Ch7: Protecting Against Advanced Attacks

Question 1

Spoofing attacks

Answer 1

typically change data to impersonate another system or person

Question 2

ARP poisoning attacks

Answer 2

attempt to mislead systems about the actual MAC address of a system. Sometimes used in MITM attacks

Question 3

DNS poisoning attacks

Answer 3

attempt to corrupt DNS data

Question 4

Amplification attacks

Answer 4

A type of DDoS attack that increases the amount of traffic sent to or requested from a victim and can be used against a wide variety of systems, including individual hosts, DNS servers, and NTP servers

Question 5

Brute force attacks

Answer 5

Attempt to guess passwords by trying every combination. Online attacks guess the password of an online system. Offline attacks guess the password stored in a file, such as a database

Question 6

Dictionary attacks

Answer 6

use a file of words and common passwords to guess a password

Question 7

These protect against brute force attacks

Answer 7

Account lockout policies

Question 8

These can help prevent dictionary attacks

Answer 8

Complex passwords

Question 9

Pass the hash attack

Answer 9

attempts to use an intercepted hash to access an account

Question 10

Salting

Answer 10

adds random text to passwords before hashing them and thwarts many password attacks, including rainbow table attacks

Question 11

Hash collision

Answer 11

occurs when the hashing algorithm creates the same hash from different passwords

Question 12

Birthday attacks

Answer 12

exploit collisions in hashing algorithms

Question 13

To defeat replay attacks, use

Answer 13

timestamps and sequence numbers

Question 14

Typo squatting/URL hijacking

Answer 14

Attackers purchase similar domain names. Users visit the typo squatting domain when they enter the URL incorrectly with a common typo

Question 15

Session hijacking attack

Answer 15

attacker utlizes the user’s session ID to impersonate the user

Question 16

Domain hijacking attack

Answer 16

attacker changes the registration of a domain name without permission from the owner

Question 17

Buffer overflows

Answer 17

occur when a program receives more data than it can handle, or receives unexpected data that exposes the system memory

Question 18

Buffer overflow attacks often include

Answer 18

nop sleds followed by malicious code. Input validation helps prevent buffer overflow attacks

Question 19

Input validation protects against

Answer 19

buffer overflow, SQL injection, command injection, and cross-site scripting attacks

Question 20

Error and exception handling helps

Answer 20

protect the integrity of the OS and controls the errors shown to users

Question 21

When errors occur, applications should…

Answer 21

show generic errors to the users but log detailed information

Question 22

Static vs dynamic code analysis

Answer 22

Static analysis examines the code without running it and dynamic analysis checks the code while it is running

Question 23

Fuzzing

Answer 23

sends random strings of data to applications looking for vulnerabilities

Question 24

Stress testing

Answer 24

verifies an application can handle a load

Question 25

Sandboxing

Answer 25

runs an application within an isolated environment to test it

Question 26

Model verification

Answer 26

ensures that the application meets all specifications and fulfills its intended purpose

Question 27

SDLC models

Answer 27

Software development life cycle models provide structure for software development

Question 28

Secure DevOps

Answer 28

an agile-aligned methodology that stresses security throughout the lifetime of the project

Question 29

Normalization

Answer 29

a process used to optimize databases. While there are several normal forms available, a database is considered normalized when it conforms to the first three normal forms

Question 30

SQL injection attacks

Answer 30

used to pass queries to back-end databases through web servers. Many attacks use the phrase “ or ‘1’=’1’” to get access

Question 31

XSS

Answer 31

Cross-site scripting attacks allow attackers to capture user information such as cookies. Input validation techniques at the server help prevent XSS attacks

Question 32

XSRF

Answer 32

Cross-site request forgery scripting causes users to perform actions on web sites, such as making purchases, without their knowledge. In some cases, it allows attackers to steal cookies and harvest passwords