Security+ Practice Test 4

Question 1

Which of the following authentication protocols offer(s) countermeasures against replay attacks?

Answer 1

IPsec
Kerberos
CHAP

Question 2

Which of the cryptographic algorithms listed below is the least vulnerable to attacks?

Answer 2

AES

Question 3

Which of the following cryptographic hash functions is the least vulnerable to attacks?

Answer 3

SHA-512

Question 4

Which statements best describe the attributes of a script kiddie?

Answer 4

Low level of technical sophistication

Lack of extensive resources/funding

Question 5

A person who breaks into a computer network or system for a politically or socially motivated purpose is typically described as:

Answer 5

Hacktivist

Question 6

Which of the following terms best describes a threat actor type whose sole intent behind breaking into a computer system or network is monetary gain?

Answer 6

Organized crime

Question 7

Which statements best describe the attributes of an APT?

Answer 7

High level of technical sophistication
Extensive amount of resources/funding
Threat actors are governments/nation states

Question 8

Which term best describes a disgruntled employee abusing legitimate access to company’s internal resources?

Answer 8

Insider threat

Question 9

Which of the following terms best describes a type of threat actor that engages in illegal activities to get the know-how and gain market advantage?

Answer 9

Competitors

Question 10

Which of the statements listed below describe the purpose behind collecting OSINT?

Answer 10

Gaining advantage over competitors
Passive reconnaissance in penetration testing
Preparation before launching a cyberattack

Question 11

In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.

Answer 11

False

Question 12

In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.

Answer 12

False

Question 13

In penetration testing, the practice of using one compromised system as a platform for further attacks on other systems on the same network is known as:

Answer 13

Pivoting

Question 14

Penetration test of a computer system without the prior knowledge on how the system that is to be tested works is commonly referred to as black-box testing.

Answer 14

True

Question 15

Penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:

Answer 15

White-box testing

Question 16

Which of the following terms is used to describe a type of penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system?

Answer 16

Gray-box testing

Question 17

Penetration testing:

Answer 17

Bypasses security controls
Actively tests security controls
Exploits vulnerabilities

Question 18

Vulnerability scanning:

Answer 18

Identifies lack of security controls
Identifies common misconfigurations
Passively tests security controls

Question 19

A malfunction in preprogrammed sequential access to a shared resource is described as:

Answer 19

Race condition

Question 20

Which of the terms listed below refers to a software that no longer receives continuing support?

Answer 20

EOL

Question 21

Which of the following factors pose the greatest risk for embedded systems?

Answer 21

Inadequate vendor support

Default configurations

Question 22

A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of:

Answer 22

Improper input validation

Question 23

After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of:

Answer 23

Improper error handling

Question 24

A predefined username/password on a brand new wireless router is an example of:

Answer 24

Default configuration

Question 25

Which of the answers listed below describes the result of a successful DoS attack?

Answer 25

Resource exhaustion