-
Whats the difference between Vulnerability scanning and Penetration testing?
Scanning looks for vulnerabilities and testing tests the strength of the network
-
____ Makes itself difficult to detect or analyze
Contains protective code
Armored Virus
-
What are 4 types of virus?
- Armored
- Retrovirus
- Stealth
- Boot Sector
- File Infector Virus
- Macro Viruses
- Multipartite
- Companion
- Polymorphic
- Metamorphic
-
___inserts malware into a system which sets off an action.
Logic Bomb
-
____has the ability to hide spyware blockers, anti-virus program, and system utitlities.
Runs at root level or admin access
Rootkits
-
___self reproduces without a host application
Worm
-
___ is a program that is disguised as another program and performs its malicious activity in the background.
Trojan horse
-
___can be spread via malware, such as a trojan horse. Allows access to a computer (i.e. server, workstation, network device)
Backdoors
-
___Frequently refers to any software which displays advertisements
Some are spyware or malware
Adware
-
___that works on collecting information about the system and what it is used for.
Spyware
-
Which of the following types of malware is the MOST difficult to reverse engineer?
A. Logic Bomb
B. Trojan
C. Armored Virus
D. Ransomware
Armored Virus
-
___Software that takes control of a system and demands payment to a third party
Ransomware
Tip: often in the form of a trojan
-
_____ prevents access to resources by users authorized to use those resources.
Denial of Service (DOS)
-
What are the most common DOS attacks?
- Ping-of-Death
- Land Attack
- Teardrop
- SYN Flood
-
___Amplifies a DoS by using multiple computers to conduct an attack against a single entity (Smurf Attack)
Distributed Denial of Service (DDoS)
-
____A computer compromised by a hacker that is used to perform malicious task under remote direction
Zombies
-
_A network of compromised systems containing malware which acts as a robot.
Botnets
-
Impersonating someone/something else by falsifying data
Spoofing
-
What types of forms does spoofing occur?
- IP address spoofing
- MAC spoofing
- ARP poisoning
- Web spoofing
- DNS spoofing
-
Attackers use a strategy to identify a site that is visited by those they are targeting.
Watering Hole Attack
-
____Vulnerability where an attacker can add comments/code to web pages which allows code injection
Cross-Site Scripting (XSS)
-
INSERT INTO message <Script> in here </script>
Is an example of Cross-Site Scripting (XSS)
-
____Involves unauthorized commands coming from a trusted user to the website
Think Instant messaging
Cross-site Request Forgery (XSRF)
-
____Code injected into a database via a web form.
( is considered a breakout
SQL Injection
-
What is the most common SQL attack
DoS
-
_____is a specific form of attack that can be employed to compromise Web sites that construct LDAP statements form data provided by users
(admin)(1(password)=*)
LDAP Injection
-
____Attack technique used to manipulate or compromise the logic of an XML application or service
XML Injection
-
____Strings of characters that keep your sessions information
COOKIES
-
(HTML)
(body on load = document. ('badform')
shopppingsite.company
example of a cookie
-
What are the types of tools used for newtork mapping?
- Nmap
- SolarWinds
- Whats Up Gold
-
___Software utility that allows direct testing of a user's logon password strength
- Brute Force Decryption
- Dictionary look-up
- Rainbow Tables
-
Examples of Vulnerability Scanner
Nessus, SAINT, NMAP, Retina
|
|