3.0 Threats and Vulnerabilities


3.1 Explain types of malware.

  • Adware
  • Virus
  • Spyware
  • Trojan
  • Rootkits
  • Backdoors
  • Logic bomb
  • Botnets
  • Ransomware
  • Polymorphic malware
  • Armored virus

3.2 Summarize various types of attacks.

  • Man-in-the-middle
  • DDoS
  • DoS
  • Replay
  • Smurf attack
  • Spoofing
  • Spam
  • Phishing
  • Spim
  • Vishing
  • Spear phishing
  • Xmas attack
  • Pharming
  • Privilege escalation
  • Malicious insider threat
  • DNS poisoning and ARP poisoning
  • Transitive access
  • Client-side attacks
  • Password attacks
    • Brute force
    • Dictionary attacks
    • Hybrid
    • Birthday attacks
    • Rainbow tables
    • Typo squatting/URL hijacking
    • Watering hole attack

3.3 Summarize social engineering attacks and the associated effectiveness with each attack.

  • Shoulder surfing
  • Dumpster diving
  • Tailgating
  • Impersonation
  • Hoaxes
  • Whaling
  • Vishing
  • Principles (reasons for effectiveness)
    • Authority
    • Intimidation
    • Consensus/social proof
    • Scarcity
    • Urgency
    • Familiarity/liking
    • Trust

3.4 Explain types of wireless attacks.

  • Rogue access points
  • Jamming/interference
  • Evil twin
  • War driving
  • Bluejacking
  • Bluesnarfing
  • War chalking
  • IV attack
  • Packet sniffing
  • Near field communication
  • Replay attacks
  • WEP/WPA attacks
  • WPS attacks

3.5 Explain types of application attacks.

  • Cross-site scripting
  • SQL injection
  • LDAP injection
  • XML injection
  • Directory traversal/command injection
  • Buffer overflow
  • Integer overflow
  • Zero day
  • Cookies and attachments
  • Locally Shared Objects (LSOs)
  • Flash cookies
  • Malicious add-ons
  • Session hijacking
  • Header manipulation
  • Arbitrary code execution/remote code execution

3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.

  • Monitoring system logs
    • Event logs
    • Audit logs
    • Security logs
    • Access logs
  • Hardening
    • Disabling unnecessary services
    • Protecting management interfaces and applications
    • Password protection
    • Disabling unnecessary accounts
  • Network security
    • MAC limiting and filtering
    • 802.1x
    • Disabling unused interfaces and unused application service ports
    • Rogue machine detection
  • Security posture
    • Initial baseline configuration
    • Continuous security monitoring
    • Remediation
  • Reporting
    • Alarms
    • Alerts
    • Trends
  • Detection controls vs. prevention controls
    • IDS vs. IPS
    • Camera vs. guard

3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.

  • Interpret results of security assessment tools
  • Tools
    • Protocol analyzer
    • Vulnerability scanner
    • Honeypots
    • Honeynets
    • Port scanner
    • Passive vs. active tools
    • Banner grabbing
  • Risk calculations
    • Threat vs. likelihood
  • Assessment types
    • Risk
    • Threat
    • Vulnerability
  • Assessment technique
    • Baseline reporting
    • Code review
    • Determine attack surface
    • Review architecture
    • Review designs

3.8 Explain the proper use of penetration testing versus vulnerability scanning.

  • Penetration testing
    • Verify a threat exists
    • Bypass security controls
    • Actively test security controls
    • Exploiting vulnerabilities
  • Vulnerability scanning
    • Passively testing security controls
    • Identify vulnerability
    • Identify lack of security controls
    • Identify common misconfiguration
    • Intrusive vs. non-intrusive
    • Credentialed vs. non-credentialed
    • False positive
  • Black box
  • White box
  • Gray box

Recommended

 





Associates