Explain Attacks, Threats, and Vulnerabilities

Question 1

Answer 1

Relationship between vulnerability, threat, and risk.

Question 2

Answer 2

Example of a phishing email. On the right, you can see the message in its true form as the mail client has stripped out the formatting (shown on the left) designed to disguise the nature of the links. (Screenshot courtesy of CompTIA.)

Question 3

Answer 3

Using a command & control (C&C) network to operate a botnet of compromised hosts and
coordinate a DDoS attack.

Question 4

Answer 4

If authentication credentials are transmitted in cleartext, such as the unencrypted version of the
IMAP mailbox access protocol, it is a simple matter for the credentials to be intercepted via packet
sniffing.

Question 5

Answer 5

Hashcat password cracking utility. This example uses a mask to speed up a brute force attack. The attacker can use a mask by learning or guessing likely facts about how the target chooses a password, such as its length and likelihood of being a variation on a simple word or phrase.

Question 6

Information security ensures

Answer 6

confidentiality, integrity, and availability (CIA) of data, while cybersecurity protects systems from attacks; security assessments evaluate vulnerabilities, threats, and risks to strengthen defenses.

Question 7

vulnerability

Answer 7

is a weakness in a system that a threat actor could exploit, arising from issues like misconfigurations, outdated patches, untested updates, protocol misuse, poor network design, weak physical security, insecure passwords, and software flaws such as unchecked user input.

Question 8

Non-compliant systems

Answer 8

configuration baseline defines best practices hardening a system to minimize vulnerabilities by reducing its attack surface—the entry points a threat actor could exploit. Non-compliant systems have deviated from this baseline, and vulnerability scanners help detect them.

Question 9

unprotected system

Answer 9

lacks or has misconfigured technical security controls like antivirus scanners, firewalls, or intrusion detection systems, increasing its attack surface and exposing more vulnerabilities.

Question 10

software vulnerability

Answer 10

is a flaw that can be exploited to bypass security or crash an application, potentially allowing attackers to install malware.

Question 11

zero-day vulnerability

Answer 11

is exploited before a fix is available, leaving systems exposed.

Question 12

exploit

Answer 12

is malicious code that uses a vulnerability to compromise a system.

Question 13

unpatched systems

Answer 13

While zero-day exploits are rare but dangerous, a greater risk comes from unpatched systems, which lack critical OS and application updates, and end-of-life (EOL) systems, where vendors no longer provide support or security fixes.

Question 14

BYOD (Bring Your Own Device)

Answer 14

allows employees to use personal mobile devices for corporate access but complicates security by making it harder to enforce standardized configurations and compliance, ultimately expanding the network attack surface.

Question 15

Social engineering

Answer 15

is a tactic where threat actors manipulate people into revealing confidential information or granting unauthorized access, often by persuasion or intimidation. Preventing these attacks requires awareness of common social engineering techniques.

Question 16

Impersonation

Answer 16

is a social engineering tactic where an attacker creates a pretext scenario to engage with an employee, often pretending to be IT support to persuade them into revealing sensitive information, such as passwords, through trust-building, intimidation, or hoaxes.

Question 17

Dumpster diving

Answer 17

is a technique where attackers search discarded documents or media to collect sensitive information that strengthens social engineering attacks, making impersonation attempts more credible.

Question 18

Shoulder surfing

Answer 18

is a social engineering attack where a threat actor observes a user entering secure information like a password or PIN, either in person or remotely using binoculars, CCTV, or other surveillance methods.

Question 19

Tailgating

Answer 19

occurs when an attacker follows closely behind someone authorized to enter a secure area,

Question 20

piggybacking

Answer 20

involves gaining access with an employee’s permission, often using impersonation or deception, such as pretending to be a cleaning crew member or claiming to have forgotten a badge.

Question 21

Phishing

Answer 21

is a social engineering attack where threat actors send spoofed emails or messages to trick users into performing actions like installing malware or giving remote access. Some phishing campaigns use fake websites mimicking legitimate ones to capture login credentials.

Question 22

Phishing Variants include:

Answer 22

spear phishing (targeted attacks using personal details), whaling (focused on high-level executives), and vishing (voice-based scams). An evil twin attack operates similarly but uses a rogue wireless access point with a deceptive SSID or spoofed captive portal to steal user authentication data.

Question 23

threats

Answer 23

Early cybersecurity relied on detecting static threats like computer viruses through signature-based scanning, but adversaries developed techniques to evade detection. Modern security emphasizes behavioral analysis, assessing threat actors’ location, intent, and capability to counter evolving attacks.

Question 24

External threat actors

Answer 24

External threat actors lack authorized access and rely on malware or social engineering

Question 25

**insider threats**

Answer 25

—including **employees, contractors, or partners**—can be **malicious (data theft) or unintentional (misconfigurations increasing risk)**.

Question 26

**Footprinting**

Answer 26

is an **information-gathering threat** where attackers **research a target’s network and security systems**, using **public data, network scans, and social engineering** to identify **vulnerabilities and exploitation methods**.

Question 27

**Spoofing threats**

Answer 27

involve attackers **masquerading as trusted users or systems**, using techniques like **cloning MAC/IP addresses, falsifying digital certificates, sending fake emails, or social engineering**. Some spoofing methods involve **stealing authentication tokens**, such as **web cookies**, to impersonate users, which is also known as a **replay attack**.

Question 28

**on-path attack**

Answer 28

is a type of **spoofing** where a **threat actor covertly intercepts network traffic** between two hosts, allowing them to **read or modify packets**, often aiming to **recover password hashes**—an **evil twin attack** is one example.

Question 29

**Denial of Service (DoS) attack**

Answer 29

overwhelms a service with **spoofed requests** or exploits **software vulnerabilities**, causing it to **fail or become unavailable**. Some DoS attacks are **physical** (e.g., cutting power or network cables), while others are used to **distract security teams**, masking **data theft or other malicious activities**.

Question 30

**Distributed Denial of Service (DDoS) attack**

Answer 30

overwhelms a server with **bogus requests** from multiple **compromised devices**—a **botnet**—controlled remotely by a **command & control (C&C) system**, often infected via **automated exploits or phishing**.

Question 31

**Password attacks**

Answer 31

**Password attacks** involve **stealing credentials** through **malware, sniffing, or stealing password hashes**, with attackers using **dictionary-based or brute-force cracking** to recover passwords.

Question 32

**Cross-site scripting (XSS) attacks**

Answer 32

exploit **input validation vulnerabilities** in web applications, allowing **threat actors to inject malicious scripts** into **server-side or client-side code**, potentially compromising **user data or system integrity**.

Question 33

**SQL injection attacks**

Answer 33

exploit **web applications** that fail to **properly validate user input**, allowing attackers to **modify SQL queries**, potentially extracting or inserting data, or executing **arbitrary code** with the database’s privileges. For example, an attacker can manipulate input fields to trick an application into executing unintended **SQL commands**, granting unauthorized access to sensitive information.

Question 34

**Encryption technologies**

Answer 34

enable secure communication by making **data unreadable** unless the recipient has the **correct key**. This ensures **privacy**, even over **public networks** like the Internet.

Question 35

The three primary cryptographic methods are

Answer 35

**symmetric encryption, asymmetric encryption, and cryptographic hashing**

Question 36

**Cryptographic hashes**

Answer 36

generate a **fixed-length representation of data** using a **one-way function**, making it **irreversible**. They are commonly used for **secure storage**, such as **passwords**, where retrieval of the original value is unnecessary. Key algorithms include **SHA (Secure Hash Algorithm)** and **MD5**, though MD5 is becoming obsolete.

Question 37

**Symmetric encryption**

Answer 37

uses a **single secret key** for both **encryption and decryption**, making **key security critical**—if compromised, the system is vulnerable. While **key distribution is a challenge**, symmetric encryption is **fast and efficient**, with ciphers like **AES** enabling **bulk data encryption**.

Question 38

**Asymmetric encryption**

Answer 38

uses a **key pair**—a **private key and a public key**—that are **mathematically linked**. One key **encrypts**, and only the paired key **decrypts**, ensuring **secure communication**. The **public key** can be freely shared, while the **private key** must be kept **secret**, as it **cannot be derived** from the public key.

Question 39

**Digital signatures and key exchange**

Answer 39

combine **cryptographic hashes, asymmetric encryption, and symmetric encryption** to enhance **confidentiality, integrity, and availability**. Because **asymmetric encryption** limits message size, it is often paired with **hashing and symmetric encryption** in **security protocols**.

Question 40

**Digital signatures**

Answer 40

ensure the integrity and authenticity of a message or digital certificate. The sender **creates a cryptographic hash**, encrypts it with their **private key**, and attaches it to the message. The recipient **decrypts the signature** using the sender’s **public key**, then **recalculates the hash** to verify the message remains unchanged.

Question 41

**Key exchange**

Answer 41

securely shares a **symmetric encryption key** between hosts, with **asymmetric encryption** used to **encrypt and exchange** the key. The **session key**, which may be **ephemeral**, protects actual data exchange efficiently.