CompTIA Security+ Domain 1.0
B. Computer Bots D. Command & Control
An attacker is planning to set up a backdoor that will infect a set of specific computers at an organization, to inflict a set of other intrusion attacks remotely. Which of the following will support the attackers' plan? (Select all that apply.) A. Crypto Malware B. Computer Bots C. Skimming D. Command & Control
A. A shim
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware? A. A shim B. A pointer C. An integer D. A race condition
A. Race condition
Developers found a "time of check to time of use" (TOCTTOU) vulnerability in their application. The vulnerability made it possible to change temporary data created within the app before the app uses the data later. This vulnerability is taking advantage of what process in the application? A. Race condition B. Error handling C. Privilege escalation D. Directory traversal
D. Establish a connection with a Command and Control server
If a user's computer becomes infected with a botnet, which of the following can this compromise allow the attacker to do? (Select all that apply.) A. Launch a Distributed Denial of Service (DDoS) attack B. Launch a tailgating attack C. Launch a mass-mail spam attack D. Establish a connection with a Command and Control server
C. Refactoring
Through what method can malware evade antivirus software detection, so that the software no longer identifies the malware by its signature? A. Improper input handling B. DLL injection C. Refactoring D. Shimming
A. LDAP injection
Using an open connection to a small company's network, an attacker submitted arbitrary queries on port 389 to the domain controllers. The attacker initiated the query from a client computer. What type of injection attack did the attacker perform? A. LDAP injection B. XML injection C. SQL injection D. DLL injection
A. Skimming
What type of attack is occurring when a counterfeit card reader is in use? A. Skimming B. Card cloning C. Password spraying D. Malicious charging
B. Resource exhaustion C. Denial of service (DoS) D. Amplification
Which of the following conditions are results of a SYN (synchronize) flood attack? (Select all that apply.) A. Packet filtering B. Resource exhaustion C. Denial of service (DoS) D. Amplification
A. IV attacks
Wi-Fi Protected Access (WPA) fixes critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Understanding that WPA uses a combination of an RC4 stream cipher and Temporal Key Integrity Protocol (TKIP), this makes a wireless access point NOT vulnerable to which of the following attacks when related to encrypted wireless packets? A. IV attacks B. MAC flooding C. URL redirection D. NFC attacks
C. The user installed Trojan horse malware.
A user used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user experienced frequent crashes, slow computer performance, and strange services running when turning on the computer. What most likely happened to cause these issues? A. The user installed adware. B. The user installed rogueware malware. C. The user installed Trojan horse malware. D. The user installed crypto-malware.
D. Python script
A Linux systems admin reported a suspicious .py file that ran on a daily schedule after business hours. The file includes shellcode that would automate Application Programming Interface (API) calls to a web application to get information. What type of script is executing this shellcode? A. PowerShell script B. Bash script C. VBA script D. Python script
A. Uses lightweight shellcode B. Uses low observable characteristic attacks
A fileless malicious software can replicate between processes in memory on a local host or over network shares. What other behaviors and techniques would classify malware as fileless rather than a normal virus? (Select all that apply.) A. Uses lightweight shellcode B. Uses low observable characteristic attacks C. Uses compiled executables to evade detection D. Writes code to disk
C. Domain Name System (DNS) client cache poisoning
A hacker corrupted the name:IP records held on the HOSTS file on a client, to divert traffic for a legitimate domain to a malicious IP address. What type of attack did the hacker perform? A. Internet Protocol (IP) spoofing B. Domain Name System (DNS) spoofing C. Domain Name System (DNS) client cache poisoning D. Address Resolution Protocol (ARP) poisoning
A. Password spraying attack
A hacker is trying to gain remote access to a company computer by trying brute force password attacks using a few common passwords in conjunction with multiple usernames. What specific type of password attack is the hacker most likely performing? A. Password spraying attack B. Online password attack C. Offline password attack D. Dictionary password attack
B. Network
A low level distributed denial of service (DDoS) attack that involves SYN or SYN/ACK flooding describes what type of attack? A. Application B. Network C. Operational Technology D. DNS poisoning
A. A Man-in-the-Middle attack
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute? A. A Man-in-the-Middle attack B. A pass-the-hash attack C. A birthday attack D. A downgrade attack
D. Cross-site scripting (XSS)
An attacker discovered an input validation vulnerability on a website, crafted a URL with additional HTML code, and emailed the link to a victim. The victim unknowingly defaced (vandalized) the web site after clicking on the malicious URL. No other malicious operations occurred outside of the web application's root directory. This scenario is describing which type of attack? A. SQL injection B. Command injection C. Cross-site Request Forgery (XSRF) D. Cross-site scripting (XSS)
C. DLL injection
An attacker escalated privileges to a local administrator and used code refactoring to evade antivirus detection. The attacker then allowed one process to attach to another and forced the operating system to load a malicious binary package. What did the attacker successfully perform? A. SQL injection B. XML injection C. DLL injection D. Directory traversal
B. A buffer overflow
An attacker gained remote access to a user's computer by exploiting a vulnerability in a piece of software on the device. The attacker sent data that was able to manipulate the memory size that the application reserved to store expected data. Which vulnerability exploit resulted from the attacker's actions? A. A race condition B. A buffer overflow C. An integer overflow D. A pointer dereference
C. A Remote Access Trojan (RAT)
An attacker installs Trojan malware that can execute remote backdoor commands, such as the ability to upload files and install software to a victim PC. What type of Trojan malware is this? A. A botnet B. A keylogger C. A Remote Access Trojan (RAT) D. Spyware
B. Cross-site Request Forgery (XSRF)
An attacker modified the HTML code of a legitimate password-change web form, then hosted the .html file on the attacker's web server. The attacker then emailed a URL link of the hosted file to a real user of the web page. Once the user clicked the link, it changed the user's password to a value the attacker set. Based on this information, what type of attack is the website vulnerable to? A. Reflected Cross-Site Scripting (XSS) B. Cross-site Request Forgery (XSRF) C. Stored Cross-Site Scripting (XSS) D. Document Object Model (DOM)-based
B. Spyware infected the computers.
End-users at an organization contact the cybersecurity department. After downloading a file, they are being redirected to shopping websites they did not intend to navigate to, and built-in webcams turn on. The security team confirms the issue as malicious, and notes modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users' computers? A. Ransomware infected the computers. B. Spyware infected the computers. C. An adware plug-in infected the computers. D. Crypto-malware infected the computers.
A. Domain reputation C. URL redirections
External hackers have some access to a company's website and made some changes. Customers have submitted multiple complaints via email for wrong orders and inappropriate images on the website. The Chief Information Officer (CIO) is now worried about the distribution of malware. The company should prepare for which of the following other issues or concerns? (Select all that apply.) A. Domain reputation B. Domain hijacking C. URL redirections D. DNS poisoning
C. A malicious process can alter the execution environment to create a null pointer, and crash the program.
How can the lack of logic statement tests on memory location variables be detrimental to software in development? A. Software will not release allocated memory when it has finished using it, potentially leading to system instability. B. The operating system will allow one process to attach to another and then force it to load a malicious link library. C. A malicious process can alter the execution environment to create a null pointer, and crash the program. D. Certain events will fail to execute in the order and timing intended.
A. A rainbow table attack
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value? A. A rainbow table attack B. A dictionary attack C. A brute force attack D. A hybrid password attack
A. A pass-the-hash attack D. A replay attack
A security engineer implemented once-only tokens and timestamping sessions. What type of attacks can this type of security prevent? (Select all that apply.) A. A pass-the-hash attack B. A birthday attack C. A downgrade attack D. A replay attack
A. A worm
A security operations center (SOC) analyst investigates the propagation of a memory-resident virus across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service (DoS). What type of virus is this? A. A worm B. A program virus C. A multipartite virus D. A macro virus
A. A logic bomb
A security specialist discovers a malicious script on a computer. The script is set to execute if the administrator's account becomes disabled. What type of malware did the specialist discover? A. A logic bomb B. A worm C. Crypto-malware D. A Remote Access Trojan (RAT)
D. PUP
A user purchased a laptop from a local computer shop. After powering on the laptop for the first time, the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT security specialist classify these programs? A. Virus B. Trojans C. Ransomware D. PUP
A. Revealing database server configuration
A web application's code prevents the output of any type of information when an error occurs during a request. The development team cited security reasons as to why they developed the application in this way. What sort of security issues did the team have concerns about in this case? A. Revealing database server configuration B. Server-side request forgeries C. Application programming interface intrusions D. Secure socket layer stripping
D. Clone it.
How can an attacker make unauthorized use of acquired user and account details from a user's smart card? A. Skim it. B. Spray it. C. Brute force it. D. Clone it.
C. Have up-to-date backups.
If a user's device becomes infected with crypto-malware, which of the following is the best way to mitigate this compromise? A. Pay the ransom. B. Remove the infection with antivirus. C. Have up-to-date backups. D. Update the operating system after the infection.
A. Key discovery B. Improper error
The latest web application, using default settings, is currently accepting application programming interface (API) calls over HyperText Transfer Protocol (HTTP). The environment has a moderate key management system. Even with basic server security, the API connection is vulnerable to which of the following? (Select all that apply.) A. Key discovery B. Improper error handling C. DNS Poisoning D. Shimming
D. A rogue access point (AP)
A security analyst's scans and network logs show that unauthorized devices are connecting to the network. The analyst discovers a tethered smartphone acting as a connection point to the network. Which behavior describes the smartphone's role? A. A spectrum analyzer B. A Radio Frequency ID (RFID) device C. A switched port analyzer (SPAN)/mirror port D. A rogue access point (AP)
A. PowerShell script
A security engineer examined some suspicious error logs on a Windows server that showed attempts to run shellcode to a web application. The shellcode showed multiple lines beginning with Invoke-Command. What type of script is the suspicious code trying to run? A. PowerShell script B. Python script C. Bash script D. Macros script
A. By using VBA code
A malicious actor is preparing a script to run with an Excel spreadsheet as soon as the target opens the file. The script includes a few macros designed to secretly gather and send information to a remote server. How is the malicious actor accomplishing this task? A. By using VBA code B. By using bash commands C. By using PowerShell script D. By using Python script
B. Dictionary attack C. Rainbow table
An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select all that apply.) A. Pre-Shared Key (PSK) B. Dictionary attack C. Rainbow table D. Wi-Fi Protected Access (WPA)
B. Application attack
An attacker is preparing to perform what type of attack when the target vulnerabilities include headers and payloads of specific application protocols? A. Operational technology attack B. Application attack C. Domain hijacking D. MAC cloning
B. Server-side request forgery
An attacker submitted a modified uniform resource locator (URL) link to a website that eventually established connections to back-end databases and exposed internal service configurations. The attacker did not hijack a user to perform this attack. This describes which of the following types of attacks? A. Client-side request forgery B. Server-side request forgery C. Cross-site scripting D. Resource exhaustion
B. Bluesnarfing
An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. The mobile device is vulnerable to which of the following attacks? A. Bluejacking B. Bluesnarfing C. Skimming D. WiPhishing
B. Locate the offending radio source and disable it. C. Boost the signal of the legitimate equipment.
An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would mitigate this type of network disruption? (Select all that apply.) A. Use a spectrum analyzer. B. Locate the offending radio source and disable it. C. Boost the signal of the legitimate equipment. D. Install a Personal Area Network (PAN).
D. Replay attack
An intruder monitors an admin's unsecure connection to a server and finds some required data, like a cookie file, that legitimately establishes a session with a web server. Knowing the admin's logon credentials, what type of attack can the intruder perform with the cookie file? A. Cross-site Request forgery attack B. API attack C. Clickjacking attack D. Replay attack