Security+ Practice Test 4 Flashcards

1
Q

Which of the following authentication protocols offer(s) countermeasures against replay attacks?

A

IPsec
Kerberos
CHAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the cryptographic algorithms listed below is the least vulnerable to attacks?

A

AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following cryptographic hash functions is the least vulnerable to attacks?

A

SHA-512

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which statements best describe the attributes of a script kiddie?

A

Low level of technical sophistication

Lack of extensive resources/funding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A person who breaks into a computer network or system for a politically or socially motivated purpose is typically described as:

A

Hacktivist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following terms best describes a threat actor type whose sole intent behind breaking into a computer system or network is monetary gain?

A

Organized crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which statements best describe the attributes of an APT?

A

High level of technical sophistication
Extensive amount of resources/funding
Threat actors are governments/nation states

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which term best describes a disgruntled employee abusing legitimate access to company’s internal resources?

A

Insider threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following terms best describes a type of threat actor that engages in illegal activities to get the know-how and gain market advantage?

A

Competitors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the statements listed below describe the purpose behind collecting OSINT?

A

Gaining advantage over competitors
Passive reconnaissance in penetration testing
Preparation before launching a cyberattack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In penetration testing, the practice of using one compromised system as a platform for further attacks on other systems on the same network is known as:

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Penetration test of a computer system without the prior knowledge on how the system that is to be tested works is commonly referred to as black-box testing.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:

A

White-box testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following terms is used to describe a type of penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system?

A

Gray-box testing

17
Q

Penetration testing:

A

Bypasses security controls
Actively tests security controls
Exploits vulnerabilities

18
Q

Vulnerability scanning:

A

Identifies lack of security controls
Identifies common misconfigurations
Passively tests security controls

19
Q

A malfunction in preprogrammed sequential access to a shared resource is described as:

A

Race condition

20
Q

Which of the terms listed below refers to a software that no longer receives continuing support?

A

EOL

21
Q

Which of the following factors pose the greatest risk for embedded systems?

A

Inadequate vendor support

Default configurations

22
Q

A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of:

A

Improper input validation

23
Q

After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of:

A

Improper error handling

24
Q

A predefined username/password on a brand new wireless router is an example of:

A

Default configuration

25
Q

Which of the answers listed below describes the result of a successful DoS attack?

A

Resource exhaustion