-
web.groovymark@gmail.com
- December 4, 2024
Question 41
Which of the following protocols is used to send email from a client to a server?
A. HTTP
B. HTTPS
C. SMTP
D. FTP
Correct Answer: C. SMTP
Explanation: SMTP (Simple Mail Transfer Protocol) is used to send email from a client to a server. HTTP and HTTPS are used for web traffic, while FTP is used for file transfers.
Question 42
Which of the following is the primary purpose of a VPN?
A. To encrypt data stored on a disk
B. To provide secure communication over the internet
C. To manage user access to applications
D. To perform network penetration testing
Correct Answer: B. To provide secure communication over the internet
Explanation: VPNs encrypt data and provide secure communication over the internet. They do not manage user access or perform penetration testing.
Question 43
What type of attack involves repeatedly trying different combinations of passwords to gain access to an account?
A. Phishing
B. Man-in-the-middle attack
C. Brute-force attack
D. Smishing
Correct Answer: C. Brute-force attack
Explanation: Brute-force attacks involve repeatedly trying different combinations of passwords to gain access to an account. Phishing, man-in-the-middle attacks, and smishing are different attack methods.
Question 44
Which of the following refers to software that collects personal information without the user’s consent?
A. Adware
B. Spyware
C. Ransomware
D. Worm
Correct Answer: B. Spyware
Explanation: Spyware collects personal information from users without their consent. Adware displays ads, ransomware locks users out, and worms spread across networks.
Question 45
What is the primary function of a proxy server?
A. To monitor network traffic
B. To filter and forward requests between clients and servers
C. To encrypt communications
D. To store security policies
Correct Answer: B. To filter and forward requests between clients and servers
Explanation: A proxy server filters and forwards requests between clients and servers, acting as an intermediary. It does not encrypt communications or store security policies.
Question 46
Which of the following describes a process where an attacker’s device impersonates another device on a network?
A. Bluesnarfing
B. Spoofing
C. Phishing
D. Smishing
Correct Answer: B. Spoofing
Explanation: Spoofing involves an attacker's device impersonating another device on a network. Bluesnarfing, phishing, and smishing involve different attack methods.
Question 47
What is the purpose of salting passwords before hashing them?
A. To encrypt the password
B. To prevent rainbow table attacks
C. To convert the password into a fixed-length string
D. To ensure confidentiality of the password
Correct Answer: B. To prevent rainbow table attacks
Explanation: Salting passwords before hashing them adds a random value to make it harder for attackers to crack the password using rainbow table attacks. It does not encrypt or ensure confidentiality.
Question 48
Which of the following refers to a distributed attack where multiple systems are used to flood a target with traffic?
A. SQL injection
B. Denial of Service (DoS)
C. Man-in-the-middle attack
D. Distributed Denial of Service (DDoS)
Correct Answer: D. Distributed Denial of Service (DDoS)
Explanation: A DDoS attack involves multiple systems flooding a target with traffic, overwhelming its resources. SQL injection, DoS, and man-in-the-middle attacks use different methods.
Question 49
Which of the following best describes the concept of least privilege?
A. Users should have only the permissions necessary to complete their tasks
B. All users should have administrator privileges
C. Only administrators should be able to access systems
D. Users should have access to all data in the network
Correct Answer: A. Users should have only the permissions necessary to complete their tasks
Explanation: Least privilege ensures that users are given only the permissions they need to complete their tasks, reducing the risk of unauthorized access. It does not grant administrator privileges to all users.
Question 50
Which of the following refers to a security solution that prevents data from being lost, stolen, or misused?
A. Data Loss Prevention (DLP)
B. Security Information and Event Management (SIEM)
C. Public Key Infrastructure (PKI)
D. Penetration testing
Correct Answer: A. Data Loss Prevention (DLP)
Explanation: Data Loss Prevention (DLP) solutions prevent sensitive data from being lost, stolen, or misused by monitoring and enforcing data handling policies. SIEM, PKI, and penetration testing serve different security purposes.
