolution Protocol (ARP) packets at it. What type of attack did the pen tester use to crack the AP?
A
Replay
5
Q
A user entered credentials into a web application login page. Unfortunately, the login form contained a malicious invisible iFrame, that allowed the attacker to intercept the user’s input. What type of attack is this known as?
A
Clickjacking
6
Q
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?
A
Rainbow table attacks
7
Q
A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?
A
A Man-in-the-Browser (MitB) attack
8
Q
A group of college students receive a phone call from someone claiming to be from a debt consolidation firm. The solicitor tried to convince the students that for a limited time, a rare offer will expire, which could erase their student loan debt if they provide their Social Security Number and other personally identifiable information (PII). Which of the following tactics did the caller use?
A
Scarcity and urgency
9
Q
URL hijacking (also called typosquatting)
A
- relies on users navigating to misspelled domains. An attacker registers a domain name with a common misspelling of an existing domain. Users who misspell a URL in the web browser are taken to the attacker’s website
- is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
10
Q
Domain hijacking
A
where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
11
Q
Kiting
A
act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it
12
Q
Tasting
A
Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period
13
Q
Replay
A
- attacker intercepts authentication data and reuses it to re-establish a session. To crack WEP, a type of replay attack is used
- consists of intercepting a key or password hash then reusing it to gain access to a resource, such as the pass-the-hash attack
14
Q
War driving
A
practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them or trying to break into them (using WEP and WPA cracking tools)
15
Q
Wi-Fi jamming
A
attack can be performed by setting up an AP with a stronger signal. Wi-Fi jamming devices are illegal to use and to sell. The attacker needs to gain fairly close physical proximity to the wireless network
16
Q
Skimming
A
RFID attack where an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card
17
Q
Clickjacking
A
hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements
18
Q
MitB
A
where the web browser is compromised by installing malicious plug-ins or scripts or intercepting API calls. Vulnerability exploit kits can be installed to a website and actively try to exploit vulnerabilities in clients browsing the site
19
Q
XSRF
A
malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser
20
Q
Session IDs
A
generated using patterns (such as IP address with the date and time), making the session vulnerable to eavesdropping and possibly hijacking, by replaying the cookie to re-establish the session
21
Q
Salt
A
Passwords not “salted” with a random value, make the ciphertext vulnerable to rainbow table attacks. A rainbow table attack is a type of password attack where an attacker uses a set of plaintext passwords and their hashes to crack passwords
22
Q
dictionary attack
A
software enumerates values in a dictionary wordlist. Enforcing password complexity makes passwords difficult to guess and compromise. Varying the characters in the password makes it more resistant to these attacks
23
Q
brute force attack
A
attempts every possible combination in the key space, to derive a plaintext password from a hash
24
Q
hybrid password attack
A
targeted against naively strong passwords. The password cracking algorithm tests dictionary words and names in combination with numeric prefixes and/or suffixes
25
bluejacking
Bluetooth-discoverable device is vulnerable to bluejacking, similar to spam, where someone sends an unsolicited text (or picture/video) message or vCard (contact details). This can also be a vector for Trojan malware
26
Bluesnarfing
refers to using an exploit in Bluetooth to steal information from someone else's phone. The exploit (now patched) allows attackers to circumvent the authentication mechanism
27
rogue AP
masquerades as a legitimate one is called an evil twin or sometimes wiphishing
28
HTTP Response Splitting
where the attacker would craft a malicious URL and convince the victim to submit it to the web server
29
LSOs or Flash cookies
data that is stored on a user's computer by websites that use Adobe Flash Player. A site may be able to track a user's browsing behavior through LSOs
30
Using social engineering, an attacker called an employee to extract the name and contact information of the Chief Information Security Officer (CISO). What social engineering deception did the attacker utilize?
Vishing
31
A social engineer, impersonating a suppliant, rummaged through the garbage of a high-ranking loan officer, hoping to find discarded documents and removable media containing personally identifiable information (PII). Which of the following social engineering techniques did the attacker utilize?
Dumpster diving
32
Which of the following is an example of why viruses are destructive?
- Viruses can exploit zero days
| - Viruses can spread via social engineering techniques.
33
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
A Man-in-the-Middle attack
34
Mutual authentication prevents a client from inadvertently submitting confidential information to a non-secure server. Mutual authentication also helps avoid which of the following? (Select two)
- Man-in-the-Middle attacks
| - Session hijacking attacks
35
An attacker remotely compromised a closed-circuit television (CCTV) server and used it to steal a user's password. Which of the following can help prevent this type of shoulder surfing?
A privacy filter
36
What type of attack can facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths?
A downgrade attack
37
Worms
- spread through memory and network connections rather than infecting files
- worms are memory-resident viruses that replicate over network resources
38
Mutual authentication
- security mechanism that requires that each party in a communication verifies each other's identity and helps in avoiding Man-in-the-Middle attacks
- helps in avoiding session hijacking attacks, and is a security mechanism that requires that each party in a communication verifies each other's identity
39
Address Resolution Protocol (ARP) poisoning
occurs when an attacker, with access to the network, redirects an IP address to the MAC address of a computer that is not the intended recipient
40
IP spoofing
occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets
41
colocation
data center that contains racks with networking equipment owned by different companies
42
access list
held at each secure gateway records who is allowed to enter. An electronic lock may be able to log access attempts or a security guard can manually log movement
43
downgrade attack
used to facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths
44
birthday attack
type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can be used for the purpose of forging a digital signature
45
Man-in-the-Middle attack
form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently
46
An attacker exploited a vulnerability on a website frequently visited by a group of bank employees. Once the employees visit the site, the attacker's malware infects their computers. What type of attack did the employees fall for?
A watering hole attack
47
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
A Man-in-the-Middle attack
48
If a hacker compromised multiple computers with Trojan malware to create a botnet, what type of attack can the hacker launch?
Distributed Denial of Service (DDoS)
49
If a social engineer dresses up as an internet technician, and then proceeds to enter a place of business once granted permission, what type of social engineering attack does this describe?
Impersonation
50
If an attacker performs open source intelligence (OSINT) gathering and social engineering on the CEO and creates an email scam for the upper management department of a company, what type of attack occurs?
Whaling
51
To automate and simplify the setup process of adding a wireless network, a homeowner installed a wireless access point capable of Wi-Fi Protected Setup (WPS) with an eight-character Personal Identification Number (PIN). What type of attack can a hacker perform to exploit this vulnerability?
A brute force attack
52
An attacker modified the HTML code of a legitimate password-change webform, then hosted the .html file on the attacker's web server. The attacker then emailed a URL link of the hosted file to a real user of the webpage. Once the user clicked the link, it changed the user's password to a value the attacker set. Based on this information, what type of attack is the website vulnerable to?
Cross-site Request Forgery (XSRF)
53
watering hole attack
directed social engineering attack. It relies on the circumstance that a group of targets may use an unsecure third party website
54
hoax attack
email alert or web pop-up will claim to have identified some sort of security problem, like a virus infection, and offer a tool to fix the problem, but the tool will be some sort of Trojan application
55
Pharming
relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected from the genuine site to the malicious one
56
Cross-site Request Forgery (XSRF)
malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser. This is successful if the server does not check if the user actually made the request
57
Reflected Cross-Site Scripting (XSS)
server-side input validation exploit that injects a script into a website. Once the victim visits the infected website, the malicious code executes in the user's browser
58
Stored (or persistent) Cross-Site Scripting (XSS)
server-side script attack that inserts code into a back-end database used by the trusted site
59
Document Object Model (DOM) Cross-Site Scripting (XSS)
exploits vulnerabilities in client-side scripts to modify the content and layout of a web page
60
An attacker gathered Open Source Intelligence (OSINT) about a company through the internet, then contacted employees of the company and used the information gathered to extract more personally identifiable information (PII). Which of the following describes this type of social engineering attack?
Trust
61
An attacker bought a domain similar to the domain name of a legitimate company. The attacker then used the fake domain to host malware and launch pharming attacks. Which of the following did the attacker use?
URL Hijacking
62
Which of the following is a way that a Denial of Service (DoS) attack cannot be performed?
Use web application firewall processing rules to filter traffic
63
An attacker stole a website name by gaining control of and altering its registration information. The attacker then changed the IP address associated with the site, to the IP of a web server the attacker owned. What is this exploit of the website registration process known as?
Domain hijacking
64
TCP/IP hijacking
spoofing attack where attackers disconnect a host, then replaces it with their own machine, spoofing the original host's IP address
65
rogue AP
If scans or network logs show that unauthorized devices are connecting, determine whether the problem is an access point with misconfigured or weak security, or whether there is a rogue AP
66
spectrum analyzer
device that can detect the source of jamming (interference) on a wireless network. It usually has a directional antenna, which pinpoints the exact location of the interference
67
SPAN port
With a SPAN port, the sensor is attached to a specially configured port on the switch that receives copies of frames addressed to nominated access ports (or all the other ports)
68
RFID devices
encode information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else
69
web application firewall (WAF)
ne designed specifically to protect software running on web servers and their backend databases from code injection and DoS attacks. WAFs use application-aware processing rules to filter traffic
70
DoS attacks
- prevent network access by knocking out the directory server
- focus on overloading a service by using up CPU, system RAM, disk space, or network bandwidth (resource exhaustion)
71
route injection
spoofed routing information (route injection). Routing protocols that have weak or no authentication are vulnerable to route table poisoning. This can mean that traffic is misdirected to a monitoring port (sniffing), sent to a blackhole (non-existent address), or continuously looped around the network, causing DoS
72
A malicious actor discovered that a company's storing and processing of data were insecure. The attacker deciphered encrypted data without authorization and impersonated a person within the organization by appropriating their encryption keys. What type of critical vulnerability did the attacker exploit?
The use of weak cipher suites and implementations
73
A malicious user compromised a company's email server and bought a domain that was similar to the domain name of the company's bank. The attacker monitored the email server and altered the account numbers of legitimate pay-off notices from the bank. The attacker then used the fake domain to send the company the notices forged with the attacker's bank account number. Which of the following attacks did the attacker execute?
Typosquatting
74
What type of brute force attack aims at exploiting collisions in hash functions?
Birthday attacks
75
Which of the following social engineering techniques has less of a chance of arousing suspicion and getting caught?
- Familiarity
| - Liking
76
trapdoor function
mathematical cipher that is simple to perform one way, but difficult to reverse. The aim is to reduce the attacker to blindly guessing the correct value
77
minimum key length
A recommendation on minimum key length for an algorithm is made by the length of time it would take to "brute force" the key, given current processing resources
78
frequency analysis
Some ciphers are vulnerable to cracking by frequency analysis, which depends on the fact that some letters and groups of letters appear more frequently in language than others
79
Which of the following type of packets does an attacker generate to crack a Wired Equivalent Privacy (WEP) access point?
Address Resolution Protocol (ARP) packets
80
Through what method can malware evade antivirus software detection so that the software no longer identifies the malware by its signature?
Refactoring
81
weak cipher suites and implementations
Attacks on encryption are made to decipher encrypted data without authorization, and to impersonate a person or organization by appropriating their encryption keys due to the use of weak cipher suites and implementations
82
ARP packets
To crack WEP, a replay attack is used to make the AP generate a large number of IV packets, usually by replaying ARP packets at it, and cycle through IV values quickly
83
IP packets
used in IP spoofing which occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets
84
TLS packets
used during the TLS handshake to create the establishment of a secure session. Once the session is established, client and server exchange encrypted data in SSL/TLS records, which are placed into transport layer packets for delivery
85
Mirroring mode
allows another VM to sniff the unicast packets addressed to a remote interface (like a spanned port on a hardware switch)
86
Refactoring
means the code performs the same function by using different methods. Refactoring means that the antivirus software may no longer identify the malware by its signature
87
DLL injection
not a vulnerability of an application, but of the way the operating system allows one process to attach to another, and then force it to load a malicious link library
88
Shimming
process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable
89
An attacker can exploit a weakness in a password protocol, to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password?
- A rainbow table
| - A dictionary word
90
An end-user received a web pop-up that claimed to identify a virus infection on their computer. The pop-up offered a link to download a program to fix the problem. After clicking the link, the security operations center (SOC) received an alert from the computer that the user downloaded a Trojan. Which of the following is most likely true about the pop-up?
The tool claiming to fix the problem was actually a hoax attack
91
A hacker placed a false name:IP address mapping in the HOSTS file on a user's workstation to redirect traffic to the attacker's computer. What type of attack did the hacker perform?
Domain Name System (DNS) client cache poisoning
92
After a social engineer used Open Source Intelligence (OSINT) to gather information about the victim, the attacker then used this information to email the victim, personalizing the message and convincing the victim to click a malicious link. What type of social engineering attack does this describe?
A hoax attack
93
After a social engineer used Open Source Intelligence (OSINT) to gather information about the victim, the attacker then used this information to email the victim, personalizing the message and convincing the victim to click a malicious link. What type of social engineering attack does this describe?
Spear phishing
94
An attacker changed the physical address of the wireless adapter interface, to redirect traffic to the hacker's computer destined for the legitimate user. What type of attack does this describe?
Media Access Control (MAC) spoofing
95
Spear phishing
phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack. The attacker might know the details that help convince the target that the communication is genuine
96
Spyware
program that monitors user activity and sends the information to someone else. This can occur with or without the user's knowledge
97
Rogueware
fake antivirus web pop-up that claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker's Trojan
98
DNS client cache poisoning
occurs if an attacker is able to place a false name:IP address mapping in the HOSTS file and effectively poison the DNS cache, he or she will be able to redirect traffic
99
Address Resolution Protocol (ARP) poisoning
occurs when an attacker, with access to the network, redirects an IP address to the MAC address of a computer that is not the intended recipient
100
Domain Name System (DNS) spoofing
attack that compromises the name resolution process, and can be used to facilitate pharming or Denial of Service (DoS) attacks
101
IP spoofing
occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets
102
If a system is vulnerable, to which of the following can an attacker (with system access) be able to obtain keys from system memory?
Privilege escalation
103
Privilege escalation
An attacker with system access is able to obtain keys from system memory or pagefiles/scratch disks. Privilege escalation is the practice of exploiting flaws in an operating system or other application, to gain a greater level of access than was intended for the user or application
104
SQL injection attack
inserts an SQL query as part of user input, which allows an attacker to extract or insert information into the database or execute arbitrary code
105
Directory traversal
occurs when the attacker gets access to a file outside the web server's root directory
106
Transitive access
describes the problem of authorizing a request for a service that depends on an intermediate service
107
Pre-Shared Key (PSK)
A Pre-Shared Key (PSK) refers to using a passphrase to generate the key that is used to encrypt communications. It is also referred to as group authentication, since a group of users share the same secret
108
Wi-Fi Protected Access (WPA)
encryption scheme for protecting Wi-Fi communications, designed to replace WEP
109
Media Access Control (MAC)
spoofing is an attack in which an attacker falsifies the factory assigned MAC address of a device's network interface
110
Network Address Port Translation (NAPT)
overloading maps private host IP addresses onto a single public IP address
111
Fingerprinting
act of port scanning using a tool, such as Nmap (network mapping), which can reveal the presence of a router and what dynamic routing and management protocols it is running
112
ICMP redirect (a.k.a. ARP poisoning)
tricks hosts on the subnet into routing through the attacker's machine rather than the legitimate default gateway
113
An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would prevent this type of network disruption?
- Boost the signal of the legitimate equipment
| - Locate the offending radio source and disable it
114
Which of the following can perform a Denial of Service (DoS) attack against a wireless network?
- A disassociation attack
| - A deauthentication attack
115
A registry has a code library added to it, to include its files to the system folder, which can intercept and redirect calls to enable legacy mode functionality. This is a way that malware, with local administrator privileges, can run on reboot. Which of the following represents this code library?
A shim
116
After spoofing the IP address of a network host, an attacker connects to multiple servers and redirects SYN/ACK (Synchronize/Acknowledge) packets to a victim server to consume its bandwidth and crash it. What type of attack does this describe?
A DRDoS attack
117
An attacker changed the physical address of the wireless adapter interface, to redirect traffic to the hacker's computer destined for the legitimate user. What type of attack does this describe?
Media Access Control (MAC) spoofing
118
Which of the following attacks do security professionals expose themselves to if they turn the power output down on a wireless access point (AP)?
Evil twin attacks
119
"evil twin" attacks
- Security professionals expose themselves to "evil twin" attacks, as users may expect to find the network at a given location and assume that the rogue AP is legitimate
- evil twin is a rogue access point (AP) masquerading as a legitimate one, and can have a similar Service Set Identifier (SSID) name as the legitimate AP. The evil twin can harvest information from users entering their credentials
120
deauthentication attack
A deauthentication attack sends a stream of spoofed deauth frames to cause a client to deauthenticate from an AP. This might allow the attacker to interpose the rogue AP or sniff information about the authentication process.
121
disassociation attack
A disassociation attack hits the target with disassociation packets and is used to perform a Denial of Service (DoS) attack against the wireless infrastructure
122
interference
- A wireless network can be disrupted by interference from other radio sources. One way to defeat a jamming attack is to locate the offending radio source and disable it.
- A wireless network can be disrupted by interference from other radio sources. One way to defeat a jamming attack is to boost the signal of the legitimate equipment.
- The source of interference will only be detected using a spectrum analyzer, and does not defeat or prevent it.
123
Personal Area Network (PAN)
network that connects two to three devices with cables and is most often seen in small or home offices
124
An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would prevent this type of network disruption?
- Boost the signal of the legitimate equipment
| - Locate the offending radio source and disable it
125
pointer
reference to an object in memory. Attempting to access that memory address is called dereferencing
126
integer overflow attack
causes the target software to calculate a value that exceeds the upper and lower bounds
127
race condition
software vulnerability that occurs when the execution processes is dependent on the timing of certain events, and those events fail to execute in the order and timing intended
128
Distributed Reflection Denial of Service (DRDoS) attack
adversary spoofs the victim's IP address and attempts to open connections with multiple servers. Those servers direct their SYN/ACK (Synchronize/Acknowledge) responses to the victim server. This rapidly consumes the victim's available bandwidth
129
botnet
set of computers that has been infected to enable attackers to exploit computers to mount attacks
130
Smurf attack
adversary spoofs the victim's IP address and pings the broadcast address of a third-party network. Each host directs its echo responses to the victim server
131
An attacker discovered an input validation vulnerability on a website, crafted a URL that performed code injection against it, and emailed the link to the victim. Once the user clicked the link, the web site returned the page containing the malicious code. What type of attack does this describe?
Cross-site scripting (XSS)
132
A social engineer convinced a victim to visit a malicious website, which allowed the attacker to exploit vulnerabilities on the victim's web browser. Which of the following best describes this type of attack?
A Man-in-the-Browser (MitB) attack
133
By modifying query traffic, an attacker compromised a legitimate site's web server via a Denial of Service (DoS) attack and redirected traffic, intended for the legitimate domain to go instead to the attacker's malicious IP address. What type of attack did the hacker perform?
Domain Name System (DNS) server cache poisoning
134
Which of the following is an example of why viruses are destructive?
- Viruses can spread via social engineering techniques
| - Viruses can exploit zero days
135
An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. Which of the following attacks is the mobile device vulnerable to?
Bluesnarfing
136
Which of the following attacks can the use of once-only tokens and timestamping sessions help prevent?
- A replay attack
| - A pass-the-hash attack
137
Which of the following, if implemented, will NOT help mitigate the threat of tailgating?
Installing non-discretionary privilege management
138
A social engineer, after performing reconnaissance on a victim, spoofed the phone number of the doctor's office the target frequently visits. Posing as the receptionist, the attacker called the victim, and requested the victim's Social Security Number (SSN). What type of social engineering attack did the social engineer exercise?
Authority
139
A social engineer used vishing and polite behavior to persuade a target to visit a fake website with fake reviews. The attacker then persuaded the victim to enter personally identifiable information (PII) in a web form. Which of the following did the attacker use to make the site appear more legitimate?
- Familiarity/liking
| - Consensus/social proof
140
Which of the following does NOT provide encryption and is therefore, vulnerable to eavesdropping and Man-in-the-Middle attacks?
NFC
141
NFC (Near Field Communications)
does not provide encryption, so eavesdropping and Man-in-the Middle attacks are possible, if the attacker can find some way of intercepting the communication and other software services are not encrypting the data
142
An attacker performed a Denial of Service (DoS) attack against a server, crashing it. What could the attacker do to mask the origin of the attack and make it harder for the security team to find the source of the attack?
Use IP spoofing
143
Nondiscretionary privilege management
models are aimed to mitigate the problem of regulating the access control of privileged admin accounts
144
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?
A shim
145
If a system is vulnerable, to which of the following can an attacker (with system access) be able to obtain keys from system memory?
Privilege escalation
146
Privilege escalation
- practice of exploiting flaws in an operating system or other application, to gain a greater level of access than was intended for the user or application
- attacker with system access is able to obtain keys from system memory or pagefiles/scratch disks
147
A user entered credentials into a web application login page. Unfortunately, the login form contained a malicious invisible iFrame, that allowed the attacker to intercept the user's input. What type of attack is this known as?
Clickjacking
148
An adversary spoofs a victim's IP address and attempts to open connections with multiple servers. If those servers direct their SYN/ACK (Synchronize/Acknowledge) responses to the victim server, and rapidly consume the victim's bandwidth, what has happened?
A Distributed Reflection Denial of Service (DRDoS) attack
149
A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?
Locally Shared Objects (LSOs)
150
A security analyst's scans and network logs show that unauthorized devices are connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device?
A rogue access point (AP)
