Types of Attacks (2) Flashcards
Your manager has been hearing a lot about social-engineering attacks and wonders why such attacks are so effective. Which of the following identifies reasons why the attacks are so successful? (Choose three.)
Authority
DNS poisoning
Urgency
Brute force
Trust
Authority
Urgency
Trust
There are a number of reasons why social-engineering attacks are successful, including these three reasons: The victim believes he is receiving communications from a person of authority. Also, the attacker speaks with a sense of urgency, which makes the victim want to help out as quickly as possible. Trust is correct because social engineering works based on the fact that we trust people, especially people in need or people of authority. Social engineering is effective for a number of other reasons, such as intimidation, consensus or social proof, scarcity of the event, and familiarity or liking of a person. Most social-engineering experts have mastered being likeable, which transforms into trust
A user calls and asks you to send sensitive documents immediately because a salesperson needs them to close a multimillion-dollar deal and the salesperson’s files are corrupted. She demands you do this immediately, or she’ll have you fired. What form of social engineering is this?
Familiarity
Intimidation
Consensus
Intimidation
Intimidation occurs when an attacker threatens the victim using bullying tactics or threats to get the victim to take an action
An attacker tricks a user into clicking a malicious link that causes an unwanted action on a web site the user is currently authenticated to. What type of exploit is this?
Cross-site request forgery
Cross-site scripting
Replay
Cross-site request forgery
Cross-site request forgeries occur when an attacker tricks a user into executing unwanted actions on a web site she is currently authenticated to
Your server is being flooded with DNS lookup requests, which is causing the server to be unavailable for legitimate clients. What sort of general attack is this?
Buffer overflow
Domain hijacking
Amplification
Amplification
An amplification attack involves sending a small amount of data to an unsuspecting third party, which sends a larger amount of data to the target
A user calls you stating that his browser performed an unintended action after he clicked a button on a web page. What sort of attack has taken place?
Replay
Shimming
Click-jacking
Click-jacking
A click-jacking attack involves tricking the user into clicking an object that causes some evil action as a result. Users think they are clicking a link for a legitimate purpose, but they are unwittingly downloading malware or performing some other malicious activity with the click
A downloaded hardware driver does not match the checksum from the manufacturer, yet it installs and seems to behave as it should. Months later, you learn that sensitive information from your device has been leaked online. Which term best describes this type of attack?
Refactoring
Collision
ARP poisoning
Refactoring
A refactoring attack involves changing the internal code of the driver while maintaining the external behavior so it appears to be behaving normally
A user is attempting to log into a web application but notices that the version of TLS being used is lower than expected. What sort of attack is this?
Weak implementations
Known plain text/cipher text
Downgrade
Downgrade
A downgrade attack involves forcing a connection to abandon a high-quality encryption protocol for a lower quality, more insecure protocol
You have received a SMS text message from the bank stating that access to your bank account has been blocked. The message asks you to click a link to reactivate the account right away. What type of attack is this?
Skimming
Card cloning
Smishing
Smishing
A smishing attack occurs when the attacker uses SMS text messaging to send a phishing style message to a user’s mobile phone, trying to trick the user into compromising security
An attacker obtains a connection to your LAN and then uses SETH to perform a MiTM attack between your system and the company RDP server, which enables the attacker to collect the logon information for the RDP server. What type of attack has occurred?
Reconnaissance
Credential harvesting
Impersonation
Credential harvesting
Credential harvesting occurs when the attacker collects logon information and then uses that information to gain access to system at a later time
Which of the following mechanisms can be used by an attacker as a method in an influence campaign to trick the victim into compromising security?
Intimidation
Malicious flash drive
Social media
Social media
Social media is a tool that can be used as an influence campaign during a social-engineering attack
Which of the following represent reasons why social-engineering attacks are so effective? (Choose two.)
URL redirection
Consensus
Domain reputation
Scarcity
Malicious code execution
Consensus
Scarcity
There are a number of reasons why social engineering is effective, such as intimidation, consensus or social proof, scarcity of the event, and familiarity or liking of a person
You receive a call from the network administrator who was supposed to be on vacation. She informs you that there was an update to the financial system, and she needs you to temporarily change your password to “N3wSyst3m” so that the software can receive initial updates. What type of social-engineering technique is being used here?
Impersonation
Eliciting information
Prepending
Impersonation
Impersonation is when the attacker pretends to be a different individual in order to trick someone into compromising security. It is common for the attacker to impersonate the network administrator in order to get users to make changes, but it is also common for the attacker to impersonate a frustrated user so that the administrator helps give the user access to the network
Which of the following is a layer 2 attack that involves the attacker sending a large number of frames to the switch in order to trick the switch into sending all new frames to every port on the switch?
MAC cloning
MAC spoofing
MAC flooding
MAC flooding
MAC flooding occurs when the attacker sends a large number of frames to the switch, causing it to fill its MAC address table so old entries are removed from the table to make space for the new entries. This causes known MAC addresses to be removed from the MAC address table, which results in the switch flooding all frames (sends the frames to all ports on the switch)
What type of physical attack involves the attacker creating a component that contains a wireless controller embedded inside it that enables the attacker to send commands to the device from a nearby phone or PC?
Card cloning
Spraying
Malicious USB cable
Malicious USB cable
A malicious USB cable is used as a physical attack on systems because the USB cable must be physically connected to the system that an attacker wishes to exploit. Once the cable is connected, it can receive commands wirelessly to execute payloads on the target system
Which of the following attack types involves an attacker manipulating data input in order to exploit vulnerabilities in the algorithm used by the system?
Adversarial AI attack
Supply-chain attack
Cloud-based attack
Adversarial AI attack
Artificial intelligence (AI), also known as machine learning, may be vulnerable to adversarial machine-learning attacks, in which the attacker sends malicious input into the learning system in order to compromise the system. The attack is based on the fact that machine-learning systems use models of data for their training, which may be tainted training data for machine learning (ML). The learning system may respond differently in production scenarios to different data input during an attack. This attack type is designed to test the security of the machine-learning algorithm
