other FT questions

Question 1

What is used in URL Phishing?

Answer 1

Prepending

Question 2

True or False: A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.

Answer 2

False

Question 3

SELECT * FROM users WHERE userName = ‘Alice’ AND password = ‘’ OR ‘1’ = ‘1’; is an example of what type of attack?

Answer 3

SQL injection attack

Question 4

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources.

Answer 4

DLL

Question 5

A situation in which an application writes to an area of memory it is not supposed to have access to.

Answer 5

Buffer Overflow

Question 6

A malfunction in a preprogrammed sequential access to a shared resource.

Answer 6

Race Condition

Question 7

Type of exploit allows an attacker to take control over a server and use it as a proxy for unauthorized actions.

Answer 7

SSRF

Question 8

A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works.

Answer 8

White-box testing

Question 9

True or False: In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.

Answer 9

False

Question 10

True or False: In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.

Answer 10

False

Question 11

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

Answer 11

War Driving

Question 12

True or False: In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue, and white).

Answer 12

False

Question 13

What state of digital data requires data to be processed in an unencrypted form?

Answer 13

In processing.

Question 14

A duplicate of the original site, with fully operational computer systems as well as near-complete backups of user data.

Answer 14

Hot site.

Question 15

A disaster recovery facility that provides only the physical space for recovery operations.

Answer 15

Cold site

Question 16

A cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software

Answer 16

IaaS (Infrastructure as a Service)

Question 17

A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems.

Answer 17

RTOS

Question 18

An integrated circuit combining components normally found in a standard computer system.

Answer 18

SoC

Question 19

T or F: One of the ways of confirming that a software application comes from a trusted source is the verification of its digital signature. A digitally signed software proves the identity of the developer and guarantees that the application code has not been tampered with since it was signed. The authenticity and integrity of the application’s code can be verified by comparing results of a cryptographic hash function (original hash published by the application developer vs. hash obtained from a downloaded app).

Answer 19

True

Question 20

A type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks.

Answer 20

Salt

Question 21

The best solution for a company that needs IT services but lacks any IT personnel?

Answer 21

MSP

Question 22

A third-party vendor offering IT security management services?

Answer 22

MSSP

Question 23

T or F: The term “Fog computing” refers to a local network infrastructure between IoT devices and the cloud designed to speed up data transmission and processing.

Answer 23

True

Question 24

The concept of virtualization on an application level.

Answer 24

Containerization.

Question 25

Usage audit and Asset documentation are security measures can be used to prevent:

Answer 25

VM Sprawl

Question 26

T or F: Code obfuscation techniques rely on encryption to protect the source code against unauthorized access.

Answer 26

False

Question 27

A collection of commonly used programming functions designed to speed up software development process is known as:

Answer 27

Library

Question 28

Refers to a specialized suite of software tools used for developing applications for a specific platform.

Answer 28

SDK

Question 29

A nonprofit organization focused on software security.

Answer 29

OWASP

Question 30

A security feature used in Bluetooth device pairing.

Answer 30

PIN code

Question 31

Software that enables a centralized administration of mobile devices.

Answer 31

MDM

Question 32

T or F: The term “Push notification” is used to describe information delivery from a server to a client performed without a specific request from the client.

Answer 32

True.

Question 33

In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:

Answer 33

Containerization

Question 34

A mobile security solution that enables separate controls over the user and enterprise data is called:

Answer 34

Storage segmentation

Question 35

A software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables.

Answer 35

UEM

Question 36

The term “Rooting” refers to the capability of gaining administrative access to the operating system and system applications on:

Answer 36

Android devices

Question 37

A monitoring port on a network device is referred to as:

Answer 37

Tap

Question 38

Wireless security protocol that has been deprecated in favor of newer standards due to known vulnerabilities resulting from implementation flaws.

Answer 38

WEP

Question 39

Encryption scheme is used in WiFi Protected Access 2 (WPA2)

Answer 39

AEP-CCMP

Question 40

A client authentication method used in WPA2 Personal mode.

Answer 40

PSK

Question 41

A client authentication method used in WPA3 Personal mode.

Answer 41

SAE

Question 42

EAP method that offers the highest level of security.

Answer 42

EAP-TLS

Question 43

A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is known as:

Answer 43

WPS

Question 44

What wireless technologies are deprecated and should not be used due to their known vulnerabilities?

Answer 44

WPS and WEP

Question 45

A common antenna type used as a standard equipment on most Access Points (APs) for indoor Wireless Local Area Network (WLAN) deployments.

Answer 45

Omnidirectional antenna

Question 46

SSL stripping is an example of:

Answer 46

Brute Force and Downgrade attack.

Question 47

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:

Answer 47

Pass the hash.

Question 48

Which of the following wireless technologies enables identification and tracking of tags attached to objects?

Answer 48

RFID

Question 49

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker’s IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

Answer 49

ARP poisoning

Question 50

An account policy setting that forces users to come up with a new password every time they are required to change their old password is called

Answer 50

Password history

Question 51

During a password reminder procedure the system asks security question that covers personal details that should be known only to the user (e.g. user’s favorite holiday destination). This type of authentication method is an example of:

Answer 51

KBA

Question 52

An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:

Answer 52

SSO

Question 53

OpenID Connect is a protocol used for:

Answer 53

Authentication

Question 54

OAuth is an open standard for:

Answer 54

Authorization

Question 55

T or F: A common implementation of identity and access controls used in federated SSO systems includes OpenID Connect and Oauth 2.0 used in conjunction to provide authentication and authorization services.

Answer 55

True

Question 56

What protocol ensures the reliability of the Kerberos authentication process?

Answer 56

NTP

Question 57

A Linux command that allows to display the beginning of a file (by default its first 10 lines) is known as:

Answer 57

head

Question 58

A Linux command that allows to create, view, and concatenate files is called:

Answer 58

cat

Question 59

A Linux command-line command that enables searching files for lines containing a match to a given text pattern is called:

Answer 59

grep

Question 60

A software library used to implement encrypted connections?

Answer 60

OpenSSL

Question 61

A Command-Line Interface (CLI) packet-crafting tool?

Answer 61

Tcpreplay

Question 62

A Command-Line Interface (CLI) packet-capturing tool used in Unix-like operating systems.

Answer 62

tcpdump

Question 63

A Linux command-line utility that can be used in the forensic process for creating and copying image files is called:

Answer 63

dd

Question 64

A multi-function disk and binary data editor used for low-level data processing, data recovery, and digital forensics.

Answer 64

WinHex

Question 65

An open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidence from it.

Answer 65

Autopsy

Question 66

What is Metasploit?

Answer 66

Exploitation framework

Question 67

A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:

Answer 67

DHCP snooping

Question 68

An endpoint security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats.

Answer 68

EDR

Question 69

A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as:

Answer 69

DLP

Question 70

What functionality allows a DLP system to fulfill its role?

Answer 70

Content inspection

Question 71

What two things illustrates the difference between passive and active network security breach response?

Answer 71

IDS vs. IPS

Question 72

T or F: A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.

Answer 72

False

Question 73

What refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application’s source code?

Answer 73

Static code analysis

Question 74

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

Answer 74

Fuzzing

Question 75

What refers to an embedded cryptoprocessor that can be found on the motherboards of newer PCs and laptops?

Answer 75

TPM