Information Technology /Security+ (SY0-701): Lesson 8: Explain Vulnerability Management Part 2
Security+ (SY0-701): Lesson 8: Explain Vulnerability Management Part 2
This deck covers key concepts and definitions from Lesson 8 of the Security+ (SY0-701) syllabus, focusing on vulnerability management techniques and attack types.
What does a buffer overflow allow an attacker to do?
Change the return address, allowing the attacker to run arbitrary code on the system.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
What does a buffer overflow allow an attacker to do?
Change the return address, allowing the attacker to run arbitrary code on the system.
What 3 controls have been developed to mitigate buffer overflow vulnerabilities?
Address space layout randomization (ASLR)
Data Execution Prevention (DEP)
Type-safe programming languages
...
Define a 'Type-safe programming language'
Program that enforces strict type-checking during compilation and ensures variables and data are used correctly.
What is the purpose of using a type-safe programming language?
Prevents memory-related vulnerabilities and injection attacks.
Define a 'Malicious update'
An update that appears legitimate but contains harmful code; A vulnerability in software repository or supply chain that a threat actor can exploit to...
Define an 'evaluation scope'
The product, system, or service being analyzed for potential security vulnerabilities or the intended target or an attack.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
What does a buffer overflow allow an attacker to do? | Change the return address, allowing the attacker to run arbitrary code on the system. |
What 3 controls have been developed to mitigate buffer overflow vulnerabilities? |
|
Define a 'Type-safe programming language' | Program that enforces strict type-checking during compilation and ensures variables and data are used correctly. |
What is the purpose of using a type-safe programming language? | Prevents memory-related vulnerabilities and injection attacks. |
Define a 'Malicious update' | An update that appears legitimate but contains harmful code; A vulnerability in software repository or supply chain that a threat actor can exploit to add malicious code to a package. |
Define an 'evaluation scope' | The product, system, or service being analyzed for potential security vulnerabilities or the intended target or an attack. |
Define a distinct different between a web application attack and other attacks | Must navigate the client-server model; Requiring the attacker to bypass network and application-level security controls. |
Define a 'cross-site scripting (XSS)' attack | A malicious script injected into a web site designed to compromise clients browsing the site. |
Define a 'nonpersistent cross-site scripting (XSS)' attack | The malicious script is obfuscated in a spoofed URL that reflects back to the attacker. |
Define a 'stored/persistent cross-site scripting (XSS)' attack | The script is injected and permanently stored on the target servers, such as in a database or content management system. |
Define a 'Document Object Model (DOM) cross-site scripting (XSS)' attack | Attacker injects malicious script into a JavaScript Document Object Model (DOM) to execute their attack solely on the client. |
What is the difference between an overflow attack and an injection attack? | Overflow attack works against the way a process performs memory management while an injection attack exploits some unsecure way in which the application processes requests and queries. |
Define a ‘SQL injection' attack | Injection of a malicious/unauthorized SQL query via the input data from a client to the application/server. |
Define a 'side-channel' attack | Attacker observes the implementation and operation of a system, looking for information to use to exploit the system. |
How can cloud services be manipulated by an attacker? | Setup fake websites on cloud services for phishing and malware distribution; Cryptojacking cloud resources for cryptomining. |
Define a 'cloud access security broker (CASB)' | Enterprise management software designed to manage, mediate, and monitor access to cloud services by users across all types of devices. |
What are the 3 methods of implementing a cloud access security broker (CASB)? |
|
Define a forward proxy cloud access security broker (CASB) | Requires configuration of users' devices; Inspects all traffic in real time, even if that traffic is not bound for sanctioned cloud applications. |
Define a reverse proxy cloud access security broker (CASB) | Positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with a policy. |
Define an Application programming interface (API) cloud access security broker (CASB) | Brokers connections between the cloud service and the cloud consumer rather than placing a CASB appliance or host inline with cloud consumers and the cloud services. |
Define a 'software bill of materials (SBOM)' | Inventory containing details like component names, versions, and information about the suppliers in a software product. |
What is the purpose of a software bill of materials (SBOM)? | Provide transparency and visibility into the software supply chain and potential vulnerabilities; Enables developers, security teams, and end users to understand the functional components of their software. |
What is the role of a software bill of materials (SBOM) after a vulnerability has been disclosed? | Supports rapid response and remediation; Security teams can quickly determine whether their software is affected by a disclosed vulnerability. |
Define a software dependency check | A Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. |
What is the purpose of utilizing a software dependency check? | Detecting outdated or vulnerable components |
Define a 'HTTP referrer' | Indicates the URL that forwarded a request to the target URL. |
What is a 'network vulnerability scanner' | Hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a client PC, Server, application, or network device. |
Define a 'non-credentialed scan' | A scan that uses fewer permissions and many times can only find missing patches or updates. |
What is the purpose of a non-credentialed scan? | Appropriate technique for external assessment of the network perimeter or when performing web application scanning to mimic view of an unprivileged attacker with limited network access. |
What are typical findings from a non-credentialed scan? | Default passwords for service accounts and device management interfaces. |