WGU D315 Study Guide Section 2

WGU D315 Study Guide Section 2 Leave the first rating Students also studied Terms in this set (25) Science Computer Science Computer Security and Reliability Save WGU D315 Study Guide Section 3 56 terms onwardtotexas Preview

WGU D315 - PRE-ASSESSMENT: NET...

205 terms Mira_PakPreview WGU - Practical Applications of Pro...172 terms BO151Preview ChatGP Teacher Rog Practice questions for this set Learn1 / 7Study using Learn Information gathering technique used to identify live hosts by pinging them. After the sweep the attacker overwhelms the victim's computer with a large amount of ICMP echo- request packets (pings).SecOps· Combines IT operations and security to improve an organization's cyber resiliency VulnerabilityA location in a system most likely to be penetrated or exploited Choose an answer 1 TCP Hijacking (Starts with TCP Sweep) Attack 2Ping Flood (Starts with Ping Sweep) Attack 3UDP Flood (Starts with UDP Sweep) Attack 4SYN Flood (Starts with SYN Sweep) Attack Don't know?

Zero-day VulnerabilityA vulnerability typically unknown to the vendor and for which no patch or fix is available. The vendor has 0 days to prepare a patch as the vulnerability is already known and exploited.Database Control AttackSQL Injection. Buffer overflow (Similar to SQL Injection, but they enter too much information into the former, causing the app to crash or other damage).Spoofing AttackMan-In-the-Middle, VLAN Hopping (attacking network resources on a VLAN. An attacking host on a VLAN gains access to traffic on other VLANS that wouldn't normally be accessible) Denial of Service AttackDenying service to a computer, network, or network server by overwhelming the victim with large amounts of useless traffic. A computer is used to flood a server with TCP and UDP packets.Ping of Death AttackAttacker pings the target and sends an ICMP packet over the max of 65,535 bytes and causes the victim's system to crash or stop functioning. Causes bumper overflow and crashes.Ping Flood (Starts with Ping Sweep) AttackInformation gathering technique used to identify live hosts by pinging them. After the sweep the attacker overwhelms the victim's computer with a large amount of ICMP echo-request packets (pings).SMURF DD0S (Distributed Attack)Rather than one computer sending ICMP packets, multiple computers are replying to the ICMP packet. Spoofs the source address for all ICMP packets.DEAUTH AttackDeauthentication, DoS attack where the attacker can force any or all off the network.Exploit Attack (RPC)Specially crafted RPC request is sent. Successful exploitation of this vulnerability could execute arbitrary code within the context of another user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights Phishing Attack (Social Engineering)Attackers deceive people into revealing sensitive information via email or other messages. May also install malware.Spear Fishing Attack (Social Engineering)Targets a person with extremely specific information like hacking a CEO's phone with a specific calendar invite for their kids' soccer practice Red Team Security TeamPretends to be an enemy and attempts an intrusion of an organization at the direction of the organization Blue Team Security TeamPerforms analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and make certain all security measures will continue to be effective after implementation.White Team Security TeamOversees and manages security testing and exercises, ensuring that they are conducted fairly and within legal and ethical boundaries.

Purple Team Security TeamCombination of the Red and Blue Teams.White Hat HackerUses skills to identify and fix vulnerabilities in a system with the goal of improving cyber security Black Hat HackerViolates ethical standards or laws for malicious purposes, such as cybercrime, cyber warfare or identity theft. Also known as Crackers Gray Hat HackerMay violate laws or ethical standards but usually don't have malicious intent Social EngineeringType of cyber attack that involves manipulating people into sharing sensitive information or taking dangerous actions CIA triadConfidentiality, Integrity, Availability Confidentiality (CIA Triad)Access to information should be granted only on a need-to-know basis.Integrity (CIA Triad)Information should not be tampered with from source to destination Availability (CIA Triad)Services of an organization should be available.