Which of the following accurately describes a phishing attack?

An attacker sends fraudulent emails or messages to deceive users and obtain their sensitive information

An attacker captures network traffic to eavesdrop on sensitive information transmitted between two parties

Which of the following accurately describes a man-in-the-middle (MITM) attack?

An attacker captures network traffic to eavesdrop on sensitive information transmitted between two parties

An attacker injects malicious code into a web application and executes it on other users' browsers

What is the main goal of a buffer overflow attack?

To overwrite a computer program's memory and execute arbitrary code

What is the primary goal of a remote code execution attack?

To gain unauthorized access to a remote system

To crash the targeted application

To overload the network and deny service to legitimate users

To steal sensitive information from the targeted system

Which security measure can help prevent a session hijacking attack?

Implementing two-factor authentication

Regularly patching and updating applications

Using strong encryption algorithms for data transmission

Configuring a web application firewall (WAF)

Which of the following is an example of a file inclusion attack?

Local file inclusion (LFI) attack

Remote code execution (RCE) attack

Which security mechanism can help prevent a brute force attack?

Limiting the number of login attempts

Encrypting data during transmission

Implementing multi-factor authentication

Blocking suspicious IP addresses

What is the main purpose of a buffer overflow attack?

To execute malicious code on the targeted system

To gain unauthorized access to a remote system

To steal sensitive information from the targeted system

To crash the targeted application

What is the main purpose of a distributed denial of service (DDoS) attack?

To overload the network and deny service to legitimate users

To gain unauthorized access to a remote system

To steal sensitive information from the targeted system

What is the primary purpose of a cross-site scripting (XSS) attack?

To inject malicious scripts into a web page

To overload the network and deny service to legitimate users

To gain unauthorized access to a remote system

To steal sensitive information from the targeted system

Which of the following is an example of a privilege escalation attack?

Local file inclusion (LFI) attack

Man-in-the-middle (MitM) attack

Which of the following is a mitigation technique for a SQL injection attack?

Input validation and sanitization

Using complex passwords for database accounts

Implementing a firewall to block suspicious traffic

Regularly backing up the database

Comptia Security+ Understanding Application Attacks and security

Authored by J. Hines

Computers

Professional Development

Used 39+ times

Comptia Security+ Understanding Application Attacks and security

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following accurately describes a SQL injection attack?

An attacker exhaustively tries every possible combination of input to a system in order to bypass its security measures

An attacker exploits vulnerabilities in a web application's authentication mechanism to gain unauthorized access

An attacker injects malicious SQL code into a web application's database query to manipulate its behavior

An attacker intercepts and modifies data between a client and a server

An attacker analyzes network traffic to capture and replay authentication credentials

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the main purpose of a cross-site scripting (XSS) attack?

To perform unauthorized actions on a web server by manipulating its user interface

To inject malicious code into a web application and execute it on other users' browsers

To intercept and decrypt sensitive information transmitted over a network

To bypass authentication mechanisms and gain unauthorized access to a web application

To gain unauthorized access to a system by exploiting vulnerabilities in its network protocols

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is a characteristic of a zero-day exploit?

It is a type of social engineering attack that tricks users into revealing their login credentials

It targets a vulnerability that is already known and for which a patch has been released

It uses cryptographic techniques to guess or reverse engineer passwords

It takes advantage of a software vulnerability that has not yet been discovered or patched

It exploits vulnerabilities in a network's protocols to gain unauthorized access

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following techniques can be used to mitigate the risk of a distributed denial of service (DDoS) attack?

Secure coding practices and input validation

Traffic filtering and rate limiting at the network level

Intrusion detection and prevention systems

Encryption and public key infrastructure

Network segmentation and access control lists

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following correctly defines privilege escalation?

An attacker manipulates a web application's user interface to perform unauthorized actions on a web server

An attacker gains unauthorized access to a system by exploiting vulnerabilities in its network protocols

An attacker injects malicious SQL code into a web application's database query to manipulate its behavior

An attacker intercepts and modifies data between a client and a server

An attacker gains additional privileges or access rights in a system beyond what they were originally granted

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the main objective of a DNS spoofing attack?

To gain unauthorized access to a system by exploiting vulnerabilities in its network protocols

To redirect the traffic of a legitimate website to a malicious one

To intercept and modify data between a client and a server

To inject malicious code into a web application and execute it on other users' browsers

To perform unauthorized actions on a web server by manipulating its user interface

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the main purpose of input validation in an application's security?

To gain unauthorized access to a system by exploiting vulnerabilities in its network protocols

To perform unauthorized actions on a web server by manipulating its user interface

To intercept and modify data between a client and a server

To prevent malicious input from being processed and executed

To encrypt and decrypt sensitive information transmitted over a network

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

CERI-ITLA

Quiz

•

10th Grade - Professi...

25 questions

The final RIPASSONE

Quiz

•

Professional Development

25 questions

Software

Quiz

•

Professional Development

31 questions

Year 7 Computer Science Baseline

Quiz

•

KG - Professional Dev...

25 questions

IT support technician level-1 (MS. Word)

Quiz

•

Professional Development

25 questions

Computer Operation Quiz - 1

Quiz

•

Professional Development

25 questions

Introduction to Kubernetes

Quiz

•

Professional Development

25 questions

Openstack

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Computers

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

20 questions

Easter trivia

Quiz

•

12th Grade - Professi...