Module 03: Quiz
Which of the following statements are true for artificial intelligence (AI)? [Choose all that apply]
A self-driving car is an example of AI AI focuses on the broad idea of making a system execute a task Machine Learning or ML is a subset of AI
What term best describes the link to the device platform that allows a developer to access resources at a higher level.
API
A USB can be used to drop which of the following types of malware? [Choose all that apply]
Backdoor Worms Keyboard loggers Trojan
Which of the following type of attack is a pre-cursor to the collision attack?
Birthday
Password spraying cyber-attack can be categorized as which of the following type of attack?
Brute-force
Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?
Buffer Overflow
Which of the following is known as out-of-the-box configuration?
Default settings
Which of the following code provides instructions to the hardware?
Firmware
software apps installed on a device before the purchase are known as which of the following?
PUP
Which of the following malware does not harm the system but only targets the data?
Ransomware
Which of the following statements are true for a zero-day attack?
These are the correct statements regarding a zero-day attack. A zero-day attack is impossible to detect as it exploits unknown vulnerabilities. (True) A zero-day vulnerability can be an example of an unknown threat. (True) Explanation: A zero-day attack is impossible to detect as it exploits unknown vulnerabilities. (True): Zero-day attacks take advantage of software vulnerabilities that are unknown to the vendor or the public. Because these vulnerabilities are not yet discovered or patched, traditional security measures may not be effective in detecting or preventing such attacks. This makes it challenging to detect and defend against zero-day attacks until a patch or solution is developed. A zero-day vulnerability can be an example of an unknown threat. (True): Zero-day vulnerabilities represent unknown threats because they are flaws in software that are not yet known to the software developer or the wider community. Attackers exploit these vulnerabilities before they are discovered and patched, making them a type of threat that is not yet recognized or addressed by security measures. Explanation: Zero-day attacks exploit undisclosed vulnerabilities, making detection difficult, and zero-day vulnerabilities, as unknown threats, are flaws in software exploited by attackers before discovery and patching. The other statements (2 and 3) were marked as false because: A zero-day vulnerability can only be discovered when the software is deployed. (False): Zero-day vulnerabilities can be discovered by researchers, attackers, or security professionals before the software is widely deployed. The term "zero-day" refers to the fact that developers have zero days to fix the issue once it becomes publicly known. A zero-day vulnerability can only exist within operating systems. (False): Zero-day vulnerabilities can exist in variou
For which of the following Windows versions, Microsoft has stopped providing support services?
Windows XP Windows 7 Windows 8 Windows 8.1
Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?
cross site scripting
An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?
directory listing
Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?
error based sql injection
Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization?
horizontal privilege esculation
Which of the following is also known as a "dot dot slash" attack?
path traversal
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following?
session hijacking
