comptia

Question 1

Vishing

Answer 1

Social engineering over telephone

Question 2

Phishing

Answer 2

Fraud Attack to obtain information, e.g through email prompting users to do something

Question 3

Watering hole attack

Answer 3

infecting websites a group of people access to obtain specific information, targeted attack

Question 4

scarcity

Answer 4

business choices to manage the availability of resources to meet human needs

Question 5

bluesnarfing

Answer 5

Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection

Question 6

DoS Attack

Answer 6

denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

• Ping of death
• buffer overflow
• IP Spoofing
• consumes bandwidth

Question 7

A sacrificial server on a network to gather

information about intruders. What is this called?

Answer 7

Honeypot

Question 8

A policy that only allows compliant devices to join their network.

Answer 8

Quarantine Network

Question 9

What type of firewall inspects packets to identify VALID communications?

Answer 9

Stateful Inspection Firewall

Question 10

All viruses are malware - TRUE?

Answer 10

Yes

Question 11

acronym which describes the duration after which an organisation’s viability
will be permanently threatened, if product and service delivery CANNOT be
resumed?

Answer 11

MTPOD (Maximum tolerable period of disruption)

Question 12

measure of the maintainability of repairable items. It represents the average time required to repair a failed component or device

Answer 12

MTTR (mean-time to repair)

Question 13

the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity

Answer 13

RPO (Recovery Point Objective)

Question 14

the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.

Answer 14

RTO (Recovery Time Objective)

Question 15

Which protocol can automatically provide the IP address, subnet mask, default
gateway IP and DNS server IP to a client on a data network?

Answer 15

DHCP

Question 16

Which feature prevents infected files being installed on a device?

Answer 16

Driver Signature Enforcement

Question 17

What is used to encrypt files on Microsoft

Answer 17

EFS (Encryption file system)

Question 18

A network engineer monitors a firewall and notices several suspicious packets have
been dropped. What is in place on the firewall?

Answer 18

IPS

Question 19

security protocol and is also one of the

secure encryption systems used in data communication?

Answer 19

Kerberos

Question 20

Which type of tool is used to find modems on networks to initiate an attack from?

Answer 20

War-Dialler

Question 21

NIDS

Answer 21

Network - Intrusion Detection System
Short for network intrusion detection system, NIDS is a system that attempts to detect hacking activities, denial of service attacks or port scans on a computer network or a computer itself. … The NIDS can monitor incoming, outgoing, and local traffic.

Question 22

NTFS

Answer 22

journaling file system developed by Microsoft

Question 23

a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed

Answer 23

Replay Attack

Question 24

alters the communications between two parties who believe that they are directly communicating with each other.

Answer 24

MITM Attack

Question 25

Which of the following attacks relies on intercepting and altering data sent between two networked hosts?

Answer 25

MITM attack

Question 26

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is known as

Answer 26

Buffer Overflow

Question 27

is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

Answer 27

Cross-site request forgery (CSRF/XSRF)

Question 28

Which type of attack allows for tricking a user into sending unauthorized commands to a web application?

Answer 28

(CSRF/XSRF)

Question 29

3 privilege escalation attacks?

Answer 29

• System/application vulnerability
• Social engineering techniques
• System/application misconfiguration

Question 30

a technique by which an attacker sends Address Resolution Protocol messages onto a local area network.

Answer 30

ARP spoofing or ARP poisoning

Question 31

Which of the attack types listed below relies on the amplification effect?

Answer 31

DDOS attack

Question 32

a computer security exploit that takes advantage of vulnerabilities in a user’s web browser application?

Answer 32

MITB

Question 33

A technique that allows an attacker to authenticate to a remote server without extracting a cleartext password from the digest and use the digest instead of a password credential is known as:

Answer 33

Pass The hash

Question 34

In a session hijacking attack, a hacker takes advantage of the session ID stored in:

Answer 34

Cookie

Question 35

A situation in which an application writes to an area of memory that it is not supposed to access is referred to as:

Answer 35

Buffer Overflow

Question 36

Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?

Answer 36

Integer Overflow

Question 37

an application fails to properly release memory allocated to it or continually requests more memory than it needs

Answer 37

Memory Leak

Question 38

The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks. True or False?

Answer 38

True

Question 39

precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources

Answer 39

DLL (Dynamic-link library)

Question 40

Which of the following terms describes an attempt to read a variable that stores a null value?

Answer 40

Pointer Deference

Question 41

Which of the terms listed below describes a type of attack that relies on executing a library of code?

Answer 41

DLL Injection

Question 42

True or False, System sprawl is used to describe one of the aspects of poor asset management process.

Answer 42

True

Question 43

Which of the following violates the principle of least privilege?

Answer 43

Improperly Configured Accounts

Question 44

Resource exhaustion is considered successful in which attack?

Answer 44

DoS attack

Question 45

After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of:

Answer 45

Improper error Handling

Question 46

Ports 20/21

Answer 46

FTP

Question 47

Port 22

Answer 47

SSH

Question 48

Port 25?

Answer 48

SMTP

Question 49

Port 53

Answer 49

DNS

Question 50

POP2 / POP3 Ports?

Answer 50

109/110

Question 51

SFTP port

Answer 51

115

Question 52

Port 123

Answer 52

NTP

Question 53

IMAP ver3 port?

Answer 53

220

Question 54

Port 23

Answer 54

Telnet

Question 55

HTTP port?

Answer 55

Port 80

Question 56

TFTP port?

Answer 56

Port 69

Question 57

SNMP port?

Answer 57

Port 161

Question 58

LDAP port?

Answer 58

Port 389

Question 59

HTTPS port?

Answer 59

443

Question 60

DHCP port?

Answer 60

67

Question 61

A malfunction in preprogrammed sequential access to a shared resource is described as

Answer 61

Race Condition

Question 62

Backdoor

Answer 62

Using tools to examine the internal operations of a program

Question 63

Which type of attack denies authorised users access to network resources?

Answer 63

DoS

Question 64

Which Type of attack uses more than one computer to attack the victims

Answer 64

DDos Attack

Question 65

An alert signals you that a server in your network has a program running on it that bypasses authorisation . Which type of attack has occurred

Answer 65

Backdoor

Question 66

You’ve discovered an expired certificate is being used repeatedly to gain logon privileges. What type of attack is this?

Answer 66

Replay Attack