Threats and Vulnerabilities

Question 1

CIA triad

Answer 1

Confidentiality / integrity / availability

Question 2

Confidentiality

Answer 2

Encryption
WPA2 WEP

Question 3

Integrity

Answer 3

Hashing
Hash MD5 SHA1 SHA256

Question 4

Availability

Answer 4

Redundancy reliability

Question 5

CVE

Answer 5

Common vulnerabilities and exposures
Known vulnerabilities

Question 6

Zero day

Answer 6

Unknown vulnerabilities

Question 7

5 vulnerability types

Answer 7

Non-compliant systems
Unpatched
Unprotected
EOL-OS
BYOD

Question 8

3 DOS types

Answer 8

Flood attack - ping flood / SYN flood
Permanent DOS - forceful reflashing
Fork bomb - fills up a processor

Question 9

DDOS type uses zombies or bots

Answer 9

DNS amplification - flood a website with DNS requests

Question 10

3 Spoofing types (faking identity)

Answer 10

Ip spoofing - faking ip address (layer 3)
Mac spoofing - (layer 2)
ARP spoofing - arp request to pair ip+mac

Question 11

4 on path attacks
(When a attacker puts themselves in the middle)

Answer 11

ARP poisoning
DNS poisoning
Rouge WAP
Rouge Switch

Question 12

SSL stripping

Answer 12

Turns HTTPS into HTTP

Question 13

Downgrade attack

Answer 13

Lowers the encryption version

Question 14

SQL injection

Answer 14

Structured Query Language

Insert SQL info into input data on a web application

Example replace password with ‘or 1=1

Question 15

XSS

Answer 15

Cross site scripting
Embeds script into website to effect the USER

Question 16

XSRF

Answer 16

Cross Site Request Forgery
Forces authenticated user to effect the SERVER

Question 17

4 Password Cracker types

Answer 17

Password guessing
Dictionary attack
Brute force attack
Cryptanalysis attack (compared hashes to a lookup table called a rainbow table)

Question 18

8. Symptoms of infection with malware

Answer 18

Hard drive, files, or apps aren’t accessible
Strange noises
Unusual error messages
Display looks strange
Jumbled printouts
Double file extensions
New files or missing files
System restore won’t function

Question 19

Sign of infection and how to counter

Answer 19

Computer is acting funny or strange
Boot into safe mode
Or boot from external and scan with antivirus

Question 20

Phishing

Answer 20

Social engineering attack from supposedly reputable source trying to get victim to divulge information

Question 21

Spear phishing

Answer 21

Targeted small group phishing

Question 22

Whaling

Answer 22

Phishing fixed on executives

Question 23

Smishing

Answer 23

Sms phishing (texting)

Question 24

Vishing

Answer 24

Voice phishing

Question 25

BEC

Answer 25

Business email compromise
Taking over a executives email

Question 26

Pharming

Answer 26

Tricks user into imputing info by redirecting to a website controlled by attacker

Question 27

Elicitation

Answer 27

Ask people questing to get information or do something

Question 28

Pretexing

Answer 28

Giving some kind of know or assumed info to get someone to share more

Question 29

Social engineering

Answer 29

Hacking people

Question 30

Tailgating

Answer 30

Following an authorized person into a secure area

Question 31

Piggybacking

Answer 31

Tailgating with employees knowledge or consent

Question 32

Shoulder surfing

Answer 32

Looking over someone’s shoulder

Question 33

Evil twin

Answer 33

A fraudulent WAP

Question 34

Karma attack

Answer 34

Finds devices looking for WAPs they’ve previously connected to and matches the SSID they’re looking for

Question 35

Captive portal

Answer 35

Web page you’re obligated to visit prior to access being granted