Search
Create
Log in
Sign up
Log in
Sign up
Sec+ Domain 3 Terms
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Protocols omitted. All terms singular. Acronyms where applicable.
Terms in this set (49)
Arbitrary Code Execution
The ability for an attacker to execute commands or run programs on a target system and can be remotely.
Armored Virus
Uses one or more techniques like complex code or encryption, to make it difficult to reverse engineer.
ARP Poisoning
An attack that misleads computers or switches about the actual MAC address of a system.
Backdoor
Provides another way of accessing a system, bypassing normal authentication methods.
Banner Grabbing
Determines what software is running on each open port where the attack connects to each port and collects the response from the server.
Birthday Attack
Named after the birthday paradox in mathematical probability theory. The birthday paradox states that for any random group of 23 people, there is a 50 percent chance that 2 of them have the same birthday.
Bluejacking
The practice of sending unsolicited messages to other Bluetooth devices.
Bluesnarfing
Any unauthorized access to or theft of information from a Bluetooth connection.
Brute Force Attack
Password attack that involves using password-cracking software to mathematically calculate every possible password.
Buffer Overflow
Attack sends more data or unexpected data to an application with the goal of accessing system memory.
Client-Side Inspection
The practice of checking data for validity before using it as a client/system to protect against many attacks, such as buffer overflow, SQL injection, command injection, and cross-site scripting attacks.
Code Review
A line-by-line review of code by peer programmers and can help detect vulnerabilities, such as race conditions or susceptibility to buffer overflow attacks.
Command Injection
An attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application.
Cookie and Attachment
A cookie is a text file stored on a user's computer and used for multiple purposes, including tracking a user's activity. Attachments are typically associated with emails.
Cross-Site Scripting
Attackers embed malicious HTML or JavaScript code into an email or web site error message. If responded to, it executes the code where the attacker can then access some information.
Cross-Site Scripting Prevention
Primarily at the web application with input validation techniques to block the use of HTML tags and JavaScript tags.
Determine Attack Surface
A vulnerability assessment technique to look at the system attack surface which refers to the attack vectors available on a system, such as open ports.
Dictionary Attack
Password attacks which attempts to use every word in the dictionary to see if it works.
Directory Traversal
A specific type of command injection attack that attempts to access a file by including the full directory path, or traversing the directory structure.
DNS Poisoning
Attempts to modify or corrupt DNS results.
Flash Cookie
Created by Adobe Flash Player and is different from a traditional text cookie. Also called Locally Shared Objects (LSO's).
Header Manipulation
The insertion of malicious data, which has not been validated, into a HTTP response header.
Hoax
A message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn't exist
Hybrid
In relation to password attacks, uses a combination of two or more types of methods to crack a password.
Impersonation
Pretending you're someone/something else to gain info.
Integer Overflow
Attempts to create a numeric value that is too big for an application to handle causing an error.
Intrusive
Type of scan which attempts to exploit vulnerabilities; penetration testing.
IV Attack
Type of wireless network attack that targets the initialization vector of WEP due to the weakness from it's small bit size and repetition.
Jamming
An attack which transmits noise or another radio signal on the same frequency used by a wireless network that can reduce performance or even availability.
LDAP Injection
Attacks that attempt to access or modify data hosted on directory service servers by taking advantage of poor application input validation.
Logic Bomb
A string of code embedded into an application or script which executes in response to an event, such as when a specific application is executed or a specific time arrives.
Malicious Insider Threat
A malicious insider is anyone who has legitimate access to an organization's internal resources, but exploits this access for personal gain or damage against the organization.
Man-in-the-Middle
A form of active interception or active eavesdropping where the attacker inserts themselves in the middle of two systems that are communicating.
Near Field Communication
A group of standards used on mobile devices that allow them to communicate with other mobile devices when they are close to them
Penetration Testing
Actively assesses deployed security controls within a system or network.
Pharming Attack
Redirects a web site's traffic to another web site and can do so by modifying the hosts file on the user's system; similar to DNS poisoning.
Privilege Escalation
When a user or process accesses elevated rights and permissions. Having administrators use two accounts and with the administrative account being use sparingly reduces the potential for privilege escalation.
Polymorphic Malware
Has the ability to morph or mutate when it replicates itself, or when it executes making it difficult for antivirus software to track/find.
Rainbow Tables
Method where huge databases of precomputed hashes are used to speed up the process of performing a password attack.
Replay Attack
Captures data in a session with the intent of later impersonating one of the parties in the session.
Rogue Access Point
An unauthorized device that the network administrator is unaware of that could be setting for an attack if accessed.
Rootkit
A group of programs (or, in rare instances, a single program) that hides the fact that the system has been infected or compromised by malicious code and has system-level access.
Session Hijacking
An attack where the attacker learns the user's current established communication ID and uses it to impersonate the user, usually removing that user in the process.
SQL Injection
When an attacker enters additional data into the web page form to generate different SQL statements in efforts of retrieving details and information on the database.
Typo Squatting/URL Hijacking
A domain name that is close to a legitimate domain name in efforts to lead users to the non-legitimate website with malicious intent.
Watering Hole Attack
An attack where someone determines a frequently visited website then compromises the site by planting viruses or malicious code on them, attempting to infect a user's computer.
Xmas Attack
A type of port scan used to identify underlying details of an operating system in addition to what ports are open.
XML Injection
When an attacker inserts additional data in XML format that could expose data to retrieval or modification from databases.
Zero-Day
Attackers exploiting unknown or undocumented vulnerabilities before they are patched.
YOU MIGHT ALSO LIKE...
uCertify Chapter 9 Cards
87 Terms
xtremekforever
Security Plus: Chapter 2
51 Terms
Riley839
CISSP - Types of Attacks and Viruses
62 Terms
javery473
Chapter 4 (Types of attacks)
63 Terms
joel_2202
OTHER SETS BY THIS CREATOR
Sec+ Domain 6 Terms
42 Terms
PwnutButter
Sec+ Domain 5 Terms
16 Terms
PwnutButter
Sec+ Domain 4 Terms
37 Terms
PwnutButter
Sec+ Domain 2 Terms
42 Terms
PwnutButter
THIS SET IS OFTEN IN FOLDERS WITH...
Sec+ Domain 1 Terms
45 Terms
PwnutButter
Sec+ Ports and Protocols
66 Terms
PwnutButter
Comptia Sec+ Glossary
735 Terms
Jon_B51
COMPTIA SEC+ Glossary
303 Terms
LuckeLucas
;