- Advanced Persistent Threat (APT)
- Multi-vector, polymorphic attacks
- Denial of Service
- Buffer Overflows
- Mobile Code
- Malicious Software (Malware)
- Drive-by download attacks
- Spyware
- Trojan Horse
- Keyloggers
- Password Crackers
- Spoofing/Masquerading
- Sniffers, Eavesdropping, and Tapping
- Emanations and TEMPEST
Spontaneous emission of electromagnetic radiation” (EMR) subject to TEMPEST eavesdropping - Shoulder Surfing
- Tailgating
- Piggybacking
- Object Reuse
- Data Remanence
- Unauthorized Targeted Data Mining
- Dumpster Diving
- Backdoor/Trapdoor
- Maintenance Hook
- Logic bombs
- Social Engineering
- Phishing
- Pharming
A cyber attack intended to redirect a website’s traffic to another, fake site. - Covert Channel
Unauthorized channel for data transportation - IP Spoofing/Masquerading
IP Spoofing is malicious, while Masquerading is a specific form of Network Address Translation (NAT) and can be valid. - Elevation of privilege/Privilege escalation
- Tampering
- Sabotage
- SQL injection
- Cross-Site Scripting (XSS)
- Session Hijacking and Man-in-the-Middle Attacks
- Zero-day exploit
A zero-day exploit hits after a network vulnerability is announced or discovered but before a patch or solution is implemented.
Pingback: CISSP PRACTICE QUESTIONS – 20200929 by Wentz Wu, CISSP-ISSMP,ISSAP,ISSEP/CCSP/CSSLP/CISM/CISA/CEH/PMP/CBAPWentz Wu