Chapter 1

Question 1

improper input handling

Answer 1

A programming error that does not filter or validate user input to prevent a malicious action.

Question 2

injections

Answer 2

Attacks that introduce new input to exploit a vulnerability.

Question 3

integer overflow attack

Answer 3

An attack that changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.

Question 4

keylogger

Answer 4

Hardware or software that silently captures and stores each keystroke that a user types on the computer’s keyboard.

Question 5

logic bomb

Answer 5

Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it.

Question 6

malware

Answer 6

Malicious software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action.

Question 7

memory leak

Answer 7

A situation that occurs when, due to a programming error, memory is not freed when the program has finished using it.

Question 8

pointer/object dereference

Answer 8

A flaw that results in a pointer given a NULL instead of valid value.

Question 9

potentially unwanted programs (PUPs)

Answer 9

Software that users do not want on their computer.

Question 10

race condition

Answer 10

A situation in software that occurs when two concurrent threads of execution access a shared resource simultaneously.

Question 11

ransomware

Answer 11

Malware that prevents a user’s endpoint device from properly and fully functioning until a fee is paid.

Question 12

refactoring

Answer 12

Changing the design of existing code

Question 13

remote access Trojan (RAT)

Answer 13

Malware that infects a computer like a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specially configured communication protocols.

Question 14

replay

Answer 14

An attack that copies data and then uses it for an attack.

Question 15

resource exhaustion attacks

Answer 15

An attack that depletes parts of memory and interferes with the normal operation of the program in RAM to give an attacker access to the underlying OS.

Question 16

rootkit

Answer 16

Malware that can hide its presence and the presence of other malware on the computer.

Question 17

security of the ML algorithms

Answer 17

A risk associated with the vulnerabilities in AI-powered cybersecurity applications and their devices.

Question 18

server-side request forgery (SSRF)

Answer 18

An attack that takes advantage of a trusting relationship between web servers

Question 19

shimming

Answer 19

Transparently adding a small coding library that intercepts calls made by a device and changes the parameters passed between the device and the device driver.

Question 20

spyware

Answer 20

Tracking software that is deployed without the consent or control of the user.

Question 21

SQL injection

Answer 21

An attack that inserts statements to manipulate a database server using Structured Query Language commands

Question 22

Structured Query Language

Answer 22

A language used to view and manipulate data that is stored in a relational database.

Question 23

tainted training data for machine learning

Answer 23

A risk associated with attackers can attempt to alter the training data that is used by ML

Question 24

time of check/time of use

Answer 24

A software check of the state of a resource before using that resource.

Question 25

Trojan

Answer 25

An executable program that masquerades as performing a benign activity but also does something malicious.

Question 26

worm

Answer 26

Malicious program that uses a computer network to replicate.

Question 27

XML injection

Answer 27

An attack that inserts statements to manipulate a database server using eXtensible Markup Language (XML).