Show:
Social Engineering
Attack Types
Networks
Applications
Security Assessments
100

What is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes?

Social Engineering

100

What is a software that has been created for nefarious purposes?

Malware

100

What is it called when an attacker is able to place themselves in the middle of two other hosts that are communicating?

Man in the middle (MITM) attack 

100
Inputing ' or 1=1-- is a common way to test what kind of vulnerability?

SQL Injection

100

Anti-malware software fails to detect a ransomeware attack that is supposed to be within its capabilities of detecting. What is this an example of?

False negative

200

What is defined as the use of telephones to conduct a phishing attack?

Vishing

200

What is it called when an attacker uses a predetermined database to attempt to crack passwords?

Dictionary Attack
200

What is a Distributed Denial-of-Service (DDoS) attack?

The employing of multiple attacking systems to ultimately deny the use of or access to a specific service or system

200

An attacker exploits a vulnerability from the user level and now has root access. What is this called?

Privilege escalation

200

What type of scan shows the view of the a true outsider on the network?

Non-credentialed 

300

If someone follows another through a locked door what type of attack is this?

Tailgating

300

An organization puts a limit on the amount of failed password attempts a user has, what type of attack does this mitigate?

Brute force

300

What is an initialization vector (IV)

Used in wireless systems, the randomization element at the beginning of a connection

300

When an attacker captures network traffic and retransmits at a later time, what type of attacks are they attempting?

Replay attack

300

What is the process of examining services on computer systems for known vulnerabilities in software?

Vulnerability scanning

400

What is it called when an attacker attempted to phish a CEO?

Whaling

400

What is a rainbow attack?

Using a dictionary of password hashes to guess the plaintext password

400

Your network scan is showing a large number of address changes to the MAC tables and lots of ARP and RARP messages. What type of attack is this?

MAC Flooding

400

While examining a laptop infected with malware, you notice that it loads on startup, and a file called netutilities.dll every time Word is opened. What is this an example of?

DLL Injection

400

What is the practice of proactively searching for cyber threats that are inside a network, yet remaining undetected?

Threat hunting

500
An attacker gives the impression that something is in short supply, what phishing principle is this?

Scarcity

500

you notice TCP Port 31337 is open on your server. The you connect to the port via Netcat, you are prompted to enter a password. What type of malware is this?

Backdoor

500

At the airport, you get a message on your phone. It is a picture of a duck with the word "Pwned" and you don't know who sent the message. What type of attack did you just experience?

Bluejacking

500

A web app has an input field for a username and indicates it should be between 6 and 12 characters. You discovered that if you input 150 characters, it crashes. What is this an example of?

Buffer overflow

500
What process allows log files to be enriched with additional data to provide context?

Log aggregation