Michael Solomon CompTIA Pentest+ Quiz 3 Flashcards
Which type of social engineering attack starts with an imposter message crafted for, and then sent to, a specific individual? A.Tailgating B.Spear phishing C.Phreaking D.Phishing
B.Spear phishing
Spear phishing is a social engineering attack that depends on sending a specially crafted message to a specific individual. Phishing is a wide scale attack using a generic message, phreaking is a legacy attack to gain free long-distance services, and tailgating is an attack that allows the attacker to follow an authorized individual into a secure area.
Success of a USB key drop depends mostly on what characteristic? A.Human curiosity B.Target operating system C.SOphistication of malware payload D.HAving enough USB keys to drop
A.Human curiosity
A USB key drop will only succeed if at least one person succumbs to curiosity to see what the device contains and inserts it into a computer. Curiosity defines the attack’s success more than the operating system the victim is running, how sophisticated the payload is, or even how many USB keys are planted.
Which attack type replaces valid MAC addresses with an imposter address? A.Pass the hash B.DNS poisoning C.Relay D.ARP spoofing
D.ARP spoofing
ARP spoofing is an attack in which valid MAC addresses are replaced in network device address tables with an attacker’s address. Local traffic is routed to the attacker’s computer. Pass the hash is an attack that uses the NTLM user credential hash to impersonate another user. DNS poisoning is similar to ARP spoofing, but instead of replacing MAC addresses, the attack replaces IP addresses in Domain Name System device tables. A relay attack is a man-in -the-middle attack in which network packets are intercepted by the attacker and forwarded to a destination, possibly after being modified.
An attacker launching an evil twin attack carries out which of these steps?
A.Use monitor mode to intercept wireless traffic
B.Replaces a valid Wi-Fi access point with a fradulent one
C.Redirects wireless traffic to a different wireless network
D.Sets up a fraudulent Wi-Fi access point
D.Sets up a fraudulent Wi-Fi access point
An evil twin attack is one in which the attacker sets up a fraudulent Wi-Fi access point that uses an SSID that appears to be valid. The victim connects to the fraudulent network, the attack is successful. The evil twin attacker does not replace any valid Wi-Fi access points, redirects traffic, or monitors existing wireless network traffic. Once the victim connects to the evil twin Wi-Fi access point, all traffic from that victim flows through the attacker’s system.
What does a successful bluejacking attack allow the attacker to do?
A.Send unsolicited messages to a Bluetooth-enabled device
B.Steal information from a Bluetooth-enabled device
C.Force a Bluetooth-enabled device to pair and take control of the device
D.Force a Bluetooth-enabled device to unpair from one or more sources
A.Send unsolicited messages to a Bluetooth-enabled device
Bluejacking is an attack in which the attacker sends unsolicited messages to a Bluetooth-enabled device. The other explanations describe different attacks against Bluetooth-enabled devices.
Which of the following data entered in an input field named ‘userName’, if not mitigated, could result in removing the ‘users’ table from a database? A.B' OR '1'='1' --DELETE TABLE users B.C'; DROP TABLE users C.D' OR '1'='1' --DROP TABLE users D.A'; DELETE TABLE users
B.C’; DROP TABLE users
SQL injection attacks using data input through a form nearly always start with a single quote (apostrophe) to terminate the “real” SQL query, and then chain commands together using semicolons. In SQL, the “DROP TABLE” command removes a table, so C’; DROP TABLE users is the correct answer. The other answers are incorrect because the “—” symbol (double hyphens) indicate a comment, not a command, and the “DELETE” command deletes data from a table, not the table itself.
What potential vulnerability does the following output from ‘ls’ depict?
-rwxr-sr-- 1 root root 148 Aug 13 03:46 file1.sh A.SUID B.Sticky bit C.SGID D.SUDO
C.SGID
The ‘s’ character in the group executable permission (7th character) indicates that the SGID bit is set. That means any user that runs this executable will become an effective member of the ‘root’ group while the executable is running. An ‘s’ in the owner executable permission (4th character) would indicate that the SUID bit is set, and a ‘t’ in the other executable permission (10th character) indicates that the sticky bit is set. The sudo program allows users to run executables with elevated permissions, and is not a permission setting itself.
What would the following data entered in an input field produce?
alert(“Click to continue”)
A.An alert box containing the message “Click to Continue”
B.A security warning to close the program
C.Nothing, using lowercase “” doesnt work in input boxes
D.An alert box that displays a users name
A.An alert box containing the message “Click to Continue”
The correct answer is an alert box that says “Click to continue”. An alert box isn’t the same as a security warning, though the terms seem similar, it’s just a popup that contains some message for the user to read. In the example from the video, the reason the lowercase “” didn’t work was because the input parameters had been changed to exclude anything that contained the terms “” and “”. It’s not always the case that coders are careful enough to be so specific, and unless they explicitly exclude certain commands, whether the script is upper case or lower case doesn’t
Which type of attack exploits the trust a user has in a web site by causing users to view (and potentially execute) client-side scripts injected into a web site by an attacker? A.XSS B.Clickjacking C.XSRF D.Command inclusion
C.XSRF
C.XSRF causes a user to view and run client-side scripts injected by an attacker. XSS exploits a user’s truest, while XSRF exploits a website’s trust in a user. Clickjacking uses injection to insert invisible layers with embedded attack links. Command inclusion is not a valid attack type.
Which type of physical security attack consists of recovering discarded hardcopies of documents to retrieve information they contain? A.Shredding disambiguation B.Dumpster diving C.Shoulder surfing D.Lock bypass
B.Dumpster diving
The practice of salvaging information that has been discarded is called dumpster diving. Lock bypass is a technique to gain access to some locked resource by leveraging another path that is not controlled by a lock. Shoulder surfing is the practice of watching someone type private information, and the term shredding disambiguation has no direct meaning.
Which of the following pieces of information are most commonly divulged through overly verbose error handling? A.Hardcoded information B.Private information C.Default credentials D.Context-sensitive information
D.Context-sensitive information
Overly verbose error messages provide too much information about the program context and can divulge information that an attacker could use, such as which provided data is invalid, as opposed to simply saying that some provided input data is invalid. Hardcoded values can sometimes be found in source code, and both private information and default credentials may be stored in a database, but are not generally divulged through error handling.
Which repository of vulnerabilities is useful to help identify vulnerabilities that exist on a specific target? A.NIST B.CAPEC C.APT D.CVE
D.CVE
CVE (Common Vulnerabilities and Exposures) is a repository of known vulnerabilities that exist in virtually all software. NIST (National Institute of Standards and Technology) is a standards organization, CAPEC (Common Attack Pattern Enumeration and Classification) is a catalog of common attack patterns, and APT (Advanced Persisten Threat) is a specific type of cybersecurity threat.