Threats & Vulnerabilities Flashcards Preview

CompTIA Security+ SY0-501 > Threats & Vulnerabilities > Flashcards

Flashcards in Threats & Vulnerabilities Deck (40)
Loading flashcards...
1

What is adware?

i.e Malicious software popup prompting to buy something

2

What is a virus?

Attaches itself as malicious payload to another program, spreads via a host file

3

What is spyware?

Retrieving sensitive information

4

What is a trojan?

Malicious software disguised as something else, does not replicate

5

What is a rootkit?

Program hides using bootstrap loader system/kernel level access

6

What is a logic bomb?

Malicious code that triggers based on certain conditions being met

7

What is ransomware?

Denying access to computer for extortion

8

What is polymorphic malware?

Malware that changes it's behavior to evade AV signature definition detection, code remains the same i.e encryption

9

What is an armored virus?

Virus specifically designed to prevent its source code being analysed, trick AV program space it is running is somewhere else

10

What is a smurf attack?

Ping request to broadcast address to cause all client to respond, combines with source address spoofing for DoS

11

What is a replay attack?

Replaying data i.e log in sequence

12

What can be used to mitigate replay attacks?

Session token that expires
Anti replay counter

13

What is spoofing?

Impersonation of another entity

14

What is SPAM vs SPIM?

SPAM is unwanted email
SPIM is unwanted messages on instant messaging

15

What is a XMAS attack?

Port scanning + discovering underlying OS

16

What is pharming?

DNS poisoning
change lmhost file, dns cache resolution, dns sever

17

How would MITM be achieved with ARP poisoning?

Spoof MAC address of another computer
Change victim computer default gateway to relay through rogue computer

18

What is XSS?

Cross-Site Scripting

19

What is transitive access?

Access gained indirectly
i.e jump host

20

What is a worm?

Malicious software that replicated between systems without a host file

21

What is a rainbow table?

List of common password hashes

22

What is a birthday attack?

Using hash collisions to gain access despite data being different

23

What is typo squatting?

Misleading by wrong url
i.e googlee.com

24

What is a watering hole attack?

Compromising known website to infect computer

25

What is reciprocity?

Complying with someone because they did something beneficial to you

26

What is consensus?

Following what everyone else is doing

27

How to you protect against a cross-site scripting attack?

Input & output validation on server side
Input client to server
Output server responding to client

28

What is an attack vector for cross-site scripting?

Customized link with an embedded script

29

What is a way to protect against SQL injection?

Turn off SQL commands and used stored procedures

30

What is directory traversal/command injection?

Navigating through file system to execute something