Chapter 9 - Malware, Vulnerabilities, & Threats Flashcards Preview

Security + > Chapter 9 - Malware, Vulnerabilities, & Threats > Flashcards

Flashcards in Chapter 9 - Malware, Vulnerabilities, & Threats Deck (27)
Loading flashcards...

How is spyware different from other malware?

9 - 300

because it works on behalf of a third party


What is a rootkit?

9 - 301

software program that has the ability to hide certain things from the operating system


what is a trojan horse?

9 - 305

programs that enter a system or network under the guise of another program


what file extension belongs in both columns of allowed and not allowed for email attachments?

9 - 307



what is a logic bomb?

9 - 307

programs or code snippets that execute when a certain predefined event occurs


what is a backdoor attack?

9 - 308

2 different meanings
1. troubleshooting and developer hooks into systems that often circumvented normal authentication
2. gaining access to a network and inserting a program or utility that creates an entrance for an attacker


what is a botnet?

9 - 309

software running on infected computers called zombies, under the control of a bot herder


what is ransomware?

9 - 309

software delivered through a trojean takes control of a system and demands that a third party be paid


tell me the 8 kinds of viruses

9 - 310

polymorphic - change form to avoid detection
stealth - masking themselves from applications
retrovirus - attack or bypass the antivirus software database
multipartite - attack system in multiple ways
armored - difficult to detect or analyze
companion - also known as a trojan, attach to program and create program with a different filename extension
phage - modify and alter programs or databases
macro - exploits the enhancements made to application programs


what does it mean to use the "layered approach" with antivirus software?

9 - 317

it means you put the antivirus software at the gateways, the servers, and at the dekstop


two of the most common types of DoS attacks are what?

9 - 319

ping of death - send ICMP packets that are larger than the system can handle
buffer overflow - put more data into the buffer than it can hold


DDoS uses one computer to target multiple or multiple computers to target one ?

9 - 321

multiple computers to target one computer


what is spear phishing?

9 - 323

unique form of phishing in which the message is made to look as if it came from someone you know


is a man in the middle attack an active or passive attack?

what's another name for this kind of attack?

9 - 324


TCP/IP hijacking


what is a smurf attack?

9 - 326

spoofing the target machine's IP address and broadcasting to that machine's routers so that the routers think the target is sending out the broadcast. target system becomes overloaded.


tell me the 5 kinds of password attacks

9 - 327

brute force - guess until you get it right
dictionary - use common words to guess password
hybrid - combines dictionary with brute force
birthday - if your key is hashed, given enough time, another value can be created that will give the same hash value
rainbow table - identifying a stored value


what is privilege escalation?

9 - 328

user gaining more privileges than they should have because you forgot to remove the backdoor


malicious insider threat?

9 - 332

someone on the inside who sells you out


client-side attack?

9 - 333

targets vulnerabilities in client applications that interact with a malicious server


typo squatting is the same as what?

9 - 333

URL hijacking


what is the strategy of watering hole attack?

9 - 334

to identify a site that is visited by those they are targeting, and poison that site


tell me about Cross-Site Request Forgery

9 - 335

XSRF, session riding, one click attack, all the same thing
unauthorized commands coming from a trusted user to the website


what is a directory traversal attack?

9 - 337

when attacker gains access to restricted directories through HTTP


should you or should you not allow ActiveX without prompting you?

9 - 340

don't allow it without a prompt


what's the difference between risk, threat, and vulnerability?

9 - 344,345

risk - what is the likelihood of an attack being successful?
threat - what are the dangers associated with the risk
vulnerabilites? - where is the system weak?


DNS spoofing?

9 - 322

associates IP addresses with a domain


what is a SQL injection

9 - 335

type sql code into username field and start extracting data