CompTIA Security+ Section 18

What is a DDoS attack?

Overwhelms a system with traffic from many devices.

What is a flood attack?

Overloads a system with excessive traffic or requests.

What is a permanent denial of service (PDoS)?

Damages hardware or firmware to make a system unusable.

What is a DNS amplification attack?

Uses open DNS servers to flood a victim with traffic.

What is a fork bomb?

Creates endless processes to crash a system.

What is DNS?

System that translates domain names to IP addresses.

What is DNS cache poisoning?

Corrupts DNS entries to redirect users to malicious sites.

What is DNS tunneling?

Uses DNS queries to sneak data or commands through.

What is domain hijacking?

Taking control of a registered domain without authorization.

What is a DNS zone transfer attack?

Tricking a DNS server into sharing its entire database.

What is a directory traversal attack?

Accessing files outside the intended directory.

What is file inclusion?

Loading malicious files into an application.

What is arbitrary code execution?

Running attacker’s code on a victim system.

What is a replay attack?

Reusing captured data packets to impersonate a user.

What is session management?

Controls user logins and active sessions.

What is session hijacking?

Attacker steals a valid session ID to impersonate a user.

What is cookie poisoning?

Changing cookies to gain unauthorized access.

What is an on-path attack?

Attacker intercepts and alters traffic between systems.

What is SSL stripping?

Forcing encrypted HTTPS traffic down to HTTP.

What is a downgrade attack?

Forcing systems to use weaker security protocols.

What is LDAP?

Protocol for accessing and managing directory services.

What is command injection?

Attacker runs malicious commands on a system.

What are indicators of compromise (IoCs)?

Signs that a system has been breached.