CompTIA Security+ Certification Exam SY0-701 Practice Test 8 Flashcards
Which of the answers listed below refers to a security vulnerability that enables inserting malicious code into input fields, such as search bars or login forms, to execute unauthorized commands on a database?
A) RCE
B) SQLi
C) XSS
D) CSRF
B) SQLi
Which of the following indicates an SQL injection attack attempt?
A) DELETE FROM itemDB WHERE itemID = ‘1’;
B) SELECT * FROM users WHERE userName = ‘Alice’ AND password = ‘’ OR ‘1’ = ‘1’;
C) DROP TABLE itemDB;
D) SELECT * FROM users WHERE email = ‘example@example.com’ AND password = ‘’;
B) SELECT * FROM users WHERE userName = ‘Alice’ AND password = ‘’ OR ‘1’ = ‘1’;
Which of the answers listed below describe the characteristics of a cross-site scripting attack? (Select 3 answers)
A) Exploits the trust a user’s web browser has in a website
B) A malicious script is injected into a trusted website
C) User’s browser executes attacker’s script
D) Exploits the trust a website has in the user’s web browser
E) A user is tricked by an attacker into submitting unauthorized web requests
F) Website executes attacker’s requests
A) Exploits the trust a user’s web browser has in a website
B) A malicious script is injected into a trusted website
C) User’s browser executes attacker’s script
Which of the following answers refers to a type of software embedded into a hardware chip?
A) Firmware
B) Middleware
Device driver
Machine code
A) Firmware
Which of the terms listed below refers to a situation in which a product or service may no longer receive security patches or other updates, making it more vulnerable to attack?
A) EOL
B) ALM
C) EOS
D) SDLC
A) EOL
What is the main vulnerability related to legacy hardware?
A) Compatibility issues
B) Lack of security updates and patches
C) Worn-out physical components
D) Lack of skilled personnel to run it and maintain it
B) Lack of security updates and patches
The term “VM escape” refers to the process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine.
A) True
B) False
A) True
Which of the following answers refers to a virtualization-related vulnerability where virtualized assets allocated to one VM are improperly isolated and can be accessed or compromised by another VM?
A) Resource reuse
B) Privilege escalation
C) Resource exhaustion
D) Concurrent session usage
A) Resource reuse
Which of the answers listed below refers to a cloud-related vulnerability type?
A) Insecure APIs
B) Poor access controls
C) Lack of security updates
D) Misconfigured cloud storage
E) Shadow IT / Malicious insiders
F) All of the above
F) All of the above
The practice of installing mobile apps from websites and app stores other than the official marketplaces is referred to as:
A) Jailbreaking
B) Rooting
C) Sideloading
D) Carrier unlocking
C) Sideloading
Which of the following terms is used to describe the process of removing software restrictions imposed by Apple on its iOS operating system?
A) Sideloading
B) Carrier unlocking
C) Rooting
D) Jailbreaking
D) Jailbreaking
The term “Rooting” refers to the capability of gaining administrative access to the operating system and system applications on:
A) Android devices
B) iOS devices
C) Microsoft devices
D) All types of mobile devices
A) Android devices
A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is known as:
A) On-path attack
B) IV attack
C) Zero-day attack
D) Replay attack
C) Zero-day attack
Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is called:
A) Grayware
B) Adware
C) Ransomware
D) Spyware
C) Ransomware
A Trojan horse is a type of software that performs harmful actions under the guise of a legitimate and useful program. The most characteristic feature of Trojan horse is that while it may function as a legitimate program and possess all the expected functionalities, it also contains a concealed portion of malicious code that the user is unaware of.
A) True
B) False
A) True
Which type of Trojan enables unauthorized remote access to a compromised system?
A) APT
B) RAT
C) MaaS
D) PUP
B) RAT
A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is referred to as:
A) Worm
B) Fileless virus
C) Bot
D) Logic bomb
A) Worm
Malicious software collecting information about users without their knowledge/consent is known as:
A) Cryptomalware
B) Adware
C) Ransomware
D) Spyware
D) Spyware
Which of the answers listed below refer to the characteristic features of bloatware? (Select 3 answers)
A) Pre-installed on a device by the device manufacturer or retailer
B) Generally considered undesirable due to negative impact on system performance
C) Installed without user consent
D) Can be pre-installed, downloaded, or bundled with other software
E) Generally considered undesirable due to negative impact on system performance, privacy, and security
A) Pre-installed on a device by the device manufacturer or retailer
B) Generally considered undesirable due to negative impact on system performance
C) Installed without user consent
Which of the following answers refer to the characteristics of a PUP? (Select 3 answers)
A) Often installed without clear user consent
B) Can be pre-installed, downloaded, or bundled with other software
C) Generally considered undesirable due to negative impact on system performance, privacy, and security
D) Pre-installed on a device by the device manufacturer or retailer
E) Generally considered undesirable due to negative impact on system performance
A) Often installed without clear user consent
B) Can be pre-installed, downloaded, or bundled with other software
C) Generally considered undesirable due to negative impact on system performance, privacy, and security
Which of the statements listed below apply to the definition of a computer virus? (Select 3 answers)
A) A self-replicating computer program containing malicious segment
B) Malware that typically requires its host application to be run to make the virus active
C) A standalone malicious computer program that replicates itself over a computer network
D) Malware that can run by itself without any interaction
E) Malicious code that typically attaches itself to an application program or other executable component
F) A self-contained malicious program or code that does need a host to propagate itself
A) A self-replicating computer program containing malicious segment
B) Malware that typically requires its host application to be run to make the virus active
E) Malicious code that typically attaches itself to an application program or other executable component
Which of the following is an example of spyware?
A) Keylogger
B) Vulnerability scanner
C) Computer worm
D) Packet sniffer
A) Keylogger
Malicious code activated by a specific event is called:
A) Cryptomalware
B) Backdoor
C) Rootkit
D) Logic bomb
D) Logic bomb
Which of the following answers refers to a collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network?
A) Rootkit
B) Spyware
C) Backdoor
D) Trojan
A) Rootkit
The term “RFID cloning” refers to copying the data stored on any RFID-enabled device (including tags, cards, key fobs, implants, and other objects embedded with RFID technology) onto another RFID-enabled device, which then can be read and used in the same way as the original tag. While RFID cloning can be utilized for legitimate purposes, such as replicating important tags for backup and testing purposes, it also poses significant security risk, as duplicate tags can potentially be used for gaining unauthorized access or unauthorized information disclosure.
A) True
B) False
A) True