2 Flashcards
Which of the following enables the exchange of information between computer programs?
* API
* UI
* Device drivers
* SDK
API
What is the purpose of a DoS attack?
- Code injection
- Resource exhaustion
- Malware infection
- Privilege escalation
Resource exhaustion
SSL stripping is an example of: (Select 2 answers)
* Brute-force attack
* Downgrade attack
* Watering hole attack
* On-path attack
* Denial-of-Service (DoS) attack
- Downgrade attack
- On-path attack
Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application’s code?
* Shimming
* Refactoring
* API call
* Sideloading
Shimming
The practice of modifying an application’s code without changing its external behavior is referred to as:
* API call
* Refactoring
* Sideloading
* Shimming
Refactoring
Which of the following terms refer to software/hardware driver manipulation techniques? (Select 2 answers)
- Prepending
- Fuzz testing
- Refactoring
- Shimming
- Sideloading
- Refactoring
- Shimming
A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:
* Pass the hash
* Replay attack
* Brute-force attack
* Spraying attack
Pass the hash
The term “Evil twin” refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts.
* True
* False
True
Match the OSI Model layer with definition: Network layer
* Human-computer interaction layer, where applications can access the network resources
* Maintains connections and is responsible for controlling ports and sessions
* Decides which physical path the data will take (Addressing and routing)
* Defines the format of data on the network (LAN communications, forwarding, media access)
Addressing and routing
Match the OSI Model layer with definition: Data Link
* Human-computer interaction layer, where applications can access the network resources
* Transmits data using transmission protocols including TCP and UDP
* Defines the format of data on the network (LAN communications, forwarding, media access)
* Decides which physical path the data will take (Addressing and routing)
- Defines the format of data on the network (LAN communications, forwarding, media access)
Which of these would provide a connection between smartphones without the use of an access point?
- VPN
- Extranet
- Ad hoc
- DMZ
- Honeypot
Ad hoc
Which of the following is responsible for enforcing rules during a cybersecurity exercise?
* Blue team
* Red team
* White team
* Purple team
White team
Which of the following is used by WPA3 to prevent PSK brute force attacks?
- SAE
- CCMP
- AES
- Strong passwords
SAE (Simultaneous Authentication of Equals)
A security team has been asked to document information in the Diamond Model. Which of the following BEST describes this model?
- Encryption complexity
- Disaster recovery process
- Application containerization
- Intrusion analysis
Intrusion analysis
Which of the following companies would be MOST likely to manage PHI?
* Car manufacturing
* Airport transportation
* Credit card services
* Surgery center
Surgery center
An attacker is modifying data sent in real-time between two devices. Which of the following attacks is MOST likely in use?
* MAC flooding
* Denial of service
* Wireless jamming
* On-path
On-path
What type of wireless network security limits access using physical hardware addresses?
- WPS
- SSID suppression
- WPA2
- Static IP addressing
- MAC filtering
MAC Filtering
Which of the following would be the BEST way to monitor a cloud-based microservice architecture?
* IPS
* IPsec
* SNMP traps
* API inspection
API inspection
Which of the following would be the BEST method of sending data to a specific port number on a remote device?
* dig
* traceroute
* route
* netcat
netcat
Which security framework is mandatory for US federal agencies and includes a six step process?
- CSA CCM
- CIS CSC
- SSAE SOC 2 Type I/II
- NIST RMF
NIST RMF
A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.
* True
* False
False
A hash collision is when two different passwords produce the same hash.
A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:
* Downgrade attack
* Replay attack
* On-path attack
* Brute-force attack
Downgrade attack
Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)
* System/application vulnerability
* Principle of least authority
* Social engineering techniques
* Mandatory Access Control (MAC)
* System/application misconfiguration
- System/application vulnerability
- Social engineering techniques
- System/application misconfiguration
Which of the following answers can be used to describe characteristics of a cross-site scripting attack? (Select 3 answers)
- Exploits the trust a user’s web browser has in a website
- A malicious script is injected into a trusted website
- User’s browser executes attacker’s script
- Exploits the trust a website has in the user’s web browser
- A user is tricked by an attacker into submitting unauthorized web requests
- Website executes attacker’s requests
- Exploits the trust a user’s web browser has in a website
- A malicious script is injected into a trusted website
- User’s browser executes attacker’s script
