What is a buffer overflow?
Select Answer
- A type of cyberattack that floods a system or network with traffic or requests, causing it to become overwhelmed and unavailable to legitimate users.
- A type of cyberattack that exploits a vulnerability in software by sending more data to a buffer than it can handle, causing the excess data to overflow into adjacent memory addresses.
- A type of cyberattack that tricks users into divulging sensitive information by posing as a trustworthy entity.
What is the difference between a threat and a vulnerability?
Select Answer
- A threat is a potential danger while a vulnerability is a weakness in security.
- A threat is a type of attack while a vulnerability is a method of exploiting a system.
- A threat is an accidental event while a vulnerability is an intentional act.
- A threat is a specific manifestation of risk while a vulnerability is a general state of insecurity.
Which of the following is an example of a social engineering attack?
Select Answer
- Phishing
- Denial-of-Service
- Buffer Overflow
- SQL Injection
What is a denial-of-service attack?
Select Answer
- A type of attack where an attacker floods a network or system with traffic, causing it to become unresponsive.
- A type of attack where an attacker intercepts and alters communication between two parties without their knowledge.
- A type of attack where an attacker gains access to a system by exploiting a vulnerability in a software.
- A type of attack where an attacker sends email messages that appear to be from a trusted source.
What is a ransomware attack?
Select Answer
- An attack that involves an attacker encrypting a victim's files and demanding payment in exchange for the decryption key.
- An attack that involves an attacker entering a physical location and stealing sensitive information.
- An attack that involves an attacker gaining access to a server through brute-force attacks.
What is the difference between symmetric and asymmetric encryption?
Select Answer
- Symmetric encryption uses two different keys, while asymmetric encryption uses only one
- Symmetric encryption is faster than asymmetric encryption
- Asymmetric encryption is more secure than symmetric encryption
- There is no difference between symmetric and asymmetric encryption
What is the purpose of a honeypot?
Select Answer
- To attract and expose attackers
- To block incoming attacks
- To monitor network traffic
What is a DDoS attack?
Select Answer
- A type of phishing attack
- A form of social engineering
- An attempt to overwhelm a server or network with traffic
What is a SQL injection attack?
Select Answer
- An attempt to steal sensitive data by intercepting network traffic
- An attempt to insert malicious code into a database query
- A form of phishing attack
What is the difference between authentication and authorization?
Select Answer
- Authentication is the process of verifying a user's identity, while authorization is the process of granting or denying access to a resource based on that user's identity
- Authentication is the process of granting or denying access to a resource, while authorization is the process of verifying a user's identity
- Authentication and authorization are the same thing
- Authentication is a type of social engineering attack, while authorization is a type of malware
What is a common way to protect against password guessing attacks?
Select Answer
- Enforcing strong passwords
- Using biometric authentication
- Using two-factor authentication
- Using encryption
What is the main purpose of a rootkit?
Select Answer
- To hide malicious activity on a system
- To steal sensitive information
- To make a system unavailable
- To gain unauthorized access to a system
What is a Distributed Denial of Service (DDoS) attack?
Select Answer
- An attack that uses multiple compromised computers to flood a network or server with traffic
- An attack that steals sensitive information from a system or network
- An attack that disguises as a legitimate user to gain access to a network or system
- An attack that intercepts and modifies data in transit
What is the purpose of a denial of service (DoS) attack?
Select Answer
- To exploit a vulnerability in a network device
- To overload a system or network
- To exploit a vulnerability in an operating system
- To exploit a vulnerability in a web application
What is the purpose of a phishing attack?
Select Answer
- To exploit a vulnerability in a network device
- To gain unauthorized access to systems or information
- To trick users into giving up sensitive information
- To exploit a vulnerability in a web application
What is the purpose of a ransomware attack?
Select Answer
- To exploit a vulnerability in a network device
- To gain unauthorized access to systems or information
- To encrypt data and demand payment for its release
- To overload a system or network
What is the purpose of a cross-site scripting (XSS) attack?
Select Answer
- To exploit a vulnerability in a network device
- To exploit a vulnerability in an operating system
- To exploit a vulnerability in a web application
- To overload a system or network
What is a type of attack where an attacker sends an email or instant message containing a malicious link that, when clicked, installs malware on the victim's computer?
Select Answer
- Phishing
- Spoofing
- Malvertising
- Spear phishing
Which of the following is a characteristic of a phishing attack?
Select Answer
- It is an attempt to steal sensitive information by posing as a trustworthy entity
- It is an attempt to exploit a vulnerability in an application
- It is an attempt to overwhelm a target system with traffic
What is a common type of social engineering attack?
Select Answer
- Phishing
- Buffer overflow
- SQL injection
What is the term used to describe the unintentional disclosure of sensitive information?
Select Answer
- Data leakage
- Cross-site scripting
- Remote code execution
What is social engineering?
Select Answer
- An attack where an attacker gains unauthorized access to a system or network.
- An attack where an attacker uses deception to manipulate individuals into divulging confidential information.
- A type of malware that infects systems and spreads through network shares.
What is a trojan?
Select Answer
- A type of malware that infects systems and spreads through network shares.
- A type of malware that masquerades as a legitimate program and provides an attacker with backdoor access to a system.
- An attack where an attacker gains unauthorized access to a system or network.
What is a type of attack that involves gaining unauthorized access to a network or system by guessing passwords?
Select Answer
- Brute force attack
- Dictionary attack
- Rainbow table attack
- Keylogger attack
What is a zero-day vulnerability?
Select Answer
- A vulnerability that is unknown to the vendor or security community
- A vulnerability that has been known for at least a day
- A vulnerability that has been patched for at least a day
- A vulnerability that only exists for one day
What is a brute-force attack?
Select Answer
- A type of attack where an attacker tries every possible combination of characters to guess a password
- A type of attack where an attacker intercepts communication between two parties
- A type of attack where an attacker gains access to a system by exploiting a vulnerability in the operating system
What is a spear-phishing attack?
Select Answer
- An attack that targets a specific individual or organization with personalized and convincing messages.
- An attack that involves flooding a network or system with traffic to deny legitimate access.
- An attack that seeks to exploit vulnerabilities in a system's software.
- An attack that involves stealing a user's session cookie to impersonate them.
What is a common type of social engineering attack in which an attacker sends an email appearing to come from a legitimate source, such as a bank or credit card company, in an attempt to trick the recipient into providing sensitive information?
Select Answer
- Phishing
- Vishing
- Smishing
What is the term for a type of attack in which an attacker gains access to a system or data by exploiting a vulnerability in software?
Select Answer
- Social engineering
- Phishing
- Malware
- Exploit
What is the term for a type of attack in which an attacker gains access to a system or data by pretending to be someone who has legitimate access?
Select Answer
- Phishing
- Social engineering
- Man-in-the-middle (MitM)
- Spoofing
What is the difference between a virus and a worm?
Select Answer
- A virus requires user interaction to spread, while a worm can spread automatically without user interaction.
- A virus can spread automatically without user interaction, while a worm requires user interaction to spread.
- There is no difference between a virus and a worm.
- A virus infects files, while a worm infects networks.
What is spear phishing?
Select Answer
- When an attacker uses targeted, personalized messages to trick a specific person into divulging sensitive information or performing an action that compromises security
What is the difference between a vulnerability assessment and a penetration test?
Select Answer
- A vulnerability assessment is a comprehensive review of an organization's security posture and identifies potential security risks, while a penetration test is focused on exploiting vulnerabilities to simulate a real-world attack.
What is a zero-day vulnerability and how does it differ from a known vulnerability?
Select Answer
- Zero-day vulnerability is a vulnerability that has been discovered but not yet patched, while known vulnerability is a vulnerability that has been discovered and patched.
- Zero-day vulnerability is a vulnerability that has been exploited but not yet discovered, while known vulnerability is a vulnerability that has been discovered and documented.
- Zero-day vulnerability is a vulnerability that has been discovered but not yet publicly disclosed, while known vulnerability is a vulnerability that has been discovered and publicly disclosed.
- Zero-day vulnerability is a vulnerability that has been discovered and exploited, while known vulnerability is a vulnerability that has not been discovered yet.
What is a common example of a social engineering attack?
Select Answer
- Phishing
- DDoS
- SQL injection
- Cross-site scripting
What is a cross-site scripting (XSS) attack?
Select Answer
- An attack where an attacker injects malicious code into a web page
- An attack where an attacker pretends to be someone they're not in order to gain access to a system
- An attack where an attacker gains access to a system using stolen credentials
- An attack where an attacker intercepts communications between two parties
What is an example of a type of attack that exploits a vulnerability?
Select Answer
- SQL injection
- Malware
- Phishing
What is the name of a type of attack that involves an attacker installing malware on a system to encrypt the user's files and demand a ransom for their release?
Select Answer
- Ransomware
- Spyware
- Adware
What is the difference between a virus and a worm?
Select Answer
- A virus requires a host file to infect, while a worm can spread on its own.
- A virus can spread on its own, while a worm requires a host file to infect.
- A virus and a worm are the same thing.
- A virus and a worm both require a host file to infect.
What is a social engineering attack?
Select Answer
- An attack where an attacker manipulates individuals into divulging sensitive information or performing actions that may not be in their best interest.
- An attack where an attacker attempts to guess a user's password.
- An attack where an attacker gains access to a system using stolen credentials.
- An attack where an attacker executes code on a target system.
What is the difference between a threat and a vulnerability?
Select Answer
- A threat is an intentional or unintentional action that can cause harm, while a vulnerability is a weakness in a system that can be exploited by a threat.
What is a logic bomb?
Select Answer
- A logic bomb is a type of malware that is triggered by a specific event or condition, such as a particular date or time.
Which of the following is a type of malware that can spread without user interaction?
Select Answer
- Worm
- Trojan
- Ransomware
Which of the following is a type of encryption that uses the same key for both encryption and decryption?
Select Answer
- Symmetric encryption
- Asymmetric encryption
- Hashing
What is a common technique used by attackers to obtain sensitive information by sending emails or creating websites that appear to be legitimate?
Select Answer
- Phishing
- Rootkit
- Trojan
- Spoofing
What is a type of attack that exploits a vulnerability in software to gain unauthorized access to a system?
Select Answer
- Exploit
- Buffer overflow
- Denial of Service (DoS)
- Man-in-the-middle (MitM)
What is a SQL injection attack?
Select Answer
- An attack where the attacker injects malicious SQL code into a website or application to access or modify data.
- An attack where the attacker intercepts communication between two parties.
- An attack where the attacker overflows a program's input buffer to execute malicious code.
What is ransomware?
Select Answer
- A type of malware that encrypts the victim's files and demands payment in exchange for the decryption key.
- An attack where the attacker floods a website or network with traffic to make it unavailable.
- An attack where the attacker intercepts communication between two parties.
What is the difference between a security control and a security safeguard?
Select Answer
- A control is a technical measure, while a safeguard is a procedural measure.
- A control is a procedural measure, while a safeguard is a technical measure.
- A control is a preventive measure, while a safeguard is a detective measure.
- A control is a detective measure, while a safeguard is a corrective measure.
What is the purpose of a threat model?
Select Answer
- To identify potential threats and vulnerabilities in a system.
- To establish a set of security requirements for a system.
- To determine the effectiveness of security controls.
- To simulate a real-world attack on a system.
QUESTION 1 of 50
Compare and contrast different types of social engineering techniques.
What is a buffer overflow?
Select Answer
- A type of cyberattack that floods a system or network with traffic or requests, causing it to become overwhelmed and unavailable to legitimate users.
- A type of cyberattack that exploits a vulnerability in software by sending more data to a buffer than it can handle, causing the excess data to overflow into adjacent memory addresses.
- A type of cyberattack that tricks users into divulging sensitive information by posing as a trustworthy entity.
What is the difference between a threat and a vulnerability?
Select Answer
- A threat is a potential danger while a vulnerability is a weakness in security.
- A threat is a type of attack while a vulnerability is a method of exploiting a system.
- A threat is an accidental event while a vulnerability is an intentional act.
- A threat is a specific manifestation of risk while a vulnerability is a general state of insecurity.
Which of the following is an example of a social engineering attack?
Select Answer
- Phishing
- Denial-of-Service
- Buffer Overflow
- SQL Injection
What is a denial-of-service attack?
Select Answer
- A type of attack where an attacker floods a network or system with traffic, causing it to become unresponsive.
- A type of attack where an attacker intercepts and alters communication between two parties without their knowledge.
- A type of attack where an attacker gains access to a system by exploiting a vulnerability in a software.
- A type of attack where an attacker sends email messages that appear to be from a trusted source.
What is a ransomware attack?
Select Answer
- An attack that involves an attacker encrypting a victim's files and demanding payment in exchange for the decryption key.
- An attack that involves an attacker entering a physical location and stealing sensitive information.
- An attack that involves an attacker gaining access to a server through brute-force attacks.
What is the difference between symmetric and asymmetric encryption?
Select Answer
- Symmetric encryption uses two different keys, while asymmetric encryption uses only one
- Symmetric encryption is faster than asymmetric encryption
- Asymmetric encryption is more secure than symmetric encryption
- There is no difference between symmetric and asymmetric encryption
What is the purpose of a honeypot?
Select Answer
- To attract and expose attackers
- To block incoming attacks
- To monitor network traffic
What is a DDoS attack?
Select Answer
- A type of phishing attack
- A form of social engineering
- An attempt to overwhelm a server or network with traffic
What is a SQL injection attack?
Select Answer
- An attempt to steal sensitive data by intercepting network traffic
- An attempt to insert malicious code into a database query
- A form of phishing attack
What is the difference between authentication and authorization?
Select Answer
- Authentication is the process of verifying a user's identity, while authorization is the process of granting or denying access to a resource based on that user's identity
- Authentication is the process of granting or denying access to a resource, while authorization is the process of verifying a user's identity
- Authentication and authorization are the same thing
- Authentication is a type of social engineering attack, while authorization is a type of malware
What is a common way to protect against password guessing attacks?
Select Answer
- Enforcing strong passwords
- Using biometric authentication
- Using two-factor authentication
- Using encryption
What is the main purpose of a rootkit?
Select Answer
- To hide malicious activity on a system
- To steal sensitive information
- To make a system unavailable
- To gain unauthorized access to a system
What is a Distributed Denial of Service (DDoS) attack?
Select Answer
- An attack that uses multiple compromised computers to flood a network or server with traffic
- An attack that steals sensitive information from a system or network
- An attack that disguises as a legitimate user to gain access to a network or system
- An attack that intercepts and modifies data in transit
What is the purpose of a denial of service (DoS) attack?
Select Answer
- To exploit a vulnerability in a network device
- To overload a system or network
- To exploit a vulnerability in an operating system
- To exploit a vulnerability in a web application
What is the purpose of a phishing attack?
Select Answer
- To exploit a vulnerability in a network device
- To gain unauthorized access to systems or information
- To trick users into giving up sensitive information
- To exploit a vulnerability in a web application
What is the purpose of a ransomware attack?
Select Answer
- To exploit a vulnerability in a network device
- To gain unauthorized access to systems or information
- To encrypt data and demand payment for its release
- To overload a system or network
What is the purpose of a cross-site scripting (XSS) attack?
Select Answer
- To exploit a vulnerability in a network device
- To exploit a vulnerability in an operating system
- To exploit a vulnerability in a web application
- To overload a system or network
What is a type of attack where an attacker sends an email or instant message containing a malicious link that, when clicked, installs malware on the victim's computer?
Select Answer
- Phishing
- Spoofing
- Malvertising
- Spear phishing
Which of the following is a characteristic of a phishing attack?
Select Answer
- It is an attempt to steal sensitive information by posing as a trustworthy entity
- It is an attempt to exploit a vulnerability in an application
- It is an attempt to overwhelm a target system with traffic
What is a common type of social engineering attack?
Select Answer
- Phishing
- Buffer overflow
- SQL injection
What is the term used to describe the unintentional disclosure of sensitive information?
Select Answer
- Data leakage
- Cross-site scripting
- Remote code execution
What is social engineering?
Select Answer
- An attack where an attacker gains unauthorized access to a system or network.
- An attack where an attacker uses deception to manipulate individuals into divulging confidential information.
- A type of malware that infects systems and spreads through network shares.
What is a trojan?
Select Answer
- A type of malware that infects systems and spreads through network shares.
- A type of malware that masquerades as a legitimate program and provides an attacker with backdoor access to a system.
- An attack where an attacker gains unauthorized access to a system or network.
What is a type of attack that involves gaining unauthorized access to a network or system by guessing passwords?
Select Answer
- Brute force attack
- Dictionary attack
- Rainbow table attack
- Keylogger attack
What is a zero-day vulnerability?
Select Answer
- A vulnerability that is unknown to the vendor or security community
- A vulnerability that has been known for at least a day
- A vulnerability that has been patched for at least a day
- A vulnerability that only exists for one day
What is a brute-force attack?
Select Answer
- A type of attack where an attacker tries every possible combination of characters to guess a password
- A type of attack where an attacker intercepts communication between two parties
- A type of attack where an attacker gains access to a system by exploiting a vulnerability in the operating system
What is a spear-phishing attack?
Select Answer
- An attack that targets a specific individual or organization with personalized and convincing messages.
- An attack that involves flooding a network or system with traffic to deny legitimate access.
- An attack that seeks to exploit vulnerabilities in a system's software.
- An attack that involves stealing a user's session cookie to impersonate them.
What is a common type of social engineering attack in which an attacker sends an email appearing to come from a legitimate source, such as a bank or credit card company, in an attempt to trick the recipient into providing sensitive information?
Select Answer
- Phishing
- Vishing
- Smishing
What is the term for a type of attack in which an attacker gains access to a system or data by exploiting a vulnerability in software?
Select Answer
- Social engineering
- Phishing
- Malware
- Exploit
What is the term for a type of attack in which an attacker gains access to a system or data by pretending to be someone who has legitimate access?
Select Answer
- Phishing
- Social engineering
- Man-in-the-middle (MitM)
- Spoofing
What is the difference between a virus and a worm?
Select Answer
- A virus requires user interaction to spread, while a worm can spread automatically without user interaction.
- A virus can spread automatically without user interaction, while a worm requires user interaction to spread.
- There is no difference between a virus and a worm.
- A virus infects files, while a worm infects networks.
What is spear phishing?
Select Answer
- When an attacker uses targeted, personalized messages to trick a specific person into divulging sensitive information or performing an action that compromises security
What is the difference between a vulnerability assessment and a penetration test?
Select Answer
- A vulnerability assessment is a comprehensive review of an organization's security posture and identifies potential security risks, while a penetration test is focused on exploiting vulnerabilities to simulate a real-world attack.
What is a zero-day vulnerability and how does it differ from a known vulnerability?
Select Answer
- Zero-day vulnerability is a vulnerability that has been discovered but not yet patched, while known vulnerability is a vulnerability that has been discovered and patched.
- Zero-day vulnerability is a vulnerability that has been exploited but not yet discovered, while known vulnerability is a vulnerability that has been discovered and documented.
- Zero-day vulnerability is a vulnerability that has been discovered but not yet publicly disclosed, while known vulnerability is a vulnerability that has been discovered and publicly disclosed.
- Zero-day vulnerability is a vulnerability that has been discovered and exploited, while known vulnerability is a vulnerability that has not been discovered yet.
What is a common example of a social engineering attack?
Select Answer
- Phishing
- DDoS
- SQL injection
- Cross-site scripting
What is a cross-site scripting (XSS) attack?
Select Answer
- An attack where an attacker injects malicious code into a web page
- An attack where an attacker pretends to be someone they're not in order to gain access to a system
- An attack where an attacker gains access to a system using stolen credentials
- An attack where an attacker intercepts communications between two parties
What is an example of a type of attack that exploits a vulnerability?
Select Answer
- SQL injection
- Malware
- Phishing
What is the name of a type of attack that involves an attacker installing malware on a system to encrypt the user's files and demand a ransom for their release?
Select Answer
- Ransomware
- Spyware
- Adware
What is the difference between a virus and a worm?
Select Answer
- A virus requires a host file to infect, while a worm can spread on its own.
- A virus can spread on its own, while a worm requires a host file to infect.
- A virus and a worm are the same thing.
- A virus and a worm both require a host file to infect.
What is a social engineering attack?
Select Answer
- An attack where an attacker manipulates individuals into divulging sensitive information or performing actions that may not be in their best interest.
- An attack where an attacker attempts to guess a user's password.
- An attack where an attacker gains access to a system using stolen credentials.
- An attack where an attacker executes code on a target system.
What is the difference between a threat and a vulnerability?
Select Answer
- A threat is an intentional or unintentional action that can cause harm, while a vulnerability is a weakness in a system that can be exploited by a threat.
What is a logic bomb?
Select Answer
- A logic bomb is a type of malware that is triggered by a specific event or condition, such as a particular date or time.
Which of the following is a type of malware that can spread without user interaction?
Select Answer
- Worm
- Trojan
- Ransomware
Which of the following is a type of encryption that uses the same key for both encryption and decryption?
Select Answer
- Symmetric encryption
- Asymmetric encryption
- Hashing
What is a common technique used by attackers to obtain sensitive information by sending emails or creating websites that appear to be legitimate?
Select Answer
- Phishing
- Rootkit
- Trojan
- Spoofing
What is a type of attack that exploits a vulnerability in software to gain unauthorized access to a system?
Select Answer
- Exploit
- Buffer overflow
- Denial of Service (DoS)
- Man-in-the-middle (MitM)
What is a SQL injection attack?
Select Answer
- An attack where the attacker injects malicious SQL code into a website or application to access or modify data.
- An attack where the attacker intercepts communication between two parties.
- An attack where the attacker overflows a program's input buffer to execute malicious code.
What is ransomware?
Select Answer
- A type of malware that encrypts the victim's files and demands payment in exchange for the decryption key.
- An attack where the attacker floods a website or network with traffic to make it unavailable.
- An attack where the attacker intercepts communication between two parties.
What is the difference between a security control and a security safeguard?
Select Answer
- A control is a technical measure, while a safeguard is a procedural measure.
- A control is a procedural measure, while a safeguard is a technical measure.
- A control is a preventive measure, while a safeguard is a detective measure.
- A control is a detective measure, while a safeguard is a corrective measure.
What is the purpose of a threat model?
Select Answer
- To identify potential threats and vulnerabilities in a system.
- To establish a set of security requirements for a system.
- To determine the effectiveness of security controls.
- To simulate a real-world attack on a system.
1:00:00
Your Exam is paused.
Please wait...
Since this is a preview of our actual test taking interface your progress cannot not be saved.