Chapter 9 - Malware, Vulnerabilities and Threats Flashcards Preview

CompTIA Security+ > Chapter 9 - Malware, Vulnerabilities and Threats > Flashcards

Flashcards in Chapter 9 - Malware, Vulnerabilities and Threats Deck (25):

How does Spyware differ from Malware?

page 300
Works actively on behalf of a third party. Rather than self replicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it.


What are rootkits?

page 301
Software programs that have the ability to hide certain things from the operating system.


What are Trojan Horses?

page 305
Programs that enter a system or network under the guise of another program. Could create a backdoor or replace a valid program during installation.


What are logic Bombs?

page 307
Programs or code snippets that execute when a certain predefined event occurs.


What are the two Definitions of Backdoors?

page 308
- Originally referred to troubleshooting and developer hooks into systems that often circumvented normal authentication.
- Second refers to gaining access to a network and inserting a program or utility that creates an entrance for an attack.


What are software running on infected computers called zombies often known as?

page 309


What are often delivered through a Trojan, takes control of a system and demands that a third party be paid?

page 309
- The "control" can be accomplished by encrypting the hard drive, by changing user password information, or via any of number of other creative ways.


What are the different types of Virus classifications?

page 310
- Polymorphic - Stealth
- Retrovirus - Multipartite
- Armored - Companion
- Phage - Macro


What are the different types of viruses?

page 313
- Armored - Polymorphic
- Companion Virus - Phage
- Macro Virus - Retro virus
- Multipartite Virus - Stealth


What is Spam?

page 316
Defined as any unwanted, unsolicited email and not only can the sheer volume of it be irritating, but it can also often open the door to larger problems.


What are some of the reasons attackers have for initiating an attack?

page 319
- They might be doing it for sheer fun of it.
- They might be criminals attempting to steal from you
- They might be individuals or groups who are using the attack to make a political statement or commit an act of terrorism


What are some of attacks of DoS, DDoS?

page 319
- Deny access to information, applications, systems, or communications.
- Bring down a website while the communications and systems continue to operate.
- Crash the operating system
- Fill the communications channel of a network and prevent access by authorized users.
- Open as many TCP sessions as possible; this type of attack is called a TCP SYN flood DoS attack


What is a Spoofing Attack?

page 321
Is an attack by someone or something to masquerade as someone else., usually an access attack.


What are the most popular spoofing attacks today?

page 321
- IP spoofing
- ARP Spoofing
- DNS SPoofing


What is Spear Phishing?

page 323
A unique form form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party.


What is Replay Attacks?

page 325
Is a kind of access or modification attack. The attacker can capture the information and replay it later.


What types of Password Attacks are there?

page 327
Brute-Force Attack
Dictionary Attack
Birthday Attack
Rainbow Table


How does a Brute-Force Attack occur?

page 327
Is an attempt to guess passwords until a successful guess occurs.


What type of attack uses a combination of dictionary entries and brute-force?

page 327


What is a Rainbow Table Attack?

page 327
Focuses on identifying a stored value. By using values in an existing table of hashed phrases or words and comparing them to values found.


What are some questions you should consider when responding to an Attack?

page 328
1. How can you show that a break-in really occurred?
2. How can you determine the extent of what was done during the entry?
3. How can you prevent further entry?
4. Whom should you inform in your organization?
5. What should you do next?


What is Transitive Access?

page 332
One party (A) trusts another party (B)
If party (B) trusts another party (C), then a relationship may exist whereby the third party (C) is trusted by the first party (A)


What are Client-side Attacks?

page 333
Targets vulnerabilities in client applications that interact with a malicious server.


What is the act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error.

page 333
Typo Squatting and URL Hijacking


What is SQL Injection?

page 335
Structured Query Language, AKA SQL Insertion Attack.
An attacker manipulates the database code to take advantage of a weakness in it.
Various types of exploits fall into the following categories:
- Escape characters not filtered correctly
- Type handling not properly done
- Conditional errors
- Time delays