Exam simulator: Attacks, Threats, and Vulnerabilities - Part B

Question 1 of 20

1. Question

A hacker introduced corrupt Domain Name System (DNS) data into a DNS resolver’s cache with the aim of redirecting users either to the wrong websites or to his own computer. What type of DNS attack did the hacker implement in this scenario?

DNS Poisoning
URL redirection
Domain Hijacking
DNS Corruption

Question 2 of 20

2. Question

Which of the following attacks is a Network Layer DDoS attack?

BGP Hijacking
DNS amplification
HTTP Flood
Slow Read

Question 3 of 20

3. Question

The type of hackers that violates computer security systems without permission, stealing the data inside for their own personal gain or vandalizing the system is commonly known as:

Black-Hat hackers
White-Hat hackers
Gray-Hat hackers
Red-Hat hackers

Question 4 of 20

4. Question

A hacker wants to attack a network with the aim of maintaining ongoing access to the targeted network rather than to get in and out as quickly as possible with the ultimate goal of stealing information over a long period of time. What type of attacking technique will the hacker use in this case?

Insider threat
State actors
Hacktivism
Advanced persistent threat (APT)

Question 5 of 20

5. Question

Which of the following terms refers to Information Technology (IT) applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department?

Script Kiddies
Indicators of compromise
Shadow IT
Open-source intelligence

Question 6 of 20

6. Question

Which of the following statements are true regarding Cloud-based security vulnerabilities? (Choose all the apply)

Misconfigured Cloud Storage
Poor Access Control
Shared Tenancy
Secure APIs

Question 7 of 20

7. Question

A zero-day attack is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. (True/False)

True
False

Question 8 of 20

8. Question

You have set up an Intrusion detection system (IDS) and suddenly the IDS identifies an activity as an attack but the activity is acceptable behavior. The state, in this case, is known as:

False-positive
False-negative
Non-credentialed scans
Credentialed scans

Question 9 of 20

9. Question

Which of the following options is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures?

Log aggregation
Common Vulnerabilities and Exposures
Sentiment analysis
Security Orchestration, Automation, and Response

Question 10 of 20

10. Question

You have been hired as a penetration tester for a company to locate and exploit vulnerabilities in its target’s outward-facing services. You are not provided with any architecture diagrams or source code. This means that you are relying on dynamic analysis of currently running programs and systems within the target network.

Which of the following pentesting assignments are you currently on?

Gray-Box Testing
White-Box Testing
Black-Box Testing
Open-Box Testing

Question 11 of 20

11. Question

The document that lists out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being tested when it’s being tested, and how it’s being tested is known as:

Lateral Movements
Rules of Engagement
Pivoting
Bug Bounty

Question 12 of 20

12. Question

__________ is the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.

War Driving
OSINT
Footprinting
Cleanup

Question 13 of 20

13. Question

Which of the following cybersecurity testing exercise team does not focus exclusively on attacking or defending, but they do both?

Red team
Blue team
White team
Purple team

Question 14 of 20

14. Question

The technique of redirecting victims from a current page to a new URL which is usually a phishing page that impersonates a legitimate site and steals credentials from the victims is known as:

URL redirection
DNS spoofing
Domain hijacking
Domain redirection

Question 15 of 20

15. Question

The type of hackers that are experts in compromising computer security systems and use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes is commonly known as:

White-Hat hackers
Black-Hat hackers
Red-Hat hackers
Gray-Hat hackers

Question 16 of 20

16. Question

What type of attack is when an attacker takes over a regular user account on a network and attempts to gain administrative permissions?

Cross-site scripting
Directory traversal
Privilege escalation
Buffer overflow

Question 17 of 20

17. Question

A web developer wants to protect its web application from session hijacking attacks. Which of the following actions should a web developer perform to prevent an attacker from exploiting valid sessions? (Choose all that apply.)

Use of a short random number or string as the session key
Encryption of the data traffic passed between the parties by using SSL/TLS
Use of a long random number or string as the session key
Regenerating the session id after a successful login
Regenerating the session id after a successful logout

Question 18 of 20

18. Question

Your company is using a Web Vulnerability Scanner tool named Acunetic to check whether your website and web applications are vulnerable. While you were reviewing a scan report you saw the following URL:

http://test.webarticles.com/show.asp? view= ../../../../../Windows/system.ini  HTTP/1.1

What type of attack is conducted on that website?

Password spraying
Directory traversal
Privilege escalation
On-path attack

Question 19 of 20

19. Question

Which of the following options is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures?

Log aggregation
Security Orchestration, Automation, and Response
Sentiment analysis
Common Vulnerabilities and Exposures

Question 20 of 20

20. Question

You have been hired as a penetration tester for conducting an assessment. The company wants to include ONLY cross-site scripting and SQL injection from the list of authorized activities. Which of the following documents would include this limitation?

Non-Disclosure Agreement
Code of Conduct
Rules of Engagement
Acceptable Use Policy

Exam simulator: Attacks, Threats, and Vulnerabilities – Part B

Anastasia-Instructor August 30, 2022

Quiz Summary

Information

Results

Results

Categories

1. Question

A hacker introduced corrupt Domain Name System (DNS) data into a DNS resolver’s cache with the aim of redirecting users either to the wrong websites or to his own computer. What type of DNS attack did the hacker implement in this scenario?

2. Question

Which of the following attacks is a Network Layer DDoS attack?

3. Question

The type of hackers that violates computer security systems without permission, stealing the data inside for their own personal gain or vandalizing the system is commonly known as:

4. Question

A hacker wants to attack a network with the aim of maintaining ongoing access to the targeted network rather than to get in and out as quickly as possible with the ultimate goal of stealing information over a long period of time. What type of attacking technique will the hacker use in this case?

5. Question

Which of the following terms refers to Information Technology (IT) applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department?

6. Question

Which of the following statements are true regarding Cloud-based security vulnerabilities? (Choose all the apply)

7. Question

A zero-day attack is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. (True/False)

8. Question

You have set up an Intrusion detection system (IDS) and suddenly the IDS identifies an activity as an attack but the activity is acceptable behavior. The state, in this case, is known as:

9. Question

Which of the following options is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures?

10. Question

Which of the following pentesting assignments are you currently on?

11. Question

The document that lists out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being tested when it’s being tested, and how it’s being tested is known as:

12. Question

__________ is the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.

13. Question

Which of the following cybersecurity testing exercise team does not focus exclusively on attacking or defending, but they do both?

14. Question

The technique of redirecting victims from a current page to a new URL which is usually a phishing page that impersonates a legitimate site and steals credentials from the victims is known as:

15. Question

The type of hackers that are experts in compromising computer security systems and use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes is commonly known as:

16. Question

What type of attack is when an attacker takes over a regular user account on a network and attempts to gain administrative permissions?

17. Question

A web developer wants to protect its web application from session hijacking attacks. Which of the following actions should a web developer perform to prevent an attacker from exploiting valid sessions? (Choose all that apply.)

18. Question

Your company is using a Web Vulnerability Scanner tool named Acunetic to check whether your website and web applications are vulnerable. While you were reviewing a scan report you saw the following URL:

What type of attack is conducted on that website?

19. Question

Which of the following options is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures?

20. Question

You have been hired as a penetration tester for conducting an assessment. The company wants to include ONLY cross-site scripting and SQL injection from the list of authorized activities. Which of the following documents would include this limitation?