-
web.groovymark@gmail.com
- December 3, 2024
Question 01
A system administrator has noticed unusual outbound traffic from a company workstation to an unknown external IP address. After an investigation, it was discovered that the workstation was compromised, and sensitive data was being transferred to the external server. Despite the antivirus and firewall being up-to-date, this incident still occurred. Which of the following is the MOST likely cause of the breach?
A. Zero-day attack
B. Social engineering attack
C. Distributed Denial-of-Service (DDoS) attack
D. DNS poisoning attack
Correct Answer: A. Zero-day attack
Explanation: A zero-day attack exploits a vulnerability that is unknown to the software vendor or has not been patched yet, making it undetectable by antivirus or firewall systems that rely on known threat signatures. In this scenario, the attacker likely used an unknown vulnerability to gain access to the workstation and exfiltrate sensitive data without detection. Social engineering, DDoS, and DNS poisoning are different attack types that don't align with the detailed description of the breach.
Question 02
Which of the following types of attacks uses multiple computers to overwhelm the target system, causing service disruption?
A. SQL injection
B. Brute-force attack
C. Distributed Denial-of-Service (DDoS) attack
D. Man-in-the-middle attack
Correct Answer: C. Distributed Denial-of-Service (DDoS) attack
Explanation: A DDoS attack occurs when multiple computers, often part of a botnet, overwhelm a target system with traffic, making it unavailable to users. The other attack types listed do not involve overwhelming a system with traffic in the same way.
Question 03
A security analyst is conducting a review of a recently discovered vulnerability. This vulnerability allows an attacker to execute arbitrary code on a remote system by sending specially crafted packets. Which of the following best describes this type of vulnerability?
A. Privilege escalation
B. Remote code execution
C. Buffer overflow
D. SQL injection
Correct Answer: B. Remote code execution
Explanation: Remote code execution occurs when an attacker can execute malicious code on a remote system by exploiting vulnerabilities, such as improperly handled input. In this scenario, the vulnerability allows arbitrary code execution via specially crafted packets. Buffer overflow, privilege escalation, and SQL injection are different types of attacks.
Question 04
Which of the following protocols is used to encrypt email communications, ensuring confidentiality between sender and receiver?
A. SSH
B. S/MIME
C. TLS
D. HTTPS
Correct Answer: B. S/MIME
Explanation: S/MIME (Secure/Multipurpose Internet Mail Extensions) is used to encrypt and digitally sign email communications, ensuring confidentiality and integrity. TLS and HTTPS secure web communications, and SSH is used for secure command-line access, not email.
Question 05
A security administrator needs to ensure that all user authentication requests sent over the network are encrypted. Which protocol should be implemented to achieve this?
A. HTTP
B. FTP
C. LDAP
D. LDAPS
Correct Answer: D. LDAPS
Explanation: LDAPS (Lightweight Directory Access Protocol Secure) is the secure version of LDAP, which encrypts authentication traffic. HTTP and FTP do not offer the required encryption, and plain LDAP is not secure without TLS or SSL.
Question 06
Which of the following is the primary security concern associated with the use of wireless networks in public locations?
A. Rogue access points
B. Man-in-the-middle attacks
C. Signal interference
D. Packet loss
Correct Answer: B. Man-in-the-middle attacks
Explanation: Man-in-the-middle (MitM) attacks are a major concern for wireless networks in public locations, where an attacker can intercept communications between a client and a server. While rogue access points are also a concern, MitM attacks directly impact the confidentiality of the communication.
Question 07
Which of the following is a method used to capture and analyze network traffic to identify suspicious or malicious activity?
A. Protocol analyzer
B. Firewall
C. Honeypot
D. IDS
Correct Answer: A. Protocol analyzer
Explanation: A protocol analyzer captures and analyzes network traffic, allowing security professionals to examine packet contents and identify suspicious or malicious activity. Firewalls block or allow traffic, honeypots attract attackers, and IDS detects intrusions but does not capture traffic for analysis.
Question 08
An attacker sends unsolicited messages over an Internet messaging service. This attack is known as which of the following?
A. Spam
B. Phishing
C. SPIM
D. SMiShing
Correct Answer: C. SPIM
Explanation: SPIM (Spam over Instant Messaging) refers to unsolicited messages sent over an instant messaging service. Spam generally refers to unsolicited email, phishing involves tricking users into revealing sensitive information, and SMiShing targets users via SMS text messages.
Question 09
A company needs to transfer a large file containing personal customer information to a business partner. Which of the following is the best protocol to use to ensure secure file transfer?
A. FTP
B. TFTP
C. SFTP
D. Telnet
Correct Answer: C. SFTP
Explanation: SFTP (Secure File Transfer Protocol) uses SSH to encrypt file transfers, ensuring secure data transmission. FTP and TFTP are not secure protocols, and Telnet is used for remote command-line access, not file transfer.
Question 10
A network administrator wants to restrict access to certain areas of the network based on user identity. Which of the following is the best access control model to implement?
A. Discretionary access control (DAC)
B. Role-based access control (RBAC)
C. Mandatory access control (MAC)
D. Attribute-based access control (ABAC)
Correct Answer: B. Role-based access control (RBAC)
Explanation: Role-based access control (RBAC) assigns permissions based on the role a user holds within the organization. This model allows the administrator to control access to areas of the network based on a user's job responsibilities. DAC, MAC, and ABAC are other access control models but do not directly address the need for user identity-based restrictions as RBAC does.
Question 11
Which of the following best describes the goal of a man-in-the-middle (MitM) attack?
A. To deny users access to a resource
B. To alter communications between two parties without their knowledge
C. To exploit a vulnerability in a network protocol
D. To inject malicious code into a web application
Correct Answer: B. To alter communications between two parties without their knowledge
Explanation: A man-in-the-middle (MitM) attack occurs when an attacker intercepts and possibly alters communications between two parties without their knowledge. The goal is to eavesdrop or manipulate the communication for malicious purposes. Denying access and exploiting vulnerabilities are other attack types but are not the primary focus of a MitM attack.
Question 12
A company implements a policy requiring all employees to authenticate using two separate factors, such as something they know and something they have. Which of the following authentication methods does this describe?
A. Single sign-on (SSO)
B. Two-factor authentication (2FA)
C. Password-based authentication
D. Role-based authentication
Correct Answer: B. Two-factor authentication (2FA)
Explanation: Two-factor authentication (2FA) requires users to authenticate using two different types of credentials, such as something they know (password) and something they have (security token). SSO, password-based, and role-based authentication do not necessarily require two separate factors for authentication.
Question 13
Which of the following attacks involves an attacker flooding a target system with connection requests but not completing the handshake process?
A. SYN flood
B. Smurf attack
C. DNS poisoning
D. SQL injection
Correct Answer: A. SYN flood
Explanation: A SYN flood attack occurs when an attacker sends a large number of SYN (synchronize) requests to a target but never completes the TCP handshake. This overloads the system, preventing it from responding to legitimate connection requests. Smurf attacks, DNS poisoning, and SQL injection are different types of attacks.
Question 14
Which of the following is a benefit of using WPA2 with AES encryption on a wireless network?
A. Improved speed
B. Increased security
C. Easier configuration
D. Backward compatibility with WEP
Correct Answer: B. Increased security
Explanation: WPA2 with AES encryption provides strong security for wireless networks by using advanced encryption algorithms. This makes it more secure than older protocols like WEP. While it may not improve speed or ease of configuration, it significantly enhances security.
Question 15
Which of the following is the best reason for disabling unused services on a server?
A. To improve performance
B. To reduce attack surface
C. To prevent unauthorized access
D. To conserve resources
Correct Answer: B. To reduce attack surface
Explanation: Disabling unused services reduces the attack surface of a server by limiting the number of potential vulnerabilities that an attacker can exploit. While it may also improve performance and conserve resources, the primary security benefit is reducing the risk of attack.
Question 16
Which of the following security controls is used to prevent data from being intercepted during transmission between two points?
A. Encryption
B. Firewall
C. Antivirus
D. Access control list
Correct Answer: A. Encryption
Explanation: Encryption is used to protect data during transmission, ensuring that even if it is intercepted, it cannot be read by unauthorized parties. Firewalls control traffic flow, antivirus software detects and removes malware, and access control lists regulate access to resources.
Question 17
Which of the following attacks attempts to redirect traffic from a legitimate website to a malicious one by corrupting DNS records?
A. DNS poisoning
B. Phishing
C. SQL injection
D. ARP poisoning
Correct Answer: A. DNS poisoning
Explanation: DNS poisoning (also known as DNS spoofing) occurs when an attacker corrupts the DNS records of a domain, causing traffic intended for a legitimate website to be redirected to a malicious site. Phishing, SQL injection, and ARP poisoning are different types of attacks that do not involve DNS manipulation.
Question 18
A company wants to ensure that data stored on employee laptops is protected in case the devices are lost or stolen. Which of the following is the best solution to implement?
A. Antivirus software
B. Full disk encryption
C. VPN
D. Two-factor authentication
Correct Answer: B. Full disk encryption
Explanation: Full disk encryption ensures that all data stored on a laptop is encrypted and cannot be accessed by unauthorized individuals if the device is lost or stolen. Antivirus software, VPNs, and two-factor authentication do not provide the same level of protection for stored data.
Question 19
Which of the following describes the main purpose of a honeypot in a network?
A. To detect unauthorized access
B. To lure attackers and study their behavior
C. To filter network traffic
D. To block malware infection
Correct Answer: B. To lure attackers and study their behavior
Explanation: A honeypot is a decoy system used to attract attackers and observe their activities without compromising the actual network. It is not designed primarily for detecting access, filtering traffic, or blocking malware, though it may help security teams improve defenses based on the information gathered.
Question 20
Which of the following provides an additional layer of security by encrypting data at rest on a mobile device?
A. Remote wipe
B. Screen lock
C. Full disk encryption
D. Application sandboxing
Correct Answer: C. Full disk encryption
Explanation: Full disk encryption ensures that all data stored on a mobile device is encrypted and protected, even if the device is lost or stolen. Screen locks, remote wipes, and application sandboxing are additional security measures but do not provide the same level of data protection as encryption.
