CompTIA Security+ Domain 1: Threats, Attacks and Vulnerabilities Welcome to your CompTIA Security+ Domain 1: Threats, Attacks and Vulnerabilities 1. CompTIA Security+: Threats Attacks and Vulnerabilities Which of the following is a type of malware that requires user interaction to activate and replicate, often disguised as legitimate software? A. Rootkit B. Worm C. Trojan D. Ransomware None 2. CompTIA Security+: Threats Attacks and Vulnerabilities In cybersecurity, what is a 'honeypot' primarily used for? A. Filtering spam emails B. Encrypting data C. Detecting and analyzing attacks D. Accelerating network traffic None 3. CompTIA Security+: Threats Attacks and Vulnerabilities Which type of attack involves flooding a target system with traffic to exhaust resources and bandwidth, rendering the system unresponsive? A. Phishing attack B. SQL injection C. Man-in-the-middle attack D. Distributed Denial of Service (DDoS) None 4. CompTIA Security+: Threats Attacks and Vulnerabilities What is the primary purpose of a 'zero-day' exploit in cybersecurity? A. To target known software vulnerabilities B. To exploit vulnerabilities before they are known to the vendor C. To create backups of critical data D. To encrypt data for ransom None 5. CompTIA Security+: Threats Attacks and Vulnerabilities In the context of cybersecurity, what is 'social engineering'? A. Physically breaking into a secure area B. Using technical skills to breach defenses C. Manipulating individuals into revealing confidential information D. Writing malware to exploit system vulnerabilities None 6. CompTIA Security+: Threats Attacks and Vulnerabilities What type of cyber attack involves intercepting and altering communications between two parties without their knowledge? A. Phishing attack B. Man-in-the-Middle (MitM) attack C. Distributed Denial of Service (DDoS) attack D. SQL Injection None 7. CompTIA Security+: Threats Attacks and Vulnerabilities Which type of attack is characterized by the insertion or "injection" of a SQL query via the input data from the client to the application? A. Cross-Site Scripting (XSS) B. SQL Injection C. Buffer Overflow D. Cross-Site Request Forgery (CSRF) None 8. CompTIA Security+: Threats Attacks and Vulnerabilities What is a 'buffer overflow' attack in the context of cybersecurity? A. An attack that floods a network buffer with traffic B. An attack that overwrites a program's memory buffer C. An attack targeting web application forms D. An attack using large volumes of spam email None 9. CompTIA Security+: Threats Attacks and Vulnerabilities In cybersecurity, what does 'phishing' primarily refer to? A. Disrupting network services B. Stealing sensitive data through a physical medium C. Deceiving individuals into revealing personal information via electronic communication D. Attacking the physical infrastructure of a network None 10. CompTIA Security+: Threats Attacks and Vulnerabilities Which type of cybersecurity attack involves exploiting vulnerabilities in web applications by sending malicious scripts to end users? A. Cross-Site Scripting (XSS) B. Trojan Horse C. Rootkit D. Ransomware None 11. CompTIA Security+: Threats Attacks and Vulnerabilities What kind of attack involves the unauthorized interception and retransmission of a valid data transmission, often to bypass authentication processes? A. Replay attack B. Phishing attack C. SQL Injection D. Buffer overflow None 12. CompTIA Security+: Threats Attacks and Vulnerabilities In cybersecurity, what is 'vishing'? A. Sending fraudulent emails to obtain sensitive information B. Voice phishing, using the telephone system to obtain sensitive information C. Infecting a system with a virus D. Physically stealing data None 13. CompTIA Security+: Threats Attacks and Vulnerabilities Which type of cybersecurity threat involves exploiting a flaw in software before a patch or solution is implemented? A. Zero-day attack B. Phishing C. DDoS D. SQL Injection None 14. CompTIA Security+: Threats Attacks and Vulnerabilities What is the main difference between a virus and a worm in the context of cybersecurity threats? A. A virus requires user action to spread, while a worm spreads automatically. B. A worm requires user action to spread, while a virus spreads automatically. C. A virus steals data, while a worm corrupts files. D. A worm steals data, while a virus corrupts files. None 15. CompTIA Security+: Threats Attacks and Vulnerabilities Which cybersecurity term describes a small piece of data used to identify and authenticate a user's session? A. Cookie B. Token C. Signature D. Certificate None 16. CompTIA Security+: Threats Attacks and Vulnerabilities What is the primary purpose of 'watering hole' attacks in cybersecurity? A. To infect a widely used resource to target a specific group of users B. To encrypt a victim's files and demand a ransom C. To gain unauthorized access to financial information D. To create a botnet for launching DDoS attacks None 17. CompTIA Security+: Threats Attacks and Vulnerabilities In the context of cybersecurity, what is 'spear phishing'? A. A broad attempt to trick people into revealing sensitive information B. A highly targeted attempt to trick a specific individual or organization C. Distributing malware through email attachments D. Hacking into a website to steal user data None 18. CompTIA Security+: Threats Attacks and Vulnerabilities What type of cyber attack uses multiple compromised systems to target a single system, causing a Denial of Service (DoS)? A. Phishing B. SQL Injection C. Distributed Denial of Service (DDoS) D. Cross-Site Scripting (XSS) None 19. CompTIA Security+: Threats Attacks and Vulnerabilities Which type of attack involves an attacker relaying messages between two parties, making them believe they are talking directly to each other? A. Phishing B. Man-in-the-Middle (MitM) C. Trojan Horse D. Ransomware None 20. CompTIA Security+: Threats Attacks and Vulnerabilities In cybersecurity, what does 'ransomware' do? A. Encrypts data and demands payment for the decryption key B. Steals personal information for identity theft C. Hijacks web browsers to display unwanted ads D. Sends spam emails from the infected computer None 1 out of 20 Time is Up! Time's up
