Card Set Information
Whats the difference between Vulnerability scanning and Penetration testing?
Scanning looks for vulnerabilities and testing tests the strength of the network
____ Makes itself difficult to detect or analyze
Contains protective code
What are 4 types of virus?
File Infector Virus
___inserts malware into a system which sets off an action.
____has the ability to hide spyware blockers, anti-virus program, and system utitlities.
Runs at root level or admin access
___self reproduces without a host application
___ is a program that is disguised as another program and performs its malicious activity in the background.
___can be spread via malware, such as a trojan horse. Allows access to a computer (i.e. server, workstation, network device)
___Frequently refers to any software which displays advertisements
Some are spyware or malware
___that works on collecting information about the system and what it is used for.
Which of the following types of malware is the MOST difficult to reverse engineer?
A. Logic Bomb
C. Armored Virus
___Software that takes control of a system and demands payment to a third party
Tip: often in the form of a trojan
_____ prevents access to resources by users authorized to use those resources.
Denial of Service (DOS)
What are the most common DOS attacks?
___Amplifies a DoS by using multiple computers to conduct an attack against a single entity (Smurf Attack)
Distributed Denial of Service (DDoS)
____A computer compromised by a hacker that is used to perform malicious task under remote direction
_A network of compromised systems containing malware which acts as a robot.
Impersonating someone/something else by falsifying data
What types of forms does spoofing occur?
IP address spoofing
Attackers use a strategy to identify a site that is visited by those they are targeting.
Watering Hole Attack
____Vulnerability where an attacker can add comments/code to web pages which allows code injection
Cross-Site Scripting (XSS)
INSERT INTO message <Script> in here </script>
Is an example of Cross-Site Scripting (XSS)
____Involves unauthorized commands coming from a trusted user to the website
Think Instant messaging
Cross-site Request Forgery (XSRF)
____Code injected into a database via a web form.
( is considered a breakout
What is the most common SQL attack
_____is a specific form of attack that can be employed to compromise Web sites that construct LDAP statements form data provided by users
____Attack technique used to manipulate or compromise the logic of an XML application or service
____Strings of characters that keep your sessions information
(body on load = document. ('badform')
example of a cookie
What are the types of tools used for newtork mapping?
Whats Up Gold
___Software utility that allows direct testing of a user's logon password strength
Brute Force Decryption
Examples of Vulnerability Scanner
Nessus, SAINT, NMAP, Retina