Security+ Practice Test #4

Which of the following enables the exchange of information between computer programs? A. API B. UI C. Device drivers D. SDK

A. API

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario? A. ARP poisoning B. Replay attack C. Cross-site request forgery D. DNS poisoning

A. ARP poisoning

Which of the following statements can be used to describe the characteristics of an on-path attack? (Select all that apply) A. An on-path attack is also known as MITM attack B. In an on-path attack, attackers place themselves on the communication route between two devices C. In an on-path attack, attackers intercept or modify packets sent between two communicating devices D. In an on-path attack, attackers do not have access to packets exchanged during the communication between two devices E. In an on-path attack, attackers generate forged packets and inject them in the network

A. An on-path attack is also known as MITM attack B. In an on-path attack, attackers place themselves on the communication route between two devices C. In an on-path attack, attackers intercept or modify packets sent between two communicating devices

Which of the following fall(s) into the category of Layer 2 attacks? (Select all that apply) A. MAC cloning B. ARP poisoning C. MAC flooding D. DNS poisoning E. MAC spoofing

A. MAC cloning B. ARP poisoning C. MAC flooding E. MAC spoofing

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required is known as: A. Memory leak B. Buffer overflow C. Race condition D. Integer overflow

A. Memory leak

What is the name of a technology used for contactless payment transactions? A. NFC B. SDN C. PED D. WAP

A. NFC

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called: A. Pass the hash B. Replay attack C. Brute-force attack D. Spraying attack

A. Pass the hash

Which of the following provide randomization during encryption process? (Select 2 answers) A. Salting B. Rainbow tables C. Obfuscation D. Initialization Vector (IV) E. Shimming

A. Salting D. Initialization Vector (IV)

Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application's code? A. Shimming B. Refactoring C. API call D. Sideloading

A. Shimming

Media Access Control (MAC) flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table. A. True B. False

A. True

The term "Domain hijacking" refers to a situation in which domain registrants due to unlawful actions of third parties lose control over their domain names. A. True B. False

A. True

The term "Evil twin" refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts. A. True B. False

A. True

The practice of sending unsolicited messages over Bluetooth is known as: A. SPIM B. Bluejacking C. Vishing D. Bluesnarfing

B. Bluejacking

A wireless jamming attack is a type of: A. Cryptographic attack B. Denial-of-Service (DoS) attack C. Brute-force attack D. Downgrade attack

B. Denial-of-Service (DoS) attack

SSL stripping is an example of: (Select 2 answers) A. Brute-force attack B. Downgrade attack C. Watering hole attack D. On-path attack E. Denial-of-Service (DoS) attack

B. Downgrade attack D. On-path attack

The practice of modifying an application's code without changing its external behavior is referred to as: A. API call B. Refactoring C. Sideloading D. Shimming

B. Refactoring

What is the purpose of a DoS attack? A. Code injection B. Resource exhaustion C. Malware infection D. Privilege escalation

B. Resource exhaustion

A wireless disassociation attack is a type of: (Select 2 answers) A. Cryptographic attack B. Downgrade attack C. Deauthentication attack D. Brute-force attack E. Denial-of-Service (DoS) attack

C. Deauthentication attack E. Denial-of-Service (DoS) attack

An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as: (Select 2 answers) A. ARP poisoning B. On-path attack C. MAC spoofing D. Replay attack E. MAC cloning

C. MAC spoofing E. MAC cloning

Which of the following wireless technologies enables identification and tracking of tags attached to objects? A. WTLS B. GPS C. RFID D. WAF

C. RFID

Which of the following terms refer to software/hardware driver manipulation techniques? (Select 2 answers) A. Prepending B. Fuzz testing C. Refactoring D. Shimming E. Sideloading

C. Refactoring D. Shimming

NFC is vulnerable to: A. Data interception B. Replay attacks C. Denial-of-Service (DoS) attacks D. All of the above

D. All of the above

Gaining unauthorized access to a Bluetooth device is referred to as: A. Phishing B. Bluejacking C. Smishing D. Bluesnarfing

D. Bluesnarfing

A type of identification badge that can be held within a certain distance of a reader device to authenticate its holder is called: A. Smart card B. ID badge C. Soft token D. RFID badge

D. RFID badge

RFID is vulnerable to: A. Spoofing B. Eavesdropping C. Data interception D. Replay attacks E. Denial-of-Service (DoS) attacks F. All of the above

F. All of the above