CompTIA Security+ Guid to Network Security Fundamentals Ch. 5 Review Questions
Which of the following is NOT true about RATs?
A RAT and a worm have the same basic function
Which of the following is NOT a technology used by spyware?
Active tracking technologies
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
CSRF
Which of the following is NOT a Microsoft Windows common LOLBin?
DLR
Nollaig is reviewing the steps that an attacker took when they compromised a web server and access confidential files. What type of attack was this?
Directory traversal
What word is the currently accepted term that is used today to refer to network connected hardware devices?
Endpoint
Which of the following types of computer viruses is malicious computer code that becomes part of a file?
File-based virus
Which of the following is NOT a feature of blocking ransomware?
It can be defeated by a double power cycle
Finn's team leader has just texted him that an employee, who violated company policy by bringing a file on a USB flash drive, has just reported that their computer is infected with locking ransomware. Why would Finn consider this a serious situation?
It can encrypt all files on any network that is connected to the employee's computer.
Which of the following is NOT correct about a secure cookie?
It is a means of protection of a web browser
Cillian is explaining to an intern why ransomware is considered to be the most serious malware threat. Which of the follow reasons would Cillian NOT give?
Once a device is infected with ransomware, it will never function normally
Which of the following would NOT be considered an IoA?
Resource manipulation
Which of the following manipulates the trusting relationship between web servers?
SSRF
Which of these would NOT be considered the result of a logic bomb?
Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting
Which statement regarding a keylogger is NOT true?
Software keyloggers are generally easy to detect
What is the difference between keylogger and spyware?
Spyware typically secretly monitors users but unlike a keylogger makes no attempts to gather sensitive user keyboard input
What race condition can result in a NULL pointer/object dereference?
Time of check (TOC) to time of use (TOU)
Which of the following is sometimes called a "network virus" because it enters a computer to move through the network?
Worm
Which of the following attacks is based on a website accepting user input without sanitizing it?
XSS
