Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTia > Ch.3 > Flashcards

Ch.3 Flashcards

1
Q

ActiveX

A

a set of rules for how applications under the Microsoft Windows operating system should share information.

  • is not a programming language but a set of rules for how applications under the Microsoft Windows OS should share information
  • attackers can take advantage of vulnerabilities to perform malicious attacks on a computer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ActiveX control

A

a specific way of implementing ActiveX that runs through the web browser and functions like a miniature application

  • represent specific way of implementing ActiveX and are sometimes called ActiveX Applications
  • can be invoked from webpages through the use of a scripting language or directly by an HTML command
  • can delete files or reformat a hard drive
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

add-on

A

program that provides additional functionality to web browsers. also called EXTENSION

add-ons can:

  • create additional web browser toolbars
  • change browser menus
  • be aware of other tabs open in the same browser process
  • process the content of every webpage that is loaded
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Address Resolution Protocol (ARP)

A

part of the TCP/IP protocol for determining the MAC address based on the IP address

-if the IP address for a device is known but the MAC address is not, the sending computer sends an ARP packet to all computers on the network that in effect says, “If this is your IP address, send me back your MAC address.” The computer with that IP address sends back a packet with the MAC address so the packet can be stored in ARP cache for future reference. In addition, all other computers that hear the ARP reply also cache that data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

arbitrary/remote code execution

A

an attack that allows an attacker to run programs and execute commands on a different computer

  • HEAP SPRAY is targeted and inserts data only in certain parts of memory. Often used in an arbitrary/remote code execution attack
  • gains control of the victim’s computer to execute the attacker’s commands; turns it into his own remote computer
  • gaining control of the victim’s computer can virtually perform any command for example; access the computer’s files, displaying objectionable content on the screen, erasing the entire contents of the hard drive
  • this attack often takes advantage of malicious attachments. If a user opens a specially crafted file, such as a Microsoft Visio file or a PDF file, the attacker can gain the same user rights as the current user who is logged on

p109

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ARP poisoning

A

an attack that corrupts the ARP cache

  • attacker can modify the MAC address in the ARP cache so that the corresponding IP address points to a different computer
  • Man-in- the- middle attack using ARP poisoning requires sending malicious ARP reply messages and using IP forwarding. However, many automated attack software tools will easily perform ARP POISONING

Example of ARP poisoning:

Attack: Steal data
Description: attacker can substitute her own MAC address and steal data intended for another device

Attack: Prevent internet access
Description: attacker can substitute an invalid MAC address for the network gateway so that no users can access external networks

Attack: Man-in-the-middle
Description: man-in-the middle device can be set to receive all communications by substituting that MAC address

Attack: Dos attack
Description: the valid IP address of the DoS target can be substituted with an invalid MAC address, causing all traffic destined for the target to fail

p114

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

attachment

A

a file that coupled to an email message and often carries malware

  • commonly used to spread viruses, trojans, and other malware when they are opened
  • most users are unaware of the danger of attachments and routinely open any email attachment that they receive, even if it is from an unknown sender
  • attackers include information in the subject line that entices even reluctant users to open the attachment, such as a current event (i.e. Check out this info about yesterday’s hurricane) or information about the recipient (i.e. Is this really you in this picture?)
  • Email-distributed malware frequently takes advantage of personal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

buffer overflow attack

A

an attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

  • the extra data overflows into the adjacent memory locations (a buffer overflow). the storage buffer typically contains the “return address” memory location, an attacker can overflow the buffer with a new address pointing to the attacker’s malware code
  • The “return address” is not the only element that can be altered in a buffer overflow attack, but it is one of the most commonly altered elements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

client-side attack

A

an attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data

  • this happens when the client initiates the connection with the server and results in an attack
  • client-side attacks are not limited to the web: they can occur on any client/server pair, such as email, File Transfer Protocol (FTP), instant messaging (IM) or multimedia streaming
  • user’s computer can become compromised just by VIEWING a webpage and not even clicking on any content. Known as (DRIVE-BY DOWNLOAD).
  • attackers first identify a vulnerable web server and inject content by exploiting the server through vulnerable scripting applications
  • attackers avoid visual detection by often crafting a ZERO-PIXEL IFRAME (Inline Frame). This is an HTML element that allows for embedding another HTML document inside the main document. This is invisible to the naked eye. The browsers download the initial exploit script that targets a vulnerability in the browser through an IFrame. This will instruct the browser to connect to the attackers’s web server to download malware, which is then automatically installed and executed on the client
  • DRIVE-BY DOWNLOADS sites target older web browsers; these attacks often are noT as effective against new browsers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

command injection

A

injecting and executing commands to execute on a server

  • attack can be launched through a vulnerability in the web application program that accepts user input, a vulnerability in the web server operating system software, or a security misconfiguration on the server itself
  • long string of characters may be entered such as http://../../../../../../../../ where ../ traverses up one directory level. if user input were permitted and not properly validated, the attacker could create the input http://www.server.net/dnamic.asp?view=../../../../../TopSecret.docx which could display the contents of a document

pg100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

cookie

A

a file on a local computer in which a web server stores user-specific information

  • the server can store user-specific information in a file on the user’s local computer and then retrieve it later
  • cookies can store any personally identifiable information (name, email address, work address, telephone number, and so on). however, a website cannot gain access to private information stored on the local computer.
  • once a cookie is created on a client computer, only the website that created that cookie can read it

Several different types of cookies exist:

  • First-Party cookie
  • Third-Party cookie
  • Session cookie
  • Persistent cookie
  • Locally shared objects (LSO)

-cookies can pose both security and privacy risks. FIRST-PARTY COOKIES can be stolen and used to impersonate the user. THIRD-PARTY COOKIES can be used to track the browsing or buying habits of a user. This will allow organizations know which pages are being viewed, how often they are viewed, and the IP address of the viewing computer. This information can be used to infer what items the user may be interested in, and to target advertising to the user

p104

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

cross-site scripting (XSS)

A

an attack that injects scripts into a web application server to direct attacks at clients

  • refers to an attack using scripting that originates on one site (the web server) to impact another site (the user’s computer)
  • XSS is like a phishing attack but without needing to trick the user into visiting a malicious website. Instead, the user starts at a legitimate website and XSS automatically directs her to the malicious site
  • an XSS attack requires a website that meets two criteria: it accepts user input without validating it, and it uses that input in a response
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

denial of service (DoS)

A

an attack that attempts to prevent a system from performing its normal functions by overwhelming the system with requests

  • a deliberate attempt to prevent authorized users from accessing a system by overwhelming that system with requests
  • most DoS attacks today are actually DISTRIBUTED DENIAL OF SERVICE (DDoS). instead of just one computer, a DDoS may used hundreds or thousands of zombie computers in a botnet to flood a device with requests

3 different types of DoS attacks:

  • ping flood
  • smurf attack (spoofing)
  • SYN flood attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

directory traversal

A

an attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories

-once the attacker has accessed a restricted directory, she can enter (inject) commands to execute on a server (called COMMAND INJECTION) or view confidential files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

distributed denial of service (DDoS)

A

an attack that uses many computers to perform a DoS attack

-this is to overwhelm a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DNS poisoning

A

an attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker’s device

-predecessor to today’s Internet was a network known as ARPAnet. Network was completed in 1969 and linked together single computers located at each of four different sites. was trying to type the word LOGIN, but failed at letter G. the system crashed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Domain Name System (DNS)

A

a hierarchical name system for translating domain names to IP addresses

-When TCP/IP was developed, the host table concept was expanded to hierarchical name system for matching computer names and numbers known as DOMAIN NAME SYSTEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

extension

A

another name for ADD-ON

-add-ons/extensions can do the following:
create additional web browser toolbars
change browser menus
be aware of other tabs open in the same browser process
process the content of every webpage that is loaded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

first-party cookie

A

a cookie that is created from the website currently being viewed

-example:
When viewing the website www.cengage.com, the cookie CENGAGE could be created and saved on the user’s hard drive. Whenever the user returns to this site, that cookie would be used by the site to view the user’s preferences and better customize the browsing experience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Flash cookie

A

another name for LOCALLY SHARED OBJECT (LSO)

  • named after the Adobe Flash player
  • they can store data more complex than the simple text that is typically found in a regular cookie
  • can store up to 100 KB of data from a website, about 25 times as much as a regular cookie
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

a list of the mappings of host names to IP addresses

A

host table

-created in the early 1970s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

part of HTTP that is comprised of fields that contain the different characteristics of the data that is being transmitted

A

HTTP header

This is comprised of:

  • field name
  • a colon
  • field value
    (i. e. Content-length:49)
  • core set of fields has been standardized by the Internet Engineering Task Force (IETF)
  • HTTP headers are the result of an HTTP request by a web browser to a web server or the response back to the browser by the web server. Usually HTTP headers are used only by the web browser and the web server software because many web applications choose to ignore them

p102

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

modifying HTTP headers to create an attack

A

HTTP header manipulation

-not an actual attack, but rather the vehicle through which other attacks, such as XSS, can be launched

Examples of HTTP header attacks:

-REFERER-
some websites check the Referer field to ensure that the request came from a page generated by that site, an attacker can bypass this security by modifying the Referer field to hide the fact that it came from another site

-Accept-Language-
some web applications pass the contents of this field directly to the database. An attacker can inject an SQL command by modifying this header. an attacker could generate a directory traversal attack

-Respnonse splitting-
client computer must allow input that contains CARRIAGE RETURN (CR using %0d or \r) and line feed (LF using %0a, or \a). these characters can not only give attackers control of the remaining HTTP headers and body of the response but also allow them to create additional responoses via HTTP headers that are entirely under their control

p103

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

an attack that is the result of an attacker changing the value of a variable to something outside the range that the programmer had intended

A

integer overflow attack

-when this integer overflow occurs, the interpreted value then wraps around from the maximum value to the minimum value

The attack used in situations-
-used to create a buffer overflow situations. if introduced during the calculations for the length of a buffer when a copy is occurring, it could result in a buffer that is too small to hold the data. attack could then use this to create her buffer overflow attack

  • a program that calculates the total cost of items purchased would use the number of units sold times the cost per unit.it could result in a negative value and a resulting negative total cost, indicating that a refund is due the customer
  • a large positive value in a bank transfer could be wrapped around by an integer overflow attack to become a negative value, which could then reverse the flow of money. instead of adding this amount to the victim’s account, it could withdraw that amount and later transfer it to the attacker’s account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

a cookie that is significantly different in size and location from regular cookies, and can store more complex data. also called FLASH COOKIE

A

locally shared object (LSO)

  • named after the Adobe Flash player
  • they can store data more complex than the simple text that is typically found in a regular cookie
  • can store up to 100 KB of data from a website, about 25 times as much as a regular cookie
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

an attack that intercepts legitimate communication and forges a fictitious response to the sender

A

man-in-the -middle

  • this attack is conducted on networks
  • appears that 2 computers are communicating with each other. however, the communication is going to the computer between them
  • attack can be active or passive
    • -passive attack: attacker captures the data that is being transmitted, records it , and then sends it on to the original recipient without the attacker’s presence being detected
    • -active attack: contents are intercepted and altered before they are sent on to the recipient
27
Q

a cookie that is recorded on the hard drive of the computer and does not expire when the browser closes

A

persistent cookie

-also known as TRACKING COOKIE

28
Q

a utility that sends an ICMP (Internet Control Message Proocol) echo request message to host echo request message to a host

A

ping

-normally used by network diagnostic tasks, such as determining if a hot system is active or finding the path used by a packet to reach the host

29
Q

ping flood

A

an attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets

30
Q

a third-party library that attaches to a web browser and can be embedded inside a webpage

A

plug-in

  • adds new functionality to the page being viewed so that users can play music and other multimedia content within the browser or view special graphical images that normally browser could not play or display
  • most widely used plug-ins for web browsers are JAVA, Adobe Flash player, Apple QuickTime, and Adobe Acrobat Reader
  • Plug-ins can be added to a webpage using the HTML tag or an tag

p106

31
Q

an attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing

A

privilege escalation

2 types of privilege escalation:

-VERTICAL PRIVILEGE ESCALATION-
user with lower privilege uses privilege escalation to grant herself access functions reserved for higher-privilege users

-HORIZONTAL PRIVILEGE ESCALATION-
user with restricted privileges accesses the different restricted functions of a similar user

32
Q

an attack that makes a copy of the transmission before sending it to the recipient

A

replay

  • captured credentials can later be used
  • an attacker can capture the message sent from the network device to the server. Later, the attacker can send the original message to the server, and the server may respond, thinking it came from the valid device
33
Q

a cookie that is stored in Random Access Memory (RAM) instead of on the hard drive and only lasts only for the duration of a visit to a website

A

session cookie

  • stored in RANDOM ACCESS MEMORY (RAM), instead of on the hard drive, and lasts only for the duration of the visit to the website
  • session cookie expires when the user closes the browser or has not interacted with the site after set period of time
34
Q

an attack in the which an attacker attempts to impersonate the user by using the user’s session token

A

session hijacking

  • most common methods is to use XSS or other attacks to steal the session token cookie from the victim’s computer and then use it to impersonate the victim
  • other ways include eavesdropping on the transmission or guessing the session token.
  • attacker can accumulate multiple session tokens and then make a guess at the next session token number

***Considered as an APPLICATION ATTACK and not a network-based attack

35
Q

a form of verification used when accessing a secure web application

A

session token

  • random string assigned to that interaction between the user and the web application currently being accessed (a session)
  • can be transmitted in different ways: in the URL, in the header of the HTTP requisition, or in the body of the HTTP
36
Q

an attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim

A

smurf attack

-the impersonation is called SPOOFING

37
Q

impersonating another computer or device

A

spoofing

-this is due to the SMURF ATTACK

38
Q

an attack that targets SQL(STRUCTURED QUERY LANGUAGE) servers by injecting commands to be manipulated by the database

A

SQL injection

  • STRUCTURED QUERY LANGUAGE used to view and manipulate data that is stored in a relational database
  • targets SQL servers
  • if the email address entered by the user into the form is stored in the variable $EMAIL, then the underlying SQL statement to retrieve the stored email address from the database would be similar to:

SELECT fieldlist FROM table WHERE field = ‘$EMAIL’

-if the message E-mail Address Unknown is displayed, it indicates that user input is being properly filtered and an SQL attack cannot be rendered on the site.

    • ‘whatever’. this can be anything meaningless
    • or. The SQL OR means that s long as either of the conditions are true, the entire statement is true and will be executed
  • -‘a’=’a’. This is a statement that will always be true

SQL INJECTION STATEMENT TABLE

SQL INJECTION: whatever’ AND email IS NULL;–
RESULT: Determine the names of different fields in the database

SQL INJECTION:
whatever’ AND 1=(SELECT COUNT(*) FROM tabname);–
RESULT: Discover the name of the table

SQL INJECTION: whatever’ OR full_name LIKE’%Mia%’
RESULT: Find specific users

SQL INJECTION: whatever’; DROP TABLE members; –
RESULT: Erase the database table

SQL INJECTION:
whatever’; UPDATE members SET email =
‘attacker-email@evil.net’ WHERE email = ‘Mia@good.com’;
RESULT: Mail password to attacker’s email account

39
Q

an attack that takes advantage of the procedures for initiating a TCP/IP session

A

SYN flood attack

  • This request uses a control message, called a SYNCHRONIZE MESSAGE or SYN, to initialize the connection. Server responds with its own SYN along with an ACKNOWLEDGMENT (ACK) that it received the initial request, called a SYN+ACK. The server then waits for a reply ACK from the device indicating that it received the server’s SYN
  • attacker sends SYN segments in IP packets to the server. server “hold the line open” and wait for a response (which is not coming) while receiving more false requests and keeping more lines open for responses.

p111

40
Q

a cookie that was created by a third party that is different from the primary website

A

third-party cookie

  • some websites attempt to place additional cookies on the local hard drive
  • intended to tailor advertising to that user
41
Q

an attack that exploits the trust relationship between three parties

A

transitive access

  • System 1 can access System 2, and because System 2 can access System 3, then System 1 can access System 3
42
Q

a markup language that is designed to CARRY data, in contrast to HTML, which indicates how to DISPLAY data

A

XML (Extensible Markup Language)

  • XML does not have a predefined set of tags; instead, users define their own tags
  • differ from HTML because XML is designed to CARRY data instead of indicating how to display it
  • XML is for the transport and storage of data, with the focus on what the data is
43
Q

an attack that injects XML tags and data into a database

A

XML injection

  • like SQL injection, an attacker who discovers a website that does not filter input user data can inject XML tags and data into the database
  • XPath injection attempts to exploit the XML Path Language (XPath) queries that are built from user input
44
Q

attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for a or defend against the attack

A

zero-day attack

45
Q

Which of these is NOT a reason why securing server-side web applications is difficult?

a. Although traditional network security devices can block traditional network attacks, they cannot always block web application attacks
b. The processors on clients are smaller than on web servers and thus they are easier to defend.
c. Many web application attacks exploit previously unknown vulnerabilities
d. By design dynamic server-side web applications accept user input that can contain malicious code

A

b

46
Q

Which of these is not an HTTP header attack?

a. Accept-Language
b. Referer
c Response splitting
d. Content-length

A

d

47
Q

What is another name for a locally shared object?

a. Flash cookie
b. session cookie
c. Ram cookie
d. secure cookie

A

a

48
Q

Browser plug-ins _______.

a. only function on web servers
b. can be embedded inside a webpage but add-ons cannot
c. have additional functionality to the entire browser
d. have been replaced by browser extensions

A

b

49
Q

An attacker who manipulates the maximum size of an integer type would be performing what kind of attack?

a. buffer overflow
b. real number
c. heap size
d. integer overflow

A

d

50
Q

What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another?

a. privilege rights
b. heap spray
c. transitive
d. vertical escalation

A

c

51
Q

Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks?

a. Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
b. Web application attacks use web browsers that cannot be controlled on a local computer.
c. network security devices cannot prevent attacks from web resources.
d. the complex nature of TCP/IP allows for too many ping sweeps to be blocked

A

a

52
Q

What do attackers use buffer overflows to do?

a. erase buffer overflow signature files
b. corrupt the kernel so the computer cannot reboot
c. point to another area in data memory that contains the attacker;s malware code
d. place a virus into the kernel

A

c

53
Q

What is unique about a cross-site scripting (XSS) attack compared to other injection attacks?

a. SQL code is used in an XSS attack
b. XSS requires the use of a browser
c. XSS does not attack the web application server to steal or corrupt its information
d. XSS attacks are rarely used anymore compared to other injection attacks

A

c

54
Q

What is a cookie that was not created by the website being viewed called?

a. first-party cookie
b. second-party cookie
c. third-party cookie
d. fourth-party cookie

A

c

55
Q

What is the basis of an SQL injection attack?

a. to have the SQL server attack client web browsers
b. to inject SQL statements through unfiltered user input
c. to expose SQL code so that it can be examined
d. to link SQL servers into a botnet

A

b

56
Q

Which action cannot be performed through a successful SQL injection attack?

a. reformat the web application server’s hard drive
b. display a list of customer telephone numbers
c. discover the names of different fields in a table
d. erase a database table

A

d

57
Q

Which markup language is designed to carry data?

a. ICMP
b. HTTP
c. HTML
d. XML

A

d

58
Q

What type of attack involves an attacker accessing files in directories other than the root directory?

a. SQL injection
b. command injection
c. XML injection
d. directory traversal

A

d

59
Q

Which type of attack modifies the fields that contain the different characteristics of the data that is being transmitted?

a. XML manipulation
b. HTML packet
c. SQL injection
d. HTTP header

A

d

60
Q

What is a session token?

a. XML code used in an XML injection
b. a random string assigned by a web server
c. another name for a third-party cookie
d. a unique identifier that includes the user’s email address

A

b

61
Q

Which of these is NOT a Dos attack?

a. SYN flood
b. ping flood
c. smurf
d. push flood

A

d

62
Q

What type of attack intercepts legitimate communication and forges a fictitious response to the sender?

a. SIDS
b. interceptor
c. man-in-the-middle
d. SQL intrusion

A

c

63
Q

A replay attack ______.

a. is considered to be a type of Dos attack
b. makes a copy of the transmission for use at a later time
c. can be prevented by patching the web browser
d. replays the attack over and over to flood the server

A

b

64
Q

DNS poisoning ______.

a. floods a DNS server with requests until it can no longer respond
b. is rarely found today due to the use of host tables
c. substitutes DNS addresses so that the computer is automatically redirected to another device
d. is the same as ARP poisoning

A

c

CompTia (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions