Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Study > 2 > Flashcards

2 Flashcards

1
Q

Which of the following enables the exchange of information between computer programs?
* API
* UI
* Device drivers
* SDK

A

API

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the purpose of a DoS attack?

  • Code injection
  • Resource exhaustion
  • Malware infection
  • Privilege escalation
A

Resource exhaustion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SSL stripping is an example of: (Select 2 answers)
* Brute-force attack
* Downgrade attack
* Watering hole attack
* On-path attack
* Denial-of-Service (DoS) attack

A
  • Downgrade attack
  • On-path attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application’s code?
* Shimming
* Refactoring
* API call
* Sideloading

A

Shimming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The practice of modifying an application’s code without changing its external behavior is referred to as:
* API call
* Refactoring
* Sideloading
* Shimming

A

Refactoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following terms refer to software/hardware driver manipulation techniques? (Select 2 answers)

  • Prepending
  • Fuzz testing
  • Refactoring
  • Shimming
  • Sideloading
A
  • Refactoring
  • Shimming
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:
* Pass the hash
* Replay attack
* Brute-force attack
* Spraying attack

A

Pass the hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The term “Evil twin” refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts.
* True
* False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Match the OSI Model layer with definition: Network layer
* Human-computer interaction layer, where applications can access the network resources
* Maintains connections and is responsible for controlling ports and sessions
* Decides which physical path the data will take (Addressing and routing)
* Defines the format of data on the network (LAN communications, forwarding, media access)

A

Addressing and routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Match the OSI Model layer with definition: Data Link
* Human-computer interaction layer, where applications can access the network resources
* Transmits data using transmission protocols including TCP and UDP
* Defines the format of data on the network (LAN communications, forwarding, media access)
* Decides which physical path the data will take (Addressing and routing)

A
  • Defines the format of data on the network (LAN communications, forwarding, media access)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of these would provide a connection between smartphones without the use of an access point?

  • VPN
  • Extranet
  • Ad hoc
  • DMZ
  • Honeypot
A

Ad hoc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is responsible for enforcing rules during a cybersecurity exercise?
* Blue team
* Red team
* White team
* Purple team

A

White team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is used by WPA3 to prevent PSK brute force attacks?

  • SAE
  • CCMP
  • AES
  • Strong passwords
A

SAE (Simultaneous Authentication of Equals)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security team has been asked to document information in the Diamond Model. Which of the following BEST describes this model?

  • Encryption complexity
  • Disaster recovery process
  • Application containerization
  • Intrusion analysis
A

Intrusion analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following companies would be MOST likely to manage PHI?
* Car manufacturing
* Airport transportation
* Credit card services
* Surgery center

A

Surgery center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An attacker is modifying data sent in real-time between two devices. Which of the following attacks is MOST likely in use?
* MAC flooding
* Denial of service
* Wireless jamming
* On-path

A

On-path

17
Q

What type of wireless network security limits access using physical hardware addresses?

  • WPS
  • SSID suppression
  • WPA2
  • Static IP addressing
  • MAC filtering
A

MAC Filtering

18
Q

Which of the following would be the BEST way to monitor a cloud-based microservice architecture?
* IPS
* IPsec
* SNMP traps
* API inspection

A

API inspection

19
Q

Which of the following would be the BEST method of sending data to a specific port number on a remote device?
* dig
* traceroute
* route
* netcat

A

netcat

20
Q

Which security framework is mandatory for US federal agencies and includes a six step process?

  • CSA CCM
  • CIS CSC
  • SSAE SOC 2 Type I/II
  • NIST RMF
A

NIST RMF

21
Q

A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.
* True
* False

A

False

A hash collision is when two different passwords produce the same hash.

22
Q

A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:
* Downgrade attack
* Replay attack
* On-path attack
* Brute-force attack

A

Downgrade attack

23
Q

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)
* System/application vulnerability
* Principle of least authority
* Social engineering techniques
* Mandatory Access Control (MAC)
* System/application misconfiguration

A
  • System/application vulnerability
  • Social engineering techniques
  • System/application misconfiguration
24
Q

Which of the following answers can be used to describe characteristics of a cross-site scripting attack? (Select 3 answers)

  • Exploits the trust a user’s web browser has in a website
  • A malicious script is injected into a trusted website
  • User’s browser executes attacker’s script
  • Exploits the trust a website has in the user’s web browser
  • A user is tricked by an attacker into submitting unauthorized web requests
  • Website executes attacker’s requests
A
  • Exploits the trust a user’s web browser has in a website
  • A malicious script is injected into a trusted website
  • User’s browser executes attacker’s script
25
Q

Which of the following indicates an SQL injection attack attempt?
* DELETE FROM itemDB WHERE itemID = ‘1’;
* SELECT * FROM users WHERE userName = ‘Alice’ AND password = ‘’ OR ‘1’ = ‘1’;
* DROP TABLE itemDB;
* SELECT * FROM users WHERE email = ‘example@example.com’ AND password = ‘’;

A

SELECT * FROM users WHERE userName = ‘Alice’ AND password = ‘’ OR ‘1’ = ‘1’;

26
Q

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
* DLL
* ISO
* EXE
* INI

A

DLL

Study (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions