0%
Created by agyenbons

Sec+ Practice Domain1

1 / 25

Category: Sec+ Domain 1

212.      Rick runs WPScan against a potentially vulnerable WordPress installation. WPScan is a web application security scanner designed specifically for WordPress sites. As part of the scan results, he notices the following entry: What should Rick do after remediating this vulnerability?

2 / 25

Category: Sec+ Domain 1

176.     Susan receives $10,000 for reporting a vulnerability to a vendor who participates in a program to identify issues. What term is commonly used to describe this type of payment?

3 / 25

Category: Sec+ Domain 1

166.      A SYN flood seeks to overwhelm a system by tying up all the open sessions that it can create. What type of attack is this?

4 / 25

Category: Sec+ Domain 1

163.      Patrick has subscribed to a commercial threat intelligence feed that is only provided to sub- scribers who have been vetted and who pay a monthly fee. What industry term is used to refer to this type of threat intelligence?

5 / 25

Category: Sec+ Domain 1

144.      What term describes data that is collected from publicly available sources that can be used in an intelligence context?

6 / 25

Category: Sec+ Domain 1

139.      Which of the following is not a common part of a cleanup process after a penetration test?

7 / 25

Category: Sec+ Domain 1

120.      Which of the following attacks can be caused by a user being unaware of their physical surroundings?

8 / 25

Category: Sec+ Domain 1

104.      Valerie is responsible for security testing applications in her company. She has discovered that a web application, under certain conditions, can generate a memory leak. What type of attack would this leave the application vulnerable to?

9 / 25

Category: Sec+ Domain 1

99.          Spyware is an example of what type of malicious software?

10 / 25

Category: Sec+ Domain 1

86.      Which of the following threat actors is most likely to be associated with an advanced persis- tent threat (APT)?

11 / 25

Category: Sec+ Domain 1

85.      Elizabeth is investigating a network breach at her company. She discovers a program that was able to execute code within the address space of another process by using the target pro- cess to load a specific library. What best describes this attack?

12 / 25

Category: Sec+ Domain 1

80.      Steve discovers the following code on a system. What language is it written in, and what does it do? 1.import socket as skt,2.for port in range (1,9999): try: sc=skt.socket(askt.AF_INET,skt.SOCK_STREAM) sc.settimeout(900) sc.connect(('127.0.0.1,port))3.print '%d:OPEN' % (port) sc.close, except: continue

13 / 25

Category: Sec+ Domain 1

79.      Your company has hired an outside security firm to perform various tests of your network. During the vulnerability scan, you will provide that company with logins for various systems (i.e., database server, application server, web server, etc.) to aid in their scan. What best describes this?

14 / 25

Category: Sec+ Domain 1

78.      Gerald is a network administrator for a small financial services company. Users are reporting odd behavior that appears to be caused by a virus on their machines. After isolating the machines that he believes are infected, Gerald analyzes them. He finds that all the infected machines received an email purporting to be from accounting, with an Excel spreadsheet, and the users opened the spreadsheet. What is the most likely issue on these machines?

15 / 25

Category: Sec+ Domain 1

76.      Telnet, RSH, and FTP are all examples of what?

16 / 25

Category: Sec+ Domain 1

72.      When a program has variables, especially arrays, and does not check the boundary values before inputting data, what attack is the program vulnerable to?

17 / 25

Category: Sec+ Domain 1

50.      Your wireless network has been breached. It appears the attacker modified a portion of data used with the stream cipher and used this to expose wirelessly encrypted data. What is this attack called?

18 / 25

Category: Sec+ Domain 1

41.      What type of threat actors are most likely to have a profit motive for their malicious activities?

19 / 25

Category: Sec+ Domain 1

31.      What type of attack is based on entering fake entries into a target network’s domain name server?

20 / 25

Category: Sec+ Domain 1

26.      How is phishing different from general spam?

21 / 25

Category: Sec+ Domain 1

25.      Mahmoud is responsible for managing security at a large university. He has just performed a threat analysis for the network, and based on past incidents and studies of similar networks, he has determined that the most prevalent threat to his network is low-skilled attackers who wish to breach the system, simply to prove they can or for some low-level crime, such as changing a grade. Which term best describes this type of attacker?

22 / 25

Category: Sec+ Domain 1

15.      Chris has hundreds of systems spread across multiple locations and wants to better handle the amount of data that they create. What two technologies can help with this?

23 / 25

Category: Sec+ Domain 1

13.      Chris needs visibility into connection attempts through a firewall because he believes that a TCP handshake is not properly occurring. What security information and event management (SIEM) capability is best suited to troubleshooting this issue?

24 / 25

Category: Sec+ Domain 1

8.          Rick wants to make offline brute-force attacks against his password file very difficult for attackers. Which of the following is not a common technique to make passwords harder to crack?

25 / 25

Category: Sec+ Domain 1

4.          Users are complaining that they cannot connect to the wireless network. You discover that the WAPs are being subjected to a wireless attack designed to block their Wi-Fi signals. Which of the following is the best label for this attack?

Leave a Comment

Your email address will not be published. Required fields are marked *