Security+ Practice Test 3 Flashcards

1
Q

The term “URL hijacking” (a.k.a. “Typosquatting”) refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A modification introduced to a computer code that changes its external behavior (e.g. to maintain compatibility between a newer OS and an older version of application software) is called:

A

Shimming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The practice of optimizing existing computer code without changing its external behavior is known as:

A

Refactoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the terms listed below refer(s) to software/hardware driver manipulation technique(s) that might be used to enable malware injection?

A

Refactoring

Shimming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IP spoofing and MAC spoofing rely on falsifying what type of address?

A

Source address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following security protocols is the least susceptible to wireless replay attacks?

A

WPA2-CCMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A type of wireless attack designed to exploit vulnerabilities of WEP is known as:

A

IV attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The term “Evil twin” refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A wireless jamming attack is a type of:

A

Denial of Service (Dos) attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is known as:

A

WPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the wireless technologies listed below are deprecated and should not be used due to their known vulnerabilities?

A

WPS

WEP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The practice of sending unsolicited messages over Bluetooth is called:

A

Bluejacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Gaining unauthorized access to a Bluetooth device is referred to as:

A

Bluesnarfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following wireless technologies enables identification and tracking of tags attached to objects?

A

RFID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the name of a technology used for contactless payment transactions?

A

NFC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A wireless disassociation attack is a type of:

A

Denial of Service (Dos) attack

17
Q

Which cryptographic attack relies on the concepts of probability theory?

A

Birthday

18
Q

Which of the acronyms listed below refers to a cryptographic attack where the attacker has access to both the plaintext and its encrypted version?

A

KPA

19
Q

Rainbow tables are lookup tables used to speed up the process of password guessing.

A

True

20
Q

Which of the following answers refers to the contents of a rainbow table entry?

A

Hash/Password

21
Q

Which password attack takes advantage of a predefined list of words?

A

Dictionary attack

22
Q

An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as:

A

Brute-force attack

23
Q

One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline.

A

True

24
Q

A situation where cryptographic hash function produces two different digests for the same data input is referred to as hash collision.

A

False

25
Q

Which of the following answers lists an example of a cryptographic downgrade attack?

A

POODLE