General Security Concepts
Questions derived from the CompTIA SY0-101 – Security+ Self Test Software Practice Test.
Objective: General Security Concepts
SubObjective: Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk: Dos/DDoS, Back Door, Spoofing, Man in the Middle, Replay, TCP/IP Hijacking, Weak Keys, Mathematical, Birthday, Password Guessing (Brute Force, Dictionary), Software Exploitation
Item Number: SY0-101.1.4.6
Multiple Answer, Multiple Choice
Which attacks are considered common access control attacks? (Choose all that apply.)
- Spoofing
- Phreaking
- SYN flood
- Dictionary attacks
- Brute force attacks
Answer:
A. Spoofing
D. Dictionary attacks
E. Brute force attacks
Tutorial:
Spoofing, dictionary attacks, and brute force attacks are common access control attacks. Spoofing occurs when an attacker implements a fake program that steals user credentials. A dictionary attack is a method where the attacker attempts to identify user credentials by feeding lists of commonly used words or phrases. A brute force attack is one in which the attacker tries all possible input combinations to gain access to resources.
Phreaking is a group of hackers that specialize in telephone fraud. It is considered a telecommunications and network security attack.
A SYN flood occurs when a network is flooded with synchronous (SYN) packages. As a result, the system is overloaded and performance suffers. Many times, legitimate users are denied access. A SYN flood is usually considered an application or system attack.
Reference:
Wikipedia.org, Spoofing attack, http://en.wikipedia.org/wiki/Spoofing_attack
Wikipedia.org, Dictionary attack, http://en.wikipedia.org/wiki/Dictionary_attack
Wikipedia.org, Brute force attack, http://en.wikipedia.org/wiki/Brute_force_attack