CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 32
1. The overall security posture is weakened by reducing the difficulty of compromising legitimate user credentials in which of the following type?
A) Single-factor Authentication
B) Unnecessary Open Services
C) SQL Injection
D) Shared Local Administrator Credentials
2. Consumer devices and home wireless networks become vulnerable to remote attacks if the PIN feature is enabled or to local attacks if the wireless access point is not kept physically secured. To simplify the connection process for consumer devices and home wireless networks, which security standard was designed?
A) WPA2
B) WPS
C) TKIP
D) PSK
3. When web applications accept untrusted input from users before leading them to a new page, which category of web vulnerability occurs?
A) Cross-site Request Forgery
B) Remote File Inclusion
C) Directory Traversal
D) Invalidated Redirect
4. Which one of the following is best defined as a software vulnerability stemming from developer interfaces left available to remote users, either unintentionally through a failure to disable the feature or intentionally as a backdoor or tool intended to make administration simpler?
A) Unsigned code
B) Storage of sensitive information in the DOM
C) Unauthorized function or API use
D) Hard-coded authorization credentials
5. From the following, in which phase does an attacker initiate active connections with the target system and direct queries are generated to gain more information?
A) Reconnaissance
B) Enumeration
C) Vulnerability Scan
D) Persistence
A) Single-factor Authentication
B) Unnecessary Open Services
C) SQL Injection
D) Shared Local Administrator Credentials
2. Consumer devices and home wireless networks become vulnerable to remote attacks if the PIN feature is enabled or to local attacks if the wireless access point is not kept physically secured. To simplify the connection process for consumer devices and home wireless networks, which security standard was designed?
A) WPA2
B) WPS
C) TKIP
D) PSK
3. When web applications accept untrusted input from users before leading them to a new page, which category of web vulnerability occurs?
A) Cross-site Request Forgery
B) Remote File Inclusion
C) Directory Traversal
D) Invalidated Redirect
4. Which one of the following is best defined as a software vulnerability stemming from developer interfaces left available to remote users, either unintentionally through a failure to disable the feature or intentionally as a backdoor or tool intended to make administration simpler?
A) Unsigned code
B) Storage of sensitive information in the DOM
C) Unauthorized function or API use
D) Hard-coded authorization credentials
5. From the following, in which phase does an attacker initiate active connections with the target system and direct queries are generated to gain more information?
A) Reconnaissance
B) Enumeration
C) Vulnerability Scan
D) Persistence
1. Right Answer: A
Explanation: The discovery of weak password would be mitigated in the best way by preventing users from choosing passwords in common dictionary files and enforcing the minimum password requirements.
2. Right Answer: B
Explanation: The overall security posture is weakened by single-factor authentication with the difficulty of compromising legitimate user credentials reduction.
3. Right Answer: D
Explanation: WPA was designed to enhance the Wi-Fi Protected Setup (WPS) in order to simplify the deployment of home wireless networks. The PIN used to simplify the connecting procedure in a relatively short amount of time. In this way, the vulnerability in its implementation makes it trivial to recover the WPA password; making it possible to carry out brute-force attack.Moreover, anyone can connect to the access point without requiring a password if a malicious actor is able to get close enough to the access point and press the WPS button.
4. Right Answer: C
Explanation: Invalidated Redirect is the type of attack in which a web application accepts untrusted input in such a way that it causes a visitor to be redirected to another site.This attack could be a critical component of a successful phishing campaign, if an attacker leverages this and links the user to a malicious site of their own creation. This is because phishing victims are more likely to trust a link that comes from a site they visit frequently.
5. Right Answer: B
Explanation: The use of interfaces or features that were not meant to be presented to end users is a clear example of the unauthorized use of functions or APIs. This coding flaw can come up for any number of reasons-oversight on the part of developers, a lack of segregation of development and production environments, or maybe the developers and administrators find it convenient enough to treat as a feature.
Explanation: The discovery of weak password would be mitigated in the best way by preventing users from choosing passwords in common dictionary files and enforcing the minimum password requirements.
2. Right Answer: B
Explanation: The overall security posture is weakened by single-factor authentication with the difficulty of compromising legitimate user credentials reduction.
3. Right Answer: D
Explanation: WPA was designed to enhance the Wi-Fi Protected Setup (WPS) in order to simplify the deployment of home wireless networks. The PIN used to simplify the connecting procedure in a relatively short amount of time. In this way, the vulnerability in its implementation makes it trivial to recover the WPA password; making it possible to carry out brute-force attack.Moreover, anyone can connect to the access point without requiring a password if a malicious actor is able to get close enough to the access point and press the WPS button.
4. Right Answer: C
Explanation: Invalidated Redirect is the type of attack in which a web application accepts untrusted input in such a way that it causes a visitor to be redirected to another site.This attack could be a critical component of a successful phishing campaign, if an attacker leverages this and links the user to a malicious site of their own creation. This is because phishing victims are more likely to trust a link that comes from a site they visit frequently.
5. Right Answer: B
Explanation: The use of interfaces or features that were not meant to be presented to end users is a clear example of the unauthorized use of functions or APIs. This coding flaw can come up for any number of reasons-oversight on the part of developers, a lack of segregation of development and production environments, or maybe the developers and administrators find it convenient enough to treat as a feature.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment