CISA Review Flashcards Preview

CISA Stuff > CISA Review > Flashcards

Flashcards in CISA Review Deck (68)
Loading flashcards...
1

DDOS

Such attacks are contreally initiated and involve the use of multiple compromised computers. The attacks work by fuloding the target site with spurious data, thereby overwhelming the network and other related resources.

2

Cheif information security officer

A senior level corporate official responsible for articulating and enforcingthe policies that companies uses to protect their information assets.

3

CISO is a much broader roll than a chief security officer (CSO ) who is normally only responsible fro pysical security within the organization

TRUE

4

DAC ( descritionary access control ) cannot override MAC ( Mandatory access control ) , DAC is an additional filter, prohibiting still more access wtih the same exclusionary principle

TRUE

5

cyber criminals take advantage of existing gap in the legislation of different countries when planning syber attacks in order to avoid posecution

TRUE

6

Crackers

Person who try to break the security of and gain access to somone else system without being invited to do so

7

DOS, Haking

Target of attack - Specfiic computer, Source of attack Computer is the object of crime. Prepetrator uses another computer to launch attack

8

Fraud, Unauthorized access, Phishing, Installing key loggers

Computer is the tool of crime. Target is data or information stored in the computer

9

Social engineering methods

Computer symbolizes the crime.Target is the user of the computers.

10

Social Engineering methods

Phishing, Fake websites, scam mails, Spam mails and Fake resumes for employement

11

Alteration attack

Occurs when unothorzied modification affect the integrity of the data or code. Cryptographic hash is a primary defense against alteration attacks

12

Botnets

Comprise a collection of compromised computers ( called zombie computers) running software, usually installed vaia worms, Torjan horses or back doors.

13

DOS Attack

Examples: Smurt attack, Ping flood, SYS Flood, Teadrop attack, peer to peer attack, Permanant Denial of service attack, Application level flood attack, Nuke, DDOS, Reflected attack,

14

Smurf attack

Occurs when misconfigured network devices allow packets to be sent toall hosts on a particular network viea the broadcast address of the network

15

Ping flood

Occurs when the target system is overwhelmed with ping packets

16

SYS Flood

send a flood of TCP/SYN packts with forged sender address, causing half open connections and saturates available connections cpacity of the target machine

17

Teadrop attack

Involves sending mangled IP fragments with overlapping, oversized payloads to the target machine

18

Banana attack

Redirects outgoaing messages from the client back onto the client, preventing outside access, as well as flooding the client with the sent packets

19

Reflected attack

Involves sending forged requests to a large number of computers that will reply to the request. Thesource IP address is spoofed to that of the targeted victime, causing the replies to flood

20

Email spoofing

A user receives an email message that appears tohae originated from one source but actually was sent from another source.

21

Flooding

A denial of service attack gthat brings down network or service by folloding it with large amount of traffic

22

Trap doors

Commonly called back doors. Bit of code embedded in program by programmers to quickly gain access during the testing or debugging phase.

23

Masquerading

An active attack in which the intruder present an identity other than the original identity. Impersonation both by people and machines fall under this category. Masquerading by machine ( also called as IP spoofing ) - A forged IP address is presented

24

Packet replay

A combination of passive and active mode of attack. This form of attack is effective particularly where the receiving end of the communicationchannel is automated and will act on receipt and interpretation of the information packets without human intervention

25

Phishing

The criminally fraudulent process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication

26

Spear Phishing

A pinpoint attack against a subset of people to undermine a company or organization

27

Pharming

An attack that aminsn to redirect the traffic of a web site to a bogus web site. It can be conducted either by changing the hoset file on a victims computer or by exploiting a vulnerability in DNS server software.

28

Social engineering

The human side of breaking into computer system

29

Piggybacking

act of following authorized person through a secured door or electronically attaching to authorized telecommunication link.

30

Piggybacking is considered a physical access exposure

TRUE