Security+ Practice Test 4 Flashcards
Which of the following authentication protocols offer(s) countermeasures against replay attacks?
IPsec
Kerberos
CHAP
Which of the cryptographic algorithms listed below is the least vulnerable to attacks?
AES
Which of the following cryptographic hash functions is the least vulnerable to attacks?
SHA-512
Which statements best describe the attributes of a script kiddie?
Low level of technical sophistication
Lack of extensive resources/funding
A person who breaks into a computer network or system for a politically or socially motivated purpose is typically described as:
Hacktivist
Which of the following terms best describes a threat actor type whose sole intent behind breaking into a computer system or network is monetary gain?
Organized crime
Which statements best describe the attributes of an APT?
High level of technical sophistication
Extensive amount of resources/funding
Threat actors are governments/nation states
Which term best describes a disgruntled employee abusing legitimate access to company’s internal resources?
Insider threat
Which of the following terms best describes a type of threat actor that engages in illegal activities to get the know-how and gain market advantage?
Competitors
Which of the statements listed below describe the purpose behind collecting OSINT?
Gaining advantage over competitors
Passive reconnaissance in penetration testing
Preparation before launching a cyberattack
In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.
False
In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.
False
In penetration testing, the practice of using one compromised system as a platform for further attacks on other systems on the same network is known as:
Pivoting
Penetration test of a computer system without the prior knowledge on how the system that is to be tested works is commonly referred to as black-box testing.
True
Penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:
White-box testing