ENTRY LEVEL QUIZ | SECURITY+ 601

 An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required is known as:

Which of the following is a simple network device that amplifies a received signal so it can be transmitted over greater distance without loss of quality?

Which social engineering attack relies on identity theft?

Which of the following refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?

SSL stripping is an example of

The main disadvantage of using this device is its negative impact on network performance, resulting from the fact that any incoming signal on any of its ports is re-created and sent out on any connected ports.

The term “URL hijacking” (a.k.a. “Typosquatting”) refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.

A short list of commonly used passwords tried against large number of user accounts is a characteristic feature of:

 A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:

An attacker impersonates a company’s managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers)

Which cryptographic attack relies on the concepts of probability theory?

The term “Evil twin” refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts.

 Which of the following answers refer to smishing? (Select 2 answers)

An attacker impersonating a software beta tester replies to a victim’s post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim a private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers)

The practice of making an unauthorized copy of a payment card is referred to as:

Gaining unauthorized access to a Bluetooth device is referred to as:

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

While conducting a web research that would help in making a better purchasing decision, a user visits a series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?

In cryptography, the term “Plaintext” is used to describe data in an unencrypted form.

The practice of sending unsolicited messages over Bluetooth is known as:

Which of the following terms is commonly used to describe an unsolicited advertising message?

What is a PUP? (Select 3 answers)

Which of the following refers to the contents of a rainbow table entry?

A wireless disassociation attack is a type of: (Select 2 answers)

 What type of spam relies on text-based communication?

Which type of malware resides only in RAM?

Which password attack takes advantage of a predefined list of words?

 A wireless jamming attack is a type of:

 Phishing scams targeting a specific group of people are referred to as:

What is the function of a C2 server?

A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.

A type of identification badge that can be held within a certain distance of a reader device to authenticate its holder is called:

In computer security, the term “Dumpster diving” is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.

A malware-infected network host under remote control of a hacker is commonly referred to as:

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target.

The term “Domain hijacking” refers to a situation in which domain registrants due to unlawful actions of third parties lose control over their domain names.

 A situation in which an unauthorized person can view another user’s display or keyboard to learn their password or other confidential information is referred to as:

Which of the following applies to a collection of intermediary compromised systems that can be used as a platform for a DDoS attack?

 An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn’t have time or resources to handle legitimate requests is called:

Which of the following fall(s) into the category of Layer 2 attacks? (Select all that apply)

 Which of the following answers refer to the characteristic features of pharming? (Select 3 answers)

Which of the following is an example of crypto-malware?

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:

An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as: (Select 2 answers)

What is tailgating?

Malicious code activated by a specific event is called:

An email sent from unknown source disguised as a trusted source known to the message receiver is an example of: (Select 2 answers)

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker’s IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

In social engineering, the term “Elicitation” describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.

Malicious software collecting information about users without their knowledge/consent is known as:

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after end-stations gain access to the network. NAC can be implemented as pre-admission NAC where a host must, for example, be virus-free or have patches applied before it can be allowed to connect to the network, and/or post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.

Which device improves network performance by dividing a given network segment into separate collision domains?

Phishing scams targeting people holding high positions in an organization or business are known as:

Which of the following is an example of spyware?

Which of the following enables the exchange of information between computer programs?

Software or hardware that checks information coming from the Internet and either blocks it or allows it to pass through depending on the applied configuration settings is called:

Which of the following is used in data URL phishing?

Which type of Trojan enables unauthorized remote access to a compromised system?

What is the purpose of a DoS attack?

Which of the following is a computer hardware component designed to enable network access?

A social engineering technique whereby attackers under the disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as: