Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Sec+ SY0-501 > Threats, Attacks & Vulnerabilities . > Flashcards

Threats, Attacks & Vulnerabilities . Flashcards

1
Q

Malware comes in many different forms (T/F) ?

A

True!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the major malware types?

A
  • Virus
  • Worm
  • Trojan Horse
  • Remote Access Trojan
  • Adware
  • Spyware
  • Ransomware
  • Logic Bomb
  • Rootkit
  • Back Door
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This Malware Type…

Spreads between systems based upon some user action.

A

Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This Malware Type…

Spreads between systems by exploiting vulnerabilities; no user action required.

A

Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This Malware Type…

Masquerades as desirable software to trick user into installing it.

A

Trojan Horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This Malware Type…

Trojan horse that allows an attacker to gain remote access to a system.

A

Remote Access Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This Malware Type…

Displays advertisements on the user’s system to generate ad revenue.

A

Adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This Malware Type…

Monitors user activity, such as keystrokes and web visits.

A

Spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This Malware Type…

Encrypts user files and demands a ransom before releasing the key.

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This Malware Type…

Encrypts user files and demands a ransom before releasing the key.

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This Malware Type…

Waits until certain conditions are met before triggering a malicious action.

A

Logic Bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This Malware Type…

Elevated privileges of a normal user to gain administrative rights.

A

Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This Malware Type…

Provides an unauthorized mechanism for accessing a system.

A

Backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_________ engineering attacks manipulate individuals to gain _________ access or information.

A
  • Social

- Unauthorized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the different social engineering attack types?

A
  • Phishing
  • Spear Phishing
  • Whaling
  • Tailgating
  • Dumpster Diving
  • Shoulder Surfing
  • Watering Hole
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This Attack Type…

Solicits information via email.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This Attack Type…

Solicits information via highly targeted email designed for one person.

A

Spear Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This Attack Type…

Targets high value individuals, such as senior executives.

A

Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This Attack Type…

Accessed a building by having someone hold the door open.

A

Tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This Attack Type…

Discovers sensitive information discovered in the trash.

A

Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

This Attack Type…

Monitors user activity by watching them as they enter/read information.

A

Shoulder Surfing

22
Q

This Attack Type…

Places malware on a site where users are known to congregate.

A

Watering Hole

23
Q

What are the seven main mechanisms that social engineering attacks exploit?

A
  • Authority
  • Intimidation
  • Consensus
  • Scarcity
  • Familiarity
  • Trust
  • Urgency
24
Q

_________ kiddies are generally ______-skilled attackers seeking a quick thrill.

A
  • Script

- Low

25
Q

What are Advanced Persistent Threats (APTs)?

A

Extremely sophisticated attackers often sponsored by government agencies.

26
Q

________ ________ ________ uses tools like nmap to check for active systems and open ports.

A

Network Discovery Scanning

27
Q

What are the 4 common scanning techniques?

A
  • TCP SYN
  • TCP Connect
  • TCP ACK
  • Xmas
28
Q

This Type of Scanning Technique…

Scans send a single packet with the SYN flag set.

A

TCP SYN

29
Q

This Type of Scanning Technique…

Scans attempt to complete the three way handshake.

A

TCP Connect

30
Q

This Type of Scanning Technique…

Scans seek to impersonate an established connection.

A

TCP ACK

31
Q

This Type of Scanning Technique…

Scans set the FIN, PSH, and URG flags.

A

Xmas

32
Q

Network vulnerability scanning first discovers active services on the network and then probes those services for known vulnerabilities (T/F)?

A

True!

33
Q

_____ _______ vulnerability scans use tools that specialize in probing for web application weaknesses.

A

Web application

34
Q

The vulnerability management workflow includes three basic steps, what are they?

A
  • Detection
  • Remediation
  • Validation
35
Q

________ _________ goes beyond vulnerability scanning and attempts to exploit vulnerabilities.

A

Penetration Testing

36
Q

What are the five steps of Penetration Testing?

A
  • Planning
  • Information Gathering & Discovery
  • Vulnerability Scanning
  • Exploitation
  • Reporting
37
Q

How many types of Penetration Tests are there?

A

Three

38
Q

What are the types of Penetration Tests?

A
  • White Box
  • Black Box
  • Gray Box
39
Q

In WHITE BOX penetration tests, testers have full access to information about the target systems (T/F)?

A

True!

40
Q

In BLACK BOX penetration tests, testers conduct their work ______ ______ knowledge of the target environment.

A

without any

41
Q

This type of penetration test resides in the MIDDLE, providing testers with PARTIAL knowledge about the environment.

A

Gray Box

42
Q

______ tags is a technology that can assist with asset tracking and inventory control of mobile devices.

A

RFID

43
Q

The following Brute Force Attack is characterised as Online or Offline?

  • An attacker usually only has a limited number of attempts before being locked out of a system.
A

Online

44
Q

The following Brute Force Attack is characterised as Online or Offline?

  • The attack is performed remotely.
A

Online

45
Q

The following Brute Force Attack is characterised as Online or Offline?

  • An attacker can try as many times as required to crack a password.
A

Offline

46
Q

The following Brute Force Attack is characterised as Online or Offline?

  • The attack is performed locally.
A

Offline

47
Q

The shopping centre in your town has free Wi-Fi access. Each time you try to use the Wi-Fi, you are first directed to a web page where you need to agree to certain rules. Which technology is being described?

A

Captive Portal

48
Q

Advanced Encryption Standard is currently not susceptible to this type of attack.

A

Known Plaintext Attack

49
Q

A Ciphertext only attack is successful when the plaintext or key can be found (T/F)?

A

True!

50
Q

Which of the following attacks has access to the “crib”,

Ciphertext Only Attack OR Known Plaintext Attack?

A

Known Plaintext Attack

CompTIA Sec+ SY0-501 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions