Terms Deck 1

Question 1

social engineering

Answer 1

The process of taking advantage of human behavior to attack a network or gain access to resources that would otherwise be inaccessible. Social engineering emphasizes the well-known fact that poorly or improperly trained individuals can be persuaded, tricked, or coerced into giving up passwords, phone numbers, or other data that can lead to unauthorized system access, even when strong technical security measures can otherwise prevent such access.

Question 2

phishing

Answer 2

An attempt to acquire sensitive information by masquerading as a trustworthy entity via electronic communication, usually email.

Question 3

vishing

Answer 3

An attack in which the attacker uses fake caller ID to appear as a trusted organization and attempts to get the individual to enter account details by phone. Also known as voice phishing.

Question 4

spam

Answer 4

Unsolicited messages typically sent to a large number of recipients.

Question 5

spam over Internet messaging (SPIM)

Answer 5

A type of unsolicited messaging that is specifically sent over instant messaging platforms.

Question 6

spear phishing

Answer 6

A targeted version of phishing.

Question 7

dumpster diving

Answer 7

A technique used by an attacker that involves gathering useful information from discarded data.

Question 8

shoulder surfing

Answer 8

Looking over someone’s shoulder to obtain information.

Question 9

pharming

Answer 9

An attack that redirects victims to a bogus website.

Question 10

tailgating

Answer 10

Following closely behind someone who has authorized physical access in an environment.

Question 11

eliciting information

Answer 11

The use of varying techniques that can directly or indirectly lead to sensitive data loss or other compromise.

Question 12

whaling

Answer 12

The use of spear phishing tactics against high-profile targets such as executives within a company.

Question 13

identity fraud

Answer 13

The use of a person’s personal information without authorization to deceive or commit a crime.

Question 14

hoax

Answer 14

A situation that seems like it could be legitimate but often results from people seeking to carry out various threats.

Question 15

impersonation

Answer 15

A method by which someone assumes the character or appearance of someone else.

Question 16

watering hole attack

Answer 16

An attack in which the attacker focuses on a site frequently visited by the target. Similar to spear phishing but does not use email.

Question 17

typo squatting

Answer 17

An attack that most commonly relies on typographic errors made by users on the Internet. Also known as URL hijacking.

Question 18

influence campaign

Answer 18

Coordinated actions that seek to affect the development, actions, and behavior of the targeted population.

Question 19

malware

Answer 19

Malicious software used to cause damage or gain unauthorized access to systems.

Question 20

ransomware

Answer 20

A form of malware that attempts to hold a person or company hostage, often for monetary gain.

Question 21

trojan horse

Answer 21

A form of malware that appears to be useful software but has code hidden inside that attacks a system directly or allows the system to be infiltrated by the originator of the code when it is executed. A Trojan horse is software hidden inside other software. It is commonly used to infect systems with viruses, worms, or remote-control software.

Question 22

worm

Answer 22

A type of virus designed primarily to reproduce and replicate itself on as many computer systems as possible. A worm does not normally alter files; instead, it remains resident in a computer’s memory. Worms typically rely on access to operating system capabilities that are invisible to users.

Question 23

potentially unwanted program (PUP)

Answer 23

Software that often is not wanted, although it may not be explicitly malicious.

Question 24

virus

Answer 24

A piece of malicious code that spreads to other computers by design, although some viruses also damage the systems on which they reside. Viruses can spread immediately upon being received or can implement other unwanted actions, or they can lie dormant until a trigger in their code causes them to become active. The hidden code a virus executes is called its payload.

Question 25

bot

Answer 25

Short for robot, an automated computer program that needs no user interaction. Bots allow hackers to take control of a system. Many bots used together can form a botnet.

Question 26

crypto-malware

Answer 26

Malware that is specifically designed to find potentially valuable data on a system and encrypt it.

Question 27

logic bomb

Answer 27

A virus or Trojan horse designed to execute malicious actions when a certain event occurs or when a specified period of time goes by.

Question 28

spyware

Answer 28

Software that communicates information from a user’s system to another party without notifying the user.

Question 29

keylogger

Answer 29

A tool that monitors and sends keystrokes typed from an infected machine.

Question 30

remote access trojan (RAT)

Answer 30

A backdoor Trojan installed on a system that allows a remote attacker to take control of the targeted system.

Question 31

rootkit

Answer 31

A piece of software that can be installed and hidden on a computer, mainly for the purpose of compromising the system.

Question 32

rainbow table

Answer 32

A table that consists of a large set of precomputed hash values for every possible combination of characters. May be used in brute-force cracking of passwords that have been hashed.

Question 33

password attack

Answer 33

An attack on a password using manual or automated techniques, such as dictionary, brute-force, spraying, and rainbow table attacks.

Question 34

skimming

Answer 34

An attack that involves copying data from a physical card by using a specialized terminal.

Question 35

adversarial artificial intelligence (AI)

Answer 35

Techniques such as machine learning used to solve a variety of problems and challenges used by an adversary.

Question 36

privilege escalation

Answer 36

A method of software exploitation that takes advantage of a program’s flawed code. Usually, this crashes the system and leaves it in a state in which arbitrary code can be executed or an intruder can function as an administrator.

Question 37

cross-site scripting (XSS)

Answer 37

A web attack in which malicious executable code is placed on a website to allow the attacker to hijack a user session to conduct unauthorized access activities, expose confidential data, and log successful attacks back to the attacker.

Question 38

buffer overflow

Answer 38

An attack that occurs when the data presented to an application or a service exceeds the storage space allocation that has been reserved in memory for that application or service.

Question 39

race condition

Answer 39

A way in which a program executes sequences of code. It typically occurs when code sequences are competing for the same resource or interfering by acting at the same time.

Question 40

time-of-check to time-of-use (TOCTOU)

Answer 40

A race condition that takes advantage of the time delay between checking and use.

Question 41

integer overflow

Answer 41

A software programming error that can facilitate malicious code or a buffer overflow.

Question 42

cross-site request forgery (CSRF)

Answer 42

A web attack that exploits existing site trust, such as unexpired banking session cookies, to perform actions on the trusting site using the already existing trusted account.

Question 43

memory leak

Answer 43

A programming error that reduces performance of a system and can cause an entire application or computer to become unresponsive. It has an impact on a system’s availability.

Question 44

Secure Sockets Layer (SSL) stripping

Answer 44

A technique that involves removing the encryption between a client and a website.

Question 45

shimming

Answer 45

A sophisticated hack that requires the installation of a piece of code between two components that is capable of intercepting calls and redirecting them elsewhere.