CompTIA Security+ Common Vulnerabilities Quiz
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
DLL
Which of the terms listed below describes a type of attack that relies on executing a library of code?
DLL injection
Which of the terms listed below refers to a software that no longer receives continuing support?
EOL
After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of:
Improper error handling
A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of:
Improper input validation
Which of the following violates the principle of least privilege?
Improperly configured accounts
An effective asset management process provides countermeasures against: (Select all that apply)
System sprawl; Undocumented assets; Architecture and design weaknesses
Zero-day attack exploits:
Vulnerability that is present in already released software but unknown to the software developer
A situation in which an application writes to an area of memory that it is not supposed to access is referred to as:
buffer overflow
A predefined username/password on a brand new wireless router is an example of:
default configuration
Which of the following factors pose the greatest risk for embedded systems? (Select 2 answers)
inadequate vendor support; Default configurations
Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?
integer overflow
A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called:
memory leak
Which of the following terms describes an attempt to read a variable that stores a null value?
pointer dereference
A malfunction in preprogrammed sequential access to a shared resource is described as:
race condition
Which of the answers listed below describes the result of a successful DoS attack?
resource exhaustion
(T/F) In the IT industry, the term "System sprawl" is used to describe one of the aspects of poor asset management process.
true
(T/F) The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks.
true
What is the best countermeasure against social engineering?
user education
An e-commerce store app running on an unpatched web server is an example of:
vulnerable business process
