CompTIA Security+ Domain 1: Threats, Attacks and Vulnerabilities - Q&A, Exams of Information Technology

A comprehensive set of questions and answers related to comptia security+ domain 1, focusing on threats, attacks, and vulnerabilities. It covers topics such as malware types (worms, viruses, spyware, botnets, trojan horses, rootkits), social engineering attacks (phishing, whaling, spear phishing, dumpster diving, piggybacking, vishing), and security measures (anti-virus software, document destruction policies). The material is designed to help students and professionals prepare for the comptia security+ certification exam and enhance their understanding of cybersecurity principles. It also addresses internal and external threats, privilege escalation, and the importance of user education in maintaining a secure environment. Rated a, indicating a high level of quality and accuracy.

Typology: Exams

2025/2026

Available from 12/16/2025

KattyJennifer-1
KattyJennifer-1 🇺🇸

5

(2)

6.1K documents

1 / 17

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 / 17
CompTIA Security+ Domain 1: Threats, Attacks and Vulnerabilities
Questions and Answers Rated A
What is the main difference between a worm and
a virus? - ANSWER -A worm can replicate
itself, while a virus requires a host for distribution.
What type of malware monitors your actions? -
ANSWER -Spyware
A collection of zombie computers have been set
up to collect personal information. What type of
malware do the zombie computers represent? -
ANSWER -Botnet
Which is a program that appears to be a
legitimate application, utility, game, or
screensaver and performs malicious activities
surreptitiously? - ANSWER -Trojan horse
Which of the following describes a logic bomb? -
ANSWER -A program that performs a
malicious activity at a specific time or after a
triggering
event.
Which of the following is a characteristic of a
virus? - ANSWER -Requires an activation
mechanism to run
Which of the following is undetectable software
that allows administrator-level access? -
ANSWER -Rootkit
Which of the following are characteristics of a
rootkit? (Select two.) - ANSWER -Requires
administratorlevel privileges for installation.
Hides itself from detection
You have heard about a new malware program
that presents itself to users as a virus scanner.
When users run the software, it installs itself as a
hidden program that has administrator access to
various operating system components. The
program then tracks system activity and allows
an attacker to remotely gain administrator access
to the computer.
Which of the following terms best describes this
software? - ANSWER -Rootkit
While browsing the internet, you notice that the
browser displays ads that are targeted towards
recent keyword searches you have performed.
What is this an example of? - ANSWER -
Adware
Which of the following best describes spyware? -
ANSWER -It monitors the actions you take
on your machine and sends the information back
to its originating source.
What is the common name for a program that
has no useful purpose, but attempts to spread
itself to other systems and often damages
resources on the systems where it is found? -
ANSWER -Virus
What is the primary distinguishing characteristic
between a worm and a logic bomb? -
ANSWER -Self-replication
What is another name for a logic bomb? -
ANSWER -Asynchronous attack
You have installed anti-malware software that
checks for viruses in email attachments. You
configure the software to quarantine any files with
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download CompTIA Security+ Domain 1: Threats, Attacks and Vulnerabilities - Q&A and more Exams Information Technology in PDF only on Docsity!

Questions and Answers Rated A

What is the main difference between a worm and a virus? - ANSWER - A worm can replicate itself, while a virus requires a host for distribution. What type of malware monitors your actions? - ANSWER - Spyware A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent? - ANSWER - Botnet Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? - ANSWER - Trojan horse Which of the following describes a logic bomb? - ANSWER - A program that performs a malicious activity at a specific time or after a triggering event. Which of the following is a characteristic of a virus? - ANSWER - Requires an activation mechanism to run Which of the following is undetectable software that allows administrator-level access? - ANSWER - Rootkit Which of the following are characteristics of a rootkit? (Select two.) - ANSWER - Requires administratorlevel privileges for installation. Hides itself from detection You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following terms best describes this software? - ANSWER - Rootkit While browsing the internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of? - ANSWER - Adware Which of the following best describes spyware? - ANSWER - It monitors the actions you take on your machine and sends the information back to its originating source. What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found? - ANSWER - Virus What is the primary distinguishing characteristic between a worm and a logic bomb? - ANSWER - Self-replication What is another name for a logic bomb? - ANSWER - Asynchronous attack You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with

Questions and Answers Rated A

problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file? - ANSWER - It has been moved to a secure folder on your computer. Which of the following measures are you most likely to implement to protect against a worm or Trojan horse? - ANSWER - Anti-virus software Which of the following statements about the use of antivirus software is correct? - ANSWER - Antivirus software should be configured to download updated virus definition files as soon as they become available. If your antivirus software does not detect and remove a virus, what should you try first? - ANSWER - Update your virus detection software. You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.) - ANSWER - Schedule regular full system scans. Educate users about malware To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again? - ANSWER - Configure the software to automatically download the virus definition files as soon as they become available You recently discovered that several key files of your antivirus program have been deleted. You suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files? - ANSWER - Retro Which type of virus conceals its presence by intercepting system requests and altering service outputs? - ANSWER - Stealth Which of the following is an example of an internal threat? - ANSWER - A user accidentally deletes the new product designs. What is the greatest threat to the confidentiality of data in most secure organizations? - ANSWER - USB devices Which of the following is an example of privilege escalation? - ANSWER - Creeping privileges Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts? - ANSWER - Phishing Match the social engineering description on the left with the appropriate attack type on the right. 1.Phishing

Questions and Answers Rated A

organization sends emails to senior executives and high-profile personnel asking them to verify personal information or send money. 3.Attackers use Voice over IP (VoIP) to pretend to be from a trusted organization and ask victims to verify personal information or send money. 4.Attackers send emails with specific information about the victim (such as which online banks they use) that ask them to verify personal information or send money. 5.Attackers send unwanted and unsolicited text messages to many people with the intent to sell products or services. The receptionist received a phone call from an individual claiming to be a partner in a highlevel project and requesting sensitive information. The individual is engaging in which type of social engineering? - ANSWER - Authority You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system. In response to this message, which action should you take first? - ANSWER - Verify the information on wellknown malicious code threat management websites What is the weakest point in an organization's security infrastructure? - ANSWER - People Which of the following is the main difference between a DoS attack and a DDoS attack? - ANSWER - The DDoS attack uses zombie computers. An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack? - ANSWER - DDoS Which of the following are denial of service attacks? (Select two.) - ANSWER - 1.Fraggle 2.Fraggle Which attack form either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring? - ANSWER - Denial of service attack As the victim of a Smurf attack, what protection measure is the most effective during the attack? - ANSWER - Communicate with your upstream provider You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack? (Select two.) - ANSWER - 1. The threat agent will obtain information about open ports on the system.

  1. The system will be unavailable to respond to legitimate requests. You need to enumerate the devices on your network and display the network's configuration details. - ANSWER - nmap

Questions and Answers Rated A

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing? - ANSWER - Browsing the organization's website Which type of active scan turns off all flags in a TCP header? - ANSWER - Null Which of the following denial of service (DoS) attacks uses ICMP packets and is only successful if the victim has less bandwidth than the attacker? - ANSWER - Ping flood In which of the following denial of service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot? - ANSWER - Teardrop A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack? - ANSWER - Land attack Which of the following is a denial of service attack that:

  • Subverts the TCP threeway handshake process by attempting to open numerous sessions on a victim server
  • Intentionally fails to complete the session by not sending the final required packet - ANSWER - SYN flood Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network? - ANSWER - Smurf A SYN attack or SYN flood exploits or alters which element of the TCP threeway handshake?
    • ANSWER - ACK When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what? - ANSWER - Land attack Which of the following best describes the ping of death? - ANSWER - An ICMP packet that is larger than 65,536 bytes Which of the following is the best countermeasure against maninthemiddle attacks? - ANSWER - IPsec What is modified in the most common form of spoofing on a typical IP packet? - ANSWER - Source address Which type of activity changes or falsifies information in order to mislead or redirect traffic?
    • ANSWER - Spoofing What is spoofing? - ANSWER - Changing or falsifying information in order to mislead or redirect traffic. Which type of denial of service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names

Questions and Answers Rated A

DNS poisoning

  1. Pharming Which of the following locations contributes the greatest amount of interference for a wireless access point? (Select two.) - ANSWER - 1. Near cordless phones
  2. Near backup generators Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this? - ANSWER - Rogue access point Which of the following describes the marks attackers place outside a building to identify an open wireless network? - ANSWER - War chalking The process of walking around an office building with an 802.11 signal detector is known as what?
  • ANSWER - War driving Which of the following best describes Bluesnarfing? - ANSWER - Viewing calendar, emails, and messages on a mobile device without authorization Which of the following sends unsolicited business cards and messages to a Bluetooth device? - ANSWER - Bluejacking Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol? - ANSWER - Disable Bluetooth on the phone You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2. GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using? (Select two.) - ANSWER - 1. Bluetooth
    1. 802.11g Your organization uses an 802.11g wireless network. Recently, other tenants installed the following equipment in your building:
    • A wireless television distribution system running at 2.4 GHz
    • A wireless phone system running at 5.8 GHz
    • A wireless phone system running at 900 MHz
    • An 802.11n wireless network running in the 5 GHz frequency range Since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame? - ANSWER - The wireless TV system A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop computer. While she normally works from her office, today she is trying to access the wireless network from a conference room across the hall and next to the elevator. What is the most likely cause of her connectivity

Questions and Answers Rated A

problem? - ANSWER - Interference is affecting the wireless signal. Which of the following best describes an evil twin? - ANSWER - An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information. Network packet sniffing is often used to gain the information necessary to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing? - ANSWER - Encryption Which of the following common network monitoring or diagnostic activities can be used as a passive malicious attack? - ANSWER - Sniffing Match the malicious interference type on the right with the appropriate characteristic on the left. Each characteristic can be used once, more than once, or not at all.

  1. Spark Jamming 2.Random Noise Jamming 3.Random Pulse Jamming - ANSWER - 1.Repeatedly blasts receiving equipment with highintensity, shortduration RF bursts at a rapid pace 2.Produces RF signals using random amplitudes and frequencies 3.Uses radio signal pulses of random amplitude and frequency An attacker has hidden an NFC reader behind an NFC based kiosk in an airport. The attacker uses the device to capture NFC data in transit between end user devices and the reader in the kiosk. She then uses that information to masquerade as the original end user device and establish an NFC connection to the kiosk. What kind of attack has occurred in this scenario? - ANSWER - NFC relay attack You are implementing a wireless network in a dentist's office. The dentist's practice is small, so you choose to use an inexpensive consumergrade access point. While reading the documentation, you notice that the access point supports WiFi Protected Setup (WPS) using a PIN. You are concerned about the security implications of this functionality. What should you do to reduce risk? - ANSWER - Disable WPS in the access point's configuration You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.) - ANSWER - Conduct a site survey Check the MAC addresses of devices connected to your wired switch A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred? - ANSWER - Privilege escalation An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions? -

Questions and Answers Rated A

messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru toplevel DNS domain. What kind of attack has occurred? - ANSWER - Phishing You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this? - ANSWER - Client-side scripts Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle? - ANSWER - Buffer overflow A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack? - ANSWER - Buffer overflow Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information? - ANSWER - XSS When you browse to a website, a popup window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred? - ANSWER - Driveby download Which of the following are subject to SQL injection attacks? - ANSWER - Database servers You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred? - ANSWER - SQL injection Which of the following methods should you use to prevent SQL injection attacks? - ANSWER - Perform input validation What is the most common attack waged against Web servers? - ANSWER - Buffer overflow Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack? - ANSWER - Buffer overflow Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target? - ANSWER - Buffer overflow As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these

Questions and Answers Rated A

windows from showing? - ANSWER - Pop- up blocker While using a Webbased order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario? - ANSWER - Integer overflow While using a Webbased game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario? - ANSWER - Locally shared object (LSO) exploit Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names:

  • www.videoshare.com
  • www.vidshar.com
  • www.vidsshare.com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario? - ANSWER - typosquatting Match the exploit on the right with the appropriate description on the left 1.Watering hole attack 2.Arbitrary code execution exploit 3.LSO exploit 4.Zeroday attack - ANSWER - 1.An attacker compromises a Web site, hoping that a target individual will access the site and be exposed to the exploit. 2.A vulnerability in a running process allows an attacker to inject malicious instructions and run them 3.A Flash cookie is used to collect information about the user's browsing habits without their permission. 4.An attacker exploits computer application vulnerabilities before they are known and patched by the application's developer. An attacker inserts SQL database commands into a data input field of an order form used by a Webbased application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit? - ANSWER - Implementing clientside validation. While using a Webbased order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible

Questions and Answers Rated A

In which type of attack does the attacker have access to both the plaintext and the resulting cipher text, but does not have the ability to encrypt the plain text? - ANSWER - Known plaintext Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plaintext to see the resulting ciphertext. Which type of attack is this? - ANSWER - Chosen plaintext When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred? - ANSWER - Key clustering Which of the following best describes a side- channel attack? - ANSWER - The attack is based on information gained from the physical implementation of a cryptosystem. Which of the following password attacks adds appendages to known dictionary words? - ANSWER - hybrid Which of the following attacks typically takes the longest amount of time to complete? - ANSWER - Brute force attack Which type of password attack employs a list of predefined passwords that it tries against a login prompt or a local copy of a security accounts database? - ANSWER - Dictionary Why are brute force attacks always successful? - ANSWER - They test every possible valid combination Which of the following is not a countermeasure against dictionary attacks? - ANSWER - Using short passwords If two different messages or files produce the same hashing digest, then a collision has occurred. Which form of cryptographic attack exploits this condition? - ANSWER - Birthday attack If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's login credentials, which of the following is true? (Select two.) - ANSWER - The discovered password will allow the attacker to log in as the user, even if the discovered password is not the same as the user's password. A collision was discovered. You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port on the router. The webbased management interface uses the default user name of cusadmin and a password of highspeed. What should you do to increase the security of this device? - ANSWER - Change the user name and create a more complex password

Questions and Answers Rated A

Which of the following strategies can protect against a rainbow table password attack? - ANSWER - Add random bits to the password before hashing takes place Which of the following is the correct definition of a threat? - ANSWER - Any potential danger to the confidentiality, integrity, or availability of information or systems Which of the following is the best definition of the term hacker? - ANSWER - A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit wellknown vulnerabilities in systems. What is the best defense against script kiddie attacks? - ANSWER - Keep systems uptodate and use standard security practices. Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? - ANSWER - Hacktivist The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following:

  • Create and follow onboarding and offboarding procedures
  • Employ the principal of least privilege
  • Have appropriate physical security controls in place Which type of threat actor do these steps guard against? - ANSWER - Insider Match the general attack strategy on the left with the appropriate description on the right. (Each attack strategy may be used once, more than once, or not all.) 1.Exploitation 2.Staging 3.Exploitation 4.Reconnaissance 5.Breaching 6.Escalating privileges - ANSWER - 1.Stealing information. 2.Preparing a computer to perform additional tasks in the attack. 3.Crashing Systems 4.Gathering system hardware information 5.Penetrating system defenses to gain unauthorized access 6.Configuring additional rights to do more than breach the system Match the general defense methodology on the left with the appropriate description on the right. (Each methodology may be used once, more than once, or not all.) 1.The constant change in personal habits and passwords to prevent anticipated events and exploitation. 2.Diversifying layers of defense 3.Giving users only the access they need to do their job and nothing more. 4.Implementing multiple security measures to protect the same asset. 5.Eliminating single points of failure. 6.Giving groups only the access they need to do their job and nothing more. - ANSWER - 1.Randomness 2.Variety 3.Principle of least privilege 4.Layering 5.Layering 6.Principle of least privilege

Questions and Answers Rated A

scanner definition files A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario? - ANSWER - Credentialed scan A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should he use? - ANSWER - Non-credentialed scan Which of the following identifies an operating system or network service based on its response to ICMP messages? - ANSWER - Fingerprinting Which of the following uses hacking techniques to proactively discover internal vulnerabilities? - ANSWER - Penetration testing You have decided to perform a doubleblind penetration test. Which of the following actions would you perform first? - ANSWER - Inform senior management Which of the following activities are typically associated with a penetration test? (Select two.) - ANSWER - Attempting social engineering Running a port scanner What is the main difference between vulnerability scanning and penetration testing? - ANSWER - Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. What is the primary purpose of penetration testing? - ANSWER - Test the effectiveness of your security perimeter Which of the following types of penetration test teams will provide you information that is most revealing of a realworld hacker attack? - ANSWER - Zero-knowledge team A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to probe various network hosts to see which operating system they are running. Which process did the administrator use in the penetration test in this scenario? - ANSWER - Active fingerprinting A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try to determine which operating systems are running on network hosts. Which process did the administrator use in the penetration test in this scenario? - ANSWER - Passive fingerprinting Which of the following are included in an operations penetration test? (Select two.) - ANSWER - Looking through discarded papers or media for sensitive information. Eavesdropping or obtaining sensitive information from items that are not properly stored.

Questions and Answers Rated A

Which phase or step of a security assessment is a passive activity? - ANSWER - Reconnaissance Drag each penetration test characteristic on the left to the appropriate penetration test name on the right.

  1. White box test 2.Grey box test 3.Black box test 4.Single blind test 5.Double blind test - ANSWER - 1.The tester has detailed information about the target system prior to starting the test. 2.The tester has the same amount of information that would be available to a typical insider in the organization 3.The tester has no prior knowledge of the target system. 4.Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed. 5.The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed.