Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security Knowledge Bank > SEC+ Revision Questions Types Of Attacks > Flashcards

SEC+ Revision Questions Types Of Attacks Flashcards

1
Q

You are inspecting a user’s system after she has complained about slow Internet usage. After analysing the system, you notice that the MAC address of the default gateway in the ARP cache is referencing the wrong MAC address. What type of attack has occurred?

A. Brute force
B. DNS poisoning
C. Buffer overflow
D. ARP poisoning

A

ARP poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You want to implement a security control that limits the amount of tailgating in a high-security environment. Which of the following protective controls would you use?
A. Swipe cards
B. Mantrap
C. Locked door
D. CMOS settings

A

Mantrap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following descriptions best describes a buffer overflow attack?

A. Injecting database code into a web page

B. Using a dictionary file to crack passwords

C. Sending too much data to an application that allows the hacker to run arbitrary code

D. Altering the source address of a packet

A

Sending too much data to an application that allows the hacker to run arbitrary code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?
A. XML injection
B. A SQL injection attack
C. LDAP injection
D. Denial of service

A

A SQL injection attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A user on your network receives an e-mail from the bank stating that there has been a security incident at the bank. The e-mail continues by asking the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?
A. Phishing
B. Spam
C. Dictionary attack
D. Spim

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of attack involves the hacker modifying the source IP address of the packet?
A. Xmas attack
B. Spear phishing
C. Spoofing
D. Pharming

A

Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following files might a hacker modify after gaining access to your system in order to achieve DNS redirection?
A. /etc/passwd
B. Hosts
C. SAM
D. Services

A

Hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of attack involves the hacker sending too much data to a service or application that typically results in the hacker gaining administrative access to the system?
A. Birthday attack
B. Typo squatting/URL hijacking
C. Eavesdrop
D. Buffer overflow

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following methods could be used to prevent ARP poisoning on the network? (Choose two.)
A. Static ARP entries
B. Patching
C. Antivirus software
D. Physical security
E. Firewall

A

A. Static ARP entries

D. Physical security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your systems?
A. Static ARP entries
B. Antivirus software
C. Physical security
D. Patching

A

Patching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is the term for a domain name that is registered and deleted repeatedly as to avoid paying for the domain name?
A. DNS redirection
B. Domain poisoning
C. Domain kiting
D. Transitive access

A

Domain Kiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You receive many calls from customers stating that your web site seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requests on that web server at a high rate. What type of attack is occurring?
A. Eavesdrop
B. Denial of service
C. Man in the middle
D. Social engineer

A

Denial of service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of attack is a smurf attack?
A. Distributed denial of service (DDoS)
B. Denial of service (DoS)
C. Privilege escalation
D. Malicious insider threat

A

Distributed denial of service (DDoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your manager has ensured that a policy is implemented that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?
A. Tailgating
B. Denial of service
C. Social engineering
D. Dumpster diving

A

Dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of attack involves the hacker inserting a client-side script into the web page?
A. XSS
B. Watering hole attack
C. ARP poisoning
D. SQL injection

A

XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your manager has read about SQL injection attacks and is wondering what can be done to protect against them for your applications that were developed in-house. What would you recommend?
A. Patching
B. Antivirus
C. Input validation
D. Firewall

A

Input Validation

17
Q

A hacker is sitting in an Internet cafe and ARP poisons everyone connected to the wireless network so that all traffic passes through the hacker’s laptop before she routes the traffic to the Internet. What type of attack is this?

A. Rainbow tables
B. Man in the middle
C. DNS poison
D. Spoofing

A

Man in the middle

18
Q

Which of the following best describes a zero-day attack?
A. An attack that modifies the source address of the packet
B. An attack that changes the computer’s system date to 00/00/00
C. An attack that never happens
D. An attack that uses an exploit that the product vendor is not aware of yet

A

An attack that uses an exploit that the product vendor is not aware of yet

19
Q

What type of file on your hard drive stores preferences from web sites?
A. Cookie
B. Hosts
C. LMHOSTS
D. Attachments

A

Cookie

20
Q

What type of attack involves the hacker disconnecting one of the parties from the communication and continues the communication while impersonating that system?

A. Man in the middle
B. Denial of service
C. SQL injection
D. Session hijacking

A

D. Session hijacking

21
Q

What type of password attack involves the use of a dictionary file and modifications of the words in the dictionary file?
A. Dictionary attack
B. Brute-force attack
C. Hybrid attack
D. Modification attack

A

Hybrid attack

22
Q

Which of the following countermeasures is designed to protect against a brute-force password attack?
A. Patching
B. Account lockout
C. Password complexity
D. Strong passwords

A

Account lockout

23
Q

Three employees within the company have received phone calls from an individual asking about personal finance information. What type of attack is occurring?

A. Phishing
B. Whaling
C. Tailgating
D. Vishing

A

Vishing

24
Q

Tom was told to download a free tax program to complete his taxes this year. After downloading and installing the software, Tom notices that his system is running slowly and he is receiving notification from his antivirus software. What type of malware has he installed?
A. Keylogger
B. Trojan
C. Worm
D. Logic bomb

A

Trojan

25
Q

Jeff recently reports that he is receiving a large number of unsolicited text messages to his phone. What type of attack is occurring?
A. Bluesnarfing
B. Whaling
C. Bluejacking
D. Packet sniffing

A

Bluejacking

26
Q

An employee is suspected of sharing company secrets with a competitor. After seizing the employee laptop, the forensics analyst notices that there are a number of personal photos on the laptop that have been e-mailed to a third party on the Internet. When the analyst compares
the hashes of the personal images on the hard drive to what is found in the employee’s mailbox, the hashes do not match. How was the employee sharing company secrets?

A. Digital signatures
B. Steganography
C. MP3Stego
D. Whaling

A

Steganography

27
Q

You arrive at work today to find someone outside the building digging through their purse. As you approach the door, the person says, “I forgot my pass at home. Can I go in with you?” What type of attack could be occurring?

A. Tailgating
B. Dumpster diving
C. Brute force
D. Whaling

A

Tailgating

28
Q

Your manager has requested that the combo pad locks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social engineering attack is your manager hoping to avoid with this change?
A. Hoaxes
B. Tailgating
C. Dumpster diving
D. Shoulder surfing

A

Shoulder Surfing

29
Q

Your manager has been hearing a lot about social engineering attacks and wonders why such attacks are so effective. Which of the following identifies reasons why the attacks are so successful? (Choose three.)
A. Authority
B. DNS poisoning
C. Urgency
D. Brute force
E. Trust

A

Authority, Urgency

Security Knowledge Bank (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions