Practice Exam 9 Flashcards
(25 cards)
As opposed to simple DoS attacks that usually are performed from a single system, a DDoS attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as a platform for the attack (often referred to as zombies, and collectively as a botnet) are the secondary victims of the DDoS attack.
Answer: True
Concept (Quick Explanation)
A DDoS (Distributed Denial-of-Service) attack floods a target with traffic from multiple compromised systems to overwhelm and disrupt its services.
Key Points
Uses multiple systems (often infected with malware) instead of one.
These compromised systems are called zombies, forming a botnet.
Targets services, websites, or networks to make them unavailable.
More powerful and harder to block than a simple DoS attack.
Why the Answer is Correct
The statement is True because it accurately describes the difference between DoS and DDoS—particularly how DDoS uses multiple compromised systems (botnets) to launch an attack, making it more impactful and difficult to mitigate.
Why It Matters
DDoS attacks can shut down critical services, cause financial loss, and damage reputation. Recognizing how they work helps in designing effective defenses—key for the Security+ exam.
A type of DDoS attack where an attacker exploits vulnerabilities in certain services or protocols to generate responses that are much larger than the original request is referred to as:
Answer: Amplified DDoS (Distributed Denial of Service) attack
Concept (Quick Explanation)
An amplified DDoS attack uses vulnerable services to magnify the size of attack traffic, overwhelming the target with minimal effort from the attacker.
Key Points
Attacker sends small requests to third-party servers.
Those servers send much larger responses to the victim.
Commonly exploits UDP-based protocols (e.g., DNS, NTP, Memcached).
Often combined with IP spoofing to hide the attacker’s identity.
Why the Answer is Correct
The answer is correct because this type of DDoS attack relies on amplification—using legitimate services to increase the volume of data sent to a target, far beyond the size of the attacker’s original request.
Why It Matters
Amplified DDoS attacks are highly efficient and hard to trace. They can cripple networks and services, making it vital for Security+ professionals to understand them and how to mitigate them (e.g., rate limiting, protocol hardening).
What defines a reflected DDoS attack?
Answer: Utilizing third-party servers to reflect and amplify attack traffic towards the target
Concept (Quick Explanation)
A reflected DDoS attack tricks third-party servers into sending response traffic to a victim, overwhelming the target with those replies.
Key Points
Uses IP spoofing to make the request appear to come from the victim.
Third-party servers (like DNS, NTP) send responses to the victim.
Often combined with amplification to increase impact.
Attacker remains hidden while directing large volumes of traffic at the target.
Why the Answer is Correct
The answer is correct because a reflected DDoS attack relies on using legitimate servers to reflect and sometimes amplify traffic toward the target, making it both powerful and hard to trace.
Why It Matters
Reflected DDoS attacks exploit trusted infrastructure to carry out massive, hard-to-block attacks. Understanding how they work helps in configuring defenses like ingress filtering and protocol-level security—key for Security+.
A DNS amplification attack is a type of DDoS attack wherein an attacker sends a small, specially crafted DNS query containing a spoofed IP address (the victim’s IP) to a compromised DNS server. Upon receiving the query, the DNS server generates a much larger response packet, which is then sent to the victim’s IP address, causing potential disruption due to overwhelming traffic.
Answer: True
Concept (Quick Explanation)
A DNS amplification attack is a DDoS technique where small queries generate large DNS responses that are redirected to a victim’s IP address.
Key Points
Uses spoofed IP to make it look like the request is from the victim.
Sends the request to open or vulnerable DNS servers.
Those servers send amplified responses to the victim.
Can achieve high traffic volume with minimal attacker effort.
Why the Answer is Correct
The answer is True because the description accurately reflects how DNS amplification works: small spoofed queries lead to large DNS responses, which flood the victim’s system.
Why It Matters
DNS amplification is highly effective and difficult to stop without proper DNS configuration. Understanding this tactic is vital for implementing defensive DNS practices—a key concept in Security+.
Which of the answers listed below refers to a cyberattack technique that relies on providing false DNS information to a DNS resolver for the purpose of redirecting or manipulating the resolution of domain names to malicious IP addresses?
Answer: DNS spoofing
Concept (Quick Explanation)
DNS spoofing (or DNS cache poisoning) is a technique where an attacker feeds false DNS information to a DNS resolver, redirecting users to malicious IP addresses.
Key Points
Attacker injects fake DNS records into a resolver’s cache.
Redirects legitimate domain requests to malicious servers.
Can be used for phishing, malware delivery, or data theft.
Often targets users who rely on poisoned DNS entries.
Why the Answer is Correct
The answer is correct because DNS spoofing is exactly the act of manipulating DNS resolution by supplying incorrect IP address information to mislead users.
Why It Matters
DNS spoofing undermines the trust model of the internet. It can silently redirect users to dangerous sites, making DNS security (like DNSSEC) a critical area in Security+ and real-world network protection.
Remapping a domain name to a rogue IP address is an example of what kind of exploit?
Answer: DNS cache poisoning
Concept (Quick Explanation)
DNS cache poisoning is an attack where a DNS resolver is tricked into storing malicious DNS entries, remapping domain names to rogue IP addresses.
Key Points
Attacker injects false DNS info into the resolver’s cache.
Affects all users querying that DNS resolver.
Commonly used for phishing, malware distribution, or surveillance.
Can persist until cache is cleared or expires.
Why the Answer is Correct
The answer is correct because remapping a domain to a rogue IP is the key action in DNS cache poisoning—where fake DNS responses are cached by a DNS server and served to users.
Why It Matters
This exploit undermines domain trust and is hard for users to detect, making it a serious threat. Understanding it helps with learning DNS security practices like using DNSSEC, crucial for Security+.
When domain registrants due to unlawful actions of third parties lose control over their domain names, they fall victim to:
Answer: Domain hijacking
Concept (Quick Explanation)
Domain hijacking occurs when an attacker gains unauthorized control of a registered domain, often through social engineering, phishing, or exploiting registrar vulnerabilities.
Key Points
Legitimate domain owner loses control of their domain.
Often involves compromising registrar accounts or DNS settings.
Can lead to loss of email, web presence, and brand trust.
Hard to recover once transferred or modified.
Why the Answer is Correct
The answer is correct because domain hijacking refers to the scenario where third-party attackers unlawfully take over domain ownership, typically affecting the registrant’s control.
Why It Matters
Losing a domain means losing business identity and customer trust. Recognizing this threat emphasizes the importance of domain security practices (like multi-factor authentication and registrar locks) covered in Security+.
Which of the following can be classified as a malicious activity indicator on a wireless network?
Answer: Rogue AP
Concept (Quick Explanation)
A Rogue Access Point is an unauthorized wireless access point connected to a secure network without permission, often used to intercept or manipulate traffic.
Key Points
Can be maliciously installed by attackers or accidentally by users.
Bypasses security controls, creating a backdoor into the network.
May mimic legitimate APs to trick users into connecting.
Enables eavesdropping, MITM attacks, or credential harvesting.
Why the Answer is Correct
The answer is correct because a Rogue AP is a clear indicator of potential malicious activity on a wireless network, as it allows attackers to compromise the network’s integrity and confidentiality.
Why It Matters
Rogue APs bypass security perimeter controls and expose internal resources. Identifying and neutralizing them is critical for securing wireless networks—a key Security+ competency.
The practice of gaining unauthorized access to a Bluetooth device is known as:
Answer: Bluesnarfing
Concept (Quick Explanation)
Bluesnarfing is the act of unauthorized access to data on a Bluetooth-enabled device, such as contacts, messages, or files.
Key Points
Exploits Bluetooth vulnerabilities or misconfigurations.
Does not require user interaction in some cases.
Targets smartphones, laptops, or any Bluetooth-capable devices.
Different from Bluejacking, which is mostly harmless and involves sending unsolicited messages.
Why the Answer is Correct
The answer is correct because Bluesnarfing specifically refers to unauthorized data theft via Bluetooth, distinguishing it from other Bluetooth-based attacks.
Why It Matters
Bluesnarfing can lead to data breaches and privacy violations. Knowing how Bluetooth attacks work is important for securing wireless communications—critical knowledge for Security+.
A wireless disassociation attack is a type of: (Select 2 answers)
Answer: Deauthentication attack and DoS attack
Concept (Quick Explanation)
A wireless disassociation attack forces a device to disconnect from a Wi-Fi network by sending forged deauthentication or disassociation frames.
Key Points
Classified as a Deauthentication attack: sends fake disassociation frames.
Also a form of Denial-of-Service (DoS): prevents users from staying connected.
Exploits the unencrypted nature of 802.11 management frames.
Often used in evil twin or man-in-the-middle attacks to force reconnection through a rogue AP.
Why the Answers are Correct
Deauthentication attack – Because the attacker sends spoofed deauth/disassociation messages.
DoS attack – Because it disrupts normal access, effectively denying service to users.
Why It Matters
Disassociation attacks weaken wireless network availability and can lead to further exploits like credential harvesting. Understanding this is key to implementing wireless hardening techniques (e.g., 802.11w) for Security+.
A wireless jamming attack is a type of:
Answer: DoS attack
Concept (Quick Explanation)
A wireless jamming attack disrupts wireless communication by flooding the frequency with noise or signals, preventing legitimate devices from connecting or communicating.
Key Points
It is a Denial-of-Service (DoS) attack targeting wireless signals.
Causes interference that blocks or degrades Wi-Fi or other wireless communications.
Can be done with simple devices or more advanced jammers.
Difficult to trace and mitigate because it affects the wireless spectrum.
Why the Answer is Correct
The answer is correct because wireless jamming intentionally denies service to wireless users by overwhelming the communication channel, fitting the definition of a DoS attack.
Why It Matters
Wireless jamming can cripple network availability and disrupt business operations. Understanding this helps in designing defenses like frequency hopping and signal monitoring, important for Security+.
Which of the answers listed below refers to RFID vulnerability?
Answer: All of the above | Here are the answers listed: Spoofing, Eavesdropping, RFID cloning, Data interception, Replay attack, and DoS attack
Concept (Quick Explanation)
RFID systems have multiple security vulnerabilities that can be exploited to compromise data and access controls.
Key Points
Spoofing: Impersonating an authorized RFID tag.
Eavesdropping: Intercepting RFID communications.
RFID cloning: Copying legitimate RFID data onto another device.
Data interception: Capturing sensitive info during transmission.
Replay attack: Resending captured RFID data to gain unauthorized access.
Denial of Service (DoS): Disrupting RFID system operation.
Why the Answer is Correct
The answer is correct because all listed vulnerabilities are valid and commonly associated risks in RFID technology, making “All of the above” the comprehensive choice.
Why It Matters
RFID vulnerabilities can lead to unauthorized access and data breaches, so understanding these threats is essential for securing physical and logical systems in Security+.
Which of the following is a vulnerability characteristic to NFC communication?
Answer: All of the above | Here are the answers listed: Eavesdropping, Data interception, Replay attacks, and DoS attacks
Concept (Quick Explanation)
Near Field Communication (NFC) has specific security weaknesses that can be exploited due to its wireless nature.
Key Points
Eavesdropping: Attacker listens to NFC communication.
Data interception: Capturing data exchanged between devices.
Replay attacks: Resending captured data to trick devices.
Denial of Service (DoS): Disrupting or jamming NFC communications.
Why the Answer is Correct
The answer is correct because all listed attacks are known vulnerabilities specific to NFC, making “All of the above” the comprehensive answer.
Why It Matters
NFC is widely used in payment systems and access control; vulnerabilities can lead to fraud or unauthorized access. Knowing these risks is key for Security+ exam and practical defense.
Which wireless attack focuses on exploiting vulnerabilities found in WEP?
Answer: IV attack (Initialization Vector)
Concept (Quick Explanation)
An IV (Initialization Vector) attack exploits weaknesses in the way WEP handles IVs to crack encryption keys and access wireless networks.
Key Points
Targets WEP (Wired Equivalent Privacy) encryption flaws.
Exploits weak, short IVs that repeat frequently.
Allows attackers to capture enough packets to recover the WEP key.
Leads to unauthorized access and data interception.
Why the Answer is Correct
The answer is correct because IV attacks specifically target the vulnerability of short, predictable IVs in WEP, making it possible to break the encryption.
Why It Matters
WEP is outdated and insecure; knowing IV attacks highlights why stronger protocols like WPA2/WPA3 are necessary—a key Security+ takeaway.
Which of the statements listed below can be used to describe the characteristics of an on-path attack? (Select all that apply)
Answer: Attackers intercept or modify packets sent between two communicating devices, Attackers place themselves on the communication route between two devices, and An on-path attack is also known as MITM attack
Concept (Quick Explanation)
An on-path attack (also known as a Man-in-the-Middle, MITM attack) occurs when an attacker intercepts and possibly alters communication between two parties without their knowledge.
Key Points
Attacker places themselves between two communicating devices.
Can intercept, modify, or inject data packets.
Enables eavesdropping, data theft, or session hijacking.
Difficult for victims to detect during the attack.
Why the Answer is Correct
All listed statements are correct because they describe key features of on-path/MITM attacks: intercepting/modifying packets, being on the communication path, and the synonymous nature of the terms.
Why It Matters
On-path attacks threaten data confidentiality and integrity, emphasizing the need for encryption and authentication in Security+.
A network replay attack occurs when an attacker captures sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized operations.
Answer: True
Concept (Quick Explanation)
A network replay attack involves capturing valid data transmissions and resending them later to trick the receiver into unauthorized actions.
Key Points
Attacker records legitimate messages (e.g., authentication tokens).
Resends these messages to gain unauthorized access or repeat actions.
Often targets authentication or session protocols.
Can be prevented with timestamps, nonces, or sequence numbers.
Why the Answer is Correct
The answer is True because the definition matches the core idea of a replay attack: capturing and retransmitting data to deceive the system.
Why It Matters
Replay attacks can bypass authentication, so understanding and defending against them is critical for secure network communications—important for Security+.
What are the characteristic features of a session ID? (Select all that apply)
Answer: Enables the server to identify the session and retrieve the corresponding session data, A unique identifier assigned by the website to a specific user, A piece of data that can be stored in a cookie, or embedded as a URL parameter, and Stored on the client side (in the user’s browser) and sent to the server with each request
Concept (Quick Explanation)
A session ID is a unique identifier assigned by a web server to a user’s session, enabling the server to track and manage the user’s activity during that session.
Key Points
Identifies and links the session to stored data on the server.
Uniquely assigned to each user session.
Can be stored in cookies or embedded in URL parameters.
Stored client-side and sent with every request to maintain session state.
Why the Answers are Correct
All options describe valid characteristics of session IDs, from identification and uniqueness to storage and transmission methods.
Why It Matters
Session IDs are crucial for maintaining user authentication and state on stateless protocols like HTTP, but if mishandled, they can be targets for attacks such as session hijacking. Security+ emphasizes understanding these risks.
In a session replay attack, an attacker intercepts and steals a valid session ID of a user and resends it to the server with the intent of gaining unauthorized access to the user’s session or tricking the server into unauthorized operations on behalf of the legitimate user.
Answer: True
Concept (Quick Explanation)
A session replay attack occurs when an attacker steals a valid session ID and uses it to impersonate the legitimate user by replaying that session ID to the server.
Key Points
Attacker captures a user’s active session ID.
Uses stolen session ID to gain unauthorized access.
Exploits lack of proper session expiration or token validation.
Can lead to account takeover and data compromise.
Why the Answer is Correct
The answer is True because the definition exactly matches what happens during a session replay attack—reusing a stolen session ID to trick the server.
Why It Matters
Session replay attacks bypass authentication controls, so protecting session tokens and implementing secure session management are vital topics in Security+.
A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:
Answer: Pass the hash
Concept (Quick Explanation)
Pass-the-Hash (PtH) is an attack technique where the attacker uses a hashed password (hash) instead of the cleartext password to authenticate to a remote system.
Key Points
Attacker captures password hash from one system.
Uses the hash to authenticate without cracking or knowing the actual password.
Common in Windows environments using NTLM authentication.
Allows lateral movement within a network.
Why the Answer is Correct
The answer is correct because Pass-the-Hash allows authentication using the password hash directly, bypassing the need to obtain the actual cleartext password.
Why It Matters
PtH attacks highlight the importance of strong credential protection and segmentation in networks, essential for defending against credential theft in Security+.
What type of action allows an attacker to exploit the XSS vulnerability?
Answer: Code injection
Concept (Quick Explanation)
An attacker exploits a Cross-Site Scripting (XSS) vulnerability by injecting malicious code (usually JavaScript) into trusted websites, which is then executed by the victim’s browser.
Key Points
XSS relies on injecting malicious scripts into web pages.
Injected code runs in the context of the victim’s browser.
Can steal cookies, session tokens, or perform actions on behalf of the user.
Types include Stored XSS, Reflected XSS, and DOM-based XSS.
Why the Answer is Correct
The answer is correct because the fundamental action enabling XSS attacks is the injection of malicious code into input fields or URLs.
Why It Matters
XSS attacks compromise user data and trust in websites, emphasizing the need for proper input validation and output encoding in web security—key topics for Security+.
Which of the following exploits targets a protocol used for managing and accessing networked resources?
Answer: LDAP (Lightweight Directory Access Protocol) injection attack
Concept (Quick Explanation)
LDAP injection exploits vulnerabilities in applications that build LDAP queries from user input, allowing attackers to manipulate queries and gain unauthorized access or manipulate directory data.
Key Points
Targets LDAP (Lightweight Directory Access Protocol), used for managing network resources like users and devices.
Attacker injects malicious input to alter LDAP queries.
Can lead to unauthorized data access, bypassing authentication, or data modification.
Similar in nature to SQL injection but specific to LDAP queries.
Why the Answer is Correct
The answer is correct because LDAP injection specifically targets the LDAP protocol used for directory services, allowing attackers to exploit query-building weaknesses.
Why It Matters
Understanding LDAP injection helps protect directory services, a critical part of network infrastructure, and is essential for Security+ exam and real-world defense.
Which type of exploit targets web applications that generate content used to store and transport data?
Answer: XML injection attack
Concept (Quick Explanation)
An XML injection attack targets web applications that use XML to store or transport data by injecting malicious XML content to manipulate or compromise the application.
Key Points
Exploits weaknesses in how applications process XML input.
Can alter data structure, bypass input validation, or cause application errors.
May lead to data theft, unauthorized actions, or denial of service.
Common in systems using SOAP, XML APIs, or web services.
Why the Answer is Correct
The answer is correct because XML injection specifically targets applications that generate or use XML data for storage or communication, exploiting improper input handling.
Why It Matters
XML is widely used in enterprise applications and web services; securing XML processing is critical to prevent injection attacks and protect data integrity, a vital Security+ topic.
Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)
Answer: System/application vulnerabilities, System/application misconfigurations, and Social engineering techniques
Concept (Quick Explanation)
Privilege escalation occurs when an attacker gains higher-level access than initially granted, often by exploiting weaknesses or errors.
Key Points
System/application vulnerabilities: Bugs or flaws attackers exploit to elevate privileges.
System/application misconfigurations: Improper settings that allow unauthorized access or privilege gains.
Social engineering techniques: Tricking users or admins into revealing credentials or performing actions that grant higher privileges.
Why the Answer is Correct
All listed options facilitate privilege escalation because they provide attackers pathways to gain elevated access through technical flaws or human manipulation.
Why It Matters
Privilege escalation leads to greater control over systems, making it a critical attack vector to defend against in Security+.
Which of the statements listed below apply to the CSRF/XSRF attack? (Select 3 answers)
Answer: Exploits the trust a website has in the user’s web browser, A user is tricked by an attacker into submitting unauthorized web requests, and Website executes attacker’s requests
Concept (Quick Explanation)
CSRF tricks a user’s browser into sending unauthorized requests to a trusted website, exploiting the website’s trust in the user’s authenticated session.
Key Points
Exploits trust a website places in the user’s browser (e.g., cookies or session).
User is tricked into submitting unauthorized requests (e.g., clicking a malicious link).
The website executes attacker-crafted requests as if they came from the legitimate user.
Why the Answers are Correct
All three accurately describe how CSRF works: exploiting browser trust, tricking users, and the site unknowingly executing malicious requests.
Why It Matters
CSRF can cause unauthorized actions (like changing passwords or making transactions) without user consent—an important web security risk for Security+.
