SEC+ CERTMASTER CE EXAM
REVIEW QUESTIONS WITH
CORRECT DETAILED ANSWERS
Spyware infected the computers. -Answer-End-users at an organization contact the
cybersecurity department and report that, after downloading a file, they are being
redirected to shopping websites to which they did not intend to navigate, and built-in
webcams turn on. The security team confirms the issue as malicious, and notes
modified DNS (Domain Name System) queries that go to nefarious websites hosting
malware. What most likely happened to the users' computers?
A Remote Access Trojan (RAT) -Answer-An attacker installs Trojan malware that can
execute remote backdoor commands, such as the ability to upload files and install
software to a victim PC. What type of Trojan malware is this?
Password spraying attack -Answer-A hacker is trying to gain remote access to a
company computer by trying brute force password attacks using a few common
passwords in conjunction with multiple usernames. What specific type of password
attack is the hacker most likely performing?
-Dictionary attack
-Rainbow table -Answer-An attacker can exploit a weakness in a password protocol to
calculate the hash of a password. Which of the following methods can an attacker
match a hash to, as a means to obtain a means of authentication? (Select all that
apply.)
A rainbow table attack -Answer-Which of the following attacks do security professionals
expose themselves to, if they do not salt passwords with a random value?
Clone it. -Answer-What does an attacker need to do to use acquired user and account
details from a user's smart card?
Skimming -Answer-What type of attack is occurring when a counterfeit card reader is in
use?
The user installed Trojan horse malware. -Answer-A user used an administrator account
to download and install a software application. After the user launched the .exe
extension installer file, the user experienced frequent crashes, slow computer
performance, and strange new services running when turning on the computer. It seems
like there are more and more services running over time. What most likely happened to
cause these issues?
, Cross-site scripting (XSS) -Answer-An attacker discovered an input validation
vulnerability on a website, crafted a URL with additional HTML code, and emailed the
link to a victim. The victim unknowingly defaced (vandalized) the web site after clicking
on the malicious URL. No other malicious operations occurred outside of the web
application's root directory. This scenario is describing which type of attack?
DLL injection -Answer-An attacker escalated privileges to a local administrator and used
code refactoring to evade antivirus detection. The attacker then allowed one process to
attach to another and forced the operating system to load a malicious binary package.
What did the attacker successfully perform?
LDAP injection -Answer-Using an open connection to a small company's network, an
attacker submitted arbitrary queries on port 389 to the domain controllers. The attacker
initiated the query from a client computer. What type of injection attack did the attacker
perform?
An incorrectly coded process can alter the execution environment to create a null
pointer, and crash the program. -Answer-How can the lack of logic statement tests on
memory location variables be detrimental to software in development?
A buffer overflow -Answer-An attacker gained remote access to a user's computer by
exploiting a vulnerability in a piece of software on the device. The attacker sent data
that was able to manipulate the return address that is reserved to store expected data.
Which vulnerability exploit resulted from the attacker's actions?
Race condition -Answer-Developers found a "time of check to time of use" (TOCTTOU)
vulnerability in their application. The vulnerability made it possible to change temporary
data created within the app before the app uses the data later. This vulnerability is
taking advantage of what process in the application?
Cuckoo -Answer-A malware expert wants to examine a new worm that is infecting
Windows devices. Verify the sandbox tool that will enable the expert to contain the
worm and study it in its active state.
Revealing database server configuration -Answer-A web application's code prevents the
output of any type of information when an error occurs during a request. The
development team cited security reasons as to why they developed the application in
this way. What sort of security issues did the team have concerns about in this case?
Replay attack -Answer-An intruder monitors an admin's unsecure connection to a server
and finds some required data, like a cookie file, that legitimately establishes a session
with a web server. What type of attack can the intruder perform with the cookie file?
Server-side request forgery -Answer-An attacker submitted a modified uniform resource
locator (URL) link to a website that eventually established connections to back-end
databases and exposed internal service configurations. The attacker did not hijack a
user to perform this attack. This describes which of the following types of attacks?
REVIEW QUESTIONS WITH
CORRECT DETAILED ANSWERS
Spyware infected the computers. -Answer-End-users at an organization contact the
cybersecurity department and report that, after downloading a file, they are being
redirected to shopping websites to which they did not intend to navigate, and built-in
webcams turn on. The security team confirms the issue as malicious, and notes
modified DNS (Domain Name System) queries that go to nefarious websites hosting
malware. What most likely happened to the users' computers?
A Remote Access Trojan (RAT) -Answer-An attacker installs Trojan malware that can
execute remote backdoor commands, such as the ability to upload files and install
software to a victim PC. What type of Trojan malware is this?
Password spraying attack -Answer-A hacker is trying to gain remote access to a
company computer by trying brute force password attacks using a few common
passwords in conjunction with multiple usernames. What specific type of password
attack is the hacker most likely performing?
-Dictionary attack
-Rainbow table -Answer-An attacker can exploit a weakness in a password protocol to
calculate the hash of a password. Which of the following methods can an attacker
match a hash to, as a means to obtain a means of authentication? (Select all that
apply.)
A rainbow table attack -Answer-Which of the following attacks do security professionals
expose themselves to, if they do not salt passwords with a random value?
Clone it. -Answer-What does an attacker need to do to use acquired user and account
details from a user's smart card?
Skimming -Answer-What type of attack is occurring when a counterfeit card reader is in
use?
The user installed Trojan horse malware. -Answer-A user used an administrator account
to download and install a software application. After the user launched the .exe
extension installer file, the user experienced frequent crashes, slow computer
performance, and strange new services running when turning on the computer. It seems
like there are more and more services running over time. What most likely happened to
cause these issues?
, Cross-site scripting (XSS) -Answer-An attacker discovered an input validation
vulnerability on a website, crafted a URL with additional HTML code, and emailed the
link to a victim. The victim unknowingly defaced (vandalized) the web site after clicking
on the malicious URL. No other malicious operations occurred outside of the web
application's root directory. This scenario is describing which type of attack?
DLL injection -Answer-An attacker escalated privileges to a local administrator and used
code refactoring to evade antivirus detection. The attacker then allowed one process to
attach to another and forced the operating system to load a malicious binary package.
What did the attacker successfully perform?
LDAP injection -Answer-Using an open connection to a small company's network, an
attacker submitted arbitrary queries on port 389 to the domain controllers. The attacker
initiated the query from a client computer. What type of injection attack did the attacker
perform?
An incorrectly coded process can alter the execution environment to create a null
pointer, and crash the program. -Answer-How can the lack of logic statement tests on
memory location variables be detrimental to software in development?
A buffer overflow -Answer-An attacker gained remote access to a user's computer by
exploiting a vulnerability in a piece of software on the device. The attacker sent data
that was able to manipulate the return address that is reserved to store expected data.
Which vulnerability exploit resulted from the attacker's actions?
Race condition -Answer-Developers found a "time of check to time of use" (TOCTTOU)
vulnerability in their application. The vulnerability made it possible to change temporary
data created within the app before the app uses the data later. This vulnerability is
taking advantage of what process in the application?
Cuckoo -Answer-A malware expert wants to examine a new worm that is infecting
Windows devices. Verify the sandbox tool that will enable the expert to contain the
worm and study it in its active state.
Revealing database server configuration -Answer-A web application's code prevents the
output of any type of information when an error occurs during a request. The
development team cited security reasons as to why they developed the application in
this way. What sort of security issues did the team have concerns about in this case?
Replay attack -Answer-An intruder monitors an admin's unsecure connection to a server
and finds some required data, like a cookie file, that legitimately establishes a session
with a web server. What type of attack can the intruder perform with the cookie file?
Server-side request forgery -Answer-An attacker submitted a modified uniform resource
locator (URL) link to a website that eventually established connections to back-end
databases and exposed internal service configurations. The attacker did not hijack a
user to perform this attack. This describes which of the following types of attacks?
