Information Technology /Security+ (SY0-701): Lesson 13: Analyze Indicators Part 3
Security+ (SY0-701): Lesson 13: Analyze Indicators Part 3
This deck covers key concepts and definitions related to various types of cyber attacks, including DDoS, man-in-the-middle, ARP poisoning, DNS poisoning, and more. It is designed to help students understand and remember important security threats and mitigation strategies.
Define an 'amplification attack'
UDP based reflection attack that exploits the way the protocols function and causing them to return network information to the attacker.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
Define an 'amplification attack'
UDP based reflection attack that exploits the way the protocols function and causing them to return network information to the attacker.
What is a typical indicator of a Distributed Denial of Service (DDoS) attack?
Traffic spikes that have no legitimate explanation.
How can a Distributed Denial of Service (DDoS) attack be mitigated?
High availability services, such as load balancing and cluster services.
Define an 'on-path/man-in-the-middle' attack
An attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic.
Define 'arp poisoning'
Attacker with network access redirects an IP address to the MAC address of a computer that is not the intended recipient.
What two types of attacks could use ARP poisoning as a technique?
DoS and on-path/man-in-the-middle.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Define an 'amplification attack' | UDP based reflection attack that exploits the way the protocols function and causing them to return network information to the attacker. |
What is a typical indicator of a Distributed Denial of Service (DDoS) attack? | Traffic spikes that have no legitimate explanation. |
How can a Distributed Denial of Service (DDoS) attack be mitigated? | High availability services, such as load balancing and cluster services. |
Define an 'on-path/man-in-the-middle' attack | An attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic. |
Define 'arp poisoning' | Attacker with network access redirects an IP address to the MAC address of a computer that is not the intended recipient. |
What two types of attacks could use ARP poisoning as a technique? | DoS and on-path/man-in-the-middle. |
Define 'DNS poisoning' | An attack where a threat actor injects false resource records into a client or server cache to redirect a domain name to an IP address of the attacker's choosing. |
What are the 3 types of DNS poisoning? |
|
What technique/attack method is used to perform DNS-Based On-Path Attacks when the attacker and victim are on the same network? | ARP poisoning or a rouge DHCP server. |
How is a DNS Client Cache Poisoning performed? | Attacker must place a spoofed DNS mapping in the clients host file. |
Where is the windows host file? | %SystemRoot%\System32\Drivers\etc\hosts |
Where is the Linux host file? | /etc/hosts |
Define a 'rouge access point' | One that has been installed on the network without authorization, that creates a backdoor to the network. |
Define an 'evil twin' | A rogue access point masquerading as a legitimate one. |
Define a 'disassociation' attack | Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack by exploiting the lack of encryption in management frame traffic to send spoofed frames. |
Define a 'KRACK' attack | Uses a replay mechanism that targets the WPA and WPA2 4-way handshake to capture the hashes used when a wireless station associates with an access point. |
Define a 'password' attack | Any attack where the attacker tries to gain unauthorized access to and use of passwords. |
Define a 'brute force' password attack | Attacker uses an application to try every possible alphanumeric combination to crack encrypted passwords. |
Define a 'dictionary' password attack | Compares encrypted passwords against a predetermined list of possible password hash values. |
Define 'password spraying' | A brute force attack in which multiple user accounts are tested with a dictionary of common passwords. |
Define a 'credential replay' attack | An attack that uses a captured authentication token to start an unauthorized session without having to discover the plaintext password for an account. |
Define a 'downgrade' attack | Cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages. |
How can a downplay attack be detected? | In server logs, WAF/load balancer logs, IDS. |
Define a 'collision' attack | Exploiting a weak cryptographic hashing function allowing generation of the same digest value for two different input files/data to forge a digital signature. |
Define a 'birthday' attack | Password based collision attack taking advantage of the probability that different input can produce the same digest value for a different unknown encrypted password. |
Define 'Shellcode' | Minimal program designed to exploit a vulnerability in the OS or in a legitimate app to gain privileges. |
Define 'credential dumping' | The act of using malware to access a credential file or sniff credentials held in memory. |
Define an 'application attack' | Targets a vulnerability in OS or application software. |
What is an indicator of an application attack? | Increased numbers of application crashes and errors; Anomalous CPU, memory, storage, or network utilization. |
What is the purpose of most application attacks? | Arbitrary code execution; To allow the threat actor to run their own code on the system. |