CompTIA Security+ Certification Exam SY0-701 Practice Test 9

Question 1

As opposed to simple DoS attacks that usually are performed from a single system, a DDoS attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as a platform for the attack (often referred to as zombies, and collectively as a botnet) are the secondary victims of the DDoS attack.

A) True

B) False

Answer 1

A) True

Question 2

A type of DDoS attack where an attacker exploits vulnerabilities in certain services or protocols to generate responses that are much larger than the original request is referred to as:

A) Amplified DDoS attack
B) Volumetric DDoS attack
C) Reflected DDoS attack
D) Application DDoS attack

Answer 2

A) Amplified DDoS attack

Question 3

What defines a reflected DDoS attack?

A) Overwhelming the target with a high volume of traffic to saturate its bandwidth

B) Exploiting vulnerabilities in network protocols to consume resources and disrupt services

C) Utilizing third-party servers to reflect and amplify attack traffic towards the target

D) Targeting vulnerabilities in applications or web servers to exhaust resources

Answer 3

C) Utilizing third-party servers to reflect and amplify attack traffic towards the target

Question 4

A DNS amplification attack is a type of DDoS attack wherein an attacker sends a small, specially crafted DNS query containing a spoofed IP address (the victim’s IP) to a compromised DNS server. Upon receiving the query, the DNS server generates a much larger response packet, which is then sent to the victim’s IP address, causing potential disruption due to overwhelming traffic.

A) True

B) False

Answer 4

A) True

Question 5

Which of the answers listed below refers to a cyberattack technique that relies on providing false DNS information to a DNS resolver for the purpose of redirecting or manipulating the resolution of domain names to malicious IP addresses?

A) DNS spoofing
B) Credential stuffing
C) URL hijacking
D) Domain hijacking

Answer 5

A) DNS spoofing

Question 6

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

A) URL hijacking
B) DNS cache poisoning
C) Domain hijacking
D) ARP poisoning

Answer 6

B) DNS cache poisoning

Question 7

When domain registrants due to unlawful actions of third parties lose control over their domain names, they fall victim to:

A) Sybil attack
B) Domain hijacking
C) Typosquatting
D) URL hijacking

Answer 7

B) Domain hijacking

Question 8

Which of the following can be classified as malicious activity indicator on a wireless network?

A) Rogue AP
B) Jump server
C) Unmanaged switch
D) Network tap

Answer 8

A) Rogue AP

Question 9

A wireless disassociation attack is a type of: (Select 2 answers)

A) Downgrade attack
B) Deauthentication attack
C) Brute-force attack
D) DoS attack
E) Cryptographic attack

Answer 9

B) Deauthentication attack
D) DoS attack

Question 10

A wireless jamming attack is a type of:

A) Cryptographic attack
B) DoS attack
C) Brute-force attack
D) Downgrade attack

Answer 10

B) DoS attack

Question 11

Which of the answers listed below refers to RFID vulnerability?

A) Spoofing
B) Eavesdropping
C) RFID cloning
D) Data interception
E) Replay attack
F) DoS attack
G) All of the above

Answer 11

G) All of the above

Question 12

Which of the following is a vulnerability characteristic to NFC communication?

A) Eavesdropping
B) Data interception
C) Replay attacks
D) DoS attacks
E) All of the above

Answer 12

E) All of the above

Question 13

Which wireless attack focuses on exploiting vulnerabilities found in WEP?

A) IV attack
B) War driving
C) SSID spoofing
D) Bluejacking

Answer 13

A) IV attack

Question 14

Which of the statements listed below can be used to describe the characteristics of an on-path attack? (Select all that apply)

A) An on-path attack is also known as MITM attack

B) Attackers place themselves on the communication route between two devices

C) Attackers intercept or modify packets sent between two communicating devices

D) Attackers do not have access to packets exchanged during the communication between two devices

Answer 14

A) An on-path attack is also known as MITM attack

B) Attackers place themselves on the communication route between two devices

C) Attackers intercept or modify packets sent between two communicating devices

Question 15

A network replay attack occurs when an attacker captures sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized operations.

A) True

B) False

Answer 15

A) True

Question 16

What are the characteristic features of a session ID? (Select all that apply)

A) Enables the server to identify the session and retrieve the corresponding session data

B) A unique identifier assigned by the website to a specific user

C) Contains user’s authentication credentials, e.g., username and password

D) A piece of data that can be stored in a cookie, or embedded as a URL parameter

E) Stored on the client side (in the user’s browser) and sent to the server with each request

F) A unique identifier assigned to a server

Answer 16

A) Enables the server to identify the session and retrieve the corresponding session data

B) A unique identifier assigned by the website to a specific user

D) A piece of data that can be stored in a cookie, or embedded as a URL parameter

E) Stored on the client side (in the user’s browser) and sent to the server with each request

Question 17

In a session replay attack, an attacker intercepts and steals a valid session ID of a user and resends it to the server with the intent of gaining unauthorized access to the user’s session or tricking the server into unauthorized operations on behalf of the legitimate user.

A) True

B) False

Answer 17

A) True

Question 18

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:

A) Pass the hash

B) Replay attack

C) Brute-force attack

D) Spraying attack

Answer 18

A) Pass the hash

Question 19

What type of action allows an attacker to exploit the XSS vulnerability?

A) Code injection
B) Privilege escalation
C) Session hijacking
D) Packet sniffing

Answer 19

A) Code injection

Question 20

Which of the following exploits targets a protocol used for managing and accessing networked resources?

A) CSRF/XSRF attack
B) XML injection attack
C) LDAP injection attack
D) SQL injection attack

Answer 20

A) CSRF/XSRF attack

Question 21

Which type of exploit targets web applications that generate content used to store and transport data?

A) SQL injection attack
B) CSRF/XSRF attack
C) XML injection attack
D) LDAP injection attack

Answer 21

C) XML injection attack

Question 22

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)

A) System/application vulnerabilities

B) Password hashing

C) System/application misconfigurations

D) Network segmentation

E) Social engineering techniques

Answer 22

A) System/application vulnerabilities

C) System/application misconfigurations

E) Social engineering techniques

Question 23

Which of the statements listed below apply to the CSRF/XSRF attack? (Select 3 answers)

A) Exploits the trust a website has in the user’s web browser

B) A user is tricked by an attacker into submitting unauthorized web requests

C) Website executes attacker’s requests

D) Exploits the trust a user’s web browser has in a website

E) A malicious script is injected into a trusted website

F) User’s browser executes attacker’s script

Answer 23

A) Exploits the trust a website has in the user’s web browser

B) A user is tricked by an attacker into submitting unauthorized web requests

C) Website executes attacker’s requests

Question 24

A dot-dot-slash attack is also referred to as:

A) Disassociation attack
B) On-path attack
C) Directory traversal attack
D) Downgrade attack

Answer 24

C) Directory traversal attack

Question 25

The practice of gaining unauthorized access to a Bluetooth device is known as:

A) Phishing
B) Bluejacking
C) Smishing
D) Bluesnarfing

Answer 25

D) Bluesnarfing