Comptia Pentest+ 2023 Questions and answer - Part 34
1. The access point not responding to subsequent requests for anything from 1-5 minutes is termed as ________________.
A) Lock-out Period
B) Denial-of-Service
C) Clickjacking
D) Phishing
2. Which one of the following is used to steal session IDs in which malicious code is installed on the website of a client?
A) Clickjacking
B) Session hijacking
C) Bluejacking
D) Bluesnarfing
3. From the following, which is not true for Kerberos?
A) It is a centralized authentication protocol
B) It operates on untrusted networks
C) Only the secret key of the client is shared
D) It includes attacks on the Administrator account
4. Executed codes are directly controlled without storing a file on the local server in ____________.
A) Remote File Inclusion
B) Local File Inclusion
C) Unsecure Code Practices
D) Session Hijacking
5. Consider the following scenario: A user has been directed to the URL given below while carrying out his daily work: HTTPS://EXAMPLE.COM/ACCOUNT.CREATE?ACCT=STEVE&CONTEXT=READONLY. An attacker chooses to trick that user into visiting the following page through a link included in a phishing e-mail, as the attacker is fully aware of how the web application functions. HTTPS://EXAMPLE.COM/ACCOUNT.CREATE?ACCT=ATTACKER&CONTEXT=ADMIN. What is the intended purpose of the page that the user first visits, based on the URL?
A) Creation of a new web app account having the username Steve and read-only permissions
B) Creation of a new user on the underlying host having the username Steve and read-only access to the /tmp directory
C) Creation of a new user on the system-s database having the administrative privileges under the username attacker
D) Creation of a new web app account having the username attacker with read-only privileges
A) Lock-out Period
B) Denial-of-Service
C) Clickjacking
D) Phishing
2. Which one of the following is used to steal session IDs in which malicious code is installed on the website of a client?
A) Clickjacking
B) Session hijacking
C) Bluejacking
D) Bluesnarfing
3. From the following, which is not true for Kerberos?
A) It is a centralized authentication protocol
B) It operates on untrusted networks
C) Only the secret key of the client is shared
D) It includes attacks on the Administrator account
4. Executed codes are directly controlled without storing a file on the local server in ____________.
A) Remote File Inclusion
B) Local File Inclusion
C) Unsecure Code Practices
D) Session Hijacking
5. Consider the following scenario: A user has been directed to the URL given below while carrying out his daily work: HTTPS://EXAMPLE.COM/ACCOUNT.CREATE?ACCT=STEVE&CONTEXT=READONLY. An attacker chooses to trick that user into visiting the following page through a link included in a phishing e-mail, as the attacker is fully aware of how the web application functions. HTTPS://EXAMPLE.COM/ACCOUNT.CREATE?ACCT=ATTACKER&CONTEXT=ADMIN. What is the intended purpose of the page that the user first visits, based on the URL?
A) Creation of a new web app account having the username Steve and read-only permissions
B) Creation of a new user on the underlying host having the username Steve and read-only access to the /tmp directory
C) Creation of a new user on the system-s database having the administrative privileges under the username attacker
D) Creation of a new web app account having the username attacker with read-only privileges
1. Right Answer: A
Explanation: Bluesnarfing is a theft technique of information from the targeted device.
2. Right Answer: B
Explanation: A Lock-out period; after a given number of incorrect PIN attempts have been addressed and resulted in the access point not responding to subsequent requests for anything from 1-5 minutes, usually in the range of 3-5 failed attempts.
3. Right Answer: C
Explanation: Session hijacking is used to steal session IDs in which malicious code is installed on the website of a client, and then the cookie for this is stolen.
4. Right Answer: A
Explanation: KDC is being shared with the secret keys of both the client and a service
5. Right Answer: A
Explanation: In Remote File Inclusion, the executed codes are directly controlled without storing a file on the local server.
Explanation: Bluesnarfing is a theft technique of information from the targeted device.
2. Right Answer: B
Explanation: A Lock-out period; after a given number of incorrect PIN attempts have been addressed and resulted in the access point not responding to subsequent requests for anything from 1-5 minutes, usually in the range of 3-5 failed attempts.
3. Right Answer: C
Explanation: Session hijacking is used to steal session IDs in which malicious code is installed on the website of a client, and then the cookie for this is stolen.
4. Right Answer: A
Explanation: KDC is being shared with the secret keys of both the client and a service
5. Right Answer: A
Explanation: In Remote File Inclusion, the executed codes are directly controlled without storing a file on the local server.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
