Page 1 of 1
Security+ Quiz - Attacks
targets a specific company or group of people in an attempt to capture personal info
Vishing
Whaling
Tail Gating
Spear Phishing
Could be emails, IMs, text messages meant to trick users in to giving away personal info.
Impersonation
Hoax
Phishing
Dumpster Diving
A service is unexpectedly caused to fail
Injection
Buffer Overflow
DoS
ARP Poisoning
An attacker on the same network will spoof the address resolution protocol. Usually changing the IP address for a designated MAC address so traffic will go the attacker instead of where its meant to go. Used in MITM attacks.
ARP Poisoning
Injection
DNS Poisoning
Replay Attack
Exploits in OS or Apps that haven't been discovered yet or been made public that can be used by hackers.
Clickjacking
Zero-Day
Pass the Hash
Typo-Squatting
An attack that captures certain packets of data and then can be used again later on to access that information again or pretend that the attacker is the end user.
Replay Attack
Man-in-the-browser
ARP Poisoning
Injection
A replay attack where the attacker gains the specific hash/username and it matches a specific end-user to gain access through their account.
Amplification
Pass the Hash
DDoS
Cross-Site-Scripting (XSS)
entering code in to an app or web app in order to alter the data or gain info
Cross-Site-Scripting (XSS)
Amplification
Cross-site request forgery (CSRF)
Injection
Service being denied because attack is coming from many different places at one time. Botnets are usually involved
Cross-site request forgery (CSRF)
DoS
DDoS
Replay Attack
Clicking on a button on a screen that may look legitimate, but the attacker uses that to send you somewhere else
Typo-Squatting
Clickjacking
Session-Hijacking
IP Spoofing
An attacker gets a link up on the victim’s computer and when the victim is logged in to a certain service, the attacker can get access
Tailgating
Cross-Site-Scripting (XSS)
Cross Request Site Forgery (CRSF)
Typo-Squatting
Changing the IP address associated with a domain name to get end-users to visit sites that they didn't mean to visit. Can usually be done once an attacker gains access to the DNS server.
DNS Poisoning
ARP Poisoning
Cross Request Site Forgery (CRSF)
Session-Hijacking
Page 1 of 1