Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
52 Cards in this Set
- Front
- Back
What is:
Spyware |
A program that monitors the user's activity and reports it to another party without
informing the user. It is spread by users who inadvertently ask for it by downloading other programs, visiting infected sites, and so on. |
|
What is:
Adware |
Can have the same qualities as spyware, but it's primary purpose is to display ads
and generate revenue for its creator. |
|
What are:
Rootkits |
Software programs that have the ability to hide certain things, such as running
processes, from the OS. It does so by manipulating function calls to the OS and filtering out information that would normally appear. |
|
What is a:
Trojan Horse |
A program that enters a system or network under the guise of another program.
It may be included as an attachment or as part of an installation program. It can create a back–door or replace a valid program during installation. |
|
What is a:
Logic Bomb |
A program or code snippet that executes when a certain predefined event
occurs. |
|
What is a:
Backdoor |
A troubleshooting/developer hook into systems that often circumvent normal
authentication. Or The act of gaining access to a network and inserting a program/utility that creates an entrance for an attacker. |
|
What is a:
Botnet |
Malicious software running on a zombie and under the control of a command &
control. |
|
What is:
Ransomware |
Software, often delivered through a Trojan, that takes control of a system and
demands that a third party be paid. The "control" can be accomplished by encrypting the hard drive, changing the user's password, etc. |
|
What is a:
(Computer) Virus |
A piece of software designed to infect a computer system.
|
|
What is a:
Polymorphic Virus |
A virus that changes form in order to avoid detection.
|
|
What is a:
Stealth Virus |
A virus that attempts to avoid detection by masking itself from applications.
|
|
What
is a: Retrovirus |
A virus that attacks or bypasses the antivirus software installed on a
computer. |
|
What is a:
Multipartite Virus |
A virus that attacks a system in multiple ways.
|
|
What is an:
Armored Virus |
A virus that is designed to make itself difficult to detect or analyze.
|
|
What is a:
Companion Virus |
A virus that attaches itself to legitimate programs and then creates a
program with a different filename extension, effectively hiding from the user. When the legitimate program is executed, the virus runs instead. |
|
What is a:
Phage Virus |
A virus that modifies and alters other programs and databases.
|
|
What is a:
Macro Virus |
A virus that exploits the enhancements made to many applications, which are
used by programmers to expand the capability of applications. |
|
What is:
Spam |
Unwanted, unsolicited email.
|
|
What is a:
Denial–of–Service (DoS) attack |
An attack that prevents access to resources by users
authorized to use those resources. |
|
What is a:
Distributed Denial–of–Service (DDos) attack |
Amplifies the concepts of a DoS attack by using
multiple computer systems (often through botnets) to conduct an attack against a single organization. |
|
What is:
IP Spoofing |
An attack where the goal is to make the data look as if it came from a trusted host
when it didn't. |
|
What is:
ARP spoofing |
An attack where the MAC address of the data is faked. By faking this value, it
is possible to make it look as if the data came from a network that it did not. |
|
What is:
DNS spoofing |
An attack that happens when a DNS server is given information about a name
server that it thinks is legitimate when it isn't. |
|
What is a:
Pharming attack |
A form of redirection in which traffic intended for one host is sent to another.
This can be accomplished on a small scale by changing entries in the hosts file and on a large scale by using DNS spoofing. |
|
What is:
Phishing |
A form of social engineering in which you ask someone for a piece of information by
making it look as if is a legitimate request. |
|
What is:
Spear Phishing |
A unique form of phishing in which a message is made to look as it came from
someone that the user knows and trusts. |
|
What is:
Vishing |
An elevated form of social engineering that combines phishing with VOIP.
|
|
What is a:
Xmas Attack |
A popular attack that uses Nmap. It is an advanced scan that tries to get around
firewall detection and look for open ports. |
|
What is a:
Man–in–the–Middle Attack |
An attack that clandestinely places something between a server
and the user. It intercepts data and then sends the information to the server as if nothing is wrong. |
|
What is a:
Replay Attack |
A kind of access or modification attack, it captures information to be replayed
later. |
|
What is a:
Smurf Attack |
A distributed denial–of–service attack in which large numbers of ICMP packets
with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address. Most devices on a network will, by default, respond to this by sending a reply to the spoofed source IP address. |
|
What is a:
Brute–Force Attack |
An attack in which attempts to guess a password are made until a
successful guess occurs. |
|
What is a:
Dictionary Attack |
An attack that uses a dictionary of common words to attempt to find the
user's password. |
|
What is a:
Hybrid Password Attack |
An attack that typically uses a combination of dictionary entries and
brute force. |
|
What is a:
Birthday Attack |
A type of cryptographic attack that exploits the mathematics behind the
birthday problem in probability theory. This attack can be used to abuse communication between two or more parties. The attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations |
|
What is a:
Rainbow Table Attack |
An attack that focuses on identifying a stored value. By using values in
an existing table of hashed phrases or word and comparing them to values found, this attack can reduce the amount of time needed to crack a password. |
|
What is:
Privilege Escalation |
Involves a user gaining more privileges than they should have. With their
elevated permissions, they can perform tasks they should not be allowed to do. |
|
What is:
Typosquatting and URL Hijacking |
The act of registering domains that are similar to those for a
known entity but based on a misspelling or typographical error. |
|
What is a:
Watering Hole Attack |
An attack where the attacker identifies a site that is visited by those they
are targeting, poisoning that site, and then waiting for the results. |
|
What is:
Cross–Site Scripting (XSS) |
When an attacker uses a client–side script to trick a user who visits the site into have the code execute locally. |
|
What is:
SQL Injection |
An attack where an attacker manipulates the database code to take advantage
of a weakness in it. |
|
What is:
LDAP Injection |
An attack that exploits weaknesses in LDAP.
|
|
What is:
XML Injection |
An attack that occurs when an attacker enters values that query XML with
values that take advantage of exploits. |
|
What is:
Directory Traversal |
When an attacker is able to gain access to restricted directories though
HTTP. |
|
What is:
Buffer Overflow |
When an application receives more data than it's programmed to
accept. |
|
What is:
Integer Overflow |
When space that is reserved for numbers receives more data than it's
programmed to accept. |
|
What are:
Zero–Day Exploits |
A vulnerability is an undisclosed and uncorrected.
|
|
What is:
Session Hijacking |
When the item used to validate a user's session, such as a cookie, is stolen
and used by another to establish a session with a host that thinks it is still communicating with the first party. |
|
What is:
Header Manipulation |
An attack that uses various methods to change values in HTTP headers and falsify
access. |
|
What is a:
Vulnerability Scanner |
An application that checks a network for any known security
holes. |
|
What is a:
Honey Pot |
A computer that has been designated as a target for computer attacks.
|
|
What is:
Banner Grabbing |
An enumeration technique used to glean information about a computer
system on a network and the services running on its open ports. |