Test 8 Flashcards

1
Q

Which of the answers listed below refers to a security vulnerability that enables inserting malicious code into input fields, such search bars or login forms, to execute unauthorized commands on a database?

A

SQLi ( Missed)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following indicates an SQL injection attack attempt?

A

SELECT * FROM users WHERE userName = ‘Alice’ AND password = ‘’ OR ‘1’ = ‘1’;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the answers listed below describe the characteristics of a cross-site scripting attack? (Select 3 answers)

A

Exploits the trust a user’s web browser has in a website ( Missed)
A malicious script is injected into a trusted website ( Missed)
User’s browser executes attacker’s script ( Missed)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following answers refers to a type of software embedded into a hardware chip?

A

Firmware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the terms listed below refers to a situation in which a product or service may no longer receive security patches or other updates, making it more vulnerable to attack?

A

EOL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the main vulnerability related to legacy hardware?

A

Lack of security updates and patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The term “VM escape” refers to the process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following answers refers to a virtualization-related vulnerability where virtualized assets allocated to one VM are improperly isolated and can be accessed or compromised by another VM?

A

Resource reuse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the answers listed below refers to a cloud-related vulnerability type?

A

Insecure APIs
Poor access controls
Lack of security updates
Misconfigured cloud storage
Shadow IT / Malicious insiders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The practice of installing mobile apps from websites and app stores other than the official marketplaces is referred to as:

A

Sideloading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following terms is used to describe the process of removing software restrictions imposed by Apple on its iOS operating system?

A

Jailbreaking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The term “Rooting” refers to the capability of gaining administrative access to the operating system and system applications on:

A

Android devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is known as:

A

Zero-day attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is called:

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A Trojan horse is a type of software that performs harmful actions under the guise of a legitimate and useful program. The most characteristic feature of Trojan horse is that while it may function as a legitimate program and possess all the expected functionalities, it also contains a concealed portion of malicious code that the user is unaware of.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which type of Trojan enables unauthorized remote access to a compromised system?

A

RAT

17
Q

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is referred to as:

A

Worm

18
Q

Malicious software collecting information about users without their knowledge/consent is known as:

A

Spyware

19
Q

Which of the answers listed below refer to the characteristic features of bloatware? (Select 3 answers)

A

Pre-installed on a device by the device manufacturer or retailer ( Missed)
Generally considered undesirable due to negative impact on system performance ( Missed)
Installed without user consent

20
Q

Which of the following answers refer to the characteristics of a PUP? (Select 3 answers)

A

Often installed without clear user consent ( Missed)
Can be pre-installed, downloaded, or bundled with other software ( Missed)
Generally considered undesirable due to negative impact on system performance, privacy, and security ( Missed)

21
Q

Which of the statements listed below apply to the definition of a computer virus? (Select 3 answers)

A

A self-replicating computer program containing malicious segment ( Missed)
Malware that typically requires its host application to be run to make the virus active
Malicious code that typically attaches itself to an application program or other executable component

22
Q

Which of the following is an example of spyware?

A

Keylogger

23
Q

Malicious code activated by a specific event is called:

A

Logic bomb

24
Q

Which of the following answers refers to a collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network?

A

Rootkit

25
Q

The term “RFID cloning” refers to copying the data stored on any RFID-enabled device (including tags, cards, key fobs, implants, and other objects embedded with RFID technology) onto another RFID-enabled device, which then can be read and used in the same way as the original tag. While RFID cloning can be utilized for legitimate purposes, such as replicating important tags for backup and testing purposes, it also poses significant security risk, as duplicate tags can potentially be used for gaining unauthorized access or unauthorized information disclosure.

A

True