4

Question 1

Which of the following enables the exchange of information between computer programs?

Answer 1

** API **

API stands for Application Programming Interface. In the context of APIs, the word Application refers to any software with a distinct function. Interface can be thought of as a contract of service between two applications. This contract defines how the two communicate with each other using requests and responses.

Question 1

What is the purpose of a DoS attack?

Answer 1

Resource exhaustion

Question 2

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required is known as:

Answer 2

Memory leak

Question 3

SSL stripping is an example of:

Answer 3

• Downgrade attack
• On-path attack

Question 4

Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application’s code?

Answer 4

Shimming

Question 5

The practice of modifying an application’s code without changing its external behavior is referred to as:

Answer 5

** Refactoring **

Refactoring is the process of restructuring code, while not changing its original functionality. The goal of refactoring is to improve internal code by making many small changes without altering the code’s external behavior.

Question 6

Which of the following terms refer to software/hardware driver manipulation techniques? (Select 2 answers)

Answer 6

• Refactoring
• Shimming

Question 7

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:

Answer 7

Pass the hash

Question 8

The term “Evil twin” refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts

Answer 8

True

Question 9

Gaining unauthorized access to a Bluetooth device is referred to as:

Answer 9

** Bluesnarfing **

Bluesnarfing is a hacking technique in which a hacker accesses a wireless device through a Bluetooth connection. It happens without the device user’s permission and often results in the theft of information or some other kind of damage to the device (and user)

Question 10

The practice of sending unsolicited messages over Bluetooth is known as:

Answer 10

** Bluejacking **

Bluejacking is an attack in which someone sends unsolicited messages to a Bluetooth-enabled device. The target must be within their Bluetooth range for the attack to work.

Question 11

A wireless disassociation attack is a type of:

Answer 11

• Deauthentication attack
• Denial-of-Service (DoS) attack

Question 12

A wireless jamming attack is a type of:

Answer 12

Denial-of-Service (DoS) attack

Question 13

Which of the following wireless technologies enables identification and tracking of tags attached to objects?

Answer 13

** RFID **

Radio Frequency Identification (RFID) refers to a wireless system comprised of two components: tags and readers.

Question 14

A type of identification badge that can be held within a certain distance of a reader device to authenticate its holder is called:

Answer 14

RFID badge

Question 15

RFID is vulnerable to

Answer 15

• Spoofing
• Eavesdropping
• Data interception
• Replay attacks
• Denial-of-Service (DoS) attacks
  All of the above

Question 16

What is the name of a technology used for contactless payment transactions?

Answer 16

** NFC **

Question 17

NFC is vulnerable to:

Answer 17

• Data interception
• Replay attacks
• Denial-of-Service (DoS) attacks
  All of the above

Question 18

Which of the following provide randomization during encryption process? (Select 2 answers)

Answer 18

• Salting
  (Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them)
• Initialization Vector (IV)
  (A binary vector used as the input to initialize the algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.)

Question 19

Which of the following statements can be used to describe the characteristics of an on-path attack? (Select all that apply)

Answer 19

• An on-path attack is also known as MITM attack
• In an on-path attack, attackers place themselves on the communication route between two devices
• In an on-path attack, attackers intercept or modify packets sent between two communicating devices

Question 20

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker’s IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

Answer 20

ARP poisoning

Question 21

Media Access Control (MAC) flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table.

Answer 21

True

Question 22

An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as: (Select 2 answers)

Answer 22

• MAC spoofing
• MAC cloning

Question 23

Which of the following fall(s) into the category of Layer 2 attacks? (Select all that apply)

Answer 23

• MAC cloning
• ARP poisoning
• MAC flooding
• MAC spoofing

Question 24

The term “Domain hijacking” refers to a situation in which domain registrants due to unlawful actions of third parties lose control over their domain names.

Answer 24

True