General Security Concepts

Questions derived from the CompTIA SY0-101 – Security+ Self Test Software Practice Test.

Objective: General Security Concepts
SubObjective: Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk: Dos/DDoS, Back Door, Spoofing, Man in the Middle, Replay, TCP/IP Hijacking, Weak Keys, Mathematical, Birthday, Password Guessing (Brute Force, Dictionary), Software Exploitation

Item Number: SY0-101.1.4.6
Multiple Answer, Multiple Choice

Which attacks are considered common access control attacks? (Choose all that apply.)

1. Spoofing
2. Phreaking
3. SYN flood
4. Dictionary attacks
5. Brute force attacks

Answer:
A. Spoofing
D. Dictionary attacks
E. Brute force attacks

Tutorial:
Spoofing, dictionary attacks, and brute force attacks are common access control attacks. Spoofing occurs when an attacker implements a fake program that steals user credentials. A dictionary attack is a method where the attacker attempts to identify user credentials by feeding lists of commonly used words or phrases. A brute force attack is one in which the attacker tries all possible input combinations to gain access to resources.

Phreaking is a group of hackers that specialize in telephone fraud. It is considered a telecommunications and network security attack.

A SYN flood occurs when a network is flooded with synchronous (SYN) packages. As a result, the system is overloaded and performance suffers. Many times, legitimate users are denied access. A SYN flood is usually considered an application or system attack.

Reference:
Wikipedia.org, Spoofing attack, http://en.wikipedia.org/wiki/Spoofing_attack
Wikipedia.org, Dictionary attack, http://en.wikipedia.org/wiki/Dictionary_attack
Wikipedia.org, Brute force attack, http://en.wikipedia.org/wiki/Brute_force_attack