Security +

Question 1

While waiting in the lobby of your building for a guest, you notice a man in a red shirt standing close to a locked door with a large box in his hands. He waits for someone else to come along and open the locked door and then proceeds to follow her inside. What type of social engineering attack have you just witnessed?

Impersonation
Phishing
Boxing
Tailgating

Answer 1

Tailgating

Question 2

A colleague asks you for advice on why he can’t log in to his Gmail account. Looking at his browser, you see he typed www.gmal.com in the address bar. The screen looks very similar to the Gmail login screen. Your colleague has just fallen victim to what type of attack?

A. Jamming
B. Rainbow Table
C. Whale phishing
D. Typosquatting

Answer 2

D. Typosquatting

Question 3

A user in your organization contacts you to see if there’s any update to the “account compromise” that happened last week. When you ask him to explain what he means. and the user tells you he received a phone call earlier in the week from you department and was asked to verify his user ID and password. The user says he gave the caller his user ID and password. This user has fallen victim to what specific type of attack?

Spear Phishing
Vishing
Phishing
Replication

Answer 3

Vishing

Question 4

Coming into your office, you overhear a conversation between two security guards. One guard is telling the other she caught several people digging through the trash behind the building early this morning. The security guard says the people claimed to be looking for aluminum cans, but only had a bag of papers no cans. What type of attack has this security guard witnessed?

Spear Phishing
Pharming
Dumpster Diving
Rolling Refuse

Answer 4

Dumpster Diving

Question 5

Which of the following are specifically used to spread influence, alter perceptions, and sway people toward a position favored by those spreading it?

Identity fraud, invoice scams, credential harvesting
Hoaxes, eliciting information, urgency
influence campaigns, social media, hybrid warfare
authority, intimidation, consensus

Answer 5

Influence campaigns, social media, hybrid warfare

Question 6

Which of the following is a type of social engineering attack in which an attacker attempts to obtain sensitive information from a user by masquerading as a trusted entity in an e-mail?

Phishing
Pharming
Spam
Vishing

Answer 6

Phishing

Question 7

Which of the following is/are psychological tools used by social engineers to create false trust with a target?

Impersonation
Urgency or scarcity
Authority
All of the above

Answer 7

all of the above

Question 8

once an organization’s security policies have been established, what is the single most effective method of countering potential social engineering attacks?

An active security awareness program
A separate physical access control mechanism for each department in the organization
Frequent testing of both the organization’s physical security procedures and employee telephone practices
Implementing access control cards and the wearing of security identification badges

Answer 8

An active security awareness program

Question 9

You notice a new custodian in the office, working much earlier than normal, emptying trash cans, and moving slowly past people working. You ask him where the normal guy is, and in very broken English he says “Out sick,” indicating a cough. What is happening?

Watering hole attack
Impersonation
Prepending
Identity fraud

Answer 9

Impersonation

Question 10

You boss thanks you for pictures you sent from the recent company picnic. You ask him what he is talking about, and he says he got an e-mail from you with pictures from the picnic. Knowing you have not sent him that e-mail, what type of attack do you suspect is happening?

Phishing
Spear phishing
Reconnaissance
Impersonation

Answer 10

Spear phishing

Question 11

A disgruntled administrator is fired for negligence at your organization. Thirty days later, your organization’s internal file server and backup server crash at exactly the same time. Examining the servers, you determine that critical operating system files were deleted from both systems. If the disgruntled administrator was responsible for administering those servers during her employment, this is most likely an example of what kind of malware?

Crypto-malware
Trojan
Worm
Logic bomb

Answer 11

Logic bomb

Question 12

A colleague has been urging you to download a new animated screensaver he has been using for several weeks. While he is showing you the program, the cursor on his screen moves on its own and a command prompt window opens and quickly closes. You can’t tell what if anything was displayed in that command prompt window. Your colleague says, “it’s been doing that for a while, but it’s no big deal.” Based on what you’ve seen, you suspect the animated screensaver is really what type of malware?

A worm
A trojan
Ransomware
Spyware

Answer 12

A Trojan

Question 13

Several desktops in your organization are displaying a red screen with the message “Your files have been encrypted. Pay 1 bitcoin to recover them.” These desktops have most likely been affected by what type of malware?

Spyware
Spraying
Ransomware
Crypto-malware

Answer 13

Ransomware

Question 14

While port scanning your network for unauthorized systems, you notice one of your file servers has TCP port 31337 open. When you connect to the port with netcat, you see a prompt that reads “Enter password for access:”. Your server may be infected with what type of malware?

PUP
Fileless virus
Backdoor
Man in the middle

Answer 14

Backdoor

Question 15

While port-scanning your network for unauthorized systems, you notice one of your file servers has TCP port 61337 open. When you use Wireshark and examine the packets, you see encrypted traffic, in single packets, going back and forth every five minutes. The external connection is a server outside of your organization. What is this connection?

Command and Control
Backdoor
External backup location
Remote Login

Answer 15

Command and Control

Question 16

A user in your organization is having issues with her laptop. Every time she opens a web browser, she sees different pop-up ads every few minutes. It doesn’t seem to matter which websites are being visited—the pop-ups still appear. What type of attack does this sound like?

PUP
Ransomware
Worm
Virus

Answer 16

PUP (Potentially unwanted program)

Question 17

Users at your organization are complaining about slow systems. Examining several of them, you see that CPU utilization is extremely high and a process called “btmine” is running on each of the affected systems. You also notice each of the affected systems is communicating with an IP address outside your country on UDP port 43232. If you disconnect the network connections on the affected systems, the CPU utilization drops significantly. Based on what you’ve observed, you suspect these systems are infected with what type of malware?

Rainbow tables
Crypto-malware
dictionary
hybrid attack

Answer 17

Crypto-malware

Question 18

A piece of malware is infecting the desktops in your organization. Every hour, more systems are infected. The infections are happening in different departments and in cases where the users don’t share any files, programs, or even e-mails. What type of malware can cause this type of infection?

Virus
Trojan
Rat
Worm

Answer 18

Worm

Question 19

Which of the following are characteristics of remote access trojans?

They can be deployed through malware such as worms
They allow attacks to connect to the system remotely
They give attackers the ability to modify files and change settings
All of the above

Answer 19

All of the above

Question 20

“To test your systems against weak passwords, you as an admin (with proper permissions) test all the accounts using the top 100 commonly used passwords. What is this test an example of?”

Dictionary
Password spraying
Rainbow tables
Online

Answer 20

Password spraying

Question 21

When an attacker captures network traffic and retransmits it at a later time, what type of attack are they attempting?

DoS attack
Replay attack
Bluejacking attack
MITM

Answer 21

Replay attack

Question 22

What type of attack involves an attacker putting a layer of code between an original device driver and the operating system.

Refactoring
Trojan Horse
Shimming
Pass the hash

Answer 22

Shimming

Question 23

You’re reviewing a custom web application and accidentally type a number in a text field. The application returns an error message containing variable names, filenames, and the full path of the application. This is an example of which of the following?

Resource exhaustion
Improper error handling
Generic error message
Common misconfiguration

Answer 23

Improper error handling

Question 24

You’re working with a group testing a new application. You’ve noticed that when three or more of you click Submit on a specific form at the same time, the application crashes every time. This is most likely an example of which of the following?

A race condition
A non-deterministic error
Undocumented feature
DLL injection

Answer 24

A race condition

Question 25

An externally facing web server in your organization keeps crashing. Looking at the server after a reboot, your notice CPU usage is pegged and memory usage is rapidly climbing. The traffic logs show a passive amount of incoming HTTP and HTTPS requests to the server. Which type of attack is this web server experiencing? Input validation Distributed error handling Resource exhaustion Race condition

Answer 25

Resource exhaustion

Question 26

Your organization is considering using a new ticket identifier with your current help desk system. The new identifier would be a 16-digit integer created by combining the date, time and operator ID. Unfortunately, when you've tried using the new identifier in the "ticket number" field on your current system, the application crashes every time. The old method of using a 5-digit integer works just fine. This is most likely an example of which of the following? A. Common misconfiguration B. Zero day vulnerability C. Memory leak D. Integer overflow

Answer 26

D. Integer overflow

Question 27

While examining a laptop infected with malware you notice the malware loads on startup and also loads a file called netutilities.dll each time Microsoft Word is opened. This is an example of which of the following? A. Zero day exploit B. DLL injection C. System infection D. Memory overflow

Answer 27

B. DLL injection

Question 28

A web application you are reviewing has an input field for username and indicates the username should be between 6 and 12 characters. You've discovered that if you input a username 150 characters or more in length, the application crashes. What is this an example of? A. Memory leak B. Buffer overflow C. Directory traversal D. Integer overflow

Answer 28

B. Buffer overflow

Question 29

Your organization is having issues with a custom web application. The application seems to run fine for a while but starts to lock up or crash after 7 to 10 days of continuous use. Examining the server, you notice that memory usage seems to climb every day until the server runs out of memory. The application is most likely suffering from which of the following? A. Memory leak B. Overflow leak C. Zero day exploit D. Pointer dereference

Answer 29

A. Memory leak

Question 30

Your database server is returning a large dataset to an online user, saturating the network. The normal return of records would be a couple at most. This is an example of what form of attack? Man in the middle SQL injection Memory leak LDAP injection

Answer 30

SQL injection

Question 31

A user reports seeing "odd certificate warnings" on her web browser this morning whenever she visits Google. Looking at her browser, you see certificate warnings. Looking at the network traffic, you see all HTTP and HTTPS requests from that system are being routed to the same IP regardless of destination. Which of the following attack types are you seeing in this case? Evil Twin MITM Disassociation MAC Cloning

Answer 31

MITM

Question 32

Users are reporting the wireless network on one side of the building is broken. They can connect, but can't seem to get to the Internet. While investigating, you notice all of the affected users are connecting to an access point you don't recognize. These users have fallen victim to what type of attack? Rogue AP WPS Bluejacking Disassociation

Answer 32

Rogue AP

Question 33

You're sitting at the airport when your friend gets a message on her phone. In the text is a picture of a duck with the word "Pwnd" as the caption. Your friend doesn't know who sent the message. What type of attack is this? Snarfing Bluejacking Quacking Collision

Answer 33

Bluejacking

Question 34

All of the wireless users on the third floor of your building are reporting issues with the network. Every 15 minutes, their devices disconnect from the network. Within a minute or so they are able to reconnect. What type of attack is most likely underway in this situation? Evil Twin Jamming Domain Hijacking Disassociation

Answer 34

Disassociation

Question 35

Your e-commerce site is crashing under an extremely high traffic volume. Looking at the traffic logs, you see tens of thousands of requests for the same URL coming from hundreds of different IP addresses around the world. What type of attack is this? Domain Highjacking DDoS DNS Poisoning URL Redirection

Answer 35

DDoS

Question 36

A user wants to know if the network is down, because she is unable to connect to anything. While troubleshooting, you notice the MAC address for her default gateway doesn't match the MAC address of your organization's router. What type of attack has been used against this user? Mac Cloning ARP Poisoning Disassociation Rogue AP

Answer 36

ARP Poisoning

Question 37

You have a helpdesk ticket for a system that is acting strangely. Looking at the system remotely, you see the following in the browser cache: www.micros0ft.com/office. What type of attack are you seeing? Domain hijacking Disassociation PowerShell URL redirection

Answer 37

URL redirection

Question 38

You are seeing a bunch of PDFs flood people's inboxes with titles such as " New tax rates for 2021." What attack vector is most likely in use? Python Macro MITM DDoS

Answer 38

Macro

Question 39

When you update your browser, you get a warning about a plugin not being compatible with the new version. You do not recognize the plugin, and you aren't sure what it does. Why is it important to understand plugins? What attack vector can be involved in plugins? Domain hijacking attack URL redirection attack Man in the browser attack Man in the middle attack

Answer 39

Man in the browser attack

Question 40

Your network scan is showing a large number of address changes to the MAC tables and lots of ARP and RARP messages. What is happening? MAC flooding attack Disassociation attack Jamming attack DNS Poisoning

Answer 40

MAC flooding attack