Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601) > Types of Attacks (1) > Flashcards

Types of Attacks (1) Flashcards

1
Q

You are inspecting a user’s system after she has complained about slow Internet speeds. After analyzing the system, you notice that the default gateway in the ARP cache is referencing an unknown MAC address. What type of attack has occurred?

Brute force

Buffer overflow

ARP poisoning

A

ARP poisoning

ARP poisoning occurs when the attacker alters the ARP cache to redirect communication to a particular IP address to the wrong MAC address, which maps to the attacker’s machine. This is a popular attack on wireless networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You want to implement a security control that limits tailgating in a high-security environment. Which of the following protective controls would you use?

Swipe cards

Mantrap

Locked door

A

Mantrap

Tailgating occurs when an unauthorized person tries to slip through a secured door after an authorized person opens it. A mantrap helps prevent tailgating; it is the area between two locked doors, in which the second door does not open until the first door closes. This enables you to watch who enters the building with you, or it can prevent two people from entering the door at the same time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following descriptions best describes a buffer overflow attack?

Injecting database code into a web page

Using a dictionary file to crack passwords

Sending too much data to an application that then enables the attacker to run arbitrary code

A

Sending too much data to an application that then enables the attacker to run arbitrary code

A buffer overflow attack occurs when an attacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application. It has been found that if the attacker can write information beyond the buffer, he can run whatever code he wants. Attackers typically write code that gives them remote shell access to the system with administrative capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?

XML injection

A SQL injection attack

LDAP injection

A

A SQL injection attack

A SQL injection attack occurs when the attacker inserts database (SQL) statements into an application, such as a web site, which then passes the SQL commands to a backend database to be processed. The end result could lead to the attacker bypassing the authentication or manipulating data in the backend database. In this example, the attacker is trying to bypass the logon by typing “pass’ or 1=1–” into the password box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A user on your network receives an e-mail from the bank stating that there has been a security incident at the bank. The e-mail asks the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?

Phishing

Spam

Dictionary attack

A

Phishing

Phishing occurs when a attacker e-mails a victim and hopes she clicks the link that leads her to a fake site (typically a bank). At this point, the attacker hopes the user types information into the fake site (such as bank account information) that he can use to gain access to her real account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of attack involves the attacker modifying the source IP address of the packet?

Xmas attack

Spear phishing

Spoofing

A

Spoofing

A spoofing attack occurs when the attacker modifies the source address of the packet. In IP spoofing, the source IP address is modified; in MAC spoofing, the source MAC address is modified; and in e-mail spoofing, the attacker alters the source e-mail address of the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following files might an attacker modify after gaining access to your system in order to achieve DNS redirection?

/etc/passwd

Hosts

SAM

A

Hosts

The hosts file on the local hard drive of the computer is used to resolve fully qualified domain names (FQDNs) to IP addresses and could be used to redirect an unsuspecting person to the wrong site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of attack involves the attacker sending too much data to a service or application that typically results in the attacker gaining administrative access to the system?

Birthday attack

Eavesdrop

Buffer overflow

A

Buffer overflow

Buffer overflow happens when the amount of data sent to a target system exceeds the size of data allocated by the target buffer, thus causing neighboring memory areas to be overwritten. If the buffer overflow is successful, the attacker is able to execute code in the security context of the software being exploited, potentially gaining admin-level access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following methods could be used to prevent ARP poisoning on the network? (Choose two.)

Static ARP entries

Patching

Antivirus software

Physical security

Firewall

A

Static ARP entries

Physical security

ARP poisoning can be countered by adding static ARP entries to your ARP cache and by implementing physical security so that unauthorized persons cannot gain access to the network and poison everyone’s ARP cache

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your systems?

Antivirus software

Physical security

Patching

A

Patching

The best countermeasure to buffer overflow attacks is to ensure that you keep up to date with system and application patches. As the vendor finds the vulnerabilities, that vendor will fix the issues through a patch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is the term for a domain name that is registered and deleted repeatedly so that the registrant can avoid paying for the domain name?

DNS redirection

Domain poisoning

Domain kiting

A

Domain kiting

Domain kiting is a vulnerability in the domain name system in which the attacker registers a DNS name and then cancels it within the five-day grace period to avoid paying for the domain. After a few days, he deletes the name and re-creates it to get the five-day grace period again

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You receive many calls from customers stating that your web site seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requests on that web server at a high rate. What type of attack is occurring?

Eavesdrop

Denial of service

Man-in-the-middle

A

Denial of service

The fact that you are receiving a high number of malformed requests at a high rate is a great indication that someone is trying to perform a denial of service (DoS) attack on your system. The results of a DoS could be to keep your system so busy servicing bogus requests that it cannot service valid requests from customers, or the attacker may try to crash your system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of attack is a smurf attack?

Distributed denial of service (DDoS)

Denial of service (DoS)

Privilege escalation

A

Distributed denial of service (DDoS)

A smurf attack is a distributed denial of service (DDoS) attack, which is a DoS attack involving multiple systems. The smurf attack involves the attacker pinging a number of systems but spoofing the address of the ICMP packet so that all those systems reply to an intended victim. The victim would be so overburdened with the ICMP replies that it would cause a denial of service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your manager has ensured that a policy is implemented that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?

Denial of service

Social engineering

Dumpster diving

A

Dumpster diving

Dumpster diving occurs when the attacker goes through a company’s garbage trying to locate information that can help him perform an attack or gain access to the company assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of attack involves the attacker inserting a client-side script into the web page?

XSS

Watering hole attack

ARP poisoning

A

XSS

Cross-site scripting (XSS) is an attack that involves the attacker inserting script code into a web page so that it is then processed and executed by a client system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your manager has read about SQL injection attacks and is wondering what can be done to protect against them for applications that were developed in-house. What would you recommend?

Patching

Antivirus

Input validation

A

Input validation

A SQL injection attack involves the attacker inserting database code into an application (such as a web site) where it is not expected. The best countermeasure to this is to have your programmers validate any information (check its accuracy) passed into an application

17
Q

An attacker sitting in an Internet café ARP poisons everyone connected to the wireless network so that all traffic passes through the attacker’s laptop before she routes the traffic to the Internet. What type of attack is this?

Rainbow tables

Man-in-the-middle

DNS poison

A

Man-in-the-middle

When a attacker poisons everyone’s ARP cache in order to have them send any data destined for the Internet through the attacker’s system, this is a man in the middle attack, because the attacker is receiving all traffic before it is sent to the Internet. The attacker will do this to see what you are doing on the Internet and ideally capture sensitive information

18
Q

Which of the following best describes a zero-day attack?

An attack that modifies the source address of the packet

An attack that changes the computer’s system date to 00/00/00

An attack that uses an exploit that the product vendor is not aware of yet

A

An attack that uses an exploit that the product vendor is not aware of yet

A zero-day attack is considered a new exploit that the vendor is not aware of yet, but the hacking community is

19
Q

What type of file on your hard drive stores preferences from web sites?

Cookie

Hosts

LMHOSTS

A

Cookie

A cookie is a text file on the hard drive of your system that stores preferences for specific web sites

20
Q

What type of attack involves the attacker disconnecting one of the parties from a communication and continues the communication while impersonating that system?

Man in the browser

Denial of service (DoS)

Session hijacking

A

Session hijacking

Session hijacking involves the attacker taking over a conversation by impersonating one of the parties involved in the conversation after the attacker kicks that party off. The attacker typically launches a DoS attack to kick out one of the parties of the communication

21
Q

What type of password attack involves the use of a dictionary file and modifications of the words in the dictionary file?

Dictionary attack

Brute-force attack

Hybrid attack

A

Hybrid attack

In a hybrid password attack, the attacker uses a dictionary file and a brute-force attack to try to guess a user’s password; the software uses modifications of the dictionary words by placing numbers at the end of each word, and a brute-force attack then attempts to apply each password as it is created

22
Q

Which of the following countermeasures is designed to protect against a brute-force password attack?

Patching

Account lockout

Password complexity

A

Account lockout

Because brute-force attacks mathematically aim to calculate all possible passwords, if you give the attacker enough time, the attacker will crack passwords, including complex passwords. The key point here is you need to take the time away from the attacker, and you do that by enabling account lockout—after a certain number of bad logon attempts, the account is locked. Note that passwords should be stored in an encrypted format so if someone gets access to the database storing the passwords, they are not seeing the passwords in plaintext

23
Q

Three employees within the company have received phone calls from an individual asking about personal finance information. What type of attack is occurring?

Whaling

Tailgating

Vishing

A

Vishing

Vishing is a form of social-engineering attack in which the attacker calls a user trying to trick the person into divulging secure information over the phone or a Voice over IP (VOIP) call. “Vishing” as a term comes from the fact that it is similar to phishing, but instead of the attack coming through e-mail, it is using the phone (voice)

24
Q

Tom was told to download a free tax program to complete his taxes this year. After downloading and installing the software, Tom notices that his system is running slowly and he receives a notification from his antivirus software. What type of malware has he installed?

Keylogger

Trojan

Worm

A

Trojan

Tom has installed a Trojan virus, a program disguised to do one thing that actually does something else or something additional

25
Q

Jeff recently reports that he is receiving a large number of unsolicited text messages to his phone. What type of attack is occurring?

Bluesnarfing

Whaling

Bluejacking

A

Bluejacking

Bluejacking occurs when the attacker sends unsolicited text messages to a Bluetooth device such as a phone

26
Q

An employee is suspected of sharing company secrets with a competitor. After seizing the employee’s laptop, the forensic analyst notices that a number of personal photos on the laptop have been e-mailed to a third party over the Internet. When the analyst compares the hashes of the personal images on the hard drive to what is found in the employee’s mailbox, the hashes do not match. How was the employee sharing company secrets?

Digital signatures

Steganography

MP3Stego

A

Steganography

Steganography involves hiding information inside a file—for example, hiding text data in an image file—and is a common technique used by attackers to share information

27
Q

You arrive at work today to find someone outside the building digging through her purse. As you approach the door, the person says, “I forgot my pass at home. Can I go in with you?” What type of attack could be occurring?

Tailgating

Dumpster diving

Brute force

A

Tailgating

Tailgating occurs when an unauthorized person tries to follow behind an authorized person to sneak through a locked door

28
Q

Your manager has requested that the combo padlocks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social-engineering attack is your manager hoping to avoid with this change?

Tailgating

Dumpster diving

Shoulder surfing

A

Shoulder surfing

Shoulder surfing is a form of social-engineering attack that involves someone looking over your shoulder to spy your passcode or other sensitive information

CompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601) (26 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions