Scribd
Upload
206 views9 pages

CISSP Attacks PDF

The document provides definitions for 19 cybersecurity terms: 1) A birthday attack exploits collisions within hashing functions by taking advantage of the birthday problem in probability theory. 2) A brute force attack tries every possible combination until the correct one is identified to achieve a predefined goal. 3) A buffer overflow occurs when too much data is put into buffers, allowing hackers to run malicious code on a target system. 4) Cross-site scripting refers to injecting malicious code into a web application through a found vulnerability on a website.

Uploaded by

deewanand
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
206 views9 pages

CISSP Attacks PDF

The document provides definitions for 19 cybersecurity terms: 1) A birthday attack exploits collisions within hashing functions by taking advantage of the birthday problem in probability theory. 2) A brute force attack tries every possible combination until the correct one is identified to achieve a predefined goal. 3) A buffer overflow occurs when too much data is put into buffers, allowing hackers to run malicious code on a target system. 4) Cross-site scripting refers to injecting malicious code into a web application through a found vulnerability on a website.

Uploaded by

deewanand
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Printable Flash Cards http://www.flashcardmachine.com/print/?

topic_id=2854336

Term 1 Definition 1

Cryptographic attack that exploits the


mathematics behind the birthday
Birthday attack problem in the probability theory
forces collisions within hashing
functions.

Term 2 Definition 2

continually tries different inputs to


achieve a predefined goal. Brute force
Brute force attacks is defined as “trying every possible
combination until the correct one is
identified".

Term 3 Definition 3

Too much data is put into the buffers


that make up a stack. Common attack
Buffer overflow
vector used by hackers to run
malicious code on a target system.

1 of 9 23-11-15 11:15 AM
Printable Flash Cards http://www.flashcardmachine.com/print/?topic_id=2854336

Term 4 Definition 4

refers to an attack where a


vulnerability is found on a web site
cross-site scripting
that allows an attacker to inject
malicious code into a web application

Term 5 Definition 5

Files of thousands of words are


Dictionary attacks compared to the user’s password until
a match is found.

Term 6 Definition 6

Attacker makes a DNS server resolve a


DNS poisoning
host name into an incorrect IP address

2 of 9 23-11-15 11:15 AM
Printable Flash Cards http://www.flashcardmachine.com/print/?topic_id=2854336

Term 7 Definition 7

A DDoS attack type on a computer that


floods the target system with a large
Fraggle attack
amount of UDP echo traffic to IP
broadcast addresses.

Term 8 Definition 8

redirects a victim to a seemingly


pharming
legitimate, yet fake, web site

Term 9 Definition 9

type of social engineering with the


goal of obtaining personal
information, credentials, credit card
Phishing number, or financial data. The
attackers lure, or fish, for sensitive
data through various different
methods

3 of 9 23-11-15 11:15 AM
Printable Flash Cards http://www.flashcardmachine.com/print/?topic_id=2854336

Term 10 Definition 10

A DoS attack type on a computer that


Ping of Death involves sending malformed or
oversized ICMP packets to a target.

Term 11 Definition 11

a form of network attack in which a


valid data transmission is maliciously
replay attack
or fraudulently repeated with the goal
of obtaining unauthorized access.

Term 12 Definition 12

an attacker capturing the traffic from a


Replay Attack legitimate session and replaying it to
authenticate his session

4 of 9 23-11-15 11:15 AM
Printable Flash Cards http://www.flashcardmachine.com/print/?topic_id=2854336

Term 13 Definition 13

If an attacker can correctly predict the


TCP sequence numbers that two
systems will use, then she can create
packets containing those numbers
session hijacking and fool the receiving system into
thinking that the packets are coming
from the authorized sending system.
She can then take over the TCP
connection between the two systems.

Term 14 Definition 14

Nonintrusive and are used to uncover


sensitive information about how a
component works, without trying to
compromise any type of flaw or
Weakness. A noninvasive attack is
Side-channel attacks
one in which the attacker watches
how something works and how it
reacts in different situations instead of
trying to “invade” it with more
intrusive measures.

Term 15 Definition 15

A DDoS attack type on a computer that


Smurf attack floods the target system with spoofed
broadcast ICMP packets.

5 of 9 23-11-15 11:15 AM
Printable Flash Cards http://www.flashcardmachine.com/print/?topic_id=2854336

Term 16 Definition 16

An attacker falsely convinces an


individual that she has the necessary
Social engineering
authorization to access specific
resources.

Term 17 Definition 17

attacker can use a program that


presents to the user a fake logon
Spoofing at Logon
screen, which often tricks the user
into attempting to log on

Term 18 Definition 18

instead of valid input, the attacker


puts actual database commands into
SQL injection
the input fields, which are then parsed
and run by the application

6 of 9 23-11-15 11:15 AM
Printable Flash Cards http://www.flashcardmachine.com/print/?topic_id=2854336

Term 19 Definition 19

DoS attack where an attacker sends a


succession of SYN packets with the
SYN flood goal of overwhelming the victim
system so that it is unresponsive to
legitimate traffic.

Term 20 Definition 20

Attacker manipulates the “condition


Time-of-check/time-of-use (TOC/TOU) check” step and the “use” step within
attack software to allow for unauthorized
activity.

Term 21 Definition 21

the war dialer inserts a long list of


phone numbers into a war dialing
war dialing program in hopes of finding a modem
that can be exploited to gain
unauthorized access.

7 of 9 23-11-15 11:15 AM
Printable Flash Cards http://www.flashcardmachine.com/print/?topic_id=2854336

Term 22 Definition 22

This takes place when an attacker


captures packets at one location in the
network and tunnels them to another
Wormhole attack
location in the network for a second
attacker to use against a target
system.

Term 23 Definition 23

An attacker sends multiple service


requests to the victim’s computer until
they eventually overwhelm the system,
Denial-Of-Service (Dos) Attack
causing it to freeze, reboot, and
ultimately not be able to carry out
regular tasks.

Term 24 Definition 24

An intruder injects herself into an


ongoing dialog between two
computers so she can intercept and
Man-In-The-Middle Attack read messages being passed back and
forth. These attacks can be countered
with digital signatures and mutual
authentication techniques.

8 of 9 23-11-15 11:15 AM
Printable Flash Cards http://www.flashcardmachine.com/print/?topic_id=2854336

Term 25 Definition 25

This is an attack used to overwhelm


mail servers and clients with
unrequested e-mails. Using e-mail
Mail Bombing filtering and properly configuring
e-mail relay functionality on mail
servers can be used to protect against
this type of DoS attack.

Term 26 Definition 26

This attack sends malformed


fragmented packets to a victim. The
victim’s system usually cannot
reassemble the packets correctly and
Teardrop
freezes as a result. Countermeasures
to this attack are to patch the system
and use ingress filtering to detect
these packet types.

9 of 9 23-11-15 11:15 AM

You might also like