CERTMASTER SECURITY BY COMPTIA | EXAM
QUESTIONS AND VERIFIED SOLUTIONS 2026
◉ Spear phishing. Answer: a phishing expedition in which the emails
are carefully designed to target a particular person or organization
◉ Privacy Filter. Answer: security control that allows only the user
to see the screen contents, thus preventing shoulder surfing.
◉ colocation. Answer: data center provide space, power, backup, etc.
for servers and network equipment of other firms
◉ whaling. Answer: Spear phishing that focuses on one specific high
level executive or team
◉ watering hole attack. Answer: A malicious attack that is directed
toward a small group of specific individuals who visit the same
website.
◉ pharming attack. Answer: passive means of redirecting users from
a legit website to a malicious one
,◉ credential harvesting. Answer: Social engineering techniques for
gathering valid credentials to use to gain unauthorized access.
◉ Typosquatting. Answer: A form of cybersquatting that relies on
mistakes, such as typographical errors, made by Internet users when
inputting information into a Web browser.
◉ piggy backing. Answer: Similar to tailgating, this is a situation
where the attacker enters a secure area with an employee's
permission
◉ vishing. Answer: Phishing attacks committed using telephone
calls or VoIP systems.
◉ Consensus/Social Proof. Answer: An attacker fools users into
believing that a malicious website is legit by posting fake reviews.
◉ Familiarity and Liking. Answer: Low risk
◉ Authority and Intimidation. Answer: High risk
◉ hoax attack. Answer: an email alert or web pop-up will claim to
have identified some sort of security problem, like a virus infection,
,and offer a tool to fix the problem, but the tool will be some sort of
Trojan application.
◉ rogueware. Answer: Fake antivirus software. Also called
scareware or ransomware.
◉ kiting. Answer: the act of continually registering, deleting, and
reregistering a name within the five-day grace period without
having to pay for it.
◉ tasting. Answer: A DNS exploit that involves registering a domain
temporarily to see how many hits it generates within the five-day
grace period.
◉ Rainbow Tables. Answer: Large pregenerated data sets of
encrypted passwords used in password attacks.
◉ PSK (pre-shared key). Answer: A value (key)
shared with another party so that
they can encrypt messages to then
be securely sent.
◉ Birthday Attack. Answer: a probability method of finding a
collision in a hash function
, ◉ Pass the Hash Attack. Answer: An expoit in which an attacker
steals a hashed user credential and, without cracking it, reuses it to
trick an authentication system into creating a new authenticated
session on the same network.
◉ downgrade attack. Answer: An attack in which the system is
forced to abandon the current higher security mode of operation
and fall back to implementing an older and less secure mode.
◉ man-in-the-middle attack. Answer: A form of eavesdropping
where the attacker makes an independent connection between two
victims and steals information to use fraudulently.
◉ RAT (Remote Access Trojan). Answer: Functions as a backdoor
and allows the attacker to access the PC, upload files, and install
software on it.
◉ Skimmers. Answer:
◉ Command and Control Host. Answer: A network that can manage
and control various bots remotely
◉ Computer bots. Answer: Computers that the attacker has infected
with a backdoor exploit with a connection to the C2 host or network
QUESTIONS AND VERIFIED SOLUTIONS 2026
◉ Spear phishing. Answer: a phishing expedition in which the emails
are carefully designed to target a particular person or organization
◉ Privacy Filter. Answer: security control that allows only the user
to see the screen contents, thus preventing shoulder surfing.
◉ colocation. Answer: data center provide space, power, backup, etc.
for servers and network equipment of other firms
◉ whaling. Answer: Spear phishing that focuses on one specific high
level executive or team
◉ watering hole attack. Answer: A malicious attack that is directed
toward a small group of specific individuals who visit the same
website.
◉ pharming attack. Answer: passive means of redirecting users from
a legit website to a malicious one
,◉ credential harvesting. Answer: Social engineering techniques for
gathering valid credentials to use to gain unauthorized access.
◉ Typosquatting. Answer: A form of cybersquatting that relies on
mistakes, such as typographical errors, made by Internet users when
inputting information into a Web browser.
◉ piggy backing. Answer: Similar to tailgating, this is a situation
where the attacker enters a secure area with an employee's
permission
◉ vishing. Answer: Phishing attacks committed using telephone
calls or VoIP systems.
◉ Consensus/Social Proof. Answer: An attacker fools users into
believing that a malicious website is legit by posting fake reviews.
◉ Familiarity and Liking. Answer: Low risk
◉ Authority and Intimidation. Answer: High risk
◉ hoax attack. Answer: an email alert or web pop-up will claim to
have identified some sort of security problem, like a virus infection,
,and offer a tool to fix the problem, but the tool will be some sort of
Trojan application.
◉ rogueware. Answer: Fake antivirus software. Also called
scareware or ransomware.
◉ kiting. Answer: the act of continually registering, deleting, and
reregistering a name within the five-day grace period without
having to pay for it.
◉ tasting. Answer: A DNS exploit that involves registering a domain
temporarily to see how many hits it generates within the five-day
grace period.
◉ Rainbow Tables. Answer: Large pregenerated data sets of
encrypted passwords used in password attacks.
◉ PSK (pre-shared key). Answer: A value (key)
shared with another party so that
they can encrypt messages to then
be securely sent.
◉ Birthday Attack. Answer: a probability method of finding a
collision in a hash function
, ◉ Pass the Hash Attack. Answer: An expoit in which an attacker
steals a hashed user credential and, without cracking it, reuses it to
trick an authentication system into creating a new authenticated
session on the same network.
◉ downgrade attack. Answer: An attack in which the system is
forced to abandon the current higher security mode of operation
and fall back to implementing an older and less secure mode.
◉ man-in-the-middle attack. Answer: A form of eavesdropping
where the attacker makes an independent connection between two
victims and steals information to use fraudulently.
◉ RAT (Remote Access Trojan). Answer: Functions as a backdoor
and allows the attacker to access the PC, upload files, and install
software on it.
◉ Skimmers. Answer:
◉ Command and Control Host. Answer: A network that can manage
and control various bots remotely
◉ Computer bots. Answer: Computers that the attacker has infected
with a backdoor exploit with a connection to the C2 host or network
