Risks, Threats, and Vulnerabilities

Question 1

is a possible danger which may exploit a
vulnerability?

Answer 1

Threat

Question 2

is any circumstance or event with the potential to adversely affect a system through
unauthorized access, destruction, disclosure, modification of data, or denial of service

Answer 2

Threat

Question 3

What Threats does the STRIDE Model try to prevent?

Answer 3

Spoofing
Tampering
Repudiation
Information disclosure
denial of service
elevation of privilege

Question 4

Pretending to be something or someone other than yourself

Answer 4

Spoofing

Question 5

Modifying something in memory

Answer 5

Tampering

Question 6

Claiming you didn’t do something or were not responsible; can be honest or false

Answer 6

Repudiation

Question 7

Providing information to someone not authorized to access it.

Answer 7

Information Disclosure

Question 8

Exhausting resources needed to provide service.

Answer 8

Denial of service

Question 9

Allowing someone to do something they are not authorized to do.

Answer 9

Elevation of privilege

Question 10

An Attack initiated by an insider, which have authorization to access a system but use it in a way that is not approved by the party that granted authorization. an entity inside of a security perimeter

Answer 10

Insider Attack

Question 11

An attack initiated by an outsider, an entity outside of a security perimeter. threats gain unauthorized or illegitimate access to a system.

Answer 11

Outside attack.

Question 12

are utilized in outside attacks. they are focal points from collecting stolen information that launched automated attacks and distribute spam. is an aggregation of compromised computers, turning them into robots and used by attackers. communicate through a central control server and activate by attackers via chat rooms.

Answer 12

Botnet

Question 13

is a flaw or weakness in a system’s design, implementation, or operation and management, which could be exploited to violate the system’s security policy. It MAY be exploited by a threat, but not every threat always results in an actual attack to the system.

Answer 13

Vulnerability

Question 14

the degree of Vulnerability, strength of attack, or effectiveness of countermeasures will determine an…

Answer 14

Attack Success

Question 15

Targeted resources may include data stored in an information system; services provided to the user; system processing power; and hardware; firmware; software; or physical design of the facility. is example of what kind of attack?

Answer 15

Network Attack

Question 16

Intentional act by which an intelligent threat attempts to evade security services and violate the security policy of a system.

Answer 16

Computer Network Attack

Question 17

Network attack are Characterized By?

Answer 17

Intent
point of initiation
method of delivery
may target one of multiple system resources

Question 18

Data contained in an information system
services provided by a system
processing power
bandwidth
hardware/firmware/software
facilities

Answer 18

Examples of System resources

Question 19

Types of computer network Attacks?

Answer 19

Denial of service DoS
DDOS
Unauthorized access
executing commands illicitly
destructive behavior

Question 20

sends more request to a machine then it can handle
easy to launch
difficult or impossible to track

Answer 20

Denial of service

Question 21

used to make DoS attacks easier
runs a program to blast a host with requests

Answer 21

toolkit

Question 22

allows an attacker access to information they should not have.

Answer 22

Unauthorized access

Question 23

occurs when an unknown and untrusted person executes commands on a server

Answer 23

executing commands illicitly

Question 24

2 main categories of severity of illicit commands

Answer 24

normal user and admin access

Question 25

the 2 destructive behavior

Answer 25

data diddling and data destruction

Question 26

attack changes entries in record
very dangerous
usually not obvious

Answer 26

data diddling

Question 27

attacker deletes files
can impact computing capabilities

Answer 27

data destruction

Question 28

Software designed to infiltrate or damage a computer
system without the owner’s informed consent through
email and Internet.

Answer 28

malware

Question 29

written to do harm
can be classified into many categories based on how they propagate and behave

Answer 29

computer viruses

Question 30

▪ Restricts communications to/from the network.
▪ Protects network resources against threats.

Answer 30

firewall

Question 31

Repairing a vulnerability or a flaw that is ID’d after the
release of an application or software.
▪ Regularly patching software is critical to deny malware
access.

Answer 31

software patching

Question 32

Prevention measures that stop unauthorized users from
accessing any part of the computers.

Answer 32

Mitigation Mechanism

Question 33

Mimics malicious network activity that hosts could
encounter.
▪ Routine scanning ID’s vulnerable hosts.

Answer 33

vulnerability scanning

Question 34

Prevents spyware from collecting information about the
user.

Answer 34

Anti-Spyware.

Question 35

A proxy resides between a user’s computer and the Internet.
▪ Provides security, privacy and web filtering.
▪ Often used as part of a firewall

Answer 35

proxy servers/ web content filters