Why are zero-day vulnerabilities considered high risk?

Because they can be exploited for cyberattacks and have no known fixes.

Because they are easy to detect.

Because they are always disclosed to the public.

What is the typical response of security researchers or ethical hackers when they discover a zero-day vulnerability?

They inform the software vendor to address the issue.

They keep it secret to exploit it later.

They sell it on the black market.

Which of the following is a recommended practice to defend against zero-day vulnerabilities?

Employing security best practices and regularly updating software.

Using outdated security systems.

Disabling intrusion detection systems.

What are cryptographic vulnerabilities?

Weaknesses or flaws in cryptographic systems

Strengths in cryptographic systems

Enhancements in cryptographic algorithms

Improvements in cryptographic implementations

Which of the following is NOT a result of exploiting cryptographic vulnerabilities?

Subverting cryptographic security

Which of the following is a consequence of weak key generation in cryptographic systems?

Leads to predictability and reduces security

Exploited by attackers to show vulnerabilities

Insufficiently random numbers undermine security

Show leaked information from side channels

What is a potential risk of inadequate key management?

Show leaked information from side channels

Exploited by attackers to show vulnerabilities

Insufficiently random numbers undermine security

Algorithmic weaknesses in cryptographic systems can lead to which of the following?

Show leaked information from side channels

Leads to predictability and reduces security

Exploited by attackers to show vulnerabilities

Insufficiently random numbers undermine security

What is the impact of random number generation weakness in cryptographic systems?

Insufficiently random numbers undermine security

Leads to predictability and reduces security

Exploited by attackers to show vulnerabilities

Show leaked information from side channels

What does insufficient entropy in cryptographic operations weaken?

Security in key and random number generation

What are the two prevalent types of virtualization vulnerabilities mentioned in the document?

Resource reuse vulnerabilities and VM escape vulnerabilities

Network vulnerabilities and software vulnerabilities

Hardware vulnerabilities and data vulnerabilities

User access vulnerabilities and system vulnerabilities

What is a potential risk of VM escape vulnerabilities?

Attackers gaining access to a VM to break out of the virtualized environment

Unauthorized access to physical hardware

What should administrators do to mitigate the risks associated with VM snapshots?

Ensure VM snapshots are properly managed, secured, and stored in isolated locations

Share VM snapshots with all users

Use VM snapshots only for testing purposes

What is a recommended prevention method for virtualization vulnerabilities?

Regularly update the hypervisor software and host system, audit, and restrict access to authorized personnel

Allow unrestricted access to all users

Avoid using virtual machines for critical tasks

What can resource reuse vulnerabilities in virtualization environments lead to?

Unauthorized access or data leakage between VMs

What is the purpose of VM snapshots?

To capture a virtual machine's state at a specific point in time for backup, recovery, or testing purposes

To increase the speed of the virtual machine

To provide unlimited access to all users

What are application vulnerabilities?

Weaknesses or flaws within software applications

Strengths within software applications

Security measures within software applications

Performance enhancements within software applications

What can malicious updates involve?

Compromising the update mechanism in the guise of a legitimate software update

Enhancing the software's performance

Improving the software's security

Adding new features to the software

What is recommended to address virtualization vulnerabilities?

Implementing proper isolation measures between VMs

Allowing unrestricted access to the hypervisor

What is a buffer overflow?

An injection technique in which an attacker overwhelms a program's memory buffer with an excessive amount of data, leading to the overwriting of adjacent memory locations.

An injection technique where an attacker manipulates input fields within an application to inject malicious SQL queries into a database.

A method used by attackers to exploit software vulnerabilities by inserting malicious code into an application's allocated memory space.

A technique where an attacker compromises the update mechanism of an application to deliver harmful or malicious code.

What is SQL injection?

An injection technique where an attacker manipulates input fields within an application to inject malicious SQL queries into a database.

An injection technique in which an attacker overwhelms a program's memory buffer with an excessive amount of data, leading to the overwriting of adjacent memory locations.

A method used by attackers to exploit software vulnerabilities by inserting malicious code into an application's allocated memory space.

A technique where an attacker compromises the update mechanism of an application to deliver harmful or malicious code.

What can result from a buffer overflow if not properly mitigated?

Code execution or system crashes.

The execution of unauthorized or malicious actions within the application.

The injection of malicious SQL queries into a database.

The delivery of harmful or malicious code in the guise of a legitimate software update.

What is memory injection?

A method used by attackers to exploit software vulnerabilities by inserting malicious code into an application's allocated memory space.

An injection technique where an attacker manipulates input fields within an application to inject malicious SQL queries into a database.

An injection technique in which an attacker overwhelms a program's memory buffer with an excessive amount of data, leading to the overwriting of adjacent memory locations.

A technique where an attacker compromises the update mechanism of an application to deliver harmful or malicious code.

What is SQL injection?

An attack that manipulates input fields to inject malicious SQL queries into a database

A technique to optimize SQL queries

A way to improve database performance

What is the purpose of input validation in application security?

To validate and sanitize all user input to prevent malicious code

To improve application performance

Which of the following is a benefit of using prepared statements in database interactions?

They prevent SQL injection by using parameterized queries

They improve database performance

They make it easier to write SQL queries

They reduce the size of the database

What is the role of proper memory handling in application security?

To use secure programming practices to prevent buffer overflow vulnerabilities

To increase the speed of the application

To reduce the cost of development

What is Cross-Site Scripting (XSS)?

B) A variant of injection vulnerability affecting web applications

D) A type of database management system

Which of the following is NOT a category of XSS vulnerabilities?

B) Reflected (Non-Persistent) XSS

What is the primary characteristic of Stored (Persistent) XSS?

B) It involves the persistent storage of injected malicious scripts on the targeted server.

A) It involves the temporary storage of injected malicious scripts.

C) It involves the reflection of scripts off a web server.

D) It involves the manipulation of the Document Object Model (DOM).

What is the purpose of conducting thorough security testing?

B) To identify and address memory injection vulnerabilities

A) To improve user interface design

C) To enhance application performance

What does the principle of least privilege ensure?

A) That your application runs with the least privilege necessary

B) That your application has maximum access to resources

C) That your application is the fastest

D) That your application is the most user-friendly

SEC+ Mod 6 Part 2

Authored by Pat Johnson

Computers

12th Grade

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

81 questions

Show all answers

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

76 questions

GDCD ck2 (74-150)

Quiz

•

9th - 12th Grade

78 questions

OCR H446 - 1.4 Data Types and Structures - Computer Systems - 01

Quiz

•

12th Grade

85 questions

Test STEM English IT

Quiz

•

1st Grade - Professio...

76 questions

Toekomstige Tegnologie

Quiz

•

12th Grade

80 questions

PRM cho cột sống vững trãi hơn

Quiz

•

1st - 12th Grade

79 questions

Tin CK1

Quiz

•

12th Grade

82 questions

ÔN GIỮA KÌ 1_12 2024_2

Quiz

•

12th Grade

80 questions

Unit 1 LO3 Complete Set of Questions

Quiz

•

11th - 12th Grade

Popular Resources on Wayground

16 questions

Grade 3 Simulation Assessment 2

Quiz

•

3rd Grade

19 questions

HCS Grade 5 Simulation Assessment_1 2526sy

Quiz

•

5th Grade

10 questions

Cinco de Mayo Trivia Questions

Interactive video

•

3rd - 5th Grade

17 questions

HCS Grade 4 Simulation Assessment_2 2526sy

Quiz

•

4th Grade

24 questions

HCS Grade 5 Simulation Assessment_2 2526sy

Quiz

•

5th Grade

13 questions

Cinco de mayo

Interactive video

•

6th - 8th Grade

20 questions

Math Review

Quiz

•

3rd Grade

30 questions

GVMS House Trivia 2026

Quiz

•

6th - 8th Grade

Discover more resources for Computers

27 questions

AP CSP Exam Review

Quiz

•

10th - 12th Grade

11 questions

Acids and Bases

Interactive video

•

9th - 12th Grade

SEC+ Mod 6 Part 2

What is an example of data exposure?

Accidentally making a database accessible to the public is an example of data exposure.

What is inadequate logging and monitoring?

Not configuring proper logging and monitoring refers to the lack of setting up systems to track and analyze activities, making it difficult to detect and respond to security incidents effectively.

What is a consequence of unencrypted data transmission?

Eavesdropping is a consequence of unencrypted data transmission as it allows unauthorized parties to intercept and listen to the data being transmitted.

What is a zero-day vulnerability?

A zero-day vulnerability is a vulnerability unknown to the software vendor or the general public, making it potentially dangerous due to the lack of available patches or defenses.

Which of the following is NOT a characteristic of a zero-day vulnerability?

The correct choice is 'Low risk' because zero-day vulnerabilities are typically considered high risk due to their unknown nature and lack of public disclosure.

What is a zero-day vulnerability?

A zero-day vulnerability is a vulnerability that is unknown to the software vendor and has no patches or updates available.

Which of the following is NOT a characteristic of zero-day vulnerabilities?

The correct choice is 'Low risk' because zero-day vulnerabilities are typically considered high risk due to their unknown nature and lack of public disclosure.

Why are zero-day vulnerabilities considered high risk?

Because they can be exploited for cyberattacks and have no known fixes.

What is the typical response of security researchers or ethical hackers when they discover a zero-day vulnerability?

They inform the software vendor to address the issue.

Which of the following is a recommended practice to defend against zero-day vulnerabilities?

Employing security best practices and regularly updating software is a recommended practice to defend against zero-day vulnerabilities.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers