Practice Test 3 Flashcards
“The term ““URL hijacking”” (a.k.a. ““Typosquatting””) refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.”
True
False
True
A modification introduced to a computer code that changes its external behavior (e.g. to maintain compatibility between a newer OS and an older version of application software) is called:
Shimming
DLL injection
Refactoring
Backdoor
Shimming
The practice of optimizing existing computer code without changing its external behavior is known as:
DLL injection
Shimming
Data Execution Prevention (DEP)
Refactoring
Refactoring
Which of the terms listed below refer(s) to software/hardware driver manipulation technique(s) that might be used to enable malware injection? (Select all that apply)
Refactoring Sandboxing Fuzz testing Shimming Sideloading
Refactoring
Shimming
IP spoofing and MAC spoofing rely on falsifying what type of address?
Broadcast address
Source address
Loopback address
Destination address
Source address
Which of the following security protocols is the least susceptible to wireless replay attacks?
WPA2-CCMP WPA-TKIP WPA2-PSK WPA-CCMP WPA2-TKIP
WPA2-CCMP
A type of wireless attack designed to exploit vulnerabilities of WEP is known as:
MITM attack
Smurf attack
IV attack
Xmas attack
IV attack
“The term ““Evil twin”” refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts.”
True
False
True
A wireless jamming attack is a type of:
Cryptographic attack
Denial of Service (Dos) attack
Brute-force attack
Downgrade attack
Denial of Service (Dos) attack
A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is known as:
WPA
WPS
WEP
WAP
WPS
Which of the wireless technologies listed below are deprecated and should not be used due to their known vulnerabilities? (Select 2 answers)
WPS WAP WPA2 WAF WEP
WPS
WEP
The practice of sending unsolicited messages over Bluetooth is called:
SPIM
Bluejacking
Vishing
Bluesnarfing
Bluejacking
Gaining unauthorized access to a Bluetooth device is referred to as:
Phishing
Bluejacking
Tailgating
Bluesnarfing
Bluesnarfing
Which of the following wireless technologies enables identification and tracking of tags attached to objects?
WTLS
GPS
RFID
WAF
RFID
RFID(radio frequency identification) is a form of wireless communication that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency portion of the electromagnetic spectrum to uniquely identify an object, animal or person.
What is the name of a technology used for contactless payment transactions?
NFC
SDN
PED
WAP
NFC
Near Field Communication (NFC) is a short-range wireless connectivity standard (Ecma-340, ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they’re touched together, or brought within a few centimeters of each other.
A wireless disassociation attack is a type of:
Downgrade attack
Brute-force attack
Denial of Service (Dos) attack
Cryptographic attack
Denial of Service (Dos) attack
A Wi-Fideauthentication attackis a type of denial-of-serviceattackthat targets communication between a user and a Wi-Fiwirelessaccess point.
Which cryptographic attack relies on the concepts of probability theory?
KPA
Brute-force
Dictionary
Birthday
Birthday
Which of the acronyms listed below refers to a cryptographic attack where the attacker has access to both the plaintext and its encrypted version?
KEK
POODLE
KPA
CSRF
KPA
The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal further secret information such as secret keys and code books.
Rainbow tables are lookup tables used to speed up the process of password guessing.
True
False
True
Which of the following answers refers to the contents of a rainbow table entry?
Hash/Password
IP address/Domain name
Username/Password
Account name/Hash
Hash/Password
Which password attack takes advantage of a predefined list of words?
Birthday attack
Replay attack
Dictionary attack
Brute-force attack
Dictionary attack
An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as:
Replay attack
Brute-force attack
Dictionary attack
Birthday attack
Brute-force attack
One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline.
True
False
True
A situation where cryptographic hash function produces two different digests for the same data input is referred to as hash collision.
True
False
False
Which of the following answers lists an example of a cryptographic downgrade attack?
MITM
KPA
POODLE
XSRF
POODLE
APOODLEattack is an exploit that takes advantage of the way some browsers deal with encryption.POODLE(Padding Oracle On Downgraded Legacy Encryption) is the name of thevulnerabilitythat enables the exploit.
