S433 FINAL EXAM 2025 WITH 100% ACCURATE
SOLUTIONS
You are responsible for incident response at Acme Corporation. You have discovered that someone has
been able to circumvent the Windows authentication process for a specific network application. It
appears that the attacker took the stored hash of the password and sent it directly to the backend
authentication service, bypassing the application. What type of attack is this?
A. Pass the hash
B. Evil twin
C. Hash spoofing
D. Shimming - ✅✅✅CORRECT -A.
You have been asked to test your company network for security issues. The specific test you are
conducting involves primarily using automated and semiautomated tools to look for known
vulnerabilities with the various systems on your network. Which of the following best describes this type
of test?
A. Security test
B. Penetration test
C. Vulnerability scan
D. Security audit - ✅✅✅CORRECT -C.
You are responsible for network security at Acme Company. Users have been reporting that personal
data is being stolen when using the wireless network. They all insist they only connect to the corporate
wireless access point (WAP). However, logs for the WAP show that these users have not connected to it.
Which of the following could best explain this situation?
A. Bluejacking
B. Clickjacking
C. Rogue access point
D. Session hijacking - ✅✅✅CORRECT -C.
,Which of the following is commonly used in a distributed denial of service (DDoS) attack?
A. Phishing
B. Adware
C. Trojan
D. Botnet - ✅✅✅CORRECT -D.
Frank is deeply concerned about attacks to his company's e-commerce server. He is particularly worried
about cross-site scripting and SQL injection. Which of the following would best defend against these two
specific attacks?
A. Encrypted web traffic
B. Filtering user input
C. A firewall
D. An IDS - ✅✅✅CORRECT -B.
Mike is a network administrator with a small financial services company. He has received a popup
window that states his files are now encrypted and he must pay .5 bitcoins to get them decrypted. He
tries to check the files in question, but their extensions have changed, and he cannot open them. What
best describes this situation?
A. Mike's machine has ransomware.
B. Mike's machine has been the target of whaling.
C. Mike's machine has a rootkit.
D. Mike's machine has a logic bomb. - ✅✅✅CORRECT -A.
You work for a security company that performs penetration testing for clients. You are conducting a test
of an e-commerce company. You discover that after compromising the web server, you can use the web
server to launch a second attack into the company's internal network. What best describes this?
,A. A pivot
B. White-box testing
C. Black-box testing
D. Internal attack - ✅✅✅CORRECT -A.
You are the manager for network operations at your company. One of the accountants sees you in the
hall and thanks you for your team keeping his antivirus software up to date. When you ask him what he
means, he mentions that one of your staff, named Mike, called him and remotely connected to update
the antivirus. You don't have an employee named Mike. What has occurred?
A. Social engineering
B. IP spoofing
C. Man-in-the-middle attack
D. MAC spoofing - ✅✅✅CORRECT -A.
John has discovered that an attacker is trying to get network passwords by using software that attempts
a number of passwords from a list of common passwords. What type of attack is this?
A. Brute force
B. Dictionary
C. Rainbow table
D. Session hijacking - ✅✅✅CORRECT -B.
Daryl is investigating a recent breach of his company's web server. The attacker used sophisticated
techniques and then defaced the website, leaving messages that were denouncing the company's public
policies. He and his team are trying to determine the type of actor who most likely committed the
breach. Based on the information provided, who was the most likely threat actor?
A. Hacktivists
B. A script
C. Organized crime
, D. A nation-state - ✅✅✅CORRECT -A.
Ahmed is a sales manager with a major insurance company. He has received an email that is encouraging
him to click on a link and fill out a survey. He is suspicious of the email, but it does mention a major
insurance association, and that makes him think it might be legitimate. Which of the following best
describes this attack?
A. Phishing
B. Trojan horse
C. Spear phishing
D. Social engineering - ✅✅✅CORRECT -C.
Mahmoud is responsible for managing security at a large university. He has just performed a threat
analysis for the network, and based on past incidents and studies of similar networks, he has determined
that the most prevalent threat to his network is low-skilled attackers who wish to breach the system,
simply to prove they can or for some low-level crime, such as changing a grade. Which term best
describes this type of attacker?
A. Amateur
B. Hacktivist
C. Script kiddie
D. Insider - ✅✅✅CORRECT -C.
You are performing a penetration test of your company's network. As part of the test, you will be given a
login with minimal access and will attempt to gain administrative access with this account. What is this
called?
A. Root grabbing
B. Session hijacking
C. Privilege escalation
D. Climbing - ✅✅✅CORRECT -C.
SOLUTIONS
You are responsible for incident response at Acme Corporation. You have discovered that someone has
been able to circumvent the Windows authentication process for a specific network application. It
appears that the attacker took the stored hash of the password and sent it directly to the backend
authentication service, bypassing the application. What type of attack is this?
A. Pass the hash
B. Evil twin
C. Hash spoofing
D. Shimming - ✅✅✅CORRECT -A.
You have been asked to test your company network for security issues. The specific test you are
conducting involves primarily using automated and semiautomated tools to look for known
vulnerabilities with the various systems on your network. Which of the following best describes this type
of test?
A. Security test
B. Penetration test
C. Vulnerability scan
D. Security audit - ✅✅✅CORRECT -C.
You are responsible for network security at Acme Company. Users have been reporting that personal
data is being stolen when using the wireless network. They all insist they only connect to the corporate
wireless access point (WAP). However, logs for the WAP show that these users have not connected to it.
Which of the following could best explain this situation?
A. Bluejacking
B. Clickjacking
C. Rogue access point
D. Session hijacking - ✅✅✅CORRECT -C.
,Which of the following is commonly used in a distributed denial of service (DDoS) attack?
A. Phishing
B. Adware
C. Trojan
D. Botnet - ✅✅✅CORRECT -D.
Frank is deeply concerned about attacks to his company's e-commerce server. He is particularly worried
about cross-site scripting and SQL injection. Which of the following would best defend against these two
specific attacks?
A. Encrypted web traffic
B. Filtering user input
C. A firewall
D. An IDS - ✅✅✅CORRECT -B.
Mike is a network administrator with a small financial services company. He has received a popup
window that states his files are now encrypted and he must pay .5 bitcoins to get them decrypted. He
tries to check the files in question, but their extensions have changed, and he cannot open them. What
best describes this situation?
A. Mike's machine has ransomware.
B. Mike's machine has been the target of whaling.
C. Mike's machine has a rootkit.
D. Mike's machine has a logic bomb. - ✅✅✅CORRECT -A.
You work for a security company that performs penetration testing for clients. You are conducting a test
of an e-commerce company. You discover that after compromising the web server, you can use the web
server to launch a second attack into the company's internal network. What best describes this?
,A. A pivot
B. White-box testing
C. Black-box testing
D. Internal attack - ✅✅✅CORRECT -A.
You are the manager for network operations at your company. One of the accountants sees you in the
hall and thanks you for your team keeping his antivirus software up to date. When you ask him what he
means, he mentions that one of your staff, named Mike, called him and remotely connected to update
the antivirus. You don't have an employee named Mike. What has occurred?
A. Social engineering
B. IP spoofing
C. Man-in-the-middle attack
D. MAC spoofing - ✅✅✅CORRECT -A.
John has discovered that an attacker is trying to get network passwords by using software that attempts
a number of passwords from a list of common passwords. What type of attack is this?
A. Brute force
B. Dictionary
C. Rainbow table
D. Session hijacking - ✅✅✅CORRECT -B.
Daryl is investigating a recent breach of his company's web server. The attacker used sophisticated
techniques and then defaced the website, leaving messages that were denouncing the company's public
policies. He and his team are trying to determine the type of actor who most likely committed the
breach. Based on the information provided, who was the most likely threat actor?
A. Hacktivists
B. A script
C. Organized crime
, D. A nation-state - ✅✅✅CORRECT -A.
Ahmed is a sales manager with a major insurance company. He has received an email that is encouraging
him to click on a link and fill out a survey. He is suspicious of the email, but it does mention a major
insurance association, and that makes him think it might be legitimate. Which of the following best
describes this attack?
A. Phishing
B. Trojan horse
C. Spear phishing
D. Social engineering - ✅✅✅CORRECT -C.
Mahmoud is responsible for managing security at a large university. He has just performed a threat
analysis for the network, and based on past incidents and studies of similar networks, he has determined
that the most prevalent threat to his network is low-skilled attackers who wish to breach the system,
simply to prove they can or for some low-level crime, such as changing a grade. Which term best
describes this type of attacker?
A. Amateur
B. Hacktivist
C. Script kiddie
D. Insider - ✅✅✅CORRECT -C.
You are performing a penetration test of your company's network. As part of the test, you will be given a
login with minimal access and will attempt to gain administrative access with this account. What is this
called?
A. Root grabbing
B. Session hijacking
C. Privilege escalation
D. Climbing - ✅✅✅CORRECT -C.
