Security+ EC questions
MAC attacks are layer ______ attacks
2
What is a PUP?
A type of computer program not explicitly classified as malware by AV software A type of software that may adversely affect the computer's security and performance, compromise user's privacy, or display unsolicited ads An application downloaded and installed with the user's consent (legal app)
What is smishing?
A type of phishing attack using text messages
the characteristic features of a session ID?
A unique identifier assigned by the website to a specific user A piece of data that can be stored in a cookie, or embedded as an URL Stored in a visitor's browser
enables the exchange of information between computer programs?
API
An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?
ARP poisoning
A physical security control type that provides isolation from external computer networks?
Air gap
Restoring data from an incremental backup requires: (2 answers)
All copies of incremental backups made since the last full backup Copy of the last full backup
the following statements can be used to describe the characteristics of an on-path attack?
An on-path attack is also known as MITM attack In an on-path attack, attackers place themselves on the communication route between two devices In an on-path attack, attackers intercept or modify packets sent between two communicating devices
Public Key encryption algorithm is also called the
Asymmetric algorithm
any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key (and vice versa)
Asymmetric encryption
What are the features of Elliptic Curve Cryptography (ECC)?
Asymmetric encryption Low processing power requirements Suitable for small wireless devices
refers to a US government initiative for real-time sharing of cyber threat indicators?
Automated Indicator Sharing (AIS)
Which of the following refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?
Backdoor
2 Examples of key stretching algorithms
Bcrypt PBKDF2
Which cryptographic attack relies on the concepts of probability theory?
Birthday
The practice of sending unsolicited messages over Bluetooth is known as:
Bluejacking
Gaining unauthorized access to a Bluetooth device is referred to as:
Bluesnarfing
A malware-infected network host under remote control of a hacker is commonly referred to as:
Bot
What is the function of a C2 server?
Botnet control
An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as:
Brute-force attack
A situation in which an application writes to an area of memory it is not supposed to have access to is referred to as
Buffer overflow
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called
Buffer overflow
The practice of making an unauthorized copy of a payment card is referred to as:
Cloning
The two main vulnerability databases:
Common Vulnerability Database (CVE) National Vulnerability Database (NVD)
Individuals will in general do what they accept everybody around them is doing, especially when they are uncertain of what to do in any case. This is an example of which social engineering tactic?
Consensus
refers to the concept of virtualization on an application level?
Containerization
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as
DLL
an application attack that relies on executing a library of code?
DLL injection
acronym refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information?
DLP
Remapping a domain name to a rogue IP address is an example of what kind of exploit?
DNS poisoning
___________ is an example of fake telemetry
DNS sinkhole
can be used to prevent access to malicious URLs at an enterprise level
DNS sinkholing
A suite of security extensions for an Internet service that translates domain names into IP addresses is known as:
DNSSEC
What is DLP?
Data Loss Prevention
A type of redundant source code producing an output not used anywhere in the application is commonly referred to as:
Dead code
Which password attack takes advantage of a predefined list of words?
Dictionary attack
A dot-dot-slash attack is also referred to as:
Directory traversal attack
A factor that has the biggest impact on domain reputation?
Distribution of spam
A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:
Downgrade attack
What would you use to add power redundancy on a server box?
Dual-power supply
Which solution would be best suited for situations where response time in data processing is of critical importance?
Edge computing
represents a fusion of cloud and local computing in which the cloud is still retained for carrying and storing data while local internet-connected devices take care of the data processing
Edge computing
An asymmetric encryption key designed to be used only for a single session or transaction is known as:
Ephemeral key
Describe characteristics of a cross-site scripting attack?
Exploits the trust a user's web browser has in a website A malicious script is injected into a trusted website User's browser executes attacker's script
characteristics of a cross-site request forgery attack
Exploits the trust a website has in the user's web browser A user is tricked by an attacker into submitting unauthorized web
Which type of malware resides only in RAM?
Fileless virus
refers to a local network infrastructure between IoT devices and the cloud designed to speed up data transmission and processing
Fog computing
___________ is a mode of operationfor symmetric-key cryptographic block ciphers which is widely adopted for its performance
Galois/Counter Mode (GCM)
allows for mapping large amount of data content to a small string of characters
Hash function
What are the the contents of a rainbow table entry?
Hash/Password
describe the attributes of an APT?
High level of technical sophistication Extensive amount of resources/funding Typically funded by governments/nation states
Which alternate site allows for fastest disaster recovery?
Hot site
term refers to a duplicate of the original site, with fully operational computer systems as well as near-complete backups of user data?
Hot site
A situation in which a web form field accepts data other than expected
Improper input validation
Which of the three states of digital data requires data to be processed in an unencrypted form?
In processing
A type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities is called
Indication of Compromise (IoC)
a countermeasure against code injection
Input validation
programming aspects that are are critical in secure application development process?
Input validation Error and exception handling
What are the countermeasures against SQL injection attacks? ( 2 answers)
Input validation Stored procedures
a programming error where an application tries to store a numeric value in a variable that is too small to hold it
Integer overflow
Digital signatures provide: (3 answers)
Integrity Authentication Non-reputation
the term _______________ refers to a mechanism for extending the length of a cryptographic key to make it more secure against brute-force attacks
Key stretching
A collection of commonly used programming functions designed to speed up software development process is known as:
Library
removable storage media that contains a portable, non-persistent OS?
Live boot media
A network hardware or software solution designed for managing the optimal distribution of workloads across multiple computing resources is known as:
Load balancer
Malicious code activated by a specific event is called:
Logic bomb
A ________ network diagram describes the actual traffic flow on a network and provides information related to IP addressing schemes, subnets, device roles, or protocols that are in use on the network
Logical
An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as:
MAC Spoofing MAC Cloning
This extends the email message format beyond simple text, enabling the transfer of graphics, audio, and video files over the Internet mail system
MIME
What would be the best solution for a company that needs IT services but lacks any IT personnel?
MSSP
An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:
Machine learning
Another name for sequential-access backup media?
Magnetic tape
Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:
Malware
a device designed to distribute (and monitor the quality of) electric power to multiple outlets?
Managed power distribution unit
What is an MSP?
Managed service provider
A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required is known as:
Memory leak
______________ are an architectural and organizational approach to software development where software is composed of small independent services that communicate over well-defined APIs
Microservices
3 facts about RAID 1:
Minimum 2 drives Disk mirroring No parity
2 facts about RAID 5:
Minimum 3 drives increased performance and fault tolerance
2 facts about RAID 6:
Minimum 4 drives 2 drives can fail
2 facts about RAID 10:
Minimum 4 drives stripe of mirrors
The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy is called:
NIC teaming
What is the most common form of a DDoS attack?
Network based
The process of removing redundant entries from a database is known as:
Normalization
describes an attempt to read a variable value from an invalid memory address?
Null-pointer deference
A term referring to threat intelligence gathered from publicly available sources?
OSINT
Which type of DDoS attack targets industrial equipment and infrastructure?
OT
Which cloud service model would provide the best solution for a web developer intending to create a web app?
PaaS
A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called
Pass the hash
What is PFS?
Perfect Forward Secrecy
an encryption style known for producing temporary private key exchanges between clients and servers. For every individual session initiated by a user, a unique session key is generated.
Perfect Forward Secrecy
URL redirection is a characteristic feature of
Pharming
URL redirection is a characteristic feature of:
Pharming
social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:
Phishing
an internal telephone exchange or switching system implemented in a business or office
Private Branch Exchange (PBX)
_________ teaming combines the vulnerabilities and threats found by the red team and the defense tactics and controls found by the blue team.
Purple
Which type of Trojan enables unauthorized remote access to a compromised system?
RAT
A protocol designed to handle real-time traffic (like audio and video) over the Internet
RTP
A malfunction in a preprogrammed sequential access to a shared resource is described as
Race condition
Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is known as:
Ransomware
The practice of modifying an application's code without changing its external behavior is referred to as:
Refactoring
Two software/hardware driver manipulation techniques?
Refactoring Shimming
A type of formal document that describes the specifications for a particular technology is known as
Request For Comments (RFC)
A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:
Rootkit
What type of spam relies on text-based communication?
SPIM
A protocol that enables secure, real-time delivery of audio and video over an IP network?
SRTP
a non-proprietary cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services:
SSH
Pseudo-random data added to a password before hashing is called
Salt
These provide randomization during encryption process?
Salting Initialization vector
A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company's firewall is called:
Screened subnet
A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (3 answers)
Session-key encryption Symmetric encryption Secret-key encryption
alters the external behavior of an application and at the same time does not introduce any changes to the application's code?
Shimming
A device that best illustrates the concept of edge computing?
Smartwatch
A file-based representation of the state of a virtual machine at a given point in time is called:
Snapshot
What type of backups are commonly used with virtual machines?
Snapshot backups
_____________ is the decoupling of the network control logic from the devices performing the function
Software-defined networking (SDN)
Which password attack bypasses account-lockout policies?
Spraying attack
Malicious software collecting information about users without their knowledge/consent is known as:
Spyware
A dedicated local network consisting of devices providing data access is called
Storage area network (SAN)
a network of storage devices that can be accessed by multiple servers or computers, providing a shared pool of storage space
Storage area network (SAN)
What is STIX?
Structured Threat Information eXpression (STIX) is a programming language for representing cyber threat intelligence in a standardized and structured format
Privilege escalation attacka are facilitated by:
System/application vulnerability Social engineering techniques System/application misconfiguration
These describe the behavior of a threat actor?
TTPs. a key concept in cybersecurity and threat intelligence. The purpose is to identify patterns of behavior which can be used to defend against specific strategies and threat vectors used by malicious actors
Refers to a vulnerability caused by race conditions?
Time-of-check to time-of-use
Refers to the process of replacing sensitive data with nonsensitive information which holds a reference to the original data and enables its processing but has no value when breached
Tokenization
characteristic features of pharming?
Traffic redirection Fraudulent websites Credential harvesting
A VPC is accessed via a:
Transit gateway
This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.
Trojan horse
One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline. T/F
True
What is TAXII?
Trusted Automated eXchange of Indicator Information (TAXII) is an application layer protocol that enables sharing of actionable threat information across organizations, products, and services.
What is a device used for DLP?
USB data blocker
What are the characteristic features of a session key? ( 2 answers)
Used during a single session Symmetric key
Which of the following enables running macros in Microsoft Office applications?
VBA
mitigates the risk of supply chain attacks?
Vendor/Intermediary checks
What is a VPC?
Virtual Private Cloud
An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:
Virus hoax
a platform used for watering hole attacks?
Websites
In cybersecurity exercises, the role of an event overseer (i.e. the referee) is delegated to
White team
standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:
Worm
What is a managed security service provider (MSSP)?
a business that supplies security services, software, and/or expertise to other organizations
the following fragments of input might indicate an LDAP injection attack attempt?
administrator)(&)) search.aspx?name=userName)(zone=*)
Social engineering principle that refers to the idea that people follow the lead of credible knowledge experts
authority
Ransomware is an example of what kind of malware?
cryptomalware
if a hacker gains access to the MD5 hashes of passwords, they do not necessarily need to find the actual password, but something else which shares that hash. This is an example of:
hash collision
Which term Is used to describe the theft of personal data from a payment card?
skimming
A short list of commonly used passwords tried against large number of user accounts is a characteristic feature of:
spraying attack
A network replay attack occurs when an attacker intercepts sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized operations T/F
true
