1
Q
Privilege Escalation:
A
- Unusual account activity, such as multiple failed login attempts or suspicious account access.
- Unauthorized access to higher-level system resources.
- Changes in user permissions or roles without proper authorization.
2
Q
Cross-site Scripting (XSS):
A
- Unexpected or malicious script execution in web application inputs.
- Reports of unusual pop-ups, redirects, or unexpected behavior in web browsers.
- Suspicious input data that appears in web applications logs.
3
Q
Injections (SQL, DLL, LDAP, XML):
A
- Unusual or authorized database queries, file operations, or LDAP searches.
- Error messages or unusual behaviors indication potential injection attempts.
- Logs or input data containing SQL syntax, DLL file paths, LDAP queries, or XML payloads.
4
Q
Pinter/Object Dereference:
A
- Application crashes or instability.
- Unexpected memory- related errors or applications exceptions.
- Memory addresses or pointers appearing where they shouldn’t be in logs or memory.
5
Q
Directory Transversal:
A
- Unauthorized access attempts to restricted directories or files.
- Suspicious transversal characters in URLs or input data (e.g., “..”).
- Access logs showing unusual files or directory access patterns.
6
Q
Buffer Overflows:
A
- Application crashes or unresponsive behavior.
- Memory corruption-related errors in logs or debug information.
- Sudden increases in CPU or memory usage.
7
Q
Race Conditions (Time of Check/Time of Use):
A
- Inconsistent application behavior or data integrity issues.
- Logs indicating concurrency-related errors or conflicts.
- Multiple users accessing the same resources simultaneously.
8
Q
Errors Handling:
A
- Unhandled exceptions or errors messages that reveal sensitive information.
- Logs with repetitive error entries or signs of application instability.
- Reports of unexpected application behavior or crashes.
9
Q
Improper Input Handling:
A
- Unexpected or malicious input data causing application errors or crashes.
- Logs showing input data with special characters or unexpected formats.
- Input validation or sanitization failures.
10
Q
Replay Attack (Session Replays):
A
- Repeated login attempts with the same session identifiers.
- Unusual session or authentication activity.
- Logs showing multiple sessions from the same user or IP address.
11
Q
Integer Overflow:
A
- Unexpected application crashes or errors related to arithmetic operations.
- Logs containing calculations or operations resulting in large or negative values.
12
Q
Request Forgeries (Server-side, Cross-site):
A
- Unexpected actions or transactions performed without user consent.
- Logs showing unauthorized or unusual requests.
- Detection of forged tokens or session identifiers.
13
Q
Application Programming Interface (API) Attacks:
A
- Unusual or unauthorized API calls or endpoints.
- Logs indicating high-frequency or suspicious API interactions.
- Reports of API response anomalies or unauthorized data access.
14
Q
Resource Exhaustion:
A
- Application or system performance degradation.
- Logs with indicators of excessive resource consumption.
- Unusual levels of CPS, memory, or network usage.
15
Q
Memory Leak:
A
- Gradual increase in memory over time.
- Application instability or crashes due to memory exhaustion.
- Reports of slow performance or unresponsive applications.
16
Q
Secure Sockets Layer (SSL) Stripping:
A
- Unencrypted data transmission in network traffic.
- Browser warnings or notifications about insecure connections.
- Unexpected plaintext data in intercepted network traffic.
17
Q
Driver Manipulation (Shimming, Refactoring):
A
- System instability or crashes related to driver issues.
- Unusual driver activity, such as the loading or unloading of drivers.
- Logs with signs of driver tampering or manipulation.
18
Q
Pass the Hash:
A
- Unauthorized access using hashed credentials.
- Multiple login failures or suspicious authentication attempts.
- Detection of repeated use of the same hash for authentication.
Security+ 101
flashcards
Decks in class (6)
# Cards
