4 Flashcards

1
Q

Which of the following enables the exchange of information between computer programs?

A

** API **

API stands for Application Programming Interface. In the context of APIs, the word Application refers to any software with a distinct function. Interface can be thought of as a contract of service between two applications. This contract defines how the two communicate with each other using requests and responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

What is the purpose of a DoS attack?

A

Resource exhaustion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required is known as:

A

Memory leak

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SSL stripping is an example of:

A
  • Downgrade attack
  • On-path attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application’s code?

A

Shimming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The practice of modifying an application’s code without changing its external behavior is referred to as:

A

** Refactoring **

Refactoring is the process of restructuring code, while not changing its original functionality. The goal of refactoring is to improve internal code by making many small changes without altering the code’s external behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following terms refer to software/hardware driver manipulation techniques? (Select 2 answers)

A
  • Refactoring
  • Shimming
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:

A

Pass the hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The term “Evil twin” refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Gaining unauthorized access to a Bluetooth device is referred to as:

A

** Bluesnarfing **

Bluesnarfing is a hacking technique in which a hacker accesses a wireless device through a Bluetooth connection. It happens without the device user’s permission and often results in the theft of information or some other kind of damage to the device (and user)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The practice of sending unsolicited messages over Bluetooth is known as:

A

** Bluejacking **

Bluejacking is an attack in which someone sends unsolicited messages to a Bluetooth-enabled device. The target must be within their Bluetooth range for the attack to work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A wireless disassociation attack is a type of:

A
  • Deauthentication attack
  • Denial-of-Service (DoS) attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A wireless jamming attack is a type of:

A

Denial-of-Service (DoS) attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following wireless technologies enables identification and tracking of tags attached to objects?

A

** RFID **

Radio Frequency Identification (RFID) refers to a wireless system comprised of two components: tags and readers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A type of identification badge that can be held within a certain distance of a reader device to authenticate its holder is called:

A

RFID badge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RFID is vulnerable to

A
  • Spoofing
  • Eavesdropping
  • Data interception
  • Replay attacks
  • Denial-of-Service (DoS) attacks
    All of the above
16
Q

What is the name of a technology used for contactless payment transactions?

A

** NFC **

17
Q

NFC is vulnerable to:

A
  • Data interception
  • Replay attacks
  • Denial-of-Service (DoS) attacks
    All of the above
18
Q

Which of the following provide randomization during encryption process? (Select 2 answers)

A
  • Salting
    (Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them)
  • Initialization Vector (IV)
    (A binary vector used as the input to initialize the algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.)
19
Q

Which of the following statements can be used to describe the characteristics of an on-path attack? (Select all that apply)

A
  • An on-path attack is also known as MITM attack
  • In an on-path attack, attackers place themselves on the communication route between two devices
  • In an on-path attack, attackers intercept or modify packets sent between two communicating devices
20
Q

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker’s IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

A

ARP poisoning

21
Q

Media Access Control (MAC) flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table.

A

True

22
Q

An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as: (Select 2 answers)

A
  • MAC spoofing
  • MAC cloning
23
Q

Which of the following fall(s) into the category of Layer 2 attacks? (Select all that apply)

A
  • MAC cloning
  • ARP poisoning
  • MAC flooding
  • MAC spoofing
24
Q

The term “Domain hijacking” refers to a situation in which domain registrants due to unlawful actions of third parties lose control over their domain names.

A

True