Security+ Practice Test 2 Flashcards
Privacy filter (a.k.a. privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle, so the screen content is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing. (True or False)
True
An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:
Virus hoax
Which of the terms listed below refers to a platform used for watering hole attacks? Mail gateways Websites PBX systems Web browsers
Websites
Which social engineering principles apply to the following attack scenario?
An attacker impersonates a company’s managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply.
Urgency
Authority
Intimidation
Which social engineering principles apply to the following attack scenario?
An attacker impersonating a software beta tester replies to a victim’s post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app.
Scarcity
Familiarity
Trust
Which social engineering principle applies to the following attack scenario? While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware.
Consensus
An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn’t have time or resources to handle legitimate requests is called:
DoS attack
As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet.
True
Which of the following attacks relies on intercepting and altering data sent between two networked hosts? Zero-day attack MITM attack Watering hole attack Replay attack
MITM attack
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is known as:
Buffer overflow
Entry fields of web forms lacking input validation are vulnerable to what kind of attacks?
SQL injection attacks
Which of the answers below refers to a common target of cross-site scripting (XSS)? Physical security Alternate sites Dynamic web pages Removable storage
Dynamic web pages
Cross-site request forgery (CSRF/XSRF) is a security exploit that allows for infecting a website with malicious code. The malicious code, often in the form of JavaScript, can then be sent to the unsuspecting user and executed via the user’s web browser application.
False
Which type of attack allows for tricking a user into sending unauthorized commands to a web application?
CSRF
XSRF
Which of the following facilitates privilege escalation attacks?
System/application vulnerability
Social engineering techniques
System/application misconfiguration