Show:
Malware
Social Engineering
Attacks
Auth, Access, Audit
Hack Attack
100

Malicious code activated by a specific event is called:

a. Backdoor

b. Logic bomb                    

c. Worm       

d. Trojan Horse  

b. Logic bomb                    


100

This type of social engineering tactic is used to gain information relating to a specific group or user:

a. Whaling

b. Phishing

c. Spear Phishing

d. Vishing

c. Spear Phishing

100

SYN Flood is a type of ___________ attack

DOS
100

1.What is the difference between authorization and authentication?

Authorization means granting a user account configured on the computer system the right to make use of a resource (allocating the user privileges on the resource). Authentication protects the validity of the user account by testing that the person accessing that account is who s/he says s/he is.

100

What operating system is preferred by new Penetration testers and Hackers and come preinstalled with various PenTest tools and features?

Kali Linux

200

Which of the following answers refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?

a. Logic bomb

b. Trojan horse        

c. Rootkit        

d. Backdoor   

b. Backdoor    

200

A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:

a. Spear phishing        

b. Tailgating        

c. Spoofing    

d. Shoulder Surfing

d. Shoulder Surfing

200

A vulnerability found soon after an update for which there is currently no patch.

Zero Day

200

True or false? An account requiring a password, PIN, and one-time password is an example of three-factor authentication.

False - three factor authentication would include a biometric or behavioral element.

200

What type of password attack:

Tries every possible combination, uses a large key to make passwords computationally difficult, and often requires multiple attempts to breach?

a. Brute Force

b. Dictionary 

c. Rainbow Tables

d. Shoulder surfing

a. Brute Force

300

Which of the terms listed below applies to a collection of intermediary compromised systems that are used as a platform for a DDoS attack?

a. Honeynet        

b. Botnet                    

c. Quarantine network        

d. Malware  

  b. Botnet

300

Jump in the trash and find corporate information can be categorized as . . . 

a. Adware

b. Bin bushing

c. Can Crashing

d. Dumpster Diving

d. Dumpster Diving

300

username: Student1' OR '1' = '1

SQL Injection

300

What does OTP stand for?

a. One Task Protocol

b. On Time Password

c. One Time Protocol

d. One Tree Pass

b. One Time Password

300

Which of the following command-line tools is used for discovering hosts and services on a network?

  • Nmap                   
  • netcat        
  • Zenmap        
  • tcpdump    

Nmap

400

 Which of the following answers lists an example of spyware?

a. Keylogger               

b. Vulnerability scanner        

c. Computer worm        

d. Packet sniffer    

a. Keylogger

400

A social engineering technique whereby attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:        

a. Phishing                

b. Privilege escalation                

c. Backdoor access   

d. Shoulder surfing    

c. Backdoor access  

400

A vulnerability in which a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

Buffer Overflowtudent1' OR '1' 

400

Select two types of defenses that would be appropriate for securing access to your server room.

a) Access Control Vestibule

b) Door Greeter

c) Smart Card

d) Asking nicely

e) Verbal password relay that changes every day

400

Name one application-type password cracking software.

Cain and Abel

John the Ripper

THC Hydra

Aircrack

L0phtcrack

500

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called...

A worm
500

A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: (Select 2 answers)        

  • Phishing                

  • Watering hole attack                

  • Social engineering                

  • Zero-day exploit                

  • Vishing    

  • Phishing                            

  • Social engineering                              

500
You notice a second WiFi name on available networks at your cafe. Instead of CrazyBeans1, it is CrazyBeansl

Evil Twin

500

The company you work for has suffered numerous intrusions due to poor password management by employees. Given a significant budget to mitigate the problem, what type of security control would you use?

A multifactor authentication product would mitigate this type of problem by requiring users to authenticate with a smart card or biometric information as well as a password.

500

What is the name of a Linux command-line utility that can be used to display TCP/IP configuration settings?

ifconfig