Test your basic knowledge |

CISSP Attacks

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. AKA Session Hijacking - Enables user to gain control of session read change data and/or packets. Could potentially get passwords or Paswd file if attacks admin






2. TDL-4's makers created their own encryption algorithm - Kaspersky's Golovanov said in his analysis - and the botnet uses the domain names of the C&C servers as the encryption keys.






3. RF interference / blocking






4. Intruder re-routes data traffic from a network device to Attacker's machine






5. Type: DoS - How: Send Packet > max allowable size of 65535 bytes - Why: Causes vulnerable host to fail and/or reboot - Counter: Ingress filter - patch systems






6. Completed by using commercially available couplers to place a microbend in the cable to allow light to radiate through the cladding and be exposed to a photodetector. photodetector is connected to an electro-optical converter that acts as an interfac






7. Hacker gains access to data stored on Bluetooth enabled phone. Why: hacker make phone calls - send & receive text messages - read & write phonebook contacts - eavesdrop on phone conversations - and connect to Internet. - How: requires advanced equip






8. Type: Brute force How: Attack hashing function via Brute force. Changes message until he gets one that produces the same hash value. - Why: Attacker wants to change your message without detection.






9. Mobile device attack that seeks to dupe the recipient of an SMS (short message service - text) message into downloading malware onto their handset. Once the handset is infected - it can be turned into a 'zombie -' allowing attackers to control the de






10. Add extra bogus charges






11. 'Pairing' establishes trust relationship - Access to All Data on device






12. Zeus - Mariposa - Storm






13. aka ARP Flooding - poisioning






14. Attacker deletes incriminating evidence or data from audit logs. - Countermeasure: Protect log from modification via strict access control






15. In computer security - a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called 'shellcode' because it typically starts a command shell from which the attacker can control the compromised






16. Type: Buffer Overflow - How: Memory Stack is overflown to write data into another area of memory in the Identify of the System. (Priviledged System account) - Why: The most common cause of stack overflows is excessively deep or infinite recursion. T






17. Counters: A firewall can be used to detect the outgoing connections made by connect-back shellcodes and the attempt to accept incoming connections made by bindshells. They can therefore offer some protection against an attacker - even if the system i






18. Type: Fun or Snoop Info - How: Attacker sends unsolicited message to Bluetooth enabled device. e.g. insert contact into address book. Why: May Enable future attacks on the device via emails - Recipent reaction or get data w/o your knowledge while con






19. Type: DDoS - How: TFN uses a master program to communicate with attack agents across multiple nets. TFN can launch several types of attacks simultaneously: UDP flood - TCP SYN flood - ICPM echo request flood and ICMP directed broadcasts. - Why: TFN M






20. Attacker uses program presenting Fake Logon Screen Capture Username & Pswd - Counter: Host IDS






21. Sasser - Blaster - Melissa - ILOVEYOU - Conflicker






22. How: Attacker sends forged stream of TCP SYN packets with Source & Destination = to victim's IP address - Victim's system attempts to reply to itselft (attacks itself) - Vulnerable systems: Systems with BSD TCP/IP stack - Counter: Edge routers drop p






23. 1) If phone is vulnerable to bluesnarfing or bluebugging-- seek patches. Manufacturer or manufacturer-authorized dealer. Software patches available for many older Bluetooth phones. 2) Turn device to non-discoverable mode when not using Bluetooth tech






24. Type: DoS (Flood or Crashing) - How: Malformed fragmented packts - Why: Causes vulnerable host to fail and/or reboot - Countermeasure: Network IDS - drop faulty or corrupted packets - ingress filters






25. May result in data at a specific location being altered in an arbitrary way - or in arbitrary code being executed. - Counter: make sure your OS and application libraries are patched to detect/prevent against these types of overflows






26. The botnet also uses the public Kad P2P network for one of its two channels for communicating between infected PCs and the C&C servers - said Kaspersky. Previously - botnets that communicated via P2P used a closed network they had created.






27. Redirect victim to fake website - How: DNS poison -






28. Bluebugging - Bluesnarfing






29. Type of Remote Shellcode that downloads and executes some form of malware on the target system. This type of shellcode does not spawn a shell - but rather instructs the machine to download a certain executable file off the network - save it to disk






30. AKA: Asynchronous attack - How: Takes advantage of dependency of event timing in a multitasking OS - How: Attacker gets between instructions and manipulates something. Goal is Control the result.






31. Counters:Best: Proper programming with Input value bounds checking. Keep systems current: Patching - hot fixes - etc.






32. Type: Worm. How: Self replicating usually Rapid over net or other means.






33. Covert Channel ICMP comms - writes data after header Sniffing - Counter: Secure protocols -






34. Social engineering technique






35. How: Attacker uses technologies (especially associated with VoIP) that allow callers to lie about their identity and present false names and numbers - Why: defraud or harass.






36. Type: DoS - How: Attacker sends your packets to a non-existent address - How: One way is special type of ARP poisioning.






37. How: SMTP doesn't provide any authentication.E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail. As long as the letter fits the protocol - (i.e. stamp - postal code) the SMTP protocol will send t






38. Uses DiffieH PK to determine shared Symm key






39. Type: Masquerading Attack - How: For a given IP address in ARP table - attacker enters his MAC address - Why: Attacker alters System ARP table. Goal to receive packets.






40. Installs its rootkit on the MBR - Sector 0 - Invisible to OS & security software - advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by (C&C) servers






41. Overwhelm mail server & Clients






42. Type: DDoS - How: uses a master program to communicate with attack agents across multiple nets. Attacker remotely connects to Master host - then master commands agents to perform UDP flood to a list of Target IP addresses. - Why: your IP address is i






43. Juggernaut & HUNT Project - Spy then attack






44. Type: Buffer Overflow in the heap data area. - Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data. Expl






45. Counter: Non-public #s - Tight AC for modems / pools






46. Attacker must win the race of responding between 2 different processes carrying out a task/function. Counter: Do not Split up critical tasks that can have results or sequence altered. - Employ Software locks to files to prevent unauthorized access.






47. Type: Man-in-Middle Attack - AKA: Phishing - URL Spoofing - How: Spoofs the public key of web site/server - Why: Get users to go to Attackers Website instead - Goal: usually to get user's data (ID - password - bank account info - etc.) However - coul






48. Flood w/ Pairing requests. (spoofed or not) - Victim consumed with Responses






49. Type: Reconn - How: Use port scanning tool to identify Listening Ports (TCP/UDP) on Servers - Tools: Nmap - Foundstone Products (Scanline - etc.) - Angry IP Scanner - etc.






50. Change user's service provider - w/o concent