CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 30
1. Scanning technique with a list of potentially vulnerable machines is known as ______________________.
A) Topological Scanning
B) Permutation Scanning
C) Hit-List Scanning
D) Random Scanning
2. Scanning any IP address from IP address Space for vulnerabilities is called _________________.
A) Subnet Scanning Technique
B) Permutation Scanning Technique
C) Random Scanning Technique
D) Hit-List Scanning Technique
3. Which statement defines session hijacking more accurately?
A) Stealing a user-s login information to impersonate a legitimate user to access resources from the server
B) Stealing legitimate session credentials to take over an authenticated legitimate session
C) Stealing session IDs from Cookies
D) The hijacking of Web Application's session
4. Which one of the following does not belong to a session hijacking attack?
A) XSS Attack
B) CSRF Attack
C) Session Fixation
D) SQL Injection
5. In session hijacking, a technique is used to send packets via specific route, i.e., identical to victim-s path, this technique is known as ___________________.
A) Source Routing
B) Default Routing
C) Static Routing
D) Dynamic Routing
A) Topological Scanning
B) Permutation Scanning
C) Hit-List Scanning
D) Random Scanning
2. Scanning any IP address from IP address Space for vulnerabilities is called _________________.
A) Subnet Scanning Technique
B) Permutation Scanning Technique
C) Random Scanning Technique
D) Hit-List Scanning Technique
3. Which statement defines session hijacking more accurately?
A) Stealing a user-s login information to impersonate a legitimate user to access resources from the server
B) Stealing legitimate session credentials to take over an authenticated legitimate session
C) Stealing session IDs from Cookies
D) The hijacking of Web Application's session
4. Which one of the following does not belong to a session hijacking attack?
A) XSS Attack
B) CSRF Attack
C) Session Fixation
D) SQL Injection
5. In session hijacking, a technique is used to send packets via specific route, i.e., identical to victim-s path, this technique is known as ___________________.
A) Source Routing
B) Default Routing
C) Static Routing
D) Dynamic Routing
1. Right Answer: C
Explanation: The attacker first collects the information about a large number of potentially vulnerable machines to create a Hit-list. Using this technique, the attacker finds the vulnerable machine and infects it. Once a machine is infected, the list is divided by assigning half of the list to the newly compromised system. The scanning process in Hit-list scanning runs simultaneously. This technique is used to ensure the spreading and installation of malicious code in a short perio
2. Right Answer: B
Explanation: Infected machine probes IP addresses randomly form IP address space and scan them for vulnerability. When it finds a vulnerable machine, it breaks into it and infects it with the script that is being used to infect itself. Random scanning technique spreads the infection very quickly as it compromises a large number of the host.
3. Right Answer: D
Explanation: In Session Hijacking, the attacker intercepts the session and takes over the legitimate authenticated session. When a session authentication process is complete, and the user is authorized to use resources such as web services, TCP communication or other, the attacker takes advantage of this authenticated session and places himself in between the authenticated user and the host.
4. Right Answer: A
Explanation: SQL Injection Attacks uses SQL websites or web applications. It relies on the strategic injection of malicious code or script in existing queries.
5. Right Answer: A
Explanation: Source routing is a technique of sending the packet via selected routes. In session hijacking, this technique is used to attempt IP spoofing as a legitimate host with the help of source routing to direct the traffic through the path identical to the victim's path.
Explanation: The attacker first collects the information about a large number of potentially vulnerable machines to create a Hit-list. Using this technique, the attacker finds the vulnerable machine and infects it. Once a machine is infected, the list is divided by assigning half of the list to the newly compromised system. The scanning process in Hit-list scanning runs simultaneously. This technique is used to ensure the spreading and installation of malicious code in a short perio
2. Right Answer: B
Explanation: Infected machine probes IP addresses randomly form IP address space and scan them for vulnerability. When it finds a vulnerable machine, it breaks into it and infects it with the script that is being used to infect itself. Random scanning technique spreads the infection very quickly as it compromises a large number of the host.
3. Right Answer: D
Explanation: In Session Hijacking, the attacker intercepts the session and takes over the legitimate authenticated session. When a session authentication process is complete, and the user is authorized to use resources such as web services, TCP communication or other, the attacker takes advantage of this authenticated session and places himself in between the authenticated user and the host.
4. Right Answer: A
Explanation: SQL Injection Attacks uses SQL websites or web applications. It relies on the strategic injection of malicious code or script in existing queries.
5. Right Answer: A
Explanation: Source routing is a technique of sending the packet via selected routes. In session hijacking, this technique is used to attempt IP spoofing as a legitimate host with the help of source routing to direct the traffic through the path identical to the victim's path.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment