SANS 410 Exam Questions And Correct Answers|
Latest Update| Score 100%
Industrial Control System (ICS)
A device, or set of devices, that manages, commands, directs,
or regulates the behavior of other devices or systems.
Malware
Consists of virus, Trojans, backdoors, bots, and worms.
Virus
Parasitic malware that relies on executable code insertion and
user interaction to spread.
Trojans
Malware that pretends to be good software
Backdoors (RAT)
malware that provides remote access for attackers
,Bots
Malware that checks into a command and control server
Worms
self replicating malware.
ICS Malware
Duqu
Flame
Shamoon
Stuxnet
Havex/Dragonfly
Black Energy
Default or Weak Passwords
shared passwords are often simple, and default passwords are
often found in vendor manuals.
,Password fuzzing
brute force and dictionary attacks
Authentication Bypass
Often when a developer forgets to require every page from
verifying the user is logged in.
Weak Session Management
Obtaining a browser cookie or guessing it's content to hijack a
session.
SQL Injection
commands made against an improperly sanitized database that
can give an attacker read/write access to the database as well
as interaction to the OS and its files.
Cross Site Scripting (XSS)
Javascript added to the input and execution of that script in
other users browsers.
, Cross Site Request Forgery (CSRF) or (XSRF)
A hidden link, or a link that a browser automatically clicks on
using java script that takes a login cookie from your browser
and uses it.
Local and remote File Inclusions (LFI and RFI)
attackers can request non-log files from file systems that
developers failed to block.
Fuzzing Network Protocols
Sending unexpected traffic to an application to see the results.
Software Defined Radio (SDR)
Device to generate noise on WiFi frequencies.
Profibus (DP, FMS,PA)
Developed by Siemens, operates on RS485
Latest Update| Score 100%
Industrial Control System (ICS)
A device, or set of devices, that manages, commands, directs,
or regulates the behavior of other devices or systems.
Malware
Consists of virus, Trojans, backdoors, bots, and worms.
Virus
Parasitic malware that relies on executable code insertion and
user interaction to spread.
Trojans
Malware that pretends to be good software
Backdoors (RAT)
malware that provides remote access for attackers
,Bots
Malware that checks into a command and control server
Worms
self replicating malware.
ICS Malware
Duqu
Flame
Shamoon
Stuxnet
Havex/Dragonfly
Black Energy
Default or Weak Passwords
shared passwords are often simple, and default passwords are
often found in vendor manuals.
,Password fuzzing
brute force and dictionary attacks
Authentication Bypass
Often when a developer forgets to require every page from
verifying the user is logged in.
Weak Session Management
Obtaining a browser cookie or guessing it's content to hijack a
session.
SQL Injection
commands made against an improperly sanitized database that
can give an attacker read/write access to the database as well
as interaction to the OS and its files.
Cross Site Scripting (XSS)
Javascript added to the input and execution of that script in
other users browsers.
, Cross Site Request Forgery (CSRF) or (XSRF)
A hidden link, or a link that a browser automatically clicks on
using java script that takes a login cookie from your browser
and uses it.
Local and remote File Inclusions (LFI and RFI)
attackers can request non-log files from file systems that
developers failed to block.
Fuzzing Network Protocols
Sending unexpected traffic to an application to see the results.
Software Defined Radio (SDR)
Device to generate noise on WiFi frequencies.
Profibus (DP, FMS,PA)
Developed by Siemens, operates on RS485
