Practice Test 2

Question 1

Privacy filter (a.k.a. privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle, so the screen content is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing.

True
False

Answer 1

True

Question 2

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

Vishing
Impersonation
Virus hoax
Phishing

Answer 2

Virus hoax

Question 3

Which of the terms listed below refers to a platform used for watering hole attacks?

Mail gateways
Websites
PBX systems
Web browsers

Answer 3

Websites

Question 4

Which social engineering principles apply to the following attack scenario? (Select 3 answers) An attacker impersonates a company’s managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply.

Urgency 
Familiarity
Authority 
Consensus
Intimidation 
Scarcity

Answer 4

Urgency
Authority
Intimidation

Question 5

Which social engineering principles apply to the following attack scenario? (Select 3 answers) An attacker impersonating a software beta tester replies to a victim’s post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app.

Authority
Intimidation
Consensus
Scarcity
Familiarity 
Trust 
Urgency

Answer 5

Scarcity
Familiarity
Trust

Question 6

Which social engineering principle applies to the following attack scenario? While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware.

Scarcity
Authority
Consensus 
Intimidation
Urgency

Answer 6

Consensus

Question 7

An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn’t have time or resources to handle legitimate requests is called:

Bluesnarfing
MITM attack
Session hijacking
DoS attack

Answer 7

DoS attack

Question 8

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet.

True
False

Answer 8

True

Question 9

Which of the following attacks relies on intercepting and altering data sent between two networked hosts?

Zero-day attack
MITM attack
Watering hole attack
Replay attack

Answer 9

MITM attack

Man In The Middle attack:
In cryptography and computer security, a man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Question 10

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is known as:

IV attack
SQL injection
Buffer overflow
Fuzz test

Answer 10

Buffer overflow

Question 11

Entry fields of web forms lacking input validation are vulnerable to what kind of attacks?

Replay attacks
SQL injection attacks
Brute-force attacks
Dictionary attacks

Answer 11

SQL injection attacks

Question 12

Which of the answers listed below refers to a common target of cross-site scripting (XSS)?

Physical security
Alternate sites
Dynamic web pages
Removable storage

Answer 12

Dynamic web pages

Cross-site scripting (XSS):
Cross-site scripting is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Question 13

Cross-site request forgery (CSRF/XSRF) is a security exploit that allows for infecting a website with malicious code. The malicious code, often in the form of JavaScript, can then be sent to the unsuspecting user and executed via the user’s web browser application.

True
False

Answer 13

False

Cross-site request forgery, also known as one-click attack or session riding and abbreviated asCSRF(sometimes pronounced sea-surf) orXSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

Question 14

Which type of attack allows for tricking a user into sending unauthorized commands to a web application? (Select 2 answers)

IRC
CSRF
XSS
XSRF
CSR

Answer 14

CSRF
XSRF

Cross-site request forgery, also known as one-click attack or session riding and abbreviated asCSRF(sometimes pronounced sea-surf) orXSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

Question 15

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)

A.System/application vulnerability
B.Distributed Denial of Service (DDoS)
C.Social engineering techniques
D.Attribute-Based Access Control (ABAC)
E.System/application misconfiguration

Answer 15

A. System/application vulnerability

C. Social engineering techniques

E. System/application misconfiguration

Question 16

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker’s IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

ARP poisoning
Replay attack
Cross-site request forgery
DNS poisoning

Answer 16

ARP poisoning

Address Resolution Protocolpoisoning(ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer’sARPcache with a forgedARPrequest and reply packets.

Question 17

Which of the attack types listed below relies on the amplification effect?

Zero-day attack
DDoS attack
Brute-force attack
MITM attack

Answer 17

DDoS attack

DEFINITION
DNS amplification attack

How to attack DDoS threats with a solid defense plan
https://whatis.techtarget.com/definition/DNS-amplification-attack

A DNS amplification attack is a reflection-based distributed denial of service (DDos) attack.

The attacker spoofs look-up requests to domain name system (DNS) servers to hide the source of the exploit and direct the response to the target. Through various techniques, the attacker turns a small DNS query into a much larger payload directed at the target network.

The attacker sends a DNS look-up request using thespoofed IP addressof the target to vulnerable DNS servers. Most commonly, these are DNS servers that support open recursive relay. The original request is often relayed through abotnetfor a larger base of attack and further concealment. The DNS request is sent using the EDNS0 extension to the DNS protocol allowing for large DNS messages. It may also use the DNS security extension (DNSSEC) cryptographic feature to add to the size of the message.

These amplifications can increase the size of the requests from around 40 bytes to above the maximumEthernetpacket size of 4000 bytes. This requires they be broken down for transmission and then reassembled, requiring further target network resources. A botnet’s many amplified requests enable an attacker to direct a large attack with little outgoingbandwidthuse. The attack is hard to protect against as it comes from valid-looking servers with valid-looking traffic.

DNS amplification is one of the more popular attack types. In March 2013, the method was used to targetSpamhauslikely by a purveyor ofmalwarewhose business the organization had disrupted byblacklisting. The anonymity of the attack was such that Spamhaus is still unsure of the source. Furthermore, the attack was so severe that it temporarily crippled and almost brought down the Internet.

Proposed methods to prevent or mitigate the impact of DNS amplification attacks include rate limiting, blocking either specific DNS servers or all open recursive relay servers, and tightening DNS server security in general.

Question 18

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

DNS poisoning
Domain hijacking
ARP poisoning
URL hijacking

Answer 18

DNS poisoning

Question 19

“The term ““Domain hijacking”” refers to a situation in which a domain registrant due to unlawful actions of third parties loses control over his/her domain name.”

True
False

Answer 19

True

Question 20

Which of the terms listed below refers to a computer security exploit that takes advantage of vulnerabilities in a user’s web browser application?

MTTR
MITM
MTBF
MITB

Answer 20

MITB

Man In The Browser

Question 21

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:

Xmas attack
Zero-day attack
IV attack
Replay attack

Answer 21

Zero-day attack

Question 22

A replay attack occurs when an attacker intercepts user data and tries to use this information later to impersonate the user to obtain unauthorized access to resources on a network.

True
False

Answer 22

True

Question 23

A technique that allows an attacker to authenticate to a remote server without extracting a cleartext password from the digest and use the digest instead of a password credential is known as:

Pass the hash
Replay attack
Hash collision
Rainbow table

Answer 23

Pass the hash

Question 24

“In computer security, the term ““Clickjacking”” refers to a malicious technique of tricking a user into clicking on something different from what the user thinks they are clicking on.”

True
False

Answer 24

True

Question 25

In a session hijacking attack, a hacker takes advantage of the session ID stored in:

Key escrow
Digital signature
Cookie
Firmware

Answer 25

Cookie