Question 6 of 703
Which form of attack is launched using botnets?
Answer

Suggested Answer

The suggested answer is B.

A Distributed Denial of Service (DDOS) attack is a type of cyber attack that involves multiple compromised systems, often controlled remotely by attackers using botnets. These botnets launch a flood of traffic to overwhelm the target's network or server, making it unavailable to legitimate users. Botnets enable the attacker to increase the scale of the attack by leveraging numerous compromised devices, making DDOS the correct answer.

Community Votes6 votes
BSuggested
83%
D
17%
Question 7 of 703
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
Answer

Suggested Answer

The suggested answer is C.

Cross-site scripting (XSS) is a type of security vulnerability commonly found in web applications. It allows attackers to inject malicious scripts into web pages viewed by other users. These attackers often use alternate encoding techniques, such as hexadecimal representation, to hide malicious content and evade detection by web application filters. Using hexadecimal representation can make the injected code look less suspicious and harder to read, thereby bypassing security mechanisms and fooling users into executing it.

Community Votes3 votes
CSuggested
100%
Question 8 of 703
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
Answer

Suggested Answer

The suggested answer is A.

An attacker leverages the flaw of inadequate user input validation in a web page or web application when exploiting SQL injection vulnerabilities. The lack of proper input validation allows the attacker to inject malicious SQL queries into the input fields, which the web application then executes on the database. This flaw is in the web application or page, as it fails to properly sanitize and validate user inputs before processing them, leading to security vulnerabilities.

Community Votes17 votes
ASuggested
100%
Question 9 of 703
What is the difference between deceptive phishing and spear phishing?
Answer

Suggested Answer

The suggested answer is B.

The primary difference between deceptive phishing and spear phishing lies in their targeting and methodology. Deceptive phishing is a broad, indiscriminate attack aimed at tricking people into providing personal information or credentials, often through fake emails or websites. Spear phishing, in contrast, is a highly targeted attack aimed at a specific individual or group within an organization, frequently using personal information to craft a convincing message. While C-level executives can be targets in spear phishing, the defining characteristic is the specific targeting rather than the role of the victim.

Community Votes4 votes
BSuggested
100%
Question 10 of 703
Which two behavioral patterns characterize a ping of death attack? (Choose two.)
Answer

Suggested Answer

The suggested answer is B, D.

A ping of death attack typically involves sending malformed or oversized ping packets to a target system, which can cause the system to crash or become unstable. These packets are usually fragmented into smaller parts, often groups of 8 octets, before transmission. When the target system tries to reassemble these malformed packets, it can lead to system crashes or disruption, fitting the characteristics of a denial-of-service attack.

Community Votes4 votes
BDSuggested
100%