Security+ Practice Test 4
Which of the following statements can be used to describe the characteristics of an on-path attack? (Select all that apply)
1. An on-path attack is also known as MITM attack 2. In an on-path attack, attackers place themselves on the communication route between two devices
A wireless disassociation attack is a type of: (Select 2 answers)
1. Deauthentication attack 2. Denial-of-Service (DoS) attack
SSL stripping is an example of: (Select 2 answers)
1. Downgrade attack 2. On-path attack
NFC is vulnerable to:
1. GPS tracking 2. Capturing keystrokes 3. Sending and receiving commands 4. Delivering and executing malware
Which of the following fall(s) into the category of Layer 2 attacks? (Select all that apply)
1. MAC cloning 2. ARP poisoning 3. MAC flooding 4. MAC spoofing
An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as: (Select 2 answers)
1. MAC spoofing 2. MAC cloning
Which of the following terms refer to software/hardware driver manipulation techniques? (Select 2 answers)
1. Refactoring 2. Shimming
Which of the following provide randomization during encryption process? (Select 2 answers)
1. Salting 2. Initialization Vector (IV)
RFID is vulnerable to:
1. Spoofing 2. Eavesdropping 3. Data interception 4. Replay attacks 5. Denial-of-Service (DoS) attacks
Which of the following enables the exchange of information between computer programs?
API
An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?
ARP poisoning
The practice of sending unsolicited messages over Bluetooth is known as:
Bluejacking
Gaining unauthorized access to a Bluetooth device is referred to as:
Bluesnarfing
A wireless jamming attack is a type of:
Denial-of-Service (DoS) attack
A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required is known as:
Memory leak
What is the name of a technology used for contactless payment transactions?
NFC
A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:
Pass the hash
Which of the following wireless technologies enables identification and tracking of tags attached to objects?
RFID
A type of identification badge that can be held within a certain distance of a reader device to authenticate its holder is called:
RFID badge
The practice of modifying an application's code without changing its external behavior is referred to as:
Refactoring
What is the purpose of a DoS attack?
Resource exhaustion
Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application's code?
Shimming
Media Access Control (MAC) flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table. (True/False)
True
The term "Domain hijacking" refers to a situation in which domain registrants due to unlawful actions of third parties lose control over their domain names. (True/False)
True
The term "Evil twin" refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts. (True/False)
True