Posted inCybersecurity

Domain 1 – Threats, Attacks, and Vulnerabilities

https://www.udemy.com/course/comptia-security-601-practice-exam-domain-1-5/learn/quiz/6098874#overview

Domain 1 – Threats, Attacks, and Vulnerabilities – Results

Back to result overview

Attempt 2

All domains

  • 50 all
  • 0 correct
  • 0 incorrect
  • 50
  • 0 marked

Collapse all questions

Question 1

Which of the following terms best describes a type of software that disguises itself as legitimate software but contains malicious code that can compromise the security of a system?

Correct answer

Malware

Ransomware

Adware

Firewall

Overall explanation

A) Malware, short for malicious software, is software designed to infiltrate or damage computer systems while often appearing as legitimate software. It includes various types such as viruses, trojans, and spyware.

Incorrect answers:

B) Ransomware is a specific type of malware that encrypts files and demands a ransom.

C) Adware is unwanted software that displays advertisements but isn’t necessarily disguised as legitimate software.

D) A firewall is a security device used to control incoming and outgoing network traffic, not software that disguises itself.

Question 2

An attacker poses as a delivery person, carrying a package for a company, and convinces an employee to let them into the building. Once inside, the attacker gains unauthorized access to the company’s network. What type of social engineering technique is this?

Correct answer

Tailgating

Pretexting

Phishing

Vishing

Overall explanation

A) Tailgating, also known as piggybacking, involves an attacker following an authorized person into a secure area by appearing as if they belong there.

Incorrect answers:

B) Pretexting involves creating a fabricated scenario to deceive individuals, often over the phone.

C) Phishing typically involves deceptive emails or messages.

D) Vishing is voice-based social engineering, often over the phone.

Question 3

Threat actors who is motivated by financial gain and often uses malicious software to encrypt a victim’s data and demand a ransom is typically referred to as:

A hacktivist

A script kiddie

Correct answer

A cybercriminal

A nation-state actor

Overall explanation

C) Cybercriminals are motivated by financial gain and commonly use ransomware to demand payments from victims.

Incorrect answers:

A) Hacktivists engage in hacking for social or political causes.

B) Script kiddies are individuals with limited hacking skills who often use pre-existing tools.

D) Nation-state actors are affiliated with governments and engage in cyber-espionage or cyberwarfare.

Question 4

Which attack involves flooding a network with ICMP echo request packets sent to a broadcast address?

SYN flood

Correct answer

Smurf attack

DDoS attack

DNS amplification attack

Overall explanation

B) A Smurf attack sends ICMP echo request packets to a network’s broadcast address, causing a flood of replies to the victim’s IP.

Incorrect answers:

A) SYN flood involves overwhelming a server with TCP connection requests, not ICMP echo requests.

C) DDoS involves overwhelming a network or server with traffic from various sources, not specifically ICMP echo requests.

D) DNS amplification involves using DNS servers to flood a victim with DNS response traffic, unrelated to ICMP echo requests.

Question 5

Which of the following best describes the concept of a "zero-day vulnerability"?

A vulnerability that has been in existence for zero days.

A vulnerability that has been exploited for zero days.

Correct answer

A vulnerability that is unknown to the software vendor and has no available patch.

A vulnerability that is at the lowest risk level.

Overall explanation

C) A vulnerability that is unknown to the software vendor and has no available patch.

Incorrect answers:

A) This option does not accurately describe a zero-day vulnerability.

B) A zero-day vulnerability does not refer to the amount of time it has been exploited.

D) The risk level of a vulnerability is not determined by whether it’s a zero-day vulnerability or not.

Question 6

What is a common characteristic of a "man-in-the-middle" (MitM) attack?

Correct answer

The attacker intercepts and alters data between two parties without their knowledge.

The attacker floods a network with excessive traffic to overwhelm it.

The attacker disguises malicious code as legitimate software.

The attacker gains unauthorized access to a system using stolen credentials.

Overall explanation

A) The attacker intercepts and alters data between two parties without their knowledge.

Incorrect answers:

B) Flooding a network with excessive traffic is characteristic of a DoS attack, not a MitM attack.

C) Disguising malicious code as legitimate software is associated with malware, not MitM.

D) Gaining unauthorized access through stolen credentials is typically related to unauthorized access attacks, not MitM.

Question 7

An employee receives an email from what appears to be their company’s IT department. The email requests that the employee reset their email password due to a security breach. The email contains a link to a login page. What kind of threat is the employee facing?

Correct answer

Phishing attack

Insider threat

Man-in-the-middle attack

Ransomware attack

Overall explanation

A) This scenario describes a phishing attack. Phishing is a type of attack where attackers impersonate trusted entities to trick individuals into revealing sensitive information, often by luring them to fake login pages.

Incorrect answers:

B) An insider threat typically involves an organization’s own employees posing a security risk.

C) A man-in-the-middle attack intercepts and alters data in transit, not password reset requests.

D) Ransomware doesn’t involve password reset requests but encrypting files and demanding a ransom.

Question 8

A security administrator has noticed several unauthorized access attempts to the organization’s internal systems. These attempts are often based on trying common username and password combinations. Which type of attack does this scenario most likely describe?

SQL injection attack

Correct answer

Brute-force attack

DDoS attack

Cross-site scripting (XSS) attack

Overall explanation

B) The scenario describes a brute-force attack where an attacker attempts to gain access by trying many possible username and password combinations. This is a common method used to crack passwords.

Incorrect answers:

A) SQL injection attacks involve manipulating a database’s queries.

C) DDoS attacks flood a network to make it unavailable, not necessarily related to unauthorized access.

D) Cross-site scripting attacks target web applications and don’t typically involve trying username/password combinations.

Question 9

A company’s network administrator has discovered a new piece of software running on one of the company’s servers. The software was not installed by the IT department and is not part of the approved software list. What type of threat is this scenario indicating?

Insider threat

Ransomware attack

Correct answer

Trojan horse

Spear-phishing attack

Overall explanation

C) This scenario suggests the presence of a Trojan horse, which is a type of malware that disguises itself as legitimate software but has malicious intent. It is often installed by an attacker.

Incorrect answers:

A) An insider threat usually involves employees with malicious intent or negligence.

B) Ransomware is specific malware that encrypts files and demands a ransom.

D) Spear-phishing involves targeted emails to deceive individuals, not installing unauthorized software.

Question 10

Which attack aims to manipulate a website to redirect users to a fraudulent site that appears legitimate to steal their information?

SQL injection

Cross-Site Scripting (XSS)

Correct answer

DNS spoofing

URL hijacking

Overall explanation

C) DNS spoofing manipulates the DNS records to redirect users to a fraudulent site, typically appearing legitimate, intending to steal their information.

Incorrect answers:

A) SQL injection involves manipulating databases, not site redirection.

B) XSS involves injecting malicious scripts into a website, but not site redirection specifically.

D) URL hijacking is not a well-defined term within cybersecurity.

Question 11

An employee has lost their company-issued smartphone, and it contained sensitive corporate data. What kind of threat does this scenario illustrate?

Phishing attack

Insider threat

Correct answer

Physical security breach

Ransomware attack

Overall explanation

C) The scenario illustrates a physical security breach where the loss of a device (in this case, a smartphone) leads to the potential exposure of sensitive data.

Incorrect answers:

A) Phishing attacks involve deceptive communication to obtain information, not the loss of a device.

B) An insider threat typically involves employees with malicious intent or negligence, not device loss.

D) Ransomware involves the encryption of files and a demand for a ransom, not device loss.

Question 12

A network administrator has implemented a firewall rule that allows only specific incoming traffic from trusted IP addresses and denies all other incoming traffic. What security principle does this rule exemplify?

Correct answer

Principle of least privilege

Defense in depth

Zero trust

Security by design

Overall explanation

A) The firewall rule aligns with the principle of least privilege, where access is restricted to only what is necessary for users or systems to perform their functions.

Incorrect answers:

B) Defense in depth involves multiple layers of security controls.

C) Zero trust is a concept of not inherently trusting any user or system, requiring verification.

D) Security by design is about incorporating security from the beginning of system development.

Question 13

An organization has implemented a policy that requires regular patching of software and systems to address known vulnerabilities. What security practice does this policy reflect?

Security through obscurity

Correct answer

Vulnerability management

Least privilege

Zero-day exploitation

Overall explanation

B) The policy reflects the practice of vulnerability management, which involves identifying, prioritizing, and addressing known vulnerabilities in software and systems.

Incorrect answers:

A) Security through obscurity relies on the secrecy of system design rather than addressing known vulnerabilities.

C) Least privilege is about providing minimum necessary access to perform tasks.

D) Zero-day exploitation is when attackers target vulnerabilities not yet known to the vendor, in contrast to this policy which deals with known vulnerabilities.

Question 14

A company is conducting a security audit and penetration testing on its network to identify and rectify vulnerabilities before malicious actors can exploit them. What security practice is this organization following?

Incident response

Correct answer

Security assessment

Security awareness training

Least privilege

Overall explanation

B) The organization is conducting a security assessment, specifically penetration testing, to identify and rectify vulnerabilities in its network.

Incorrect answers:

A) Incident response is the process of managing and mitigating security incidents.

C) Security awareness training is about educating employees on security best practices.

D) Least privilege is about providing minimum necessary access to perform tasks, not assessing vulnerabilities.

Question 15

An organization has set up a dedicated network segment for guest wireless access, which is isolated from its internal network. What security principle does this network segmentation align with?

Principle of least privilege

Defense in depth

Correct answer

Network segmentation

Security by design

Overall explanation

C) Network segmentation is the practice of dividing a network into isolated segments to enhance security by controlling access and limiting the potential for lateral movement by attackers.

Incorrect answers

A) The principle of least privilege focuses on providing minimum necessary access to perform tasks.

B) Defense in depth involves multiple layers of security controls.

D) Security by design emphasizes incorporating security from the beginning of system development.

Question 16

A company’s web application was recently compromised, and customer data was stolen. The company’s cybersecurity team discovers that the attackers exploited a vulnerability in the application’s code to gain unauthorized access. What type of attack is this?

Correct answer

SQL injection attack

Man-in-the-middle attack

Cross-site scripting (XSS) attack

Zero-day vulnerability

Overall explanation

A) The scenario describes an SQL injection attack, where attackers exploit vulnerabilities in web application code to gain unauthorized access to a database.

incorrect Answers:

B) A man-in-the-middle attack intercepts and alters data in transit but doesn’t necessarily involve web application vulnerabilities.

C) Cross-site scripting attacks target web applications but involve injecting malicious scripts into web pages.

D) A zero-day vulnerability is a software vulnerability that is unknown to the vendor, not necessarily related to unauthorized access.

Question 17

An organization’s security team regularly reviews and assesses logs generated by its servers and network devices to detect and investigate security incidents. What security practice does this represent?

Security awareness training

Correct answer

Log analysis and review

Data classification

Security policy enforcement

Overall explanation

B) Regularly reviewing and analyzing logs is a key practice in identifying and responding to security incidents and potential threats.

Incorrect answers:

A) Security awareness training focuses on educating employees on security best practices.

C) Data classification is the process of categorizing data based on its sensitivity.

D) Security policy enforcement involves ensuring that security policies are followed and enforced.

Question 18

An attacker calls an employee, pretending to be a colleague from another department, and requests sensitive information to complete a report. What type of social engineering technique is this?

Correct answer

Impersonation

Tailgating

Phishing

Vishing

Overall explanation

A) Impersonation involves pretending to be someone the target knows and trusts to manipulate them into disclosing sensitive information.

Incorrect answers:

B) Tailgating involves physical security breaches.

C) Phishing typically uses deceptive emails or messages.

D) Vishing involves voice communication, usually over the phone.

Question 19

Which type of attack involves the modification or interception of communication between two parties without their knowledge?

Correct answer

Man-in-the-Middle (MitM)

Buffer overflow

Spoofing

Zero-day exploit

Overall explanation

A) MitM attacks intercept and manipulate communications between two parties without their awareness, allowing attackers to eavesdrop or modify data.

Incorrect answers:

B) Buffer overflows are software memory vulnerabilities, not related to intercepting communications.

C) Spoofing involves falsifying data to appear as something it’s not but doesn’t necessarily involve communication interception.

D) Zero-day exploits target newly discovered vulnerabilities and are not specific to communication interception.

Question 20

An attacker, aware of recent security audits at the company, calls employees, claiming to be a security auditor conducting routine checks. The attacker asks for login credentials and access to the company’s network to perform a "security check." What type of social engineering technique is this?

Phishing

Spear-phishing

Correct answer

Vishing

Tailgating

Overall explanation

C) Vishing is a social engineering technique that involves voice communication, typically over the phone, to manipulate individuals into revealing sensitive information or granting access.

Incorrect answers:

A) Impersonation typically involves impersonating someone the target knows and trusts.

B) Spear-phishing is a more targeted form of phishing.

D) Tailgating involves physically following someone into a secure area.

Question 21

During a penetration test, the tester attempts to gain unauthorized access to a system by exploiting known vulnerabilities without any prior knowledge of the target. What type of penetration testing technique is this?

White-box testing

Correct answer

Black-box testing

Gray-box testing

Vulnerability scanning

Overall explanation

B) Black-box testing is a type of penetration testing where the tester has no prior knowledge of the target system and attempts to find and exploit vulnerabilities.

Incorrect answers:

A) White-box testing involves testing with full knowledge of the target system.

C) Gray-box testing is a mix of both white-box and black-box testing.

D) Vulnerability scanning is a process of identifying and classifying vulnerabilities but not

Question 22

A penetration tester uses a vulnerability scanner to identify known security issues in a target system. What phase of the penetration testing process does this action belong to?

Scoping

Information gathering

Correct answer

Vulnerability analysis

Exploitation

Overall explanation

C) Using a vulnerability scanner to identify known security issues falls under the vulnerability analysis phase of penetration testing.

Incorrect answers:

A) Scoping is the initial phase that defines the scope and objectives of the test.

B) Information gathering involves collecting data about the target system.

D) Exploitation is the phase where vulnerabilities are actively exploited.

Question 23

Which attack involves a flood of connection requests with falsified IP addresses to overwhelm a server?

Correct answer

SYN Flood

DDoS Attack

Man-in-the-Middle (MitM)

DNS Spoofing

Overall explanation

A) SYN Flood overwhelms a server with connection requests using falsified or spoofed IP addresses, consuming resources and rendering the server unavailable.

Incorrect answers:

B) DDoS involves overwhelming a network or server with traffic from various sources, not specifically with connection requests.

C) MitM involves intercepting and modifying communication but does not specifically involve overwhelming a server with requests.

D) DNS Spoofing manipulates DNS records to redirect users, not specifically overwhelming a server with connection requests.

Question 24

In a penetration test, tools and techniques are used to mimic an attacker trying to gain unauthorized access to a target system. What type of penetration testing is this?

Correct answer

Red teaming

Blue teaming

Social engineering testing

Passive testing

Overall explanation

A) Red teaming involves mimicking the actions of an attacker to evaluate the effectiveness of a system’s defenses.

Incorrect answers:

B) Blue teaming is a defensive exercise that evaluates a system’s security.

C) Social engineering testing focuses on manipulating human behavior.

D) Passive testing does not actively simulate attacks.

Question 25

A security analyst discovers that a particular application does not properly manage its memory allocations, which can lead to data corruption and potentially execute arbitrary code. What potential application attack indicator is this situation most likely related to?

Correct answer

Buffer overflows

Race conditions

Error handling

Improper input handling

Overall explanation

A) Buffer overflows occur when an application writes data beyond the allocated memory, potentially leading to data corruption and code execution.

Incorrect answers:

B) Race conditions are related to timing and concurrency issues.

C) Error handling issues typically involve how an application responds to errors.

D) Improper input handling usually relates to data validation.

Question 26

An attacker intercepts a legitimate user’s request and resends it multiple times to manipulate the application into performing unintended actions. What potential application attack indicator does this situation most likely represent?

Correct answer

Replay attack

Integer overflow

Request forgeries

Memory leak

Overall explanation

A) In a replay attack, an attacker intercepts and resends legitimate requests to manipulate the application into performing unintended actions.

Incorrect answers:

B) Integer overflow is related to numerical values exceeding their limits.

C) Request forgeries involve tricking users into making unwanted requests.

D) Memory leak relates to memory management issues.

Question 27

Which of the following threat vectors involves tricking individuals into revealing sensitive information or performing actions that compromise security?

Malware

Correct answer

Social engineering

Distributed denial of service (DDoS)

Zero-day exploits

Overall explanation

B) Social engineering involves manipulating individuals to reveal sensitive information or perform actions against their best interests.

Incorrect answers:

A) Malware refers to malicious software.

C) DDoS is a type of attack that overwhelms a system with traffic.

D) Zero-day exploits are attacks that target vulnerabilities unknown to the software vendor.

Question 28

An organization has implemented strong encryption to protect sensitive data at rest and in transit. What security measure does this scenario represent?

Security awareness training

Data classification

Data in transit protection

Correct answer

Data protection mechanisms

Overall explanation

D) The use of strong encryption is a data protection mechanism that safeguards data at rest and in transit.

Incorrect answers:

A) Security awareness training is about educating employees on security best practices.

B) Data classification is the process of categorizing data based on its sensitivity.

C) Data in transit protection refers to safeguarding data while it is being transmitted, not at rest.

Question 29

A small business recently conducted a vulnerability scan on its network and found multiple weaknesses in its web server, leaving it susceptible to SQL injection attacks. What should be the immediate response to address these vulnerabilities?

Consider upgrading the network infrastructure to mitigate the vulnerabilities.

Perform another vulnerability scan to verify the findings and their severity.

Correct answer

Implement security measures or patches to fix the SQL injection vulnerabilities.

Ignore the vulnerabilities as they may not pose an immediate threat.

Overall explanation

C) Upon discovering SQL injection vulnerabilities in the web server, the immediate response should involve implementing security measures or patches to fix these vulnerabilities and enhance security.

Incorrect answers:

A) Upgrading the network infrastructure might be a long-term solution, but immediate patching is necessary to mitigate the identified vulnerabilities.

B) While verifying findings is helpful, delaying action could lead to potential exploitation.

D) Ignoring known vulnerabilities can leave systems exposed to attacks.

Question 30

A type of threat vector that involves exploiting previously unknown vulnerabilities in software is commonly known as:

Malware

Social engineering

Distributed denial of service (DDoS)

Correct answer

Zero-day exploits

Overall explanation

D) Zero-day exploits target vulnerabilities that are unknown to the software vendor and have not yet been patched.

Incorrect answers:

A) Malware refers to malicious software.

B) Social engineering involves manipulating individuals to reveal sensitive information.

C) DDoS is a type of attack that overwhelms a system with traffic.

Question 31

An organization’s website has been receiving an unusually high volume of web traffic, which has made the site unresponsive. The traffic appears to be coming from various sources and seems to be overloading the server. What type of attack is this scenario indicating?

Phishing attack

Man-in-the-middle attack

Correct answer

Denial of Service (DoS) attack

Ransomware attack

Overall explanation

C) The scenario describes a Denial of Service (DoS) attack, where attackers flood a server or network with excessive traffic to make services unavailable to legitimate users.

Incorrect Answers:

A) Phishing attack

B) Man-in-the-middle attack

D) Ransomware attack

Question 32

Which of the following best describes a security concern associated with SQL injection vulnerabilities?

Correct answer

Unauthorized disclosure of sensitive data

Unauthorized access to system resources

Buffer overflows leading to system crashes

Denial of service (DoS) attacks

Overall explanation

A) SQL injection vulnerabilities can lead to unauthorized disclosure of sensitive data stored in a database.

Incorrect answers:

B) Unauthorized access to system resources is not typically the primary concern of SQL injection.

C) Buffer overflows are related to a different type of vulnerability.

D) Denial of service (DoS) attacks are not a direct result of SQL injection.

Question 33

An organization has recently implemented a policy requiring employees to change their passwords every 90 days. What security principle does this policy align with?

Least privilege

Security through obscurity

Password complexity

Correct answer

Password expiration

Overall explanation

D) Password expiration is a security principle that ensures passwords are regularly changed, reducing the risk of unauthorized access due to long-term exposure.

Incorrect answers:

A) Least privilege is about providing minimum necessary access to perform tasks.

B) Security through obscurity is the practice of relying on the secrecy of system design as a security measure, not password changes.

C) Password complexity refers to requiring strong, complex passwords.

Question 34

What is a common security concern associated with cross-site request forgery (CSRF) vulnerabilities?

Correct answer

Unauthorized data modification

Unauthorized access to system resources

Injection of malicious code into web pages

Denial of service (DoS) attacks

Overall explanation

A) CSRF vulnerabilities can lead to unauthorized data modification when an attacker tricks a user into performing unwanted actions.

Incorrect answers:

B) Unauthorized access to system resources is not the primary concern of CSRF.

C) Injection of malicious code into web pages is related to other vulnerabilities.

D) Denial of service (DoS) attacks are not typically associated with CSRF.

Question 35

Which of the following encryption algorithms is considered the most secure and widely used for securing internet communications?

DES (Data Encryption Standard).

Correct answer

AES (Advanced Encryption Standard).

RSA (Rivest-Shamir-Adleman).

MD5 (Message Digest Algorithm 5).

Overall explanation

B) AES (Advanced Encryption Standard).

Incorrect answers:

A) DES (Data Encryption Standard): DES is an older encryption standard and is not considered secure for internet communications.

C) RSA (Rivest-Shamir-Adleman): RSA is an asymmetric encryption algorithm used for key exchange and digital signatures but is not typically used for bulk data encryption on the internet.

D) MD5 (Message Digest Algorithm 5): MD5 is a cryptographic hash function, not an encryption algorithm, and is no longer considered secure for many purposes.

Question 36

In a recent high-profile cybersecurity incident, attackers targeted a multinational corporation’s executive team with personalized emails, tricking them into revealing sensitive company data and financial information. What type of attack is this scenario describing?

Ransomware attack

Correct answer

Whaling attack

Spear-phishing attack

DDoS attack

Overall explanation

B) This scenario describes a whaling attack, where high-ranking individuals within an organization are targeted with personalized emails to deceive them into revealing sensitive information.

Incorrect answers:

A) Ransomware attack: Ransomware typically involves encrypting data and demanding a ransom for decryption.

C) Spear-phishing attack: While similar to whaling, spear-phishing can target a broader range of individuals.

D) DDoS attack: DDoS attacks aim to disrupt services by overwhelming them with traffic.

Question 37

An organization uses biometric authentication methods, such as fingerprint scanning, to grant access to highly secure areas. What security practice does this represent?

Multi-factor authentication

Security through obscurity

Correct answer

Physical security measures

Security awareness training

Overall explanation

C) Using biometric authentication for physical access control is a physical security measure to restrict access to highly secure areas.

Incorrect answers:

A) Multi-factor authentication involves using two or more factors to authenticate users, such as something they know and something they have.

B) Security through obscurity relies on the secrecy of system design.

D) Security awareness training focuses on educating employees on security best practices.

Question 38

A security researcher discovered that a popular social media website had been compromised by attackers. The attackers had injected malicious code into the site, which infected the devices of users who visited the compromised pages. What type of attack is this scenario describing?

Ransomware attack

Correct answer

Watering hole attack

Typosquatting attack

Spear-phishing attack

Overall explanation

B) This scenario describes a watering hole attack, where attackers compromise a legitimate website that their intended victims frequently visit, infecting visitors’ devices with malware.

Incorrect answers:

A) Ransomware typically involves encrypting data and demanding a ransom for decryption.

C) Typosquatting involves deceiving users by using domain names with typographical errors, not compromising websites.

D) Spear-phishing involves targeted deceptive emails, not compromising websites.

Question 39

An attacker rummages through the company’s trash bins, searching for discarded documents, invoices, and other materials that might contain sensitive information. What kind of physical security threat does this scenario illustrate?

Correct answer

Dumpster diving

Social engineering attack

Shoulder surfing

Physical intrusion

Overall explanation

A) This scenario depicts a dumpster diving attack, where an attacker searches through trash or discarded materials to obtain sensitive information.

Incorrect answers:

B) Social engineering involves manipulating individuals into revealing confidential information.

C) Shoulder surfing is the act of spying on someone’s screen or keyboard to capture sensitive information.

D) Physical intrusion typically involves unauthorized entry into a secure facility or area, not searching through trash.

Question 40

A company’s security team discovered that a group of hackers had been scanning the organization’s network and systems, attempting to find vulnerabilities that could be exploited. This prelude to an attack is a classic example of which cybersecurity activity?

Intrusion detection

Dumpster diving

Correct answer

Reconnaissance

Encryption

Overall explanation

C) The scenario describes the reconnaissance phase, where attackers gather information about potential targets and vulnerabilities to prepare for an attack.

Incorrect answers:

A) Intrusion detection: Intrusion detection involves identifying and responding to unauthorized access or malicious activities after an attack has started.

B) Dumpster diving: Dumpster diving involves searching through discarded materials for sensitive information, which is a physical security threat.

D) Encryption: Encryption is a security measure used to protect data, not an activity related to pre-attack planning.

Question 41

Which attack involves falsifying the origin of an email to make it appear as though it’s from a trusted source?

Smurf attack

Phishing

Correct answer

Spoofing

Zero-day exploit

Overall explanation

C) Spoofing involves altering information to appear as if it comes from a legitimate source, commonly seen in email addresses to deceive recipients.

Incorrect answer:

A) A smurf attack involves amplifying a network to overwhelm it with ICMP echo request packets.

B) Phishing uses deceptive tactics but doesn’t necessarily involve falsifying the email’s source.

D) Zero-day exploits target newly discovered vulnerabilities, not email falsification.

Question 42

What could be a potential indicator of a brute force attack on a network?

Rapid increase in legitimate traffic

Correct answer

Repeated login attempts with different credentials

Decrease in CPU usage on the server

Increase in available system resources

Overall explanation

B) A brute force attack involves repeated attempts to gain unauthorized access by trying various login credentials, which could be a potential indicator of this attack.

Incorrect answers:

A) Brute force attacks do not necessarily lead to an increase in legitimate traffic.

C) A decrease in CPU usage might not directly indicate a brute force attack.

D) A brute force attack would unlikely cause an increase in available system resources.

Question 43

Which could be an indicator of a DNS amplification attack on a network?

Decrease in DNS response traffic

Multiple DNS requests from legitimate users

Correct answer

Increase in network latency

Unchanged DNS server configurations

Overall explanation

C) DNS amplification attacks often cause an increase in network latency due to the flood of response traffic generated by the attacker.

Incorrect answers:

A) DNS amplification attacks typically cause an increase, not a decrease, in response traffic.

B) This might not directly indicate a DNS amplification attack as legitimate users can generate multiple DNS requests.

D) DNS server configurations might remain unchanged even during an attack.

Question 44

What could be a potential indicator of an ARP poisoning attack on a network?

A decrease in ARP cache discrepancies

Correct answer

Increased network broadcast traffic

Consistent and stable ARP table entries

Reduced network response times

Overall explanation

B) ARP poisoning attacks often generate increased network broadcast traffic due to the manipulation of ARP requests and replies.

Incorrect answers:

A) ARP poisoning typically introduces ARP cache discrepancies rather than decreasing them.

C) ARP poisoning can manipulate ARP table entries, causing inconsistencies rather than stable entries.

D) ARP poisoning doesn’t necessarily lead to reduced response times but can increase network latency.

Question 45

What is a risk associated with the use of default configurations on devices and applications?

Improved security through standardization

Decreased exposure to known vulnerabilities

Correct answer

Increased susceptibility to unauthorized access

Enhanced protection against phishing attacks

Overall explanation

C) Default configurations are often widely known and exploited, increasing the risk of unauthorized access if not modified.

Incorrect answers:

A) Default configurations do not inherently improve security but provide a starting point that should be modified for better security.

B) Default configurations often increase exposure to known vulnerabilities.

D) Default configurations do not necessarily protect against phishing attacks.

Question 46

In a busy coffee shop, customers connect to the public Wi-Fi network named "FreeCoffeeShopWiFi." An attacker sets up a similar-looking access point named "FreeCoffeeShop_WiFi" to intercept traffic. What type of wireless attack is this scenario an example of?

Rogue access point attack

Correct answer

Evil twin attack

De-authentication attack

Packet sniffing attack

Overall explanation

B) This scenario depicts an evil twin attack where an attacker sets up an unauthorized Wi-Fi access point with a name similar to the legitimate network, aiming to intercept and collect users’ data.

Incorrect answers:

A) Rogue access point attacks involve unauthorized access points but not necessarily mimicking legitimate ones.

C) De-authentication attacks involve disconnecting devices from networks, not creating fake access points.

D) Packet sniffing attacks involve intercepting and monitoring network communication.

Question 47

At a business conference, an attendee discovers their Bluetooth-enabled device has received unsolicited business card data from an unknown source. What kind of wireless attack might this scenario indicate?

Correct answer

Bluejacking attack

Man-in-the-middle attack

Wardriving attack

Bluesnarfing attack

Overall explanation

A) This scenario indicates a Bluejacking attack, where unsolicited messages or business card data is sent to Bluetooth-enabled devices without the users’ consent.

Incorrect answers:

B) A man-in-the-middle attack involves intercepting communication between two parties.

C) Wardriving involves searching for Wi-Fi networks while driving.

D) Bluesnarfing involves unauthorized access to data on a Bluetooth-enabled device.

Question 48

In a public library, a hacker placed a device to capture wireless network traffic, allowing them to collect login credentials and personal information from users connecting to the library’s public Wi-Fi. What kind of wireless attack does this scenario represent?

Correct answer

Packet sniffing attack

Evil twin attack

Rogue access point attack

Wardriving attack

Overall explanation

A) This scenario describes a packet sniffing attack, where a device captures and analyzes wireless network traffic, enabling the theft of sensitive user information.

Incorrect answers:

B) Evil twin attacks involve creating fake access points to intercept data.

C) Rogue access point attacks involve unauthorized access points.

D) Wardriving is the act of searching for Wi-Fi networks while driving.

Question 49

During a network security assessment, the scanning tool flags an outdated software version as a high-severity risk. After manual investigation, it’s revealed that the software’s vulnerability has been patched. What type of detection is this likely to be?

Correct answer

False positive

False negative

True positive

True negative

Overall explanation

A) In this scenario, the scanning tool misidentifies the patched vulnerability as a high-severity risk, indicating a false positive.

Incorrect answer:

B) A false negative would involve missing an actual vulnerability, not an already patched one.

C) True positive indicates correctly identifying an actual vulnerability.

D) True negative denotes accurately identifying the absence of a vulnerability.

Question 50

In a routine vulnerability scan, the security tool fails to detect an unpatched system vulnerability, thereby missing a potential security threat. What type of detection is this likely to be?

False positive

Correct answer

False negative

True positive

True negative

Overall explanation

B) Failing to detect an actual vulnerability, leading to a missed potential security threat, signifies a false negative in the vulnerability scan.

Incorrect answers:

A) False positives involve incorrect identification of non-existent vulnerabilities.

C) True positives indicate accurately identified vulnerabilities.

D) True negatives represent accurately identified absence of vulnerabilities.

Tags: