Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Security > L4 Malicious Software and Application Attacks > Flashcards

L4 Malicious Software and Application Attacks Flashcards

1
Q

Name a few different types of attacks

A

Passive
Active
Insider
Outsider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a passive attack?

A

An attempt to learn or make use of information from the system that does not affect the system resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a active attack?

A

An attempt to alter the system resources or affect their operation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an insider attack?

A

An attack initiated by an entitiy inside the security perimeter, an inside attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a outsider attack?

A

An attack initiated by an entity outside the security perimeter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an Attack tree?

A

Is an branching, hierarchical data structure that represent a set of potential techniques for exploting security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Malware?

A

a program that is inserted into a system, usually without the owner of the system knowing it. With the intent of compromising the CIA of the victims data, applications or operating system. Or otherwise annoying or disrupting the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What types of malware are there?

A
  • Viruses
  • Worms
  • Trojan horses
  • Logic bombs
  • etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a virus?

A
  • Is a piece of malicious code replicating itself by attaching to another piece of executable code.
  • When the executuble code is run, the virus is also executed and has the oportunity to infect and perform any other nefarious actions it was intended to do.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a worm?

A
  • Is a piece of code that attempts to penetrate networks and computer systems
  • When the worm penetrates it copies itself on the penetrated system.
  • A worm doesn’t have to rely on the attachement to another piece of code as a virus would have to.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the difference in the lifcycle of a worm when compared to a virus?

A

A worm can survive on it’s own, whereas a virus code has to attach itself to something else.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a Trojan horse?

A
  • Is a piece of software that appears to do a thing, and may even do it in order to hide other functionality.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a challenge with a Trojan horse?

A

The attacker have to somehow entice the intended victim to copy and run the program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the difference in the lifcycle of a trojan when compared to a virus?

A

Unlike the virus which has to copy itself by attaching to other files or programs the trojan is a standalone program that must be copied and installed by the victims.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a logic bomb?

A
  • It’s a type of mailcious software that is deliberately installed, often by a authorized user and in particular by administrators.
  • Logic bombs difficult to detect.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the difference in the lifcycle of a Logic bomb when compared to other malware?

A

A logic bomb is a piece of code that sits dormant for a period for time until som kind of event invokes its malicous payloud.

17
Q

What is a buffer overflow

A

Is an attack where input is placed into a buffer or data holding area, filling it more than it has the capacity too handle, in turn overwriting information. At this time attackers exploit the condition to crash the system or place specifically crafted code which could allow them to gain control of the system.

18
Q

What is a scripting attack?

A

Is an attack where additional commands are hidden inside the user input. The usual intent is to provide the attacked with unauthorized or create damage to websites.

19
Q

What makes a system vulnerable to scripting attacks?

A

Where the user input is unvalidated.
Examples:
* Adding - - to user input at the end may leave a database open to attacks, because code is commented out and your own code can be added in.

20
Q

What is an SQL injection attack?

A
  • SQL commands are placed between single quotes.
  • E.g SELECT * FROM client WHERE name = ‘Bob’ OR 1=1 –
  • A legal username is inserted into the query, but because name = Bob OR 1=1 is TRUE the entire client table is selected.

Information Security (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions