Test 9

Question 1

As opposed to simple DoS attacks that usually are performed from a single system, a DDoS attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as a platform for the attack (often referred to as zombies, and collectively as a botnet) are the secondary victims of the DDoS attack.

Answer 1

True

Question 2

A type of DDoS attack where an attacker exploits vulnerabilities in certain services or protocols to generate responses that are much larger than the original request is referred to as:

Answer 2

Amplified DDoS attack

Question 3

What defines a reflected DDoS attack?

Answer 3

Utilizing third-party servers to reflect and amplify attack traffic towards the target

Question 4

A DNS amplification attack is a type of DDoS attack wherein an attacker sends a small, specially crafted DNS query containing a spoofed IP address (the victim’s IP) to a compromised DNS server. Upon receiving the query, the DNS server generates a much larger response packet, which is then sent to the victim’s IP address, causing potential disruption due to overwhelming traffic.

Answer 4

True

Question 5

Which of the answers listed below refers to a cyberattack technique that relies on providing false DNS information to a DNS resolver for the purpose of redirecting or manipulating the resolution of domain names to malicious IP addresses?

Answer 5

DNS spoofing

Question 6

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

Answer 6

DNS cache poisoning

Question 7

When domain registrants due to unlawful actions of third parties lose control over their domain names, they fall victim to:

Answer 7

Domain hijacking

Question 8

Which of the following can be classified as malicious activity indicator on a wireless network?

Answer 8

Rogue AP

Question 9

The practice of gaining unauthorized access to a Bluetooth device is known as:

Answer 9

Bluesnarfing

Question 10

A wireless disassociation attack is a type of: (Select 2 answers)

Answer 10

Deauthentication attack
DoS attack

Question 11

A wireless jamming attack is a type of:

Answer 11

DoS attack

Question 12

Which of the answers listed below refers to RFID vulnerability?

Answer 12

Spoofing
Eavesdropping
RFID cloning
Data interception
Replay attack
DoS attack

Question 13

Which of the following is a vulnerability characteristic to NFC communication?

Answer 13

Eavesdropping
Data interception
Replay attacks
DoS attacks

Question 14

Which wireless attack focuses on exploiting vulnerabilities found in WEP?

Answer 14

IV attack

Question 15

Which of the statements listed below can be used to describe the characteristics of an on-path attack? (Select all that apply)

Answer 15

An on-path attack is also known as MITM attack ( Missed)
Attackers place themselves on the communication route between two devices ( Missed)
Attackers intercept or modify packets sent between two communicating devices

Question 16

A network replay attack occurs when an attacker captures sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized operations.

Answer 16

True

Question 17

What are the characteristic features of a session ID? (Select 3 answers)

Answer 17

A unique identifier assigned by the website to a specific user
A piece of data that can be stored in a cookie, or embedded as an URL parameter ( Missed)
Typically stored on the client side (in the user’s browser) rather than on the server

Question 18

In a session replay attack, an attacker intercepts and steals a valid session ID of a user and resends it to the server with the intent of gaining unauthorized access to the user’s session or tricking the server into unauthorized operations on behalf of the legitimate user.

Answer 18

True

Question 19

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:

Answer 19

Pass the Hash

Question 20

What type of action allows an attacker to exploit the XSS vulnerability?

Answer 20

Code Injection

Question 21

Which of the following exploits targets a protocol used for managing and accessing networked resources?

Answer 21

LDAP injection attack

Question 22

Which type of exploit targets web applications that generate content used to store and transport data?

Answer 22

XML injection attack

Question 23

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)

Answer 23

System/application vulnerabilities ( Missed)

System/application misconfigurations ( Missed)

Social engineering techniques

Question 24

Which of the statements listed below apply to the CSRF/XSRF attack? (Select 3 answers)

Answer 24

Exploits the trust a website has in the user’s web browser ( Missed)
A user is tricked by an attacker into submitting unauthorized web requests ( Missed)
Website executes attacker’s requests

Question 25

A dot-dot-slash attack is also referred to as:

Answer 25

Directory traversal attack