CompTIA Security + 1.2 Threats, Attacks and Vulnerabilities – Application/Service Attacks

Posted by:

|

On:

|

Application/Service Attacks

1 / 22

A hacker gains unauthorized access to a server and finds a way to increase their privileges from a regular user to an administrator. What type of attack is this?

2 / 22

An attacker modifies the driver of a hardware component to introduce malicious functionality, allowing them to bypass security mechanisms and gain elevated privileges on the system. What type of attack is this?

3 / 22

An attacker takes advantage of a vulnerability in a web application that allows them to insert malicious code into the application’s output. When a user views the page, the code executes in their browser and steals their session cookie. What type of attack is this?

4 / 22

An attacker uses a vulnerability in a software application to run arbitrary code, which then installs a shim to intercept and alter the execution flow of another application without modifying its code. What type of attack is this?

5 / 22

An attacker intercepts and stores encrypted communication between two parties. Later, when the encryption keys are compromised, the attacker decrypts and reads the previously intercepted messages. What type of attack is this?

6 / 22

An attacker sends specially crafted packets to a network to associate their MAC address with the IP address of a legitimate server, redirecting traffic meant for that server to themselves. What type of attack is this?

7 / 22

An attacker injects malicious SQL code into a web application’s input field, which is then executed by the database server, allowing unauthorized access to sensitive data. What type of attack is this?

8 / 22

An attacker gains access to a company’s domain registrar account and changes the registration information to transfer control of the domain to themselves. What type of attack is this?

9 / 22

A user visits a compromised website, which executes a script in their browser that captures their session token and sends it to the attacker. The attacker then uses this token to impersonate the user. What type of attack is this?

10 / 22

An attacker creates a malicious website with a URL that is a common misspelling of a popular site, hoping to capture traffic from users who mistype the URL. What type of attack is this?

11 / 22

A web application fails to validate user input properly, allowing an attacker to send more data than expected to a buffer, causing it to overflow and overwrite adjacent memory. What type of attack is this?

12 / 22

An attacker gains access to a user’s hashed password and uses it to authenticate to a system without cracking the hash. What type of attack is this?

13 / 22

An attacker changes the MAC address of their device to match the MAC address of an authorized device on a network, allowing them to bypass access controls. What type of attack is this?

14 / 22

An attacker sends a malicious email to a user with a link to a legitimate website. When the user clicks on the link, they are unknowingly redirected to a different website controlled by the attacker. What type of attack is this?

15 / 22

An attacker intercepts communications between a user and a web application, altering the messages being sent. This allows the attacker to steal sensitive information and manipulate the data. What type of attack is being described?

16 / 22

A security analyst notices a significant increase in network traffic directed at their company’s DNS servers. Upon investigation, they find that the majority of the traffic consists of DNS requests that appear to be coming from various IP addresses. The requests are legitimate but were spoofed to appear as though they came from the company’s servers, causing the servers to send large amounts of data to the spoofed IP addresses. What type of attack is the company experiencing?

17 / 22

An attacker exploits a vulnerability in a web application to run a script that performs actions on behalf of the user without their consent. This includes submitting forms and changing account settings. What type of attack is this?

18 / 22

An attacker modifies the cached IP address of a legitimate domain on a DNS server to redirect traffic meant for that domain to a malicious website. What type of attack is this?

19 / 22

An attacker discovers a previously unknown vulnerability in a widely used software application and exploits it to gain unauthorized access to systems before a patch is released. What type of attack is this?

20 / 22

An attacker alters the IP address in the packet headers to make it appear as though the packets are coming from a trusted source. This allows them to bypass network security measures. What type of attack is this?

21 / 22

An attacker convinces a user to click on a hidden link or button by overlaying a clickable element on top of legitimate content on a webpage. What type of attack is this?

22 / 22

A hacker finds a vulnerability in a popular web application that allows them to inject scripts that run in the context of another user’s browser session. When another user visits the affected page, the script executes and steals their cookies. What type of attack is this?

Your score is

Exit