Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ Certification PT1 > Treats, Attacks and Vulnerabilities > Flashcards

Treats, Attacks and Vulnerabilities Flashcards

1
Q 
You are responsible for application security for a small startup. You are responsible for conducting regular penetration tests. Recently the startup has faced some budget issues and lacks the funds to create a stand alone system to be used for vulnerability scanning applications. Due to this constraint you must conduct vulnerability scans on the live system (the same one being used by customers). What type of scan should be used to ensure vulnerabilities are found but not executed?
A. Intrusive
B. Non-credentialed
C. Non-intrusive
D. Credentialed
A

C. Non-intrusive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
You are conducting a penetration test on a web application recently purchased by the HR department of your employer. You find that when creating a new user account in the Web UI you can delete data from the database by entering; 'DROP TABLE Users' into the field for the user account. What type of vulnerability have you discovered?
A. SQL injection
B. XML injection
C. Drop database vulnerability
D. Request forgery
A

A. SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
You have ordered a penetration test on the companies website from a 3rd party IT security consultant. Your web administration team has created a stand alone test network to ensure the penetration test due not cause issues on the live website. Other than the IP address of the web server you have not provided the penetration testers with any information. What type of test best describes this scenario?
A. White box
B. Black box
C. Integration
D. Stand alone
A

B. Black box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
During a regular security scan of the network you find that several user laptops are infected with the same malware. After cross-referencing the laptop users with the reverse proxy logs you find that they all accessed a industry news website the day before. You believe your organization may have been specifically targeted for this malware. what type of attack would best describe this theory?
A. SQL injection
B. Spoofing
C. SYN flood
D. Watering hole
A

D. Watering hole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
During routine security checks you discover that a wireless access point is setup on the outside of your employer's office building. the access point has the same SSID as the internal WiFi network but is unsecured to allow any one access. What type of attack have you discovered?
A. W-DNS Spoofing
B. SSID reduplication attack
C. Jamming
D. Evil twin
A

D. Evil twin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Your coworker is out sick due to illness. In his absence you have received the results of a vulnerability scan he ordered from an external provider. Unfortunately your coworker did not give you any information on what type of scan was conducted or what methods were used. the results show that 3 injections vulnerabilities were identified but are only possible when attempted from an authenticated user account. Based on the information you have, what type of vulnerability scan was most likely completed?
A. Credentialed
B. Intrusive
C. Non-intrusive
D. Gray box
A

A. Credentialed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
What type of DOS attack sends a large number of new TCP requests to a server in order to over whelm it with unused open sessions?
A. DDos
B. Session hijacking
C. Spanning tree
D. SYN Flood
A

D. SYN Flood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
You work for a large realty company in the networking department. Recently you department received a help desk call from a smaller satellite office stating their WiFi is no longer working. The trouble ticket was escalated to you because company policy does not allow wireless networks. After further investigation you learn that an employee in the office setup a simple wireless router themselves. Which option best defines this situation?
A. Disassociation
b. Unauthorized twin
C. Rogue AP
D. Evil twin
A

C. Rogue AP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
A smaller online retailer is experiencing huge numbers of requests on their websites. They are not running any marketing campaigns and while seeing a lot of traffic are not seeing a rise in sales or logins. Eventually their web services becomes overloaded and users are unable to load pages on the website. What type of attack most likely occurred?
A. Overflood
B. DDoS
C. Replay
D. Jamming
A

D. DDoS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have been called to the office of the CEO for a confidential meeting . In the meeting the CEO informs you he has a virus that won’t let him login with out paying a fee. You begin to investigate the issue and find that the CEO downloaded a file from a website a friend shared on a social media site. After downloading the file his computer restated and now will not allow anyone to login unless they enter credit card information. which option best describes the attack used in this scenario based on the information available?
A. The CEO downloaded and executed Ransomware
B. The CEO executed a RootKit which gave backdoor access to a hacker
C. the CEO was the target of a spear phishing social engineering attack
D. A bot net is attacking the CEO’s computer and disabling login attempts.

A

A. The CEO downloaded and executed Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
You are working as a security consultant for a small company. The owner of the company states they were recently targeted by hackers who gained access to their email account. Since then the attackers have taken control of the companies website and have stated they will only return control to the company after receiving a payment. The hosting provider has stated the web servers are not infected and no unusual logins have occurred. Despite this users are reporting they cannot access the companies website. Based on this information, what type of attack has occurred to the website?
A. MitM
B. Session hijacking
C. Cross-site scripting
D. DNS hijacking
A

D. DNS hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which option best describes the following situation:
An attacker has intercepted network packets between a browser and web server. The attack then re-transmits the intercepted data to the web server hoping the server will respond with useful information (e.g. a session id, credit card information, etc.)
A. Replay
B. Cross-site scripting
C. Bluejacking
D. Injection

A

A. Replay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
Your bank has contacted you and informed you they recognized an unusual login with your username and password on their website. As a precaution they have locked your account and stated the login came from a foreign country. You run a security scan on your PC which find malware. The description of the malware states that it intercepts normal web traffic from your browser executable. What type of attack best describes this?
A. Consensus attack
B. Amplification
C. Domain hijacking
D. Man-in-the-middle
A

D. Man-in-the-middle

MitM using a Trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security+ Certification PT1 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions