Security+ Practice Test 2 Flashcards

1
Q

Privacy filter (a.k.a. privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle, so the screen content is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing. (True or False)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

A

Virus hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
Which of the terms listed below refers to a platform used for watering hole attacks?
Mail gateways
Websites
PBX systems
Web browsers
A

Websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which social engineering principles apply to the following attack scenario?
An attacker impersonates a company’s managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply.

A

Urgency
Authority
Intimidation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which social engineering principles apply to the following attack scenario?
An attacker impersonating a software beta tester replies to a victim’s post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app.

A

Scarcity
Familiarity
Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which social engineering principle applies to the following attack scenario? While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware.

A

Consensus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn’t have time or resources to handle legitimate requests is called:

A

DoS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Which of the following attacks relies on intercepting and altering data sent between two networked hosts?
Zero-day attack
MITM attack
Watering hole attack
Replay attack
A

MITM attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is known as:

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Entry fields of web forms lacking input validation are vulnerable to what kind of attacks?

A

SQL injection attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Which of the answers below refers to a common target of cross-site scripting (XSS)?
Physical security
Alternate sites
Dynamic web pages
Removable storage
A

Dynamic web pages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cross-site request forgery (CSRF/XSRF) is a security exploit that allows for infecting a website with malicious code. The malicious code, often in the form of JavaScript, can then be sent to the unsuspecting user and executed via the user’s web browser application.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of attack allows for tricking a user into sending unauthorized commands to a web application?

A

CSRF

XSRF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following facilitates privilege escalation attacks?

A

System/application vulnerability
Social engineering techniques
System/application misconfiguration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker’s IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

A

ARP poisoning

17
Q
Which of the attack types listed below relies on the amplification effect?
Zero-day attack
DDoS attack
Brute force attack
MITM attack
A

DDoS attack

18
Q

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

A

DNS poisoning

19
Q

The term “Domain hijacking” refers to a situation in which a domain registrant due to unlawful actions of third parties loses control over his/her domain name. (True of False)

A

True

20
Q
Which of the terms listed below refers to a computer security exploit that takes advantage of vulnerabilities in a user's web browser application?
MTTR
MITM
MTFB
MITB
A

MITB

21
Q

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:

A

Zero-day attack

22
Q

A replay attack occurs when an attacker intercepts data and tries to use this information later to impersonate the user to obtain unauthorized access to resources on a network. (True or False)

A

True

23
Q

A technique that allows an attacker to authenticate to a remote server without extracting a cleartext password from the digest and use the digest instead of a password credential is known as:

A

Pass the hash

24
Q

In computer security, the term “Clickjacking” refers to a malicious technique of tricking a user into clicking on something different from what the user thinks they are clicking on. (True or False)

A

True

25
Q

In a session hijacking attack, a hacker takes advantage of the session ID stored in:

A

Cookie