CompTIA And Security Exam 2
-
Which of the following occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle?
-
Brute Force attack
-
Spoofing attack
-
Buffer overflow
-
Man in the middle attack
-
SYN flood
-
Comptia Security+ Practice Exam (2)
Full length Comptia Security+ Practice Exam. Take this exam like the real exam to see if you are completely prepared for the real exam. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.
(86).webp "CompTIA And Security Exam 2 - Quiz")
Quiz Preview
- 2.
With regards to the use of Instant Messaging, which of the following type of attack can best be guarded against by user awareness training?
-
Social engineering
-
Stealth
-
Ambush
-
Multi-prolonged
Correct Answer
A. Social engineeringExplanation
The only preventative measure in dealing with social engineering attacks is to educate your users and staff to never give out passwords and user Ids over the phone, via e-mail, or to anyone who is not positively verified as being who they say they are.
Reference:
Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
- 3.
Which of the following is the most effective defense against a social engineering attack?
-
Marking of documents
-
Escorting of guests
-
Badge security system
-
Training and awareness
Correct Answer
A. Training and awarenessExplanation
The only preventative measure in dealing with social engineering attacks is to educate your users and staff to never give out passwords and user Ids over the phone, via e-mail, or to anyone who is not positively verified as being who they say they are. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
- 4.
What is used in a distributed denial of service (DDOS) attack?
-
DDOS makes use of Botnet.
-
DDOS makes use of Phishing.
-
DDOS makes use of Adware.
-
DDOS makes use of Trojan.
Correct Answer
A. DDOS makes use of Botnet.Explanation
A distributed denial of service (DDOS) attack utilizes a botnet. A botnet is a network of compromised computers or devices that are under the control of a malicious actor. These compromised devices, also known as bots, are used to flood a target system or network with an overwhelming amount of traffic, rendering it inaccessible to legitimate users. By using a botnet, the attacker can amplify the impact of the attack by coordinating multiple sources of traffic simultaneously.Rate this question:
-
- 5.
Identify the attack where the purpose is to stop a workstation or service from functioning?
-
This attack is known as non-repudiation.
-
This attack is known as TCP/IP hijacking.
-
This attack is known as denial of service (DoS).
-
This attack is known as brute force.
Correct Answer
A. This attack is known as denial of service (DoS).Explanation
Denial of service (DoS) attack is a type of attack where the purpose is to stop a workstation or service from functioning. In a DoS attack, the attacker overwhelms the target system with a flood of illegitimate requests or excessive traffic, causing the system to become unresponsive or crash. This prevents legitimate users from accessing the system or service. The goal of this attack is to disrupt the availability of the targeted resource rather than gaining unauthorized access or stealing information.Rate this question:
-
- 6.
How can you monitor the online activities of a user?
-
Viruses will permit monitoring of online activities.
-
Spy ware will permit monitoring of online activities.
-
Logic bomb will permit monitoring of online activities.
-
Worms will permit monitoring of online activities.
Correct Answer
A. Spy ware will permit monitoring of online activities.Explanation
Spyware is a type of malicious software that is designed to monitor and collect information about a user's online activities without their knowledge or consent. It can track browsing history, keystrokes, login credentials, and other sensitive data. By installing spyware on a user's device, an attacker can gain unauthorized access to their online activities and monitor them. This makes spyware the correct answer for monitoring online activities.Rate this question:
-
- 7.
What is a piece of code that appears to do something useful while performing a harmful and unexpected function like stealing passwords called?
-
Virus
-
Logic bomb
-
Worm
-
Trojan horse
Correct Answer
A. Trojan horseExplanation
Trojan horses are programs that enter a system or network under the guise of another program. A Trojan Horse may be included as an attachment or as part of an installation program. The Trojan Horse could create a back door or replace a valid program during installation. The Trojan Program would then accomplish its mission under the guise of another program. Trojan Horses can be used to compromise the security of your system and they can exist on a system for years before they are detected.
Reference:
Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 84Rate this question:
-
- 8.
What is a program that appears to be useful but contains hidden code that allows unauthorized individuals to exploit or destroy data is commonly known?
-
A virus
-
A Trojan horse
-
A worm
-
A back door
Correct Answer
A. A Trojan horseExplanation
A Trojan horse is a program that appears to be useful but contains hidden code that allows unauthorized individuals to exploit or destroy data. It is commonly known as a program that deceives users by pretending to perform a legitimate function, but in reality, it carries out malicious activities in the background. Unlike viruses and worms that can self-replicate and spread, a Trojan horse relies on the user to unknowingly install it. Once installed, it can give unauthorized individuals access to the infected system, allowing them to exploit or destroy data.Rate this question:
-
- 9.
Which of the following is an example of the theft of network passwords without the use of software tools?
-
Trojan programs.
-
Social engineering.
-
Sniffing.
-
Hacking.
Correct Answer
A. Social engineering.Explanation
Social engineering is any means of using people to seek out information. These people practice espionage to: break in without detection, disguise themselves in, trick others into giving them access, or trick others into giving them information.Rate this question:
-
- 10.
Why does social engineering attacks often succeed?
-
Strong passwords are not required
-
Lack of security awareness
-
Multiple logins are allowed
-
Audit logs are not monitored frequently
Correct Answer
A. Lack of security awarenessExplanation
Social engineering attacks work because of the availability heuristic, law of reciprocity, and law of consistency. In the past people have had experiences where a co-worker with a legitimate problem asked for help and been grateful for it. So by consistency, they feel the urge to help others again the way they've helped out somebody in the past. By availability, when someone asks for help, they associate that ask for help for every legitimate cry for help, and times when they needed help themselves and were helped; so essentially they're being a good Samaritan. If an awareness program were to be implemented where employees could be aware of social engineering tactics, they would be more likely to think about them, and be more suspect of an attack when someone does ask for a favor. With this knowledge in intuition, an employee will make a smarter decision.Rate this question:
-
- 11.
Which of the following attacks attempts to crack passwords
-
SMURF
-
Dictionary
-
Teardrop
-
Spamming
Correct Answer
A. DictionaryExplanation
Dictionaries may be used in a cracking program to determine passwords. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Although most systems resist such attacks, some do not. In one case, one system in five yielded to a particular dictionary attack.Rate this question:
-
- 12.
A server or application that accepts more input than the server or application is expecting is known as:
-
It is known as a Denial of service (DoS).
-
It is known as a Buffer overflow.
-
It is known as a Brute force.
-
It is known as a Syntax error.
Correct Answer
A. It is known as a Buffer overflow.Explanation
When a server or application accepts more input than it is expecting, it can lead to a buffer overflow. This occurs when the input exceeds the allocated memory space, causing the excess data to overwrite adjacent memory locations. This can result in the corruption of data, system crashes, or even the execution of malicious code. A buffer overflow is a common vulnerability that can be exploited by attackers to gain unauthorized access or disrupt the functioning of a system.Rate this question:
-
- 13.
What is the scenario named where a user receives an e-mail requesting personal data as well as bank account details?
-
This can be described as a hoax.
-
This can be described as packet sniffing.
-
This can be described as phishing.
-
This can be described as spam.
Correct Answer
A. This can be described as phishing.Explanation
Phishing refers to the act of attempting to acquire personal and sensitive information, such as bank account details, by posing as a trustworthy entity in electronic communication. In this scenario, the user receives an email requesting personal data and bank account details, indicating an attempt to deceive and obtain sensitive information. Therefore, the correct answer is phishing.Rate this question:
-
- 14.
You are the network administrator at Certkiller .com. During a routing site audit of Certkiller 's wireless network, you discover an unauthorized Access Point under the desk of Sales department user. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you become a victim of?
-
Halloween attack
-
Phone tag
-
Replay attack
-
Social Engineering
-
IP Spoofing.
Correct Answer
A. Social EngineeringExplanation
Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. A social engineering attack may occur over the phone, be e-mail, or by a visit. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
- 15.
Which of the following is a security breach that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?
-
CRL
-
DoS
-
ACL
-
MD2
-
None of the above
Correct Answer
A. DoSExplanation
DOS attacks prevent access to resources by users authorized to use those resources. An attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 53Rate this question:
-
- 16.
What is the process of forging an IP (Internet Protocol) address to impersonate another machine called?
-
TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking
-
IP (Internet Protocol) spoofing
-
Replay
-
Man in the middle
Correct Answer
A. IP (Internet Protocol) spoofingExplanation
The word spoofing was popularized in the air-force. When a fighter jet notices an enemy missile (air-to-air or surface-to-air) coming, the pilot will fire off a flair or a chaff (depending on whether or not the missile is heat seeking or radar guided) to spoof (trick) the missile into going after the wrong target. IP spoofing works the same way, and is commonly used by computer hackers because it's easy to implement, it takes advantage of someone else's trust relationship, it makes it harder to identify the source of the true attack, and it focuses attention away to an innocent 3rd party.Rate this question:
-
- 17.
Identify the malicious code that does not need human involvement to install itself and to spread?
-
A Virus does not need human involvement.
-
A Trojan horse does not need human involvement.
-
A Logic bomb does not need human involvement.
-
A Worm does not need human involvement.
Correct Answer
A. A Worm does not need human involvement.Explanation
A worm is a type of malicious code that can self-replicate and spread across computer networks without the need for human involvement. Unlike viruses or Trojan horses, worms can exploit vulnerabilities in computer systems and use them to propagate themselves automatically. They can spread through email attachments, network shares, or even by exploiting security flaws in operating systems. Once a worm infects a system, it can replicate itself and spread to other vulnerable systems without any human intervention. This makes worms particularly dangerous as they can quickly infect and spread across a large number of computers or networks.Rate this question:
-
- 18.
Which of the following type of attack CANNOT be deterred solely through technical means?
-
Dictionary.
-
Man in the middle.
-
DoS (Denial of Service).
-
Social engineering.
Correct Answer
A. Social engineering.Explanation
Because of human rights laws, it is unlawful to use technology to directly control people's emotions and behaviors. For this reason social engineering attacks cannot be deterred through technical means.Rate this question:
-
- 19.
The system administrator of the company has resigned. When the administrator's user ID is deleted, the system suddenly begins deleting files. What type of malicious code is this?
-
Logic bomb
-
Virus
-
Virus
-
Worm
Correct Answer
A. Logic bombExplanation
When the system administrator's user ID is deleted and the system starts deleting files, it indicates the presence of a logic bomb. A logic bomb is a type of malicious code that lies dormant until a specific condition or trigger is met, such as the deletion of a user ID. Once triggered, it executes a predefined action, in this case, deleting files. Unlike viruses and worms, logic bombs do not self-replicate or spread to other systems.Rate this question:
-
- 20.
What is an application that appears to perform a useful function but instead contains some sort of malicious code called?
-
Worm
-
SYN flood
-
Virus
-
Trojan Horse
-
Logic Bomb
Correct Answer
A. Trojan HorseExplanation
A Trojan horse attaches itself to another file, such as a word processing document. Trojan horses may also arrive as part of an e-mail for free game, software, or other file. When the Trojan horse activates and performs its task, it infects all of the word processing or template files. Consequently, every new file will carry the Trojan horse. The Trojan horse may not be visible because it masks itself inside of a legitimate program.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 80Rate this question:
-
- 21.
Which program replicate independently across networks?
-
Spyware will replicate independently.
-
Worm will replicate independently.
-
Trojan horse will replicate independently.
-
Virus will replicate independently.
Correct Answer
A. Worm will replicate independently.Explanation
A worm is a type of malware that is capable of replicating and spreading independently across networks without the need for user interaction. Unlike viruses, which require a host file to attach themselves to, worms can self-replicate and spread by exploiting vulnerabilities in computer systems. This allows them to quickly and efficiently infect multiple devices and networks, making them a particularly dangerous and difficult form of malware to control and eradicate.Rate this question:
-
- 22.
What do intruders use most often to gain unauthorized-access to a system?
-
Brute force attack.
-
Key logging
-
Trojan horse.
-
Social engineering.
Correct Answer
A. Social engineering.Explanation
Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. A social engineering attack may occur over the phone, by e-mail, or by a visit. The answer is not written in the book, but the easiest way to gain information would be social engineering.
Reference:
Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 87Rate this question:
-
- 23.
What is usually the goal of TCP (transmission Control Protocol) session hijacking?
-
Taking over a legitimate TCP (transmission Control Protocol) connection.
-
Predicting the TCP (transmission Control Protocol) sequence number.
-
Identifying the TCP (transmission Control Protocol) port for future exploitation.
-
Identifying source addresses for malicious use.
-
None of the Above
Correct Answer
A. Taking over a legitimate TCP (transmission Control Protocol) connection.Explanation
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets. Thus hijacking the conversation, and continuing the conversation under the disguise of the legitimate party, and taking advantage of the trust bond.Rate this question:
-
- 24.
In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate?
-
The version field.
-
The source address field.
-
The source port field.
-
The destination address field.
Correct Answer
A. The source address field.Explanation
In IP Spoofing a hacker tries to gain access to a network by pretending his or her machine has the same network address as the internal network.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 515Rate this question:
-
- 25.
Identify a port scanning tool?
-
Nmap is port scanning tool.
-
Cain & Abel is port scanning tool.
-
L0phtcrack is port scanning tool.
-
John the Ripper is port scanning tool.
Correct Answer
A. Nmap is port scanning tool.Explanation
Nmap is a well-known and widely used port scanning tool. It is designed to scan networks and discover open ports on remote systems. Nmap provides a comprehensive set of features and options that allow users to perform various types of scans, such as TCP, UDP, SYN, and more. It also offers advanced techniques like OS fingerprinting and version detection. Nmap is highly flexible and can be used for both legitimate network administration tasks and malicious activities, making it a popular choice among both security professionals and hackers.Rate this question:
-
- 26.
You configure a computer to act as a zombie set in order to attack a web server on a specific date. What would this contaminated computer be part of?
-
The computer is part of a DDoS attack.
-
The computer is part of a TCP/IP hijacking.
-
The computer is part of a spoofing attack.
-
The computer is part of a man-in-the-middle attack.
Correct Answer
A. The computer is part of a DDoS attack.Explanation
The computer is part of a DDoS attack, where multiple compromised computers are used to overwhelm a target server or network with a flood of internet traffic, causing it to become unavailable to legitimate users.Rate this question:
-
- 27.
Which of the following is the major difference between a worm and a Trojan horse?
-
Worms are spread via e-mail while Trojan horses are not.
-
Worms are self replicating while Trojan horses are not.
-
Worms are a form of malicious code while Trojan horses are not.
-
There is no difference.
Correct Answer
A. Worms are self replicating while Trojan horses are not.Explanation
A worm is different from a virus. Worms reproduce themselves, are self-contained and do not need a host application to be transported. The Trojan horse program may be installed as part of an installation process. They do not reproduce or self replicate.
Reference:
Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, pp 83, 85Rate this question:
-
- 28.
Which of the following can distribute itself without using a host file?
-
Virus.
-
Trojan horse.
-
Logic bomb.
-
Worm.
Correct Answer
A. Worm.Explanation
Worms are dangerous because they can enter a system by exploiting a 'hole' in an operating system. They don't' need a host file, and they don't need any user intervention to replicate by themselves. Some infamous worms were: Morris, Badtrans, Nimda, and Code Red.Rate this question:
-
- 29.
Which of the following measures can be used to guard against a social engineering attack?
-
Education, limit available information and security policy.
-
Education, firewalls and security policy.
-
Security policy, firewalls and incident response.
-
Security policy, system logging and incident response.
Correct Answer
A. Education, limit available information and security policy.Explanation
A seems to be the best answer. The other answers involving objects and social engineering are verbal attacks.Rate this question:
-
- 30.
Which of the following network attacks misuses TCP's (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users?
-
Man in the middle.
-
Smurf
-
Teardrop
-
SYN (Synchronize)
Correct Answer
A. SYN (Synchronize)Explanation
SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 530Rate this question:
-
- 31.
Identify the malicious code that enters the system via a freely distributed game that is purposely installed and played?
-
It can enter a system by means of a logic bomb.
-
It can enter a system by means of a Trojan horse.
-
It can enter a system by means of a worm.
-
It can enter a system by means of an e-mail attachment.
Correct Answer
A. It can enter a system by means of a Trojan horse.Explanation
A Trojan horse is a type of malicious code that disguises itself as a harmless file or program, such as a game, in order to trick users into downloading and installing it. Once installed, it can perform various malicious activities, such as stealing sensitive information, damaging files, or allowing unauthorized access to the system. In this case, the freely distributed game is purposely installed and played by the user, unknowingly allowing the Trojan horse to enter the system and carry out its malicious actions.Rate this question:
-
- 32.
Which programming mechanism should be used to permit administrative access whilst bypassing the usual access control methods?
-
It is known as a logic bomb.
-
It is known as a back door.
-
It is known as a Trojan horse.
-
It is known as software exploit.
Correct Answer
A. It is known as a back door.Explanation
A back door is a programming mechanism that allows administrative access to a system while bypassing the usual access control methods. It is often used by system administrators or developers for troubleshooting or maintenance purposes. However, it can also be exploited by attackers to gain unauthorized access to a system. Unlike a logic bomb, which is a malicious code that triggers a harmful action at a specific time or event, a back door is intentionally created to provide a secret entry point into a system. It is different from a Trojan horse, which disguises itself as a legitimate program to deceive users. A software exploit, on the other hand, is a vulnerability in a software program that can be exploited by an attacker to gain unauthorized access or control over the system.Rate this question:
-
- 33.
It has come to your attention that numerous e-mails are received from an ex employee. You need to determine whether the e-mails originated internally?
-
This can be accomplished by viewing the from line of the e-mails.
-
This can be accomplished by reviewing anti-virus logs on the ex employees computer.
-
This can be accomplished by replying to the e-mail and checking the destination e-mail address.
-
This can be accomplished by looking at the source IP address in the SMTP header of the e-mails.
Correct Answer
A. This can be accomplished by looking at the source IP address in the SMTP header of the e-mails.Explanation
The correct answer is to look at the source IP address in the SMTP header of the emails. The SMTP header contains information about the origin of the email, including the source IP address. By examining the source IP address, it can be determined whether the emails originated internally or externally. This can help in identifying whether the ex-employee is still accessing the company's email system or if the emails are coming from an external source.Rate this question:
-
- 34.
Determine the programming method you should use to stop buffer overflow attacks?
-
You should make use of Automatic updates.
-
You should make use of Input validation.
-
You should make use of Signed applets.
-
You should make use of Nested loops.
Correct Answer
A. You should make use of Input validation.Explanation
Input validation is the programming method that should be used to stop buffer overflow attacks. Buffer overflow attacks occur when a program tries to store more data in a buffer than it can handle, leading to potential security vulnerabilities. Input validation involves checking and validating user input to ensure that it meets certain criteria and does not exceed the buffer's capacity. By implementing input validation, developers can prevent buffer overflow attacks by ensuring that only valid and safe input is accepted by the program.Rate this question:
-
- 35.
Which malicious software can be transmitted across computer networks without user intervention?
-
A worm can be transmitted without user intervention.
-
A virus can be transmitted without user intervention.
-
A logic bomb can be transmitted without user intervention.
-
A Trojan horse can be transmitted without user intervention.
Correct Answer
A. A worm can be transmitted without user intervention.Explanation
A worm is a type of malicious software that can spread across computer networks without the need for user intervention. Unlike viruses or Trojan horses, worms are self-replicating and can exploit vulnerabilities in network protocols to automatically infect other computers. Once a worm gains access to a network, it can spread rapidly and cause significant damage by consuming network resources, stealing sensitive information, or carrying out other malicious activities. Therefore, the correct answer is that a worm can be transmitted without user intervention.Rate this question:
-
- 36.
Which of the following is a DoS (Denial of Service) attack that exploits TCP's (Transmission Control Protocol) three-way handshake for new connections?
-
SYN (Synchronize) flood.
-
Ping of death attack.
-
Land attack.
-
Buffer overflow attack.
-
None of the Above
Correct Answer
A. SYN (Synchronize) flood.Explanation
The SYN flood attack works when a source system floods and end system with TCP SYN requests, but intentionally does not send out acknowledgements (ACK). Since TCP needs confirmation, the receiving computer is stuck with half-open TCP sessions, just waiting for acknowledgement so it can reset the port. Meanwhile the connection buffer is being overflowed, making it difficult or impossible for valid users to connect, therefore their service is denied.Rate this question:
-
- 37.
Identify the methods of password guessing that needs the longest attack time?
-
Brute force needs the longest attack time.
-
Dictionary needs the longest attack time.
-
Rainbow needs the longest attack time.
-
Birthday needs the longest attack time.
Correct Answer
A. Brute force needs the longest attack time.Explanation
Brute force is a method of password guessing where every possible combination of characters is tried until the correct password is found. This method requires the longest attack time because it systematically tries every possible option, which can be time-consuming, especially for longer and more complex passwords. Dictionary attacks, rainbow attacks, and birthday attacks are all more efficient methods that exploit weaknesses in password systems, such as common or easily guessable passwords, precomputed tables, or hash collisions, respectively.Rate this question:
-
- 38.
In which of the following attacks does the attacker pretend to be a legitimate user?
-
Aliasing
-
Spoofing
-
Flooding
-
Redirecting
-
None of the Above
Correct Answer
A. SpoofingExplanation
A spoofing attack is simple an attempt by someone or something masquerading as someone else. This type of attack is usually considered an access attack.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 56Rate this question:
-
- 39.
Identify the malicious code that enters a system and stay inactive until a user opens that particular program then starts to delete the contents of attached network drives and removable storage devices?
-
The malicious code is known as logic bomb.
-
The malicious code is known as Trojan horse.
-
The malicious code is known as honeypot.
-
The malicious code is known as worm.
Correct Answer
A. The malicious code is known as logic bomb.Explanation
A logic bomb is a type of malicious code that remains dormant within a system until a specific condition or trigger occurs, such as a user opening a particular program. Once activated, it carries out a destructive action, in this case deleting the contents of attached network drives and removable storage devices. Unlike a Trojan horse, which disguises itself as a legitimate program, a logic bomb is specifically designed to cause harm once triggered. A honeypot is a different concept altogether, referring to a trap set up to detect and monitor unauthorized access attempts. A worm, on the other hand, is a self-replicating malware that spreads across networks without the need for user interaction.Rate this question:
-
- 40.
What is used by anti-virus software to detect unknown viruses?
-
Zero-day algorithm is used to detect unknown viruses.
-
Heuristic analysis is used to detect unknown viruses.
-
Random scanning is used to detect unknown viruses.
-
Quarantining is used to detect unknown viruses.
Correct Answer
A. Heuristic analysis is used to detect unknown viruses.Explanation
Heuristic analysis is used by anti-virus software to detect unknown viruses. This method involves analyzing the behavior and characteristics of files and programs to identify potential threats. It uses a set of rules and algorithms to determine if a file or program is suspicious or malicious based on its actions, structure, or code. By using heuristic analysis, anti-virus software can detect and block new and previously unknown viruses that may not have been identified by traditional virus definitions.Rate this question:
-
- 41.
In which of the following would an attacker impersonate a dissatisfied customer of a company and requesting a password change on the customer's account?
-
Hostile code.
-
Social engineering.
-
IP (Internet Protocol) spoofing.
-
Man in the middle attack.
Correct Answer
A. Social engineering.Explanation
Social engineering is using deception to engineer human emotions into granting access.Rate this question:
-
- 42.
What results in poor programming techniques and lack of code review?
-
It can result in the Buffer overflow attack.
-
It can result in the Dictionary attack.
-
It can result in the Birthday attack.
-
It can result in the Common Gateway Interface (CGI) script attack.
Correct Answer
A. It can result in the Buffer overflow attack.Explanation
Poor programming techniques and lack of code review can result in a buffer overflow attack. This type of attack occurs when a program writes data outside the allocated memory buffer, causing the program to crash or allowing an attacker to execute malicious code. Inadequate programming practices and the absence of code review can lead to vulnerabilities in the code, making it easier for attackers to exploit and carry out buffer overflow attacks.Rate this question:
-
- 43.
What is an attack whereby two different messages using the same hash function produce a common message digest known as?
-
Man in the middle attack.
-
Ciphertext only attack.
-
Birthday attack.
-
Brute force attack.
Correct Answer
A. Birthday attack.Explanation
A birthday attack is based on the principle that amongst 23 people, the probability of 2 of them having the same birthday is greater the 50%. By that rational if an attacker examines the hashes of an entire organizations passwords, they'll come up with some common denominators.Rate this question:
-
- 44.
What should a network administrator's first course of action be on receiving an e-mail alerting him to the presence of a virus on the system if a specific executable file exists?
-
Investigate the e-mail as a possible hoax with a reputable anti-virus vendor.
-
Immediately search for and delete the file if discovered.
-
Broadcast a message to the entire organization to alert users to the presence of a virus.
-
Locate and download a patch to repair the file.
Correct Answer
A. Investigate the e-mail as a possible hoax with a reputable anti-virus vendor.Explanation
If a virus threat is for real, the major anti-virus players like Symantec, McAfee, or Sophos will know about it before you, and they will have details on their sites. Incorrect answers: Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems, but its also ineffective. One can miss a file, the file could be hidden, the wrong file can be deleted, and worst of all: when you delete a file it doesn't really get completely deleted, instead it gets sent to a 'recycle bin.' Broadcasting an alert and creating panic isn't the right thing to do, because it will waste bandwidth, and perhaps terrorizing the users is the original intent of the attack. The act of locating and downloading a patch isn't just time consuming, but there's a chance that the patch itself could be the virus, or the process of resetting the computer could activate the virus.Rate this question:
-
- 45.
Identify the port that permits a user to login remotely on a computer?
-
Port 3389
-
Port 8080
-
Port 143
-
Port 23
Correct Answer
A. Port 3389Explanation
Port 3389 is the correct answer because it is the default port used by Microsoft's Remote Desktop Protocol (RDP), which allows users to connect to a computer remotely and login. RDP is commonly used for remote administration and accessing files or applications on a remote computer.Rate this question:
-
- 46.
Identify the attack that consists of a PC sending PING packets with destination addresses set to the broadcast address and the source address set to the target PC's IP address?
-
You should identify a Smurf attack.
-
You should identify a XMAS Tree attack.
-
You should identify a Replay attack.
-
You should identify a Fraggle attack
Correct Answer
A. You should identify a Smurf attack.Explanation
A Smurf attack is a type of DDoS attack where an attacker sends a large number of ICMP ping requests (PING packets) with the source IP address set to the target PC's IP address and the destination IP address set to the broadcast address. This causes all the devices on the network to respond to the ping requests, overwhelming the target PC with an excessive amount of traffic and potentially causing it to crash or become unavailable.Rate this question:
-
- 47.
What would a user's best plan of action be on receiving an e-mail message warning of a virus that may have accidentally been sent in the past, and suggesting that the user to delete a specific file if it appears on the user's computer?
-
Check for the file and delete it immediately.
-
Check for the file, delete it immediately and copy the e-mail to all distribution lists.
-
Report the contents of the message to the network administrator.
-
Ignore the message. This is a virus hoax and no action is required
Correct Answer
A. Report the contents of the message to the network administrator.Explanation
In such a scenario the most rational answer is to tell your network administrator. Most network administrators don't have much to do most of the day, so they live for an opportunity like this. Incorrect Answers: Deleting the file wouldn't be good, because deleting a file doesn't necessarily eliminate a problem, as it could put it to your email trash folder, or to your recycle bin. This will give you a false sense of security, and work against the process of containment. Copying the email to all distribution lists, is another mistake, because if indeed the email does contain a virus, you'll only spread it. Ignoring the problem isn't a good problem, although virus hoaxes are common, all it takes is one real virus to cause a mini-disaster.Rate this question:
-
- 48.
Which of the following is used to describe an autonomous agent that copies itself into one or more host programs, then propagates when the host is run?
-
Trojan horse
-
Back door
-
Logic bomb
-
Virus
Correct Answer
A. VirusExplanation
A virus is a piece of software designed to infect a computer system. I can go into this further, but the answer is obvious. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 76Rate this question:
-
- 49.
What is used to verify the equipment status and modify the configuration or settings of network gadgets?
-
This can be accomplished by using SNMP.
-
This can be accomplished by using SMTP.
-
This can be accomplished by using CHAP.
-
This can be accomplished by using DHCP.
Correct Answer
A. This can be accomplished by using SNMP.Explanation
SNMP (Simple Network Management Protocol) is used to verify the equipment status and modify the configuration or settings of network gadgets. SNMP allows network administrators to monitor and manage network devices such as routers, switches, and servers. It provides a standardized way to collect and organize information about these devices, as well as the ability to remotely configure and control them. SNMP operates on the application layer of the TCP/IP protocol stack and uses a manager-agent model, where the network devices act as agents and the network administrator's workstation acts as the manager.Rate this question:
-
Quiz Review Timeline (Updated): Sep 14, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Sep 14, 2023Quiz Edited by
ProProfs Editorial Team -
Nov 19, 2012Quiz Created by
OzielWhite
Back to top