









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A comprehensive set of questions and answers related to comptia security+ domain 1, focusing on threats, attacks, and vulnerabilities. It covers topics such as malware types (worms, viruses, spyware, botnets, trojan horses, rootkits), social engineering attacks (phishing, whaling, spear phishing, dumpster diving, piggybacking, vishing), and security measures (anti-virus software, document destruction policies). The material is designed to help students and professionals prepare for the comptia security+ certification exam and enhance their understanding of cybersecurity principles. It also addresses internal and external threats, privilege escalation, and the importance of user education in maintaining a secure environment. Rated a, indicating a high level of quality and accuracy.
Typology: Exams
1 / 17
This page cannot be seen from the preview
Don't miss anything!










What is the main difference between a worm and a virus? - ANSWER - A worm can replicate itself, while a virus requires a host for distribution. What type of malware monitors your actions? - ANSWER - Spyware A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent? - ANSWER - Botnet Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? - ANSWER - Trojan horse Which of the following describes a logic bomb? - ANSWER - A program that performs a malicious activity at a specific time or after a triggering event. Which of the following is a characteristic of a virus? - ANSWER - Requires an activation mechanism to run Which of the following is undetectable software that allows administrator-level access? - ANSWER - Rootkit Which of the following are characteristics of a rootkit? (Select two.) - ANSWER - Requires administratorlevel privileges for installation. Hides itself from detection You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following terms best describes this software? - ANSWER - Rootkit While browsing the internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of? - ANSWER - Adware Which of the following best describes spyware? - ANSWER - It monitors the actions you take on your machine and sends the information back to its originating source. What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found? - ANSWER - Virus What is the primary distinguishing characteristic between a worm and a logic bomb? - ANSWER - Self-replication What is another name for a logic bomb? - ANSWER - Asynchronous attack You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with
problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file? - ANSWER - It has been moved to a secure folder on your computer. Which of the following measures are you most likely to implement to protect against a worm or Trojan horse? - ANSWER - Anti-virus software Which of the following statements about the use of antivirus software is correct? - ANSWER - Antivirus software should be configured to download updated virus definition files as soon as they become available. If your antivirus software does not detect and remove a virus, what should you try first? - ANSWER - Update your virus detection software. You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.) - ANSWER - Schedule regular full system scans. Educate users about malware To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again? - ANSWER - Configure the software to automatically download the virus definition files as soon as they become available You recently discovered that several key files of your antivirus program have been deleted. You suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files? - ANSWER - Retro Which type of virus conceals its presence by intercepting system requests and altering service outputs? - ANSWER - Stealth Which of the following is an example of an internal threat? - ANSWER - A user accidentally deletes the new product designs. What is the greatest threat to the confidentiality of data in most secure organizations? - ANSWER - USB devices Which of the following is an example of privilege escalation? - ANSWER - Creeping privileges Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts? - ANSWER - Phishing Match the social engineering description on the left with the appropriate attack type on the right. 1.Phishing
organization sends emails to senior executives and high-profile personnel asking them to verify personal information or send money. 3.Attackers use Voice over IP (VoIP) to pretend to be from a trusted organization and ask victims to verify personal information or send money. 4.Attackers send emails with specific information about the victim (such as which online banks they use) that ask them to verify personal information or send money. 5.Attackers send unwanted and unsolicited text messages to many people with the intent to sell products or services. The receptionist received a phone call from an individual claiming to be a partner in a highlevel project and requesting sensitive information. The individual is engaging in which type of social engineering? - ANSWER - Authority You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system. In response to this message, which action should you take first? - ANSWER - Verify the information on wellknown malicious code threat management websites What is the weakest point in an organization's security infrastructure? - ANSWER - People Which of the following is the main difference between a DoS attack and a DDoS attack? - ANSWER - The DDoS attack uses zombie computers. An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack? - ANSWER - DDoS Which of the following are denial of service attacks? (Select two.) - ANSWER - 1.Fraggle 2.Fraggle Which attack form either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring? - ANSWER - Denial of service attack As the victim of a Smurf attack, what protection measure is the most effective during the attack? - ANSWER - Communicate with your upstream provider You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack? (Select two.) - ANSWER - 1. The threat agent will obtain information about open ports on the system.
An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing? - ANSWER - Browsing the organization's website Which type of active scan turns off all flags in a TCP header? - ANSWER - Null Which of the following denial of service (DoS) attacks uses ICMP packets and is only successful if the victim has less bandwidth than the attacker? - ANSWER - Ping flood In which of the following denial of service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot? - ANSWER - Teardrop A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack? - ANSWER - Land attack Which of the following is a denial of service attack that:
DNS poisoning
problem? - ANSWER - Interference is affecting the wireless signal. Which of the following best describes an evil twin? - ANSWER - An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information. Network packet sniffing is often used to gain the information necessary to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing? - ANSWER - Encryption Which of the following common network monitoring or diagnostic activities can be used as a passive malicious attack? - ANSWER - Sniffing Match the malicious interference type on the right with the appropriate characteristic on the left. Each characteristic can be used once, more than once, or not at all.
messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru toplevel DNS domain. What kind of attack has occurred? - ANSWER - Phishing You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this? - ANSWER - Client-side scripts Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle? - ANSWER - Buffer overflow A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack? - ANSWER - Buffer overflow Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information? - ANSWER - XSS When you browse to a website, a popup window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred? - ANSWER - Driveby download Which of the following are subject to SQL injection attacks? - ANSWER - Database servers You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred? - ANSWER - SQL injection Which of the following methods should you use to prevent SQL injection attacks? - ANSWER - Perform input validation What is the most common attack waged against Web servers? - ANSWER - Buffer overflow Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack? - ANSWER - Buffer overflow Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target? - ANSWER - Buffer overflow As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these
windows from showing? - ANSWER - Pop- up blocker While using a Webbased order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario? - ANSWER - Integer overflow While using a Webbased game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario? - ANSWER - Locally shared object (LSO) exploit Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names:
In which type of attack does the attacker have access to both the plaintext and the resulting cipher text, but does not have the ability to encrypt the plain text? - ANSWER - Known plaintext Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plaintext to see the resulting ciphertext. Which type of attack is this? - ANSWER - Chosen plaintext When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred? - ANSWER - Key clustering Which of the following best describes a side- channel attack? - ANSWER - The attack is based on information gained from the physical implementation of a cryptosystem. Which of the following password attacks adds appendages to known dictionary words? - ANSWER - hybrid Which of the following attacks typically takes the longest amount of time to complete? - ANSWER - Brute force attack Which type of password attack employs a list of predefined passwords that it tries against a login prompt or a local copy of a security accounts database? - ANSWER - Dictionary Why are brute force attacks always successful? - ANSWER - They test every possible valid combination Which of the following is not a countermeasure against dictionary attacks? - ANSWER - Using short passwords If two different messages or files produce the same hashing digest, then a collision has occurred. Which form of cryptographic attack exploits this condition? - ANSWER - Birthday attack If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's login credentials, which of the following is true? (Select two.) - ANSWER - The discovered password will allow the attacker to log in as the user, even if the discovered password is not the same as the user's password. A collision was discovered. You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port on the router. The webbased management interface uses the default user name of cusadmin and a password of highspeed. What should you do to increase the security of this device? - ANSWER - Change the user name and create a more complex password
Which of the following strategies can protect against a rainbow table password attack? - ANSWER - Add random bits to the password before hashing takes place Which of the following is the correct definition of a threat? - ANSWER - Any potential danger to the confidentiality, integrity, or availability of information or systems Which of the following is the best definition of the term hacker? - ANSWER - A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit wellknown vulnerabilities in systems. What is the best defense against script kiddie attacks? - ANSWER - Keep systems uptodate and use standard security practices. Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? - ANSWER - Hacktivist The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following:
scanner definition files A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario? - ANSWER - Credentialed scan A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should he use? - ANSWER - Non-credentialed scan Which of the following identifies an operating system or network service based on its response to ICMP messages? - ANSWER - Fingerprinting Which of the following uses hacking techniques to proactively discover internal vulnerabilities? - ANSWER - Penetration testing You have decided to perform a doubleblind penetration test. Which of the following actions would you perform first? - ANSWER - Inform senior management Which of the following activities are typically associated with a penetration test? (Select two.) - ANSWER - Attempting social engineering Running a port scanner What is the main difference between vulnerability scanning and penetration testing? - ANSWER - Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. What is the primary purpose of penetration testing? - ANSWER - Test the effectiveness of your security perimeter Which of the following types of penetration test teams will provide you information that is most revealing of a realworld hacker attack? - ANSWER - Zero-knowledge team A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to probe various network hosts to see which operating system they are running. Which process did the administrator use in the penetration test in this scenario? - ANSWER - Active fingerprinting A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try to determine which operating systems are running on network hosts. Which process did the administrator use in the penetration test in this scenario? - ANSWER - Passive fingerprinting Which of the following are included in an operations penetration test? (Select two.) - ANSWER - Looking through discarded papers or media for sensitive information. Eavesdropping or obtaining sensitive information from items that are not properly stored.
Which phase or step of a security assessment is a passive activity? - ANSWER - Reconnaissance Drag each penetration test characteristic on the left to the appropriate penetration test name on the right.