Security + NET ATTACKS

Question 1

bluejacking

Answer 1

**involves sending unsolicited messages **to Bluetooth-enabled devices, such as laptops, mobile phones, or PDAs

Question 2

bluesnarfing

Answer 2

the unauthorized access of information from a wireless device through a Bluetooth connection,

Question 3

Vishing

Answer 3

cyberattack that uses the phone to trick people into sharing sensitive information.

Question 4

(SPIM) Spam Over Instant Messaging

Answer 4

Spam that is sent through instant messaging, SMS, or private messages on websites.

(intrusive ads, spyware, or viruses)

Question 5

Smishing

Answer 5

phishing scam that uses text messages to trick people into sharing personal or financial information

Question 6

Cryptographic attack

Answer 6

a malicious attempt to exploit a weakness in a cryptographic system and gain unauthorized access to sensitive information

Question 7

Downgrade attack

Answer 7

take advantage of a system’s backward compatibility to force it into less secure modes of operation.

Question 8

Deauthentication attack

Answer 8

type of denial-of-service (DoS) attack that disrupts the connection between a wireless device and its Wi-Fi access point

Question 9

Denial-of-Service

Answer 9

attack that aims to disrupt, disable, or shut down a network, website, or service

Question 10

Brute-force attack

Answer 10

a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys.

Question 11

Spoofing

Answer 11

` involves disguising information to trick people into believing they are interacting with a trusted source`

Question 12

Replay attacks

Answer 12

eavesdropping on network traffic, capturing legitimate communication packets, and then replaying them to the target devic

Question 12

Eavesdropping

Answer 12

used by cyberattackers to intercept communication and steal sensitive data in transit

Question 13

Data interception

Answer 13

a type of data theft that involves the unauthorized redirection of information intended for one party to another

Question 14

on-path attack

Answer 14

cyberattack where a malicious actor secretly positions themselves between two devices to intercept or modify communications between them

Question 15

ARP poisoning

Answer 15

cyber attack carried out over a Local Area Network (LAN) that

• involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table

Question 16

DNS poisoning (Domain Name System )

Answer 16

happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website

Question 17

Media Access Control (MAC) flooding

Answer 17

is a network attack that compromises the security of a network **SWITCH** by overflowing its memory used to store the MAC address table.

Question 18

MAC spoofing

Answer 18

a technique for **changing **a factory-assigned Media Access Control (MAC) address of a network interface on a networked device

Question 19

MAC cloning

Answer 19

changing or impersonating the MAC address of a network interface card to match the MAC address of an authorized device on the network.

Question 20

Domain hijacking

Answer 20

refers to a situation in which domain registrants due to unlawful actions of third parties lose control over their domain names.

Question 21

URL hijacking

Answer 21

attackers* take advantage of common typos or misspellings* that users make when typing in the URL of a legitimate site.

Question 22

Pharming

Answer 22

cyberattack that redirects a user’s browser to a fake website without their knowledge or consent

Question 23

Typosquatting

Answer 23

** involves registering a domain name** that is similar to a legitimate website's but with an intentional typo

Question 24

Directory traversal attacks

Answer 24

a **vulnerability **in a web application server caused by a **HTTP exploit**. `The exploit allows an attacker to access restricted directories, execute commands,` For example, if a website downloads a PDF to a user's computer using the URL https://www.vulnerable.com/download_file.php?file=document.pdf, the attacker can pass in the file name ../../etc/passwd.

Question 25

OT DDoS attack

Answer 25

designed to exploit the systems that are directly on the plant floor.

Question 26

Rogue access point

Answer 26

***a wireless access point ***`that is installed on a network without the network owner's permission`

Question 27

Disassociation (WiFi)

Answer 27

a normal part of the communication protocol, ***used to cleanly break the connection***` between a device and the network.`

Question 28

Jamming (WiFi)

Answer 28

create traffic jams for the radio transmitter so that real traffic cannot get through,

Question 29

Radio frequency identifier (RFID) _ WiFi

Answer 29

a wireless technology that uses radio waves to communicate information between tags and readers

Question 30

Near field communication (NFC)

Answer 30

a set of wireless technologies that allow two devices to communicate with each other when they are within a few centimeters of each other.

Question 31

Initialization vector (IV)

Answer 31

used to **prevent unauthorized decryption** of the `message by a suspicious or malicious actor.`

Question 32

Man in the middle

Answer 32

attacker **secretly intercepts and relays messages** `between two parties who believe they are communicating directly with each other.`

Question 33

Man in the browser

Answer 33

The ***Man-in-the-Browser*** attack is similar to the Man-in-the-Middle attack, `except the interception is done at the application layer by exploiting browser vulnerabilities.`

Question 34

locator (URL) redirection

Answer 34

is a `vulnerability` **which allows an attacker to**``` ** force users of your application to an untrusted external site. **``` The attack is most often performed by delivering a link to the victim,

Question 35

Domain reputation

Answer 35

**a measure that Internet Service Providers (ISPs)** `use to determine whether your emails can be trusted or not`.

Question 36

-PowerShell

Answer 36

a tool for task automation and configuration management that combines a command line shell with a scripting language.

Question 37

- Python

Answer 37

an interpreted, object-oriented, high-level programming language with dynamic semantics

Question 38

- Bash

Answer 38

provides a way to interact with Unix-based operating systems. It allows users to execute commands, perform complex operations,

Question 39

- Macros

Answer 39

** malicious software.** This type of malicious software is called macro-based malware and it `exploits the automatic execution feature of macros to run harmful code without the user's knowledge`

Question 40

- Virtual Basic for Applications (VBA)

Answer 40

a programming language that allows users to extend Microsoft Office applications like Excel, PowerPoint, and Word