Comptia Pentest+ 2023 Questions and answer - Part 33
1. For which attack alist of password or username is taken out and used to find the nearest hashes to crack a password ?
A) Pass the Hash
B) Brute Force
C) Proxying a Connection
D) Directory Traversal
2. From the following, what type of attack is directed to particular organizations or individuals, whose business email communications are hijacked in which highly customized messages are created?
A) Spear Phishing
B) SMS Phishing
C) Voice Phishing
D) Whaling
3. A method of attacking network resources on a virtual LAN is called ___________.
A) Stress Testing
B) VLAN Hopping
C) SSL Stripping
D) Downgrading
4. A captivating message is typically a hyperlink or may be an attachment that leads to a sign in a page associated with legitimate service. When the victims -log inΒ, their credentials are hijacked, what is this process called?
A) Fragmentation
B) NAC Bypass
C) Credential Harvesting
D) VLAN Hopping
5. Which of the following is not the threat mitigation step?
A) Disabling WPS on a router or access point
B) Bluesnarfing
C) Changing the WPS PIN
D) A lock-out period methodology
A) Pass the Hash
B) Brute Force
C) Proxying a Connection
D) Directory Traversal
2. From the following, what type of attack is directed to particular organizations or individuals, whose business email communications are hijacked in which highly customized messages are created?
A) Spear Phishing
B) SMS Phishing
C) Voice Phishing
D) Whaling
3. A method of attacking network resources on a virtual LAN is called ___________.
A) Stress Testing
B) VLAN Hopping
C) SSL Stripping
D) Downgrading
4. A captivating message is typically a hyperlink or may be an attachment that leads to a sign in a page associated with legitimate service. When the victims -log inΒ, their credentials are hijacked, what is this process called?
A) Fragmentation
B) NAC Bypass
C) Credential Harvesting
D) VLAN Hopping
5. Which of the following is not the threat mitigation step?
A) Disabling WPS on a router or access point
B) Bluesnarfing
C) Changing the WPS PIN
D) A lock-out period methodology
1. Right Answer: B
Explanation: In the phase of Enumeration, an attacker initiates active connections with the target system. Using this active connection, direct queries are generated to gain more information. This information helps to identify the system attack points.
2. Right Answer: A
Explanation: In brute-force attacks, a list of password or username is taken out and used to find the nearest hashes to crack a password.
3. Right Answer: B
Explanation: Spear Phishing attacks are directed to particular organizations or individuals. It is an electronic communication scam to collect details or information about a particular target to fill emails with an authentic context. Attackers even hijack business emails communication and create a highly customized message.
4. Right Answer: C
Explanation: VLAN Hopping is a method of attacking network resources on a Virtual LAN (VLAN).
5. Right Answer: B
Explanation: In Credential Harvesting, the attacker sends the victim a captivating message which is typically an email containing a tenable subject and a hyperlink and lead to a sign in page that the victim is known to use. The most common are Google Drive, Office 365, and Dropbox.
Explanation: In the phase of Enumeration, an attacker initiates active connections with the target system. Using this active connection, direct queries are generated to gain more information. This information helps to identify the system attack points.
2. Right Answer: A
Explanation: In brute-force attacks, a list of password or username is taken out and used to find the nearest hashes to crack a password.
3. Right Answer: B
Explanation: Spear Phishing attacks are directed to particular organizations or individuals. It is an electronic communication scam to collect details or information about a particular target to fill emails with an authentic context. Attackers even hijack business emails communication and create a highly customized message.
4. Right Answer: C
Explanation: VLAN Hopping is a method of attacking network resources on a Virtual LAN (VLAN).
5. Right Answer: B
Explanation: In Credential Harvesting, the attacker sends the victim a captivating message which is typically an email containing a tenable subject and a hyperlink and lead to a sign in page that the victim is known to use. The most common are Google Drive, Office 365, and Dropbox.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
