Question 6 of 542

Which form of attack is launched using botnets?

    Correct Answer: B

    A Distributed Denial of Service (DDOS) attack is a type of cyber attack that involves multiple compromised systems, often controlled remotely by attackers using botnets. These botnets launch a flood of traffic to overwhelm the target's network or server, making it unavailable to legitimate users. Botnets enable the attacker to increase the scale of the attack by leveraging numerous compromised devices, making DDOS the correct answer.

Question 7 of 542

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

    Correct Answer: C

    Cross-site scripting (XSS) is a type of security vulnerability commonly found in web applications. It allows attackers to inject malicious scripts into web pages viewed by other users. These attackers often use alternate encoding techniques, such as hexadecimal representation, to hide malicious content and evade detection by web application filters. Using hexadecimal representation can make the injected code look less suspicious and harder to read, thereby bypassing security mechanisms and fooling users into executing it.

Question 8 of 542

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

    Correct Answer: A

    An attacker leverages the flaw of inadequate user input validation in a web page or web application when exploiting SQL injection vulnerabilities. The lack of proper input validation allows the attacker to inject malicious SQL queries into the input fields, which the web application then executes on the database. This flaw is in the web application or page, as it fails to properly sanitize and validate user inputs before processing them, leading to security vulnerabilities.

Question 9 of 542

What is the difference between deceptive phishing and spear phishing?

    Correct Answer: B

    The primary difference between deceptive phishing and spear phishing lies in their targeting and methodology. Deceptive phishing is a broad, indiscriminate attack aimed at tricking people into providing personal information or credentials, often through fake emails or websites. Spear phishing, in contrast, is a highly targeted attack aimed at a specific individual or group within an organization, frequently using personal information to craft a convincing message. While C-level executives can be targets in spear phishing, the defining characteristic is the specific targeting rather than the role of the victim.

Question 10 of 542

Which two behavioral patterns characterize a ping of death attack? (Choose two.)

    Correct Answer: BD

    A ping of death attack typically involves sending malformed or oversized ping packets to a target system, which can cause the system to crash or become unstable. These packets are usually fragmented into smaller parts, often groups of 8 octets, before transmission. When the target system tries to reassemble these malformed packets, it can lead to system crashes or disruption, fitting the characteristics of a denial-of-service attack.