Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/52

Click to flip

52 Cards in this Set

  • Front
  • Back
What is:


Spyware
A program that monitors the user's activity and reports it to another party without informing the user. It is spread by users who inadvertently ask for it by downloading other programs, visiting infected sites, and so on.
What is:


Adware
Can have the same qualities as spyware, but it's primary purpose is to display ads and generate revenue for its creator.
What are:


Rootkits
Software programs that have the ability to hide certain things, such as running processes, from the OS. It does so by manipulating function calls to the OS and filtering out information that would normally appear.
What is a:


Trojan Horse
A program that enters a system or network under the guise of another program. It may be included as an attachment or as part of an installation program. It can create a back–door or replace a valid program during installation.
What is a:


Logic Bomb
A program or code snippet that executes when a certain predefined event occurs.
What is a:


Backdoor
A troubleshooting/developer hook into systems that often circumvent normal authentication.
Or
The act of gaining access to a network and inserting a program/utility that creates an entrance for an attacker.
What is a:


Botnet
Malicious software running on a zombie and under the control of a command & control.
What is:



Ransomware
Software, often delivered through a Trojan, that takes control of a system and demands that a third party be paid. The "control" can be accomplished by encrypting the hard drive, changing the user's password, etc.
What is a:


(Computer) Virus
A piece of software designed to infect a computer system.
What is a:


Polymorphic Virus
A virus that changes form in order to avoid detection.
What is a:


Stealth Virus
A virus that attempts to avoid detection by masking itself from applications.
What is a:


Retrovirus
A virus that attacks or bypasses the antivirus software installed on a computer.
What is a:


Multipartite Virus
A virus that attacks a system in multiple ways.
What is an:


Armored Virus
A virus that is designed to make itself difficult to detect or analyze.
What is a:


Companion Virus
A virus that attaches itself to legitimate programs and then creates a program with a different filename extension, effectively hiding from the user. When the legitimate program is executed, the virus runs instead.
What is a:


Phage Virus
A virus that modifies and alters other programs and databases.
What is a:


Macro Virus
A virus that exploits the enhancements made to many applications, which are used by programmers to expand the capability of applications.
What is:


Spam
Unwanted, unsolicited email.
What is a:

Denial–of–Service (DoS) attack
An attack that prevents access to resources by users authorized to use those resources.
What is a:


Distributed Denial–of–Service (DDos) attack
Amplifies the concepts of a DoS attack by using multiple computer systems (often through botnets) to conduct an attack against a single organization.
What is:

IP Spoofing
An attack where the goal is to make the data look as if it came from a trusted host when it didn't.
What is:


ARP spoofing
An attack where the MAC address of the data is faked. By faking this value, it is possible to make it look as if the data came from a network that it did not.
What is:


DNS spoofing
An attack that happens when a DNS server is given information about a name server that it thinks is legitimate when it isn't.
What is a:


Pharming attack
A form of redirection in which traffic intended for one host is sent to another. This can be accomplished on a small scale by changing entries in the hosts file and on a large scale by using DNS spoofing.
What is:


Phishing
A form of social engineering in which you ask someone for a piece of information by making it look as if is a legitimate request.
What is:


Spear Phishing
A unique form of phishing in which a message is made to look as it came from someone that the user knows and trusts.
What is:



Vishing
An elevated form of social engineering that combines phishing with VOIP.
What is a:


Xmas Attack
A popular attack that uses Nmap. It is an advanced scan that tries to get around firewall detection and look for open ports.
What is a:


Man–in–the–Middle Attack
An attack that clandestinely places something between a server and the user. It intercepts data and then sends the information to the server as if nothing is wrong.
What is a:


Replay Attack
A kind of access or modification attack, it captures information to be replayed later.
What is a:


Smurf Attack
A distributed denial–of–service attack in which large numbers of ICMP packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address. Most devices on a network will, by default, respond to this by sending a reply to the spoofed source IP address.
What is a:


Brute–Force Attack
An attack in which attempts to guess a password are made until a successful guess occurs.
What is a:


Dictionary Attack
An attack that uses a dictionary of common words to attempt to find the user's password.
What is a:


Hybrid Password Attack
An attack that typically uses a combination of dictionary entries and brute force.
What is a:


Birthday Attack
A type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties. The attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations
What is a:


Rainbow Table Attack
An attack that focuses on identifying a stored value. By using values in an existing table of hashed phrases or word and comparing them to values found, this attack can reduce the amount of time needed to crack a password.
What is:


Privilege Escalation
Involves a user gaining more privileges than they should have. With their elevated permissions, they can perform tasks they should not be allowed to do.
What is:


Typosquatting and URL Hijacking
The act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
What is a:


Watering Hole Attack
An attack where the attacker identifies a site that is visited by those they are targeting, poisoning that site, and then waiting for the results.
What is:

Cross–Site Scripting (XSS)
When an attacker uses a client–side script to trick a user who visits the site into have the code execute locally.
What is:


SQL Injection
An attack where an attacker manipulates the database code to take advantage of a weakness in it.
What is:

LDAP Injection
An attack that exploits weaknesses in LDAP.
What is:


XML Injection
An attack that occurs when an attacker enters values that query XML with values that take advantage of exploits.
What is:


Directory Traversal
When an attacker is able to gain access to restricted directories though HTTP.
What is:


Buffer Overflow
When an application receives more data than it's programmed to accept.
What is:


Integer Overflow
When space that is reserved for numbers receives more data than it's programmed to accept.
What are:


Zero–Day Exploits
A vulnerability is an undisclosed and uncorrected.
What is:


Session Hijacking
When the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.
What is:

Header Manipulation
An attack that uses various methods to change values in HTTP headers and falsify access.
What is a:


Vulnerability Scanner
An application that checks a network for any known security holes.
What is a:


Honey Pot
A computer that has been designated as a target for computer attacks.
What is:


Banner Grabbing
An enumeration technique used to glean information about a computer system on a network and the services running on its open ports.