CompTIA Security+ Practice Exam (2)
-
Why does social engineering attacks often succeed?
-
Strong passwords are not required
-
Lack of security awareness
-
Multiple logins are allowed
-
Audit logs are not monitored frequently
-
Comptia Security+ Practice Exam (2)
Full length Comptia Security+ Practice Exam. Take this exam like the real exam to see if you are completely prepared for the real exam. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.
Quiz Preview
- 2.
Which of the following occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle?
-
Brute Force attack
-
Spoofing attack
-
Buffer overflow
-
Man in the middle attack
-
SYN flood
Correct Answer
A. Buffer overflowExplanation
Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135Rate this question:
-
- 3.
How can you monitor the online activities of a user?
-
Viruses will permit monitoring of online activities.
-
Spy ware will permit monitoring of online activities.
-
Logic bomb will permit monitoring of online activities.
-
Worms will permit monitoring of online activities.
Correct Answer
A. Spy ware will permit monitoring of online activities.Explanation
Spyware is a type of software that is designed to collect information about a user's online activities without their knowledge or consent. It can track websites visited, keystrokes typed, and even capture screenshots or record audio. This makes it an effective tool for monitoring someone's online activities. Viruses, logic bombs, and worms are malicious software that can cause harm to a computer system, but they do not specifically enable monitoring of online activities.Rate this question:
-
- 4.
Which of the following is the most effective defense against a social engineering attack?
-
Marking of documents
-
Escorting of guests
-
Badge security system
-
Training and awareness
Correct Answer
A. Training and awarenessExplanation
The only preventative measure in dealing with social engineering attacks is to educate your users and staff to never give out passwords and user Ids over the phone, via e-mail, or to anyone who is not positively verified as being who they say they are. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
- 5.
Which of the following attacks attempts to crack passwords
-
SMURF
-
Dictionary
-
Teardrop
-
Spamming
Correct Answer
A. DictionaryExplanation
Dictionaries may be used in a cracking program to determine passwords. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Although most systems resist such attacks, some do not. In one case, one system in five yielded to a particular dictionary attack.Rate this question:
-
- 6.
Identify the attack where the purpose is to stop a workstation or service from functioning?
-
This attack is known as non-repudiation.
-
This attack is known as TCP/IP hijacking.
-
This attack is known as denial of service (DoS).
-
This attack is known as brute force.
Correct Answer
A. This attack is known as denial of service (DoS).Explanation
Denial of Service (DoS) attack is a type of attack where the purpose is to stop a workstation or service from functioning. It is achieved by overwhelming the target system with a flood of illegitimate requests or by exploiting vulnerabilities in the system to exhaust its resources. This attack is not related to non-repudiation, TCP/IP hijacking, or brute force.Rate this question:
-
- 7.
With regards to the use of Instant Messaging, which of the following type of attack can best be guarded against by user awareness training?
-
Social engineering
-
Stealth
-
Ambush
-
Multi-prolonged
Correct Answer
A. Social engineeringExplanation
The only preventative measure in dealing with social engineering attacks is to educate your users and staff to never give out passwords and user Ids over the phone, via e-mail, or to anyone who is not positively verified as being who they say they are.
Reference:
Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
- 8.
Which of the following type of attack CANNOT be deterred solely through technical means?
-
Dictionary.
-
Man in the middle.
-
DoS (Denial of Service).
-
Social engineering.
Correct Answer
A. Social engineering.Explanation
Because of human rights laws, it is unlawful to use technology to directly control people's emotions and behaviors. For this reason social engineering attacks cannot be deterred through technical means.Rate this question:
-
- 9.
The system administrator of the company has resigned. When the administrator's user ID is deleted, the system suddenly begins deleting files. What type of malicious code is this?
-
Logic bomb
-
Virus
-
Virus
-
Worm
Correct Answer
A. Logic bombExplanation
When the system administrator's user ID is deleted and the system starts deleting files, it indicates the presence of a logic bomb. A logic bomb is a type of malicious code that is intentionally inserted into a system and remains dormant until triggered by a specific event or condition. In this case, the logic bomb was programmed to activate when the administrator's user ID was deleted, causing the system to initiate the deletion of files.Rate this question:
-
- 10.
What is the scenario named where a user receives an e-mail requesting personal data as well as bank account details?
-
This can be described as a hoax.
-
This can be described as packet sniffing.
-
This can be described as phishing.
-
This can be described as spam.
Correct Answer
A. This can be described as phishing.Explanation
Phishing is a type of cyber attack where the attacker sends fraudulent emails or messages to trick the recipient into revealing sensitive information such as personal data and bank account details. The attacker often pretends to be a trustworthy entity in order to deceive the user. In this scenario, the user receiving an email requesting personal data and bank account details is a clear example of a phishing attempt.Rate this question:
-
- 11.
Which of the following is the major difference between a worm and a Trojan horse?
-
Worms are spread via e-mail while Trojan horses are not.
-
Worms are self replicating while Trojan horses are not.
-
Worms are a form of malicious code while Trojan horses are not.
-
There is no difference.
Correct Answer
A. Worms are self replicating while Trojan horses are not.Explanation
A worm is different from a virus. Worms reproduce themselves, are self-contained and do not need a host application to be transported. The Trojan horse program may be installed as part of an installation process. They do not reproduce or self replicate.
Reference:
Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, pp 83, 85Rate this question:
-
- 12.
In which of the following would an attacker impersonate a dissatisfied customer of a company and requesting a password change on the customer's account?
-
Hostile code.
-
Social engineering.
-
IP (Internet Protocol) spoofing.
-
Man in the middle attack.
Correct Answer
A. Social engineering.Explanation
Social engineering is using deception to engineer human emotions into granting access.Rate this question:
-
- 13.
You are the network administrator at Certkiller .com. During a routing site audit of Certkiller 's wireless network, you discover an unauthorized Access Point under the desk of Sales department user. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you become a victim of?
-
Halloween attack
-
Phone tag
-
Replay attack
-
Social Engineering
-
IP Spoofing.
Correct Answer
A. Social EngineeringExplanation
Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. A social engineering attack may occur over the phone, be e-mail, or by a visit. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
- 14.
What is used in a distributed denial of service (DDOS) attack?
-
DDOS makes use of Botnet.
-
DDOS makes use of Phishing.
-
DDOS makes use of Adware.
-
DDOS makes use of Trojan.
Correct Answer
A. DDOS makes use of Botnet.Explanation
A distributed denial of service (DDOS) attack uses a botnet, which is a network of compromised computers or devices that are controlled by an attacker. The attacker uses the botnet to flood a target system or network with a large amount of traffic, overwhelming its resources and causing it to become unavailable to legitimate users. This is done by infecting and taking control of multiple devices, such as computers, servers, or IoT devices, and coordinating them to send a massive amount of requests or data to the target. The use of a botnet allows the attacker to amplify the impact of the attack and make it more difficult to mitigate.Rate this question:
-
- 15.
It has come to your attention that numerous e-mails are received from an ex employee. You need to determine whether the e-mails originated internally?
-
This can be accomplished by viewing the from line of the e-mails.
-
This can be accomplished by reviewing anti-virus logs on the ex employees computer.
-
This can be accomplished by replying to the e-mail and checking the destination e-mail address.
-
This can be accomplished by looking at the source IP address in the SMTP header of the e-mails.
Correct Answer
A. This can be accomplished by looking at the source IP address in the SMTP header of the e-mails.Explanation
By looking at the source IP address in the SMTP header of the emails, it is possible to determine whether the emails originated internally. The source IP address reveals the location from where the emails were sent, allowing for identification of whether they were sent from within the organization or from an external source. This method is reliable as it provides concrete evidence about the origin of the emails.Rate this question:
-
- 16.
Which programming mechanism should be used to permit administrative access whilst bypassing the usual access control methods?
-
It is known as a logic bomb.
-
It is known as a back door.
-
It is known as a Trojan horse.
-
It is known as software exploit.
Correct Answer
A. It is known as a back door.Explanation
A back door is a programming mechanism that allows administrative access to a system while bypassing the usual access control methods. It is typically used by system administrators or developers to gain unauthorized access to a system for legitimate purposes, such as troubleshooting or maintenance. However, back doors can also be exploited by malicious individuals to gain unauthorized access to a system and carry out malicious activities. Therefore, it is important for system administrators to regularly monitor and secure their systems to prevent unauthorized access through back doors.Rate this question:
-
- 17.
A server or application that accepts more input than the server or application is expecting is known as:
-
It is known as a Denial of service (DoS).
-
It is known as a Buffer overflow.
-
It is known as a Brute force.
-
It is known as a Syntax error.
Correct Answer
A. It is known as a Buffer overflow.Explanation
A server or application that accepts more input than it is expecting can lead to a buffer overflow. This occurs when the input data exceeds the allocated buffer size, causing the excess data to overwrite adjacent memory locations. This can result in the corruption of data, crashing of the server or application, and even potential security vulnerabilities.Rate this question:
-
- 18.
What would a user's best plan of action be on receiving an e-mail message warning of a virus that may have accidentally been sent in the past, and suggesting that the user to delete a specific file if it appears on the user's computer?
-
Check for the file and delete it immediately.
-
Check for the file, delete it immediately and copy the e-mail to all distribution lists.
-
Report the contents of the message to the network administrator.
-
Ignore the message. This is a virus hoax and no action is required
Correct Answer
A. Report the contents of the message to the network administrator.Explanation
In such a scenario the most rational answer is to tell your network administrator. Most network administrators don't have much to do most of the day, so they live for an opportunity like this. Incorrect Answers: Deleting the file wouldn't be good, because deleting a file doesn't necessarily eliminate a problem, as it could put it to your email trash folder, or to your recycle bin. This will give you a false sense of security, and work against the process of containment. Copying the email to all distribution lists, is another mistake, because if indeed the email does contain a virus, you'll only spread it. Ignoring the problem isn't a good problem, although virus hoaxes are common, all it takes is one real virus to cause a mini-disaster.Rate this question:
-
- 19.
Which malicious software can be transmitted across computer networks without user intervention?
-
A worm can be transmitted without user intervention.
-
A virus can be transmitted without user intervention.
-
A logic bomb can be transmitted without user intervention.
-
A Trojan horse can be transmitted without user intervention.
Correct Answer
A. A worm can be transmitted without user intervention.Explanation
A worm is a type of malicious software that can spread across computer networks without any user intervention. Unlike viruses or Trojan horses, worms do not require any action from the user, such as opening an infected file or clicking on a malicious link. They can exploit vulnerabilities in computer systems or network protocols to automatically replicate and spread to other computers. This makes worms highly effective in quickly infecting a large number of computers and causing widespread damage.Rate this question:
-
- 20.
Which of the following is an example of the theft of network passwords without the use of software tools?
-
Trojan programs.
-
Social engineering.
-
Sniffing.
-
Hacking.
Correct Answer
A. Social engineering.Explanation
Social engineering is any means of using people to seek out information. These people practice espionage to: break in without detection, disguise themselves in, trick others into giving them access, or trick others into giving them information.Rate this question:
-
- 21.
Identify the malicious software that can be transmitted across computer networks without needing a client to distribute the software?
-
A Worm can be transmitted across computer networks without needing a client to distribute software.
-
A Virus can be transmitted across computer networks without needing a client to distribute software.
-
A Logic bomb can be transmitted across computer networks without needing a client to distribute software.
-
A Trojan horse can be transmitted across computer networks without needing a client to distribute software.
Correct Answer
A. A Worm can be transmitted across computer networks without needing a client to distribute software.Explanation
A worm is a type of malicious software that can self-replicate and spread across computer networks without the need for a client to distribute it. Unlike viruses, which require a host file or program to attach themselves to, worms can independently move from one system to another through network connections. They exploit vulnerabilities in operating systems or network protocols to propagate and can cause significant damage by consuming network bandwidth, slowing down systems, or even deleting files. Therefore, a worm is the correct answer as it fits the description of being able to spread across computer networks without relying on a client.Rate this question:
-
- 22.
Identify the malicious code that enters the system via a freely distributed game that is purposely installed and played?
-
It can enter a system by means of a logic bomb.
-
It can enter a system by means of a Trojan horse.
-
It can enter a system by means of a worm.
-
It can enter a system by means of an e-mail attachment.
Correct Answer
A. It can enter a system by means of a Trojan horse.Explanation
A Trojan horse is a type of malicious code that disguises itself as a harmless program or file. In this scenario, the malicious code enters the system through a freely distributed game that is intentionally installed and played by the user. The user may be unaware that the game contains a hidden Trojan horse, which allows the malicious code to gain unauthorized access to the system and potentially cause harm or steal sensitive information.Rate this question:
-
- 23.
Identify a port scanning tool?
-
Nmap is port scanning tool.
-
Cain & Abel is port scanning tool.
-
L0phtcrack is port scanning tool.
-
John the Ripper is port scanning tool.
Correct Answer
A. Nmap is port scanning tool.Explanation
Nmap is a widely used and highly regarded port scanning tool. It is designed to scan and discover open ports on a network, providing information about the services running on those ports. Nmap offers a range of scanning techniques and advanced features, making it a powerful tool for network administrators and security professionals.Rate this question:
-
- 24.
What is an application that appears to perform a useful function but instead contains some sort of malicious code called?
-
Worm
-
SYN flood
-
Virus
-
Trojan Horse
-
Logic Bomb
Correct Answer
A. Trojan HorseExplanation
A Trojan horse attaches itself to another file, such as a word processing document. Trojan horses may also arrive as part of an e-mail for free game, software, or other file. When the Trojan horse activates and performs its task, it infects all of the word processing or template files. Consequently, every new file will carry the Trojan horse. The Trojan horse may not be visible because it masks itself inside of a legitimate program.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 80Rate this question:
-
- 25.
Which program replicate independently across networks?
-
Spyware will replicate independently.
-
Worm will replicate independently.
-
Trojan horse will replicate independently.
-
Virus will replicate independently.
Correct Answer
A. Worm will replicate independently.Explanation
Worms are a type of malware that can replicate and spread independently across networks without the need for any user action. Unlike viruses, which require a host file or program to attach themselves to, worms are standalone programs that can self-replicate and spread to other computers or devices connected to the same network. Spyware, Trojan horses, and viruses may also replicate, but they typically require some form of user action or interaction to spread.Rate this question:
-
- 26.
Identify the malicious code that does not need human involvement to install itself and to spread?
-
A Virus does not need human involvement.
-
A Trojan horse does not need human involvement.
-
A Logic bomb does not need human involvement.
-
A Worm does not need human involvement.
Correct Answer
A. A Worm does not need human involvement.Explanation
A worm is a type of malicious code that can self-replicate and spread across computer networks without any human involvement. Unlike viruses or Trojan horses, worms can exploit vulnerabilities in computer systems to automatically install themselves and propagate to other connected devices. They can spread rapidly and cause significant damage by consuming network bandwidth, overloading servers, or compromising sensitive data. Therefore, a worm is the correct answer as it is capable of independently infecting and spreading without the need for human interaction.Rate this question:
-
- 27.
You configure a computer to act as a zombie set in order to attack a web server on a specific date. What would this contaminated computer be part of?
-
The computer is part of a DDoS attack.
-
The computer is part of a TCP/IP hijacking.
-
The computer is part of a spoofing attack.
-
The computer is part of a man-in-the-middle attack.
Correct Answer
A. The computer is part of a DDoS attack.Explanation
The given correct answer suggests that the contaminated computer is part of a DDoS attack. A DDoS (Distributed Denial of Service) attack is a malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic from multiple sources. In this scenario, the computer has been configured to act as a "zombie" or part of a botnet, which is a network of infected computers controlled by an attacker. These infected computers, including the one in question, are used to send a massive amount of traffic to the target web server, causing it to become overwhelmed and unavailable to legitimate users.Rate this question:
-
- 28.
Which of the following can distribute itself without using a host file?
-
Virus.
-
Trojan horse.
-
Logic bomb.
-
Worm.
Correct Answer
A. Worm.Explanation
Worms are dangerous because they can enter a system by exploiting a 'hole' in an operating system. They don't' need a host file, and they don't need any user intervention to replicate by themselves. Some infamous worms were: Morris, Badtrans, Nimda, and Code Red.Rate this question:
-
- 29.
What is a piece of code that appears to do something useful while performing a harmful and unexpected function like stealing passwords called?
-
Virus
-
Logic bomb
-
Worm
-
Trojan horse
Correct Answer
A. Trojan horseExplanation
Trojan horses are programs that enter a system or network under the guise of another program. A Trojan Horse may be included as an attachment or as part of an installation program. The Trojan Horse could create a back door or replace a valid program during installation. The Trojan Program would then accomplish its mission under the guise of another program. Trojan Horses can be used to compromise the security of your system and they can exist on a system for years before they are detected.
Reference:
Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 84Rate this question:
-
- 30.
What is a program that appears to be useful but contains hidden code that allows unauthorized individuals to exploit or destroy data is commonly known?
-
A virus
-
A Trojan horse
-
A worm
-
A back door
Correct Answer
A. A Trojan horseExplanation
A Trojan horse is a program that appears to be useful but contains hidden code that allows unauthorized individuals to exploit or destroy data. Unlike a virus or a worm, a Trojan horse does not replicate itself. Instead, it tricks the user into believing it is a legitimate program and once installed, it can give unauthorized access to the attacker or cause harm to the user's data. A back door, on the other hand, refers to a hidden entry point in a system that allows unauthorized access, but it is not specifically designed to appear useful like a Trojan horse.Rate this question:
-
- 31.
In which of the following does someone use an application to capture and manipulate packets as they are passing through your network?
-
DDos
-
Back Door
-
Man in the Middle
-
Spoofing
Correct Answer
A. Man in the MiddleExplanation
The method used in these attacks places a piece of software between a server and the user. The software intercepts and then sends the information to the server. The server responds back to the software, thinking it is the legitimate client. The attacking software then sends this information on to the server, etc. The man in the middle software may be recording this information, altering it, or in some other way compromising the security of your system.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 57Rate this question:
-
- 32.
Which of the following is a security breach that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?
-
CRL
-
DoS
-
ACL
-
MD2
-
None of the above
Correct Answer
A. DoSExplanation
DOS attacks prevent access to resources by users authorized to use those resources. An attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 53Rate this question:
-
- 33.
In which of the following attacks does the attacker pretend to be a legitimate user?
-
Aliasing
-
Spoofing
-
Flooding
-
Redirecting
-
None of the Above
Correct Answer
A. SpoofingExplanation
A spoofing attack is simple an attempt by someone or something masquerading as someone else. This type of attack is usually considered an access attack.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 56Rate this question:
-
- 34.
What is usually the goal of TCP (transmission Control Protocol) session hijacking?
-
Taking over a legitimate TCP (transmission Control Protocol) connection.
-
Predicting the TCP (transmission Control Protocol) sequence number.
-
Identifying the TCP (transmission Control Protocol) port for future exploitation.
-
Identifying source addresses for malicious use.
-
None of the Above
Correct Answer
A. Taking over a legitimate TCP (transmission Control Protocol) connection.Explanation
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets. Thus hijacking the conversation, and continuing the conversation under the disguise of the legitimate party, and taking advantage of the trust bond.Rate this question:
-
- 35.
In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate?
-
The version field.
-
The source address field.
-
The source port field.
-
The destination address field.
Correct Answer
A. The source address field.Explanation
In IP Spoofing a hacker tries to gain access to a network by pretending his or her machine has the same network address as the internal network.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 515Rate this question:
-
- 36.
What is the process of forging an IP (Internet Protocol) address to impersonate another machine called?
-
TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking
-
IP (Internet Protocol) spoofing
-
Replay
-
Man in the middle
Correct Answer
A. IP (Internet Protocol) spoofingExplanation
The word spoofing was popularized in the air-force. When a fighter jet notices an enemy missile (air-to-air or surface-to-air) coming, the pilot will fire off a flair or a chaff (depending on whether or not the missile is heat seeking or radar guided) to spoof (trick) the missile into going after the wrong target. IP spoofing works the same way, and is commonly used by computer hackers because it's easy to implement, it takes advantage of someone else's trust relationship, it makes it harder to identify the source of the true attack, and it focuses attention away to an innocent 3rd party.Rate this question:
-
- 37.
Identify the methods of password guessing that needs the longest attack time?
-
Brute force needs the longest attack time.
-
Dictionary needs the longest attack time.
-
Rainbow needs the longest attack time.
-
Birthday needs the longest attack time.
Correct Answer
A. Brute force needs the longest attack time.Explanation
Brute force is a method of password guessing where all possible combinations of characters are tried until the correct password is found. This method requires the longest attack time because it systematically checks every possible combination, which can be time-consuming and resource-intensive. Dictionary, rainbow, and birthday attacks are more efficient methods that exploit patterns or precomputed tables, making them faster than brute force.Rate this question:
-
- 38.
What do intruders use most often to gain unauthorized-access to a system?
-
Brute force attack.
-
Key logging
-
Trojan horse.
-
Social engineering.
Correct Answer
A. Social engineering.Explanation
Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. A social engineering attack may occur over the phone, by e-mail, or by a visit. The answer is not written in the book, but the easiest way to gain information would be social engineering.
Reference:
Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
- 39.
Which of the following measures can be used to guard against a social engineering attack?
-
Education, limit available information and security policy.
-
Education, firewalls and security policy.
-
Security policy, firewalls and incident response.
-
Security policy, system logging and incident response.
Correct Answer
A. Education, limit available information and security policy.Explanation
A seems to be the best answer. The other answers involving objects and social engineering are verbal attacks.Rate this question:
-
- 40.
Which of the following is a DoS (Denial of Service) attack that exploits TCP's (Transmission Control Protocol) three-way handshake for new connections?
-
SYN (Synchronize) flood.
-
Ping of death attack.
-
Land attack.
-
Buffer overflow attack.
-
None of the Above
Correct Answer
A. SYN (Synchronize) flood.Explanation
The SYN flood attack works when a source system floods and end system with TCP SYN requests, but intentionally does not send out acknowledgements (ACK). Since TCP needs confirmation, the receiving computer is stuck with half-open TCP sessions, just waiting for acknowledgement so it can reset the port. Meanwhile the connection buffer is being overflowed, making it difficult or impossible for valid users to connect, therefore their service is denied.Rate this question:
-
- 41.
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
-
Differential cryptanalysis
-
Differential linear cryptanalysis
-
Birthday attack
-
Statistical attack
Correct Answer
A. Birthday attackExplanation
A good hashing algorithm should not produce the same hash value for two different messages. If the algorithm does produce the same value for two distinctly different messages, it is referred to as a collision. If an attacker finds an instance of a collision, he has more information to use when trying to break the cryptographic methods used. A complex way of attacking a one-way hash function is called the birthday attack. If an attacker has one hash value and wants to find a message that hashes to the same hash value, this process could take him years. However, if he just wants to find any two messages with the same hashing value, it could take him only a couple hours.Rate this question:
-
- 42.
What is used to verify the equipment status and modify the configuration or settings of network gadgets?
-
This can be accomplished by using SNMP.
-
This can be accomplished by using SMTP.
-
This can be accomplished by using CHAP.
-
This can be accomplished by using DHCP.
Correct Answer
A. This can be accomplished by using SNMP.Explanation
SNMP (Simple Network Management Protocol) is used to verify the equipment status and modify the configuration or settings of network gadgets. SNMP allows network administrators to monitor and manage network devices remotely. It provides a standardized way to collect and organize information about network devices, such as routers, switches, and servers. With SNMP, administrators can monitor device performance, track network traffic, and make configuration changes as needed. SNMP uses a manager-agent model, where the manager collects information from agents running on network devices.Rate this question:
-
- 43.
Determine the programming method you should use to stop buffer overflow attacks?
-
You should make use of Automatic updates.
-
You should make use of Input validation.
-
You should make use of Signed applets.
-
You should make use of Nested loops.
Correct Answer
A. You should make use of Input validation.Explanation
To stop buffer overflow attacks, input validation should be used. This involves checking and validating user input to ensure it meets the expected format and length. By validating input, the program can prevent malicious users from inputting data that could overflow the buffer and potentially execute arbitrary code. Automatic updates, signed applets, and nested loops are not directly related to preventing buffer overflow attacks.Rate this question:
-
- 44.
What should a network administrator's first course of action be on receiving an e-mail alerting him to the presence of a virus on the system if a specific executable file exists?
-
Investigate the e-mail as a possible hoax with a reputable anti-virus vendor.
-
Immediately search for and delete the file if discovered.
-
Broadcast a message to the entire organization to alert users to the presence of a virus.
-
Locate and download a patch to repair the file.
Correct Answer
A. Investigate the e-mail as a possible hoax with a reputable anti-virus vendor.Explanation
If a virus threat is for real, the major anti-virus players like Symantec, McAfee, or Sophos will know about it before you, and they will have details on their sites. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems, but its also ineffective. One can miss a file, the file could be hidden, the wrong file can be deleted, and worst of all: when you delete a file it doesn't really get completely deleted, instead it gets sent to a 'recycle bin.' Broadcasting an alert and creating panic isn't the right thing to do, because it will waste bandwidth, and perhaps terrorizing the users is the original intent of the attack. The act of locating and downloading a patch isn't just time consuming, but there's a chance that the patch itself could be the virus, or the process of resetting the computer could activate the virus.Rate this question:
-
- 45.
What results in poor programming techniques and lack of code review?
-
It can result in the Buffer overflow attack.
-
It can result in the Dictionary attack.
-
It can result in the Birthday attack.
-
It can result in the Common Gateway Interface (CGI) script attack.
Correct Answer
A. It can result in the Buffer overflow attack.Explanation
Poor programming techniques and lack of code review can result in a buffer overflow attack. This type of attack occurs when a program writes data to a buffer, but exceeds the buffer's capacity, causing the excess data to overwrite adjacent memory locations. This can lead to the execution of malicious code or the corruption of data, potentially compromising the security and stability of the system. Therefore, it is important to follow good programming practices and conduct regular code reviews to prevent such vulnerabilities.Rate this question:
-
- 46.
Identify the malicious code that enters a system and stay inactive until a user opens that particular program then starts to delete the contents of attached network drives and removable storage devices?
-
The malicious code is known as logic bomb.
-
The malicious code is known as Trojan horse.
-
The malicious code is known as honeypot.
-
The malicious code is known as worm.
Correct Answer
A. The malicious code is known as logic bomb.Explanation
A logic bomb is a type of malicious code that remains inactive until a specific condition is met, in this case, until a user opens a particular program. Once activated, it starts deleting the contents of attached network drives and removable storage devices. Unlike a Trojan horse, which disguises itself as a legitimate program, a logic bomb is specifically designed to cause harm once triggered. A honeypot is a trap set up to detect, deflect, or counteract attempts at unauthorized use of information systems, while a worm is a self-replicating program that spreads over a network without any user interaction. Therefore, the correct answer is logic bomb.Rate this question:
-
- 47.
What is used by anti-virus software to detect unknown viruses?
-
Zero-day algorithm is used to detect unknown viruses.
-
Heuristic analysis is used to detect unknown viruses.
-
Random scanning is used to detect unknown viruses.
-
Quarantining is used to detect unknown viruses.
Correct Answer
A. Heuristic analysis is used to detect unknown viruses.Explanation
Heuristic analysis is used by anti-virus software to detect unknown viruses. This technique involves analyzing the behavior and characteristics of files and programs to identify potential threats. It uses a set of rules and algorithms to determine if a file or program is malicious or suspicious. By comparing the file or program to known patterns and behaviors of viruses, heuristic analysis can detect and block unknown viruses that have not yet been identified by signature-based detection methods. This allows anti-virus software to provide protection against new and emerging threats.Rate this question:
-
- 48.
Which of the following network attacks misuses TCP's (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users?
-
Man in the middle.
-
Smurf
-
Teardrop
-
SYN (Synchronize)
Correct Answer
A. SYN (Synchronize)Explanation
SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 530Rate this question:
-
- 49.
You are the network administrator at Certkiller .com. During a routing site audit of Certkiller 's wireless network, you discover an unauthorized Access Point under the desk of Sales department user. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you become a victim of?
-
SYN Flood.
-
Distributed Denial of Service.
-
Man in the Middle attack.
-
TCP Flood.
-
None of the Above
Correct Answer
A. None of the AboveExplanation
Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. A social engineering attack may occur over the phone, be e-mail, or by a visit. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
Quiz Review Timeline (Updated): May 2, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
May 02, 2023Quiz Edited by
ProProfs Editorial Team -
Apr 25, 2009Quiz Created by
Mastermind1100
Security Plus Questions: Comptia Quiz!
CompTIA Security+ is an entry-level certification that develops network security knowledge. CompTIA certification covers IT concepts, basic IT literacy, and terminology....
Questions:
47 |
Attempts:
252 |
Last updated:
Oct 24, 2024
|
CompTIA Security+ SY0-501 Practice Test 02
CompTIA Security+ SY0-501 Practice Test 02 assesses knowledge on securing network devices, supporting data integrity, non-repudiation, confidentiality, and theft prevention. Ideal...
Questions:
201 |
Attempts:
168 |
Last updated:
May 14, 2024
|
CompTIA Security+ SY0-501 Practice Test 01
This CompTIA Security+ SY0-501 Practice Test assesses key cybersecurity skills, focusing on the confidentiality, integrity, and availability of information systems. It evaluates...
Questions:
75 |
Attempts:
335 |
Last updated:
Aug 19, 2023
|
Quiz On CompTIA Security+ Certification! Trivia Questions
Are you looking for a quiz to help you in preparation for the CompTIA Security+ Certification? If so, the questionnaire below is precisely what you may need to refresh your...
Questions:
20 |
Attempts:
326 |
Last updated:
Mar 20, 2023
|
Comptia Security+ Practice Exam
Comptia Security+ Practice Exam- 1
Full length Comptia Security+ Practice Exam. Take this exam like the real exam to see if you are completely prepared for the real exam. Time...
Questions:
100 |
Attempts:
234 |
Last updated:
May 28, 2024
|
Comptia Security PLUS Practice Exam
Comptia Security+ Practice Exam- 1Full length Comptia Security+ Practice Exam. Take this exam like the
real exam to see if you are completely prepared for the real...
Questions:
100 |
Attempts:
344 |
Last updated:
Dec 05, 2023
|
Back to top