Exam Compass - Threats & Vulnerabilities Quiz

Question 1

What is the purpose of a DoS attack?
Code injection
Resource exhaustion
Malware infection
Privilege escalation

Answer 1

Resource exhaustion

Question 2

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as a platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet.
True
False

Answer 2

True

Question 3

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:
Xmas attack
Zero-day attack
IV attack
Replay attack

Answer 3

Zero-day attack

Question 4

An email sent from unknown source disguised as a trusted source known to the message receiver is an example of: (Select 2 answers)
Spoofing
Malware
Trojan horse
Social engineering
On-path attack

Answer 4

Spoofing

Social engineering

Question 5

Which of the following statements can be used to describe the characteristics of an on-path attack? (Select 3 answers)
An on-path attack is also known as MitM attack
Attackers place themselves on the communication route between two devices
Attackers intercept or modify packets sent between two communicating devices
An on-path attack is also known as XSS attack
Attackers do not have access to packets exchanged during the communication between two devices
Attackers generate forged packets and inject them in the netwo

Answer 5

An on-path attack is also known as MitM attack

Attackers place themselves on the communication route between two devices

Attackers intercept or modify packets sent between two communicating devices

Question 6

An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is referred to as:
Replay attack
Brute-force attack
Dictionary attack
Birthday attack

Answer 6

Brute-force attack

Question 7

Which password attack takes advantage of a predefined list of words?
Birthday attack
Replay attack
Dictionary attack
Brute-force attack

Answer 7

Dictionary attack

Question 8

Which term best describes a disgruntled employee abusing legitimate access to company’s internal resources?
APT
Insider threat
Gray hat
Threat actor

Answer 8

Insider threat

Question 9

Entry fields of web forms lacking input validation are vulnerable to what kind of attacks?
Replay attacks
SQL injection attacks
Brute-force attacks
Dictionary attacks

Answer 9

SQL injection attacks

Question 10

Which of the answers listed below refers to a countermeasure against SQL injection attacks?
Code obfuscation
Database normalization
Code signing
Input validation

Answer 10

Input validation

Question 11

Which of the following answers can be used to describe characteristics of an XSS attack? (Select 3 answers)
Exploits the trust a user’s web browser has in a website
A malicious script is injected into a trusted website
User’s browser executes attacker’s script
Exploits the trust a website has in the user’s web browser
A user is tricked by an attacker into submitting unauthorized web requests
Website executes attacker’s requests

Answer 11

Exploits the trust a user’s web browser has in a website

A malicious script is injected into a trusted website

User’s browser executes attacker’s script

Question 12

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after end-stations gain access to the network. NAC can be implemented as pre-admission NAC where a host must, for example, be virus free or have patches applied before it can be allowed to connect to the network, and/or post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.
True
False

Answer 12

True

Question 13

A Microsoft online service used for patching up system vulnerabilities, improving system performance, and fixing coding errors found in Windows software is known as:
Action Center
Windows Update
Security Center
Windows Store

Answer 13

Windows Update

Question 14

The basic countermeasures against application-related vulnerabilities include avoiding applications from unknown sources and keeping the already installed apps up to date with current patches and bug fixes.
True
False

Answer 14

True

Question 15

A mobile device deployment model that allows employees to use private mobile devices for accessing company’s restricted data and applications is called:
COPE
BYOD
JBOD
CYOD

Answer 15

BYOD

Question 16

Which of the answers listed below refers to a potential IT security vulnerability?
Non-compliant systems
Unpatched systems
Lack of security software (e.g., antivirus, firewall)
OSs that got past their EOL
Use of personal devices for work-related tasks
All of the above

Answer 16

All of the above