Bash, the Crucial Exams Chat Bot
AI Bot
Security Threats and Vulnerabilities Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
| Front | Back |
| Adware | Software that automatically displays or downloads advertisements, sometimes malicious |
| Botnet | A network of compromised devices controlled remotely to launch attacks like DDoS |
| Brute Force Attack | Attempting to guess passwords or encryption keys through repeated trials |
| Cross-Site Scripting (XSS) | An attack where malicious scripts are injected into trusted websites to target users |
| DDoS Attack | Distributed Denial of Service attack that overwhelms a server or network with traffic to disrupt operations |
| Insider Threat | A security threat originating from within an organization, like careless or malicious employees |
| Malware | Malicious software such as viruses, worms, trojans, or ransomware designed to harm or exploit systems |
| MitM Attack (Man-in-the-Middle) | An attack where attackers intercept and alter communication between two parties |
| Phishing | A social engineering attack where attackers trick users into revealing sensitive information or credentials |
| Privilege Escalation | Exploiting a vulnerability to gain unauthorized access to higher system privileges |
| Rainbow Table Attack | Using precomputed hash values to crack passwords quickly |
| Ransomware | Malware that encrypts data and demands payment for its decryption |
| Shoulder Surfing | Physically observing personal information like passwords or PINs while the victim types |
| Social Engineering | Manipulating individuals to reveal confidential or sensitive information |
| Spyware | Malware that secretly monitors and collects user activity and information |
| SQL Injection | An attack where an attacker inserts malicious SQL queries into input fields to manipulate databases |
| Trojan Horse | A type of malware disguised as legitimate software to gain access to systems |
| Unpatched Software | Software vulnerabilities left unaddressed due to missing updates or patches |
| Weak Passwords | Easily guessable passwords that can expose systems to unauthorized access |
| Zero-Day Vulnerability | A software vulnerability unknown to the vendor, making it exploitable before detection or patching |
This deck focuses on identifying and understanding common cybersecurity threats, attack vectors, and system vulnerabilities.