-
web.groovymark@gmail.com
- December 4, 2024
Question 41
What type of attack involves an attacker impersonating a legitimate entity to steal login credentials or personal information?
A. Phishing
B. Denial of Service (DoS)
C. SQL injection
D. DNS poisoning
Correct Answer: A. Phishing
Explanation: Phishing attacks trick users into divulging personal information, such as passwords, by pretending to be a legitimate entity.
Question 42
Which of the following describes the process of verifying the identity of a user or device?
A. Encryption
B. Authentication
C. Authorization
D. Logging
Correct Answer: B. Authentication
Explanation: Authentication is the process of verifying the identity of a user or device before granting access to a system or resource.
Question 43
Which security mechanism limits access to a network based on a device’s MAC address?
A. IP filtering
B. MAC filtering
C. URL filtering
D. SSL
Correct Answer: B. MAC filtering
Explanation: MAC filtering controls access to a network by allowing only devices with approved MAC addresses to connect.
Question 44
Which type of malware restricts access to a system or data and demands payment to release it?
A. Spyware
B. Ransomware
C. Worm
D. Trojan
Correct Answer: B. Ransomware
Explanation: Ransomware encrypts data or locks users out of their systems, demanding payment to restore access.
Question 45
Which of the following refers to an attack where a hacker inserts malicious code into a website form to gain unauthorized access to the database?
A. SQL injection
B. Cross-site scripting (XSS)
C. Phishing
D. Man-in-the-middle attack
Correct Answer: A. SQL injection
Explanation: SQL injection involves inserting malicious SQL code into a website's input fields to manipulate the database and gain unauthorized access.
Question 46
What type of encryption is used to create a secure connection over an untrusted network like the internet?
A. Asymmetric encryption
B. Symmetric encryption
C. Hashing
D. Digital signatures
Correct Answer: A. Asymmetric encryption
Explanation: Asymmetric encryption, such as that used in SSL/TLS protocols, establishes secure communication over untrusted networks by using a public-private key pair.
Question 47
Which of the following prevents a malicious user from capturing and replaying authentication credentials?
A. Digital signatures
B. Nonce
C. Encryption
D. Key stretching
Correct Answer: B. Nonce
Explanation: A nonce is a random number used only once in authentication processes to prevent replay attacks by ensuring that each authentication attempt is unique.
Question 48
Which type of malware spreads across networks without user interaction and typically exploits vulnerabilities in network services?
A. Worm
B. Trojan
C. Spyware
D. Ransomware
Correct Answer: A. Worm
Explanation: Worms are self-replicating malware that spread across networks without user interaction, often exploiting vulnerabilities in network services.
Question 49
What is the purpose of a certificate authority (CA) in a PKI?
A. To encrypt data
B. To issue and manage digital certificates
C. To generate encryption keys
D. To create hashes
Correct Answer: B. To issue and manage digital certificates
Explanation: A certificate authority (CA) is responsible for issuing and managing digital certificates that verify the identity of entities in a Public Key Infrastructure (PKI).
Question 50
Which of the following involves intercepting and altering data being transferred between two devices?
A. Man-in-the-middle attack
B. SQL injection
C. Phishing
D. Cross-site scripting (XSS)
Correct Answer: A. Man-in-the-middle attack
Explanation: A man-in-the-middle attack involves intercepting and altering communication between two parties without their knowledge, often to steal data or inject malicious content.
