CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 47
1. These hackers have limited or no training and they only know how to use basic methods or tools. What kind of hackers are we talking about?
A) White-Hat Hackers
B) Black-Hat Hackers
C) Script Kiddies
D) Gray-Hat Hacker
2. What is considered to be a brute force attacker?
A) You threaten to use the rubber hose on someone unless they reveal their password
B) You load a dictionary of words into your cracking program
C) You attempt every single possibility until you exhaust all possible combinations or discover the password
D) You wait until the password expires
E) E. You create hashes of a large number of words and compare it with the encrypted passwords
3. Which of the following is one of the most relevant way to prevent Cross-site Scripting (XSS) in software applications?
A) Use security policies and procedures to define and implement proper security settings
B) Validate and escape all information sent to a server
C) Verify access right before allowing access to protected information and UI controls
D) Use digital certificates to authenticate a server prior to sending data
4. A hacker has successfully infected an internet-facing server to send junk mails. Which sort of Trojan infects this server?
A) Banking Trojans
B) Turtle Trojans
C) Botnet Trojan
D) Ransomware Trojans
5. While testing the company-s web applications, a tester attempts to insert the following test script into the search area on the company-s website: Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: -Testing Testing Testing. Which of the following vulnerability has been detected in the web application?
A) Cross-site Request Forgery
B) Buffer Overflow
C) Cross-site Scripting
D) Distributed Denial of Service
A) White-Hat Hackers
B) Black-Hat Hackers
C) Script Kiddies
D) Gray-Hat Hacker
2. What is considered to be a brute force attacker?
A) You threaten to use the rubber hose on someone unless they reveal their password
B) You load a dictionary of words into your cracking program
C) You attempt every single possibility until you exhaust all possible combinations or discover the password
D) You wait until the password expires
E) E. You create hashes of a large number of words and compare it with the encrypted passwords
3. Which of the following is one of the most relevant way to prevent Cross-site Scripting (XSS) in software applications?
A) Use security policies and procedures to define and implement proper security settings
B) Validate and escape all information sent to a server
C) Verify access right before allowing access to protected information and UI controls
D) Use digital certificates to authenticate a server prior to sending data
4. A hacker has successfully infected an internet-facing server to send junk mails. Which sort of Trojan infects this server?
A) Banking Trojans
B) Turtle Trojans
C) Botnet Trojan
D) Ransomware Trojans
5. While testing the company-s web applications, a tester attempts to insert the following test script into the search area on the company-s website: Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: -Testing Testing Testing. Which of the following vulnerability has been detected in the web application?
A) Cross-site Request Forgery
B) Buffer Overflow
C) Cross-site Scripting
D) Distributed Denial of Service
1. Right Answer: C
Explanation: A script kiddie or skid is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites.
2. Right Answer: B
Explanation: A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing it correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is foun Alternatively, the attacker can attempt to guess the key, which is typically created from the password using a key derivation function.
3. Right Answer: C
Explanation: Contextual output encoding/escaping could be used as the primary defence mechanism to stop Cross-site Scripting (XSS) attacks.
4. Right Answer: C
Explanation: In computer science, a zombie is a computer connected to the internet that has been compromised by a hacker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread email spams and launch Denial-of-Service attacks. Most owners of zombie computers are unaware that their system is being used in this way, these computers are metaphorically compared to zombies. A coordinated DDoS attack by multiple botnet machines also resembles a zombie horde attack.
5. Right Answer: A
Explanation: Cross-Site Scripting (XSS) allows an attacker to inject client side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Explanation: A script kiddie or skid is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites.
2. Right Answer: B
Explanation: A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing it correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is foun Alternatively, the attacker can attempt to guess the key, which is typically created from the password using a key derivation function.
3. Right Answer: C
Explanation: Contextual output encoding/escaping could be used as the primary defence mechanism to stop Cross-site Scripting (XSS) attacks.
4. Right Answer: C
Explanation: In computer science, a zombie is a computer connected to the internet that has been compromised by a hacker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread email spams and launch Denial-of-Service attacks. Most owners of zombie computers are unaware that their system is being used in this way, these computers are metaphorically compared to zombies. A coordinated DDoS attack by multiple botnet machines also resembles a zombie horde attack.
5. Right Answer: A
Explanation: Cross-Site Scripting (XSS) allows an attacker to inject client side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment