Domain 3: System Vulnerabilities

Question 1

Method that is used to pass info over a path that is not normally used for communication

Answer 1

Covert Channels

Question 2

Shortcut in a system that allows a user to bypass security checks, such as username/password

Answer 2

Backdoor

Question 3

Backdoor installed by developers to bypass normal system checks during development such as authentication

Answer 3

Maintenance hooks

Question 4

• Virus written macro language

- i.e. Microsoft Office

Answer 4

Macro Virus

Question 5

Virus that infects the boot sector of a PC, which ensures that the virus loads upon system startup

Answer 5

Boot Sector Virus

Question 6

Virus that changes itself from the OS and other protective software i.e. antivirus software

Answer 6

Stealth Virus

Question 7

Virus that changes its signature upon infection of a new system, attempting to evade signature based antivirus software

Answer 7

Polymorphic Virus

Question 8

Virus that spreads via multiple vectors

Answer 8

Multipartite Virus

Question 9

Malware that self-propagates

Answer 9

Worms

Question 10

Malware disguised as a legitimate program

Answer 10

Trojans

Question 11

Malware that replaces portions of the kernel and/or OS

Answer 11

Rootkits

Question 12

• Neutral technology used to shrink the size of executables

- Often used in malware to evade signature-based malware detection

Answer 12

Packers

Question 13

• Malware that is triggered when a logical condition is met

- i.e. after a set number of transactions, or on a specific data

Answer 13

Logic bombs

Question 14

Antivirus that uses static signatures of known malware

Answer 14

Signature-based antivirus

Question 15

Anomaly-based detection used to identify behavioral characteristics of malware

Answer 15

Heuristic-based antivirus

Question 16

Attacks launched directly from an attacker (the client) to a listening service

Answer 16

Server-side attacks

Question 17

Attack that initiates from the victim who downloads content from the attacker

Answer 17

Client-side attacks

Question 18

• Small pieces of mobile code that are embedded on other software such as web browsers
• Programming languages Java and ActiveX

Answer 18

Applets

Question 19

Applets that are in a sandbox which segregates the code from the OS

Answer 19

Java

Question 20

• Applets that use digital certificates to provide security

- Only works on Windows OS

Answer 20

ActiveX

Question 21

Provides consensus guidance on what are considered to be the 10 most significant application security risks

Answer 21

Open Web Application Security Project (OWASP) Top 10 Project

Question 22

Language used to store application configuration and output from auditing tools

Answer 22

Extensible Markup Language (XML)

Question 23

• Reduces application architecture down to a functional unit of service
• Service can be used and reused throughout an organization rather than built within each individual application

Answer 23

Service-Orientated Architecture (SOA)

Question 24

• Allows two different objects to have the same name

- i.e. Two rows may have the same primary key, but different data

Answer 24

Polyinstantiation

Question 25

- Happens when a user is able to use lower-level access to learn restricted information - Requires clues (first word) - Mathematical process (second word)

Answer 25

Inference and aggregation

Question 26

Searches large amounts of data to determine patterns

Answer 26

Data Mining

Question 27

Control that restricts the use of mobile devices via policy

Answer 27

Administrative controls

Question 28

Controls installed on mobile devices to mitigate infections

Answer 28

Technical controls

Question 29

- Access control vulnerability that involves theft of data by capturing electromagnetic leaks - Mitigated by enclosing cable in metal shielding or conduit certain types of antennas are resistant also

Answer 29

Emanations

Question 30

Program between the US and UK that mitigates electromagnetic leaks

Answer 30

TEMPEST

Question 31

- Denial of Service (DoS) attack - Attacker sends ICMP echo request packets with a spoofed source address. - Every device that receives a ping request will send an ICMP echo reply to the spoofed source address, which can overwhelm the device at the source address

Answer 31

Smurf

Question 32

- Denial of Service (DoS) attack - Attacker sends UDP packets with a spoofed address to a directed broadcast address. - Each device that receives an UDP broadcasts will send a response to the spoofed address, which can overwhelm the device at the source address

Answer 32

Fraggle

Question 33

- Denial of Service (DoS) attack - Attacker uses a malformed IP packet where the source, destination address, and the port are the same. - When victim at the destination address receives the packet, it can become confused and crash

Answer 33

Local Area Network Denial (LAND)

Question 34

- Denial of Service (DoS) attack - Attacker uses several large overlapping IP fragments - Victim system will attempt to assemble these packets, sometime causing system to crash

Answer 34

Teardrop

Question 35

Name the three TEMPEST countermeasures used to protect against emanation attacks?

Answer 35

1. Faraday cage 2. White noise 3. Control Zones

Question 36

- A room, box or entire building with an external metal skin - Prevents electromagnetic signals (emanations) from exiting or entering the area - Mobile phones, radio stations television stations do not work inside this area

Answer 36

Faraday cage

Question 37

- Broadcasts false traffic at all times to mask and hide the presence of real emanations - Effective when used around the perimeter of an area, it is broadcast outward to protect the internal area where emanations may be needed for normal operations

Answer 37

White noise

Question 38

Implementation of either a Faraday cage or white noise generation or both to protect a specific area in an environment

Answer 38

Control Zones

Question 39

Sends oversized ping packets to the victim, causing the victim to freeze, crash, or reboot

Answer 39

Ping-of-death attacks

Question 40

Use a command and control server to remotely control the zombies to launch attacks on other systems, or to send spam or phishing emails

Answer 40

Bot herders