CompTIA SY0-701 CompTIA Security+ Exam Dumps and Practice Test Questions Set 5 Q61-75

Visit here for our full CompTIA SY0-701 exam dumps and practice test questions.

Question 61

Which type of attack occurs when an attacker secretly monitors network traffic to capture sensitive information?

A) Packet sniffing
B) Brute-force
C) Ransomware
D) Rootkit

Answer:  A) Packet sniffing

Explanation:

Packet sniffing is a network-based attack in which an attacker captures and analyzes packets traversing a network to obtain sensitive information such as credentials, session tokens, or other private data. Packet sniffers can operate on wired or wireless networks and may be software-based tools running on a compromised host or specialized hardware devices connected to the network. Security+ candidates must understand packet sniffing because it demonstrates the vulnerabilities inherent in unencrypted network communications and highlights the importance of encryption protocols, secure authentication, and network monitoring. Packet sniffing exploits the fact that data traveling across networks, particularly unencrypted traffic, can be intercepted passively without altering or disrupting network functionality. It is commonly used in combination with other attacks, such as man-in-the-middle attacks, to capture session data or perform identity theft.

Brute-force attacks, the second choice, attempt to gain access by systematically trying multiple combinations of passwords or encryption keys. Brute-force targets authentication mechanisms rather than passively capturing network data. While both attacks aim to compromise sensitive information, packet sniffing relies on interception and analysis rather than guessing credentials through trial and error.

Ransomware, the third choice, encrypts or locks files to extort payment from victims. Ransomware primarily targets the availability and confidentiality of stored data on compromised endpoints, not network traffic. While ransomware can result from information obtained via packet sniffing, it is not an interception method itself.

Rootkits, the fourth choice, are malicious programs designed to provide persistent, hidden access on compromised systems. Rootkits target system integrity and conceal malware, but do not capture live network traffic. They operate stealthily on endpoints rather than intercepting communications between systems.

The correct answer is packet sniffing because it specifically targets network traffic to monitor and capture sensitive information. Security+ candidates should understand network vulnerabilities, encryption practices such as TLS or WPA3, secure Wi-Fi configurations, and monitoring strategies to detect unauthorized sniffing. Packet sniffing emphasizes the importance of secure network design, encryption, and endpoint protection to prevent eavesdropping, data exfiltration, and compromise of confidential communications. By implementing robust security controls and continuous monitoring, organizations can mitigate the risk of sensitive data being intercepted, ensuring confidentiality, integrity, and trust in network communications. Packet sniffing also highlights the importance of user awareness and secure practices when connecting to public or untrusted networks, as attackers may exploit open Wi-Fi or poorly secured environments to capture data packets without detection. Security+ candidates must also be aware of countermeasures such as virtual private networks (VPNs), network segmentation, strong authentication mechanisms, and anomaly detection systems to prevent and detect unauthorized monitoring of network traffic. The attack underscores the principle that data in transit is vulnerable and requires protection measures that combine technical safeguards with user education and proactive network management.

Question 62

Which type of attack relies on exploiting web application vulnerabilities to execute commands on a remote server?

A) Remote code execution (RCE)
B) Phishing
C) Adware
D) Worm

Answer:  A) Remote code execution (RCE)

Explanation:

Remote code execution is a high-risk attack where an attacker exploits vulnerabilities in web applications, servers, or services to execute arbitrary commands on a target system without physical access. RCE vulnerabilities can exist due to unvalidated input, improper configurations, buffer overflows, or software bugs. Successful RCE attacks provide attackers with full control over the compromised system, enabling them to install malware, steal sensitive information, or pivot to other systems within the network. Security+ candidates must understand RCE because it demonstrates the critical need for patch management, secure coding practices, and regular vulnerability scanning. Prevention involves applying security updates promptly, conducting code reviews, performing penetration testing, and using application firewalls to filter malicious input. RCE attacks threaten confidentiality, integrity, and availability of data, making them some of the most severe vulnerabilities in web applications and servers.

Phishing, the second choice, relies on social engineering to trick users into revealing credentials or downloading malicious content. Phishing attacks exploit human behavior rather than technical vulnerabilities in software. While phishing can deliver malware that allows remote control, it is not inherently an RCE attack.

Adware, the third choice, delivers unwanted advertisements and collects user data. Adware is primarily a nuisance and privacy risk, does not exploit system vulnerabilities, and does not allow remote execution of arbitrary commands.

Worms, the fourth choice, self-replicate across networks to propagate malware. Worms exploit vulnerabilities for propagation but do not necessarily allow an attacker to execute arbitrary code remotely on a target system in the way RCE does. Worms may deliver payloads, but RCE specifically refers to direct exploitation of a system’s code execution pathway.

The correct answer is remote code execution because it directly leverages software vulnerabilities to allow attackers to execute commands on a target system remotely. Security+ candidates should understand the technical mechanisms of RCE, potential consequences, and methods of prevention, including secure software development, input validation, patching, network segmentation, and monitoring for suspicious activity. RCE attacks demonstrate how attackers can gain high levels of control over systems, highlighting the importance of layered security and proactive vulnerability management to protect organizational infrastructure, maintain system integrity, and secure sensitive information. Understanding RCE also emphasizes the need for collaboration between developers, system administrators, and security teams to identify and mitigate risks before they are exploited.

Question 63

Which type of attack involves manipulating user input on a web page to execute malicious scripts in another user’s browser?

A) Cross-site scripting (XSS)
B) SQL injection
C) Brute-force
D) Denial of Service (DoS)

Answer:  A) Cross-site scripting (XSS)

Explanation:

Cross-site scripting is a web application attack where malicious scripts are injected into web pages and executed in the browsers of users who view those pages. XSS exploits insufficient input validation and output encoding, allowing attackers to hijack user sessions, steal cookies, manipulate website content, or redirect users to malicious sites. Security+ candidates must understand XSS because it directly impacts confidentiality and integrity in web environments and often serves as a stepping stone for more extensive attacks. There are three primary types of XSS: stored, where malicious scripts are permanently stored on the target server; reflected, where the script is reflected off a web server to the user’s browser; and DOM-based, which manipulates the client-side Document Object Model to execute malicious scripts. XSS emphasizes the importance of secure coding practices, content security policies, input validation, and browser security mechanisms.

SQL injection, the second choice, exploits database vulnerabilities by injecting SQL commands into input fields. While SQL injection affects data integrity and confidentiality in databases, it does not execute scripts in end-user browsers. SQL injection and XSS are both injection attacks but target different layers of web applications.

Brute-force attacks, the third choice, systematically guess passwords or encryption keys. Brute-force attacks target authentication mechanisms rather than web application input or client-side execution. Brute-force is unrelated to scripting attacks or manipulation of browser content.

Denial of Service attacks, the fourth choice, aim to overwhelm systems or networks with traffic to make them unavailable. DoS targets availability and does not manipulate user input or execute code in browsers.

The correct answer is cross-site scripting because it specifically injects scripts into web pages to manipulate users’ browsers. Security+ candidates should understand how XSS operates, the various attack vectors, prevention strategies such as input validation and content security policies, and monitoring for abnormal application behavior. XSS demonstrates how vulnerabilities in web applications can be exploited for identity theft, session hijacking, and unauthorized manipulation of data, emphasizing the importance of secure development practices and vigilant security controls in web environments. Understanding XSS provides insight into client-side attacks, user safety, and the role of secure coding in protecting sensitive information while maintaining web application integrity and user trust.

Question 64

Which type of attack occurs when multiple compromised devices are used to flood a target with traffic?

A) Distributed Denial of Service (DDoS)
B) Phishing
C) Rootkit
D) Adware

Answer:  A) Distributed Denial of Service (DDoS)

Explanation:

A distributed denial of service attack is a coordinated attack in which multiple compromised devices, often forming a botnet, simultaneously flood a target system or network with excessive traffic. The goal of DDoS attacks is to exhaust resources such as bandwidth, CPU, or memory, rendering services unavailable to legitimate users. Security+ candidates must understand DDoS attacks because they target availability, one of the core components of the CIA triad, and can significantly disrupt organizational operations, revenue, and reputation. DDoS attacks can use different methods, including volumetric attacks that saturate bandwidth, protocol attacks that exploit weaknesses in network protocols, and application-layer attacks that overwhelm server processes. Mitigation strategies include rate limiting, traffic filtering, redundant infrastructure, cloud-based DDoS protection services, intrusion detection systems, and network segmentation. DDoS attacks highlight the need for incident response planning, continuous monitoring, and resilience in network design.

Phishing, the second choice, relies on social engineering to deceive users into revealing sensitive information or installing malware. Phishing does not directly impact network availability or involve coordinated flooding of traffic from multiple sources.

Rootkits, the third choice, provide hidden, persistent access to systems. Rootkits focus on maintaining control over a compromised host and do not involve overwhelming systems or networks to deny service.

Adware, the fourth choice, delivers unwanted advertisements and may collect user data. Adware is primarily a privacy and annoyance concern and does not disrupt service availability like a DDoS attack.

The correct answer is distributed denial of service because it explicitly uses multiple compromised devices to flood a target and disrupt service. Security+ candidates should understand attack vectors, detection mechanisms, mitigation techniques, and the importance of designing resilient networks. DDoS attacks demonstrate the significance of availability-focused security planning, layered defenses, proactive monitoring, and incident response strategies to maintain operational continuity and protect organizational infrastructure from high-volume, coordinated attacks.

Question 65

Which attack uses fake emails or websites to trick users into revealing sensitive information?

A) Phishing
B) SQL injection
C) Brute-force
D) Worm

Answer:  A) Phishing

Explanation:

Phishing is a social engineering attack designed to deceive users into providing sensitive information, credentials, or access to systems by impersonating trusted entities. Phishing typically uses fake emails, malicious links, or spoofed websites to trick users into submitting passwords, financial information, or other confidential data. Security+ candidates must understand phishing because it is one of the most common attack types and can lead to identity theft, financial loss, or network compromise. Phishing can be categorized into various types: spear phishing targets specific individuals or organizations, whaling targets executives, and clone phishing replicates legitimate communications. Phishing often serves as the initial vector for more advanced attacks, including ransomware deployment, credential theft, and lateral movement within a network. Effective defense requires user training, email filtering, multi-factor authentication, and monitoring for suspicious activity. Phishing highlights the human element of cybersecurity, emphasizing that even technically secure systems can be compromised if users are deceived.

SQL injection, the second choice, exploits web application input vulnerabilities to manipulate databases. SQL injection is a technical attack and does not rely on deceiving users to reveal information, differentiating it from phishing.

Brute-force attacks, the third choice, systematically guess passwords or encryption keys. While brute-force may target the same accounts compromised via phishing, it relies on automation and trial-and-error, not social engineering.

Worms, the fourth choice, self-replicate across networks to propagate malware. Worms do not rely on deceiving users to obtain credentials; they exploit system vulnerabilities for autonomous spread.

The correct answer is phishing because it specifically deceives users to reveal sensitive information. Security+ candidates should understand attack methods, identification strategies, mitigation techniques, and the role of user education in reducing risk. Phishing demonstrates the critical importance of awareness training, layered defenses, and multi-factor authentication in safeguarding credentials and sensitive information from compromise.

Question 66

Which type of attack manipulates DNS entries to redirect users to malicious websites?

A) DNS poisoning
B) Phishing
C) Brute-force
D) Adware

Answer:  A) DNS poisoning

Explanation:

DNS poisoning, also known as DNS cache poisoning or DNS spoofing, is an attack that manipulates DNS entries to redirect users from legitimate websites to malicious websites controlled by attackers. Attackers inject false DNS information into DNS caches or servers, causing domain names to resolve to incorrect IP addresses. Security+ candidates must understand DNS poisoning because it demonstrates how attackers can compromise the integrity of domain resolution, leading to credential theft, malware delivery, and fraudulent activity. This type of attack can be particularly dangerous because it targets a foundational component of internet infrastructure, meaning a single compromised DNS server can affect many users. Attackers may use DNS poisoning to facilitate phishing campaigns, distribute malware, or redirect traffic to fraudulent payment portals. Mitigation techniques include implementing DNSSEC (DNS Security Extensions), monitoring DNS traffic for anomalies, using secure recursive DNS resolvers, validating DNS records, and ensuring timely patching of DNS servers.

Phishing, the second choice, is a social engineering attack that deceives users into providing sensitive information. While phishing can leverage malicious websites, it does not inherently manipulate DNS infrastructure or domain name resolution. Phishing relies on user action rather than technical compromise of DNS servers.

Brute-force attacks, the third choice, attempt to guess passwords or encryption keys systematically. Brute-force focuses on authentication mechanisms, not the manipulation of domain name systems. Brute-force and DNS poisoning are fundamentally different attack types targeting distinct components of information security.

Adware, the fourth choice, delivers unwanted advertisements and may collect user data. While adware may cause redirection to malicious content, it does not compromise DNS infrastructure to alter domain resolutions. Adware is primarily a privacy and annoyance concern rather than a network integrity issue.

The correct answer is DNS poisoning because it specifically compromises the integrity of DNS to redirect users to malicious destinations. Security+ candidates should understand attack vectors, detection techniques, and preventive measures, including DNSSEC, secure DNS configuration, anomaly detection, and network monitoring. DNS poisoning highlights the importance of validating the infrastructure that underpins connectivity and demonstrates that even fundamental services can be leveraged for attack purposes. By understanding DNS poisoning, candidates appreciate the need for layered defenses, encryption, and vigilant monitoring to maintain trust, integrity, and security in network communications. Awareness of DNS poisoning also emphasizes the importance of user verification and avoiding suspicious websites, as attackers may exploit this vulnerability to perform credential theft, malware distribution, or fraud. Comprehensive defenses require a combination of technical measures, monitoring, and user education to mitigate risk effectively, underscoring the critical role DNS plays in secure network operation.

Question 67

Which type of attack attempts to overwhelm system resources by sending excessive network traffic?

A) Denial of Service (DoS)
B) Rootkit
C) Keylogger
D) SQL injection

Answer:  A) Denial of Service (DoS)

Explanation:

Denial of Service attacks are cyberattacks in which attackers intentionally overwhelm system resources, network bandwidth, or application processing capacity, rendering services unavailable to legitimate users. DoS attacks can take various forms, including volumetric attacks that saturate bandwidth, protocol attacks that exploit weaknesses in network protocols, and application-layer attacks that target specific service functions. Security+ candidates must understand DoS because it highlights vulnerabilities in availability, one of the key elements of the CIA triad. DoS attacks often involve the use of automated scripts or botnets to generate large volumes of traffic, which can affect websites, email servers, databases, or other critical infrastructure. Organizations mitigate DoS attacks through traffic filtering, intrusion prevention systems, rate limiting, redundant infrastructure, cloud-based mitigation services, and proactive incident response planning. Understanding DoS emphasizes the importance of layered defenses and the potential operational, financial, and reputational impact of resource exhaustion attacks.

Rootkits, the second choice, are stealthy malware designed to maintain persistent access on a compromised host. Rootkits target integrity and system control rather than overwhelming resources or disrupting availability. While rootkits can facilitate further attacks, they do not themselves generate high-volume traffic to deny service.

Keyloggers, the third choice, capture keystrokes to steal sensitive information such as passwords or credentials. Keyloggers affect confidentiality but do not target availability by flooding networks or systems. They operate stealthily and do not generate resource exhaustion events.

SQL injection, the fourth choice, exploits web application input vulnerabilities to manipulate database operations. SQL injection compromises integrity and confidentiality of database content but does not flood systems with traffic or disrupt service availability.

The correct answer is Denial of Service because it specifically overwhelms system resources to make services unavailable. Security+ candidates should understand attack methods, detection mechanisms, mitigation strategies, and resilience planning to maintain service continuity. DoS attacks underscore the importance of availability-focused defenses, monitoring, and incident response to prevent business disruption and maintain trust in systems. Awareness of DoS also reinforces the need for traffic analysis, redundancy, and the use of specialized mitigation tools to protect against operational and financial impacts caused by resource exhaustion attacks.

Question 68

Which type of attack uses previously compromised credentials to access multiple accounts automatically?

A) Credential stuffing
B) Phishing
C) Worm
D) Ransomware

Answer:  A) Credential stuffing

Explanation:

Credential stuffing is an attack in which attackers use automated tools to test lists of previously compromised username-password combinations across multiple accounts and services. This attack relies on the widespread habit of reusing passwords, allowing attackers to gain unauthorized access efficiently. Security+ candidates must understand credential stuffing because it targets authentication systems, exploits human behavior, and demonstrates the importance of strong password policies and multi-factor authentication. Mitigation strategies include implementing anomaly detection, account lockouts after repeated failed login attempts, enforcing unique and complex passwords, and using multi-factor authentication to prevent unauthorized access even if credentials are compromised. Credential stuffing attacks are highly automated and scalable, making them a persistent threat to both personal accounts and enterprise systems. They highlight the importance of monitoring, alerting, and user education to prevent large-scale credential-based compromises.

Phishing, the second choice, is a social engineering attack designed to deceive users into providing sensitive information. While phishing can supply credentials for credential stuffing campaigns, it is not itself an automated testing attack and relies on human deception.

Worms, the third choice, are self-replicating malware that propagate across networks. Worms spread autonomously, exploiting vulnerabilities in systems to move from host to host, but they do not test credentials or target authentication mechanisms specifically.

Ransomware, the fourth choice, encrypts files or locks systems to demand payment. Ransomware focuses on availability and extortion, not automated reuse of previously compromised credentials. While ransomware may follow successful credential stuffing attacks, it is distinct in its method and purpose.

The correct answer is credential stuffing because it specifically uses automated attempts with previously compromised credentials to access multiple accounts. Security+ candidates should understand the attack methodology, prevention techniques, and the role of multi-factor authentication in reducing risk. Credential stuffing underscores the importance of unique, complex passwords, monitoring login attempts, and proactive security policies to protect accounts, highlighting both human and technical elements in securing authentication systems.

Question 69

Which type of attack manipulates a user’s session to impersonate them without their knowledge?

A) Session hijacking
B) Phishing
C) Brute-force
D) Adware

Answer:  A) Session hijacking

Explanation:

Session hijacking occurs when an attacker takes control of a user’s active session, often by stealing session cookies, tokens, or session IDs, to impersonate the user without requiring authentication. Security+ candidates must understand session hijacking because it targets authentication and session management mechanisms, potentially allowing attackers to access sensitive data, perform unauthorized transactions, or escalate privileges within applications. Session hijacking can occur through methods such as packet sniffing, cross-site scripting, man-in-the-middle attacks, or malware that intercepts session tokens. Mitigation strategies include implementing secure session management practices, using HTTPS and TLS encryption, regenerating session IDs after login, setting short session expiration times, and monitoring for unusual session activity. Understanding session hijacking emphasizes the importance of securing both authentication credentials and the mechanisms that maintain active sessions to prevent unauthorized access.

Phishing, the second choice, deceives users into revealing credentials or sensitive information. While phishing may provide the data needed for session hijacking, it is not the method by which sessions themselves are compromised. Phishing exploits human behavior rather than directly manipulating session mechanisms.

Brute-force attacks, the third choice, attempt to guess passwords or keys through systematic trial and error. Brute-force targets authentication systems rather than existing active sessions, making it fundamentally different from session hijacking.

Adware, the fourth choice, delivers unwanted advertisements and may collect user information. Adware does not manipulate session data or allow attackers to impersonate users in active sessions, limiting its relevance to session-based attacks.

The correct answer is session hijacking because it specifically involves taking over an active session to impersonate a user without authorization. Security+ candidates should understand methods of attack, preventive measures, and monitoring strategies to secure session management and maintain confidentiality, integrity, and availability of web applications. Session hijacking demonstrates the importance of secure communication, session token protection, and vigilance against both technical exploits and user manipulation.

Question 70

Which attack technique exploits software vulnerabilities to allow unauthorized code execution and control of a target system?

A) Exploit
B) Phishing
C) DDoS
D) Worm

Answer:  A) Exploit

Explanation:

An exploit is a technique that takes advantage of a vulnerability in software, hardware, or network systems to execute unauthorized code or gain control over a target system. Security+ candidates must understand exploits because they are foundational to a wide range of cyberattacks, including remote code execution, privilege escalation, malware deployment, and system compromise. Exploits often target unpatched software, misconfigured applications, or design flaws, and they can be automated or manually executed depending on the complexity of the vulnerability. Successful exploitation can compromise confidentiality, integrity, and availability, allowing attackers to access sensitive data, manipulate system operations, or disrupt service. Mitigation involves patch management, vulnerability scanning, secure coding practices, system hardening, and monitoring for anomalous behavior. Exploits are frequently combined with other attack vectors, such as phishing or malware delivery, highlighting their versatility and significance in cybersecurity incidents.

Phishing, the second choice, is a social engineering attack designed to deceive users into revealing sensitive information or downloading malicious content. Phishing does not inherently take advantage of software vulnerabilities; it exploits human behavior.

DDoS, the third choice, floods systems or networks with excessive traffic to disrupt availability. DDoS does not provide unauthorized code execution or system control, focusing instead on resource exhaustion.

Worms, the fourth choice, are self-replicating malware that spreads across networks. Worms may exploit vulnerabilities to propagate but are a method of malware distribution rather than the act of exploiting a specific flaw.

The correct answer is exploit because it specifically targets vulnerabilities to gain unauthorized code execution and control over systems. Security+ candidates should understand exploit types, methods, and preventive strategies, including patching, secure coding, monitoring, and vulnerability management. Exploits demonstrate how attackers leverage technical weaknesses to compromise systems and highlight the importance of proactive security measures to protect organizational assets and maintain information security.

Question 71

Which type of attack exploits software flaws to gain higher privileges than intended on a system?

A) Privilege escalation
B) Phishing
C) DDoS
D) Adware

Answer:  A) Privilege escalation

Explanation:

Privilege escalation is an attack where an attacker exploits vulnerabilities in software, misconfigurations, or design flaws to gain higher privileges than originally granted. It can be vertical, where the attacker moves from a lower privilege account to an administrator or root account, or horizontal, where the attacker accesses another account with the same level of privilege. Security+ candidates must understand privilege escalation because it is a common step in larger attacks, enabling attackers to install malware, access sensitive data, modify system configurations, or disable security controls. Exploitation methods can include exploiting unpatched vulnerabilities, exploiting weak permission settings, or taking advantage of insecure coding practices. Effective prevention involves applying patches and updates, enforcing least privilege policies, conducting vulnerability scanning, monitoring for abnormal activity, implementing role-based access controls, and employing endpoint detection and response solutions.

Phishing, the second choice, deceives users into revealing credentials or performing actions that benefit attackers. While phishing can deliver information or access that leads to privilege escalation, it is a social engineering attack and does not inherently exploit software vulnerabilities to gain elevated permissions.

DDoS, the third choice, overwhelms systems with traffic to deny services. While it impacts availability, DDoS does not provide attackers with additional privileges or access to system resources.

Adware, the fourth choice, delivers unwanted advertisements and may collect user data. Adware does not exploit privilege vulnerabilities or elevate attacker control over systems.

The correct answer is privilege escalation because it specifically allows attackers to gain higher-level access on a system by exploiting vulnerabilities or misconfigurations. Security+ candidates should understand vertical and horizontal privilege escalation, attack vectors, detection techniques, and preventive measures. Privilege escalation underscores the importance of least privilege enforcement, secure configuration management, patching, monitoring, and auditing, all of which mitigate the risk of unauthorized system control and protect sensitive organizational assets. Understanding privilege escalation emphasizes proactive security practices to ensure users only have the access required for their roles, reducing the potential for misuse or exploitation by attackers. This attack highlights the interconnection between system vulnerabilities, access controls, and monitoring practices, demonstrating that technical security measures and administrative policies must work together to prevent system compromise and maintain organizational security integrity.

Question 72

Which type of attack involves unauthorized modification of data in transit to disrupt communication integrity?

A) Man-in-the-middle (MITM)
B) Phishing
C) Worm
D) Rootkit

Answer:  A) Man-in-the-middle (MITM)

Explanation:

Man-in-the-middle is an attack where an attacker intercepts, alters, or relays communications between two parties without their knowledge. The goal is often to eavesdrop on conversations, steal sensitive information, or manipulate data to compromise integrity and trust. MITM attacks can occur on unsecured networks, via DNS spoofing, ARP poisoning, or compromised routers. Security+ candidates must understand MITM because it impacts confidentiality and integrity, both core aspects of the CIA triad, and can serve as a precursor to further attacks such as session hijacking or credential theft. MITM attacks emphasize the need for encryption protocols like TLS, secure Wi-Fi configurations, mutual authentication, and vigilant monitoring of network traffic. Effective mitigation includes using VPNs, certificate validation, strong encryption, network segmentation, and anomaly detection. Attackers may employ MITM for various purposes, including credential theft, financial fraud, or data manipulation, making it critical to secure communications end-to-end.

Phishing, the second choice, relies on deceiving users into revealing sensitive information. Phishing targets human behavior rather than intercepting or modifying communications, and while it can supply credentials for MITM attacks, it is not itself an in-transit data manipulation attack.

Worms, the third choice, self-replicate to propagate malware across networks. Worms do not intercept or manipulate in-transit data and focus on autonomous spreading of malicious software.

Rootkits, the fourth choice, provide persistent hidden access to compromised systems. Rootkits maintain control over endpoints but do not inherently intercept communications or alter data in transit, making them unrelated to MITM.

The correct answer is man-in-the-middle because it specifically targets communication between parties to intercept or modify data without consent. Security+ candidates should understand MITM techniques, attack vectors, preventive measures, and monitoring strategies. MITM demonstrates the critical importance of secure communication channels, encryption, mutual authentication, and vigilant network monitoring. Understanding MITM also emphasizes the intersection of technical vulnerabilities and security protocols, highlighting the need for layered defenses, secure configurations, and proactive measures to prevent attackers from exploiting weaknesses in communication paths to compromise confidentiality and integrity of data. Effective mitigation requires a combination of technical safeguards, continuous monitoring, and user awareness to ensure secure and trustworthy communications.

Question 73

Which type of attack is designed to manipulate or disrupt system behavior without the user’s knowledge, often hiding in legitimate software?

A) Trojan
B) Adware
C) Worm
D) Brute-force

Answer:  A) Trojan

Explanation:

A Trojan, or Trojan horse, is a type of malware disguised as legitimate software to trick users into executing it. Once executed, Trojans can perform malicious activities such as stealing data, installing additional malware, creating backdoors, or manipulating system behavior. Security+ candidates must understand Trojans because they highlight the dangers of trusting software from unverified sources, emphasizing secure software management, endpoint protection, and user awareness. Trojans exploit human behavior by disguising themselves as useful or necessary software while hiding malicious payloads. Mitigation includes verifying software integrity, using antivirus and endpoint detection systems, employing application whitelisting, educating users about safe software practices, and monitoring systems for unusual behavior. Trojans are commonly delivered via email attachments, infected downloads, or malicious websites, and may serve as the initial vector for broader attacks, such as ransomware deployment, privilege escalation, or persistent access.

Adware, the second choice, delivers unwanted advertisements and may collect user data. Adware is generally visible and does not manipulate system behavior stealthily or install hidden backdoors, making it distinct from Trojans.

Worms, the third choice, are self-replicating malware that propagate across networks without user action. Worms do not disguise themselves as legitimate software and primarily focus on spreading rather than stealthily manipulating a system’s behavior.

Brute-force attacks, the fourth choice, attempt to guess passwords or encryption keys by systematically trying all possible combinations. Brute-force does not manipulate system behavior, hide in software, or execute payloads on compromised systems.

The correct answer is Trojan because it specifically disguises malicious code within legitimate-looking software to compromise system behavior without the user’s knowledge. Security+ candidates should understand delivery methods, attack consequences, detection mechanisms, and preventive strategies. Trojans highlight the importance of software validation, endpoint protection, user awareness, and layered defenses to prevent unauthorized access, data theft, and system compromise. Understanding Trojans emphasizes the need for secure application management, vigilant monitoring, and proactive measures to mitigate risks associated with deceptive and hidden malware. This type of attack demonstrates the intersection of technical vulnerabilities, human behavior, and endpoint security practices.

Question 74

Which type of attack targets database input fields to manipulate or extract sensitive information?

A) SQL injection
B) Phishing
C) Keylogger
D) DDoS

Answer:  A) SQL injection

Explanation:

SQL injection is an attack that exploits vulnerabilities in web application input fields to inject malicious SQL statements into a database query. Attackers can manipulate queries to bypass authentication, retrieve sensitive information, modify or delete data, or escalate privileges within the database. Security+ candidates must understand SQL injection because it demonstrates the importance of input validation, secure coding practices, and database security. SQL injection can have severe consequences, including loss of data integrity, unauthorized data access, and reputational or financial damage to organizations. Mitigation techniques include parameterized queries, stored procedures, input sanitization, least privilege for database accounts, and continuous monitoring for suspicious database activity. SQL injection highlights how improperly validated user input can compromise critical systems, emphasizing the need for comprehensive application security practices.

Phishing, the second choice, relies on deceiving users into revealing sensitive information. While phishing can provide credentials for SQL injection attacks, it does not exploit application vulnerabilities to manipulate database queries directly.

Keyloggers, the third choice, capture user keystrokes to steal sensitive data. Keyloggers compromise confidentiality but do not manipulate databases or execute SQL commands.

DDoS attacks, the fourth choice, flood systems with traffic to exhaust resources. While DDoS affects availability, it does not directly compromise databases or manipulate input fields for data extraction.

The correct answer is SQL injection because it specifically exploits input validation vulnerabilities to manipulate database queries and access or modify sensitive information. Security+ candidates should understand attack mechanisms, prevention techniques, and detection methods. SQL injection emphasizes the importance of secure software development, database security, and layered defenses to protect sensitive information and maintain system integrity. Awareness of SQL injection demonstrates how critical secure coding and database management practices are in preventing unauthorized access and mitigating risks to organizational assets.

Question 75

Which attack involves self-replicating malware that spreads without user intervention to compromise systems?

A) Worm
B) Trojan
C) Phishing
D) Adware

Answer:  A) Worm

Explanation:

A worm is a type of self-replicating malware that spreads across networks without requiring user intervention. Worms exploit software vulnerabilities, misconfigurations, or network weaknesses to propagate autonomously from one system to another. Security+ candidates must understand worms because they highlight the importance of patch management, network segmentation, endpoint protection, and proactive monitoring. Worms can deliver payloads that steal data, install additional malware, create botnets, or disrupt system operations. Unlike Trojans, which rely on users to execute them, worms spread automatically, making them highly infectious and capable of causing widespread disruption. Mitigation strategies include updating software, closing network vulnerabilities, employing firewalls, monitoring network traffic, and using intrusion detection and prevention systems. Worms can lead to denial of service, data theft, or further malware infections, demonstrating their ability to affect confidentiality, integrity, and availability simultaneously. Understanding worms also emphasizes the importance of layered defenses, proactive vulnerability management, and network monitoring to detect and contain rapid malware spread effectively.

Trojans are a type of malware that relies heavily on deception and user interaction to achieve their objectives. Unlike worms or viruses, which have self-replicating capabilities, Trojans cannot spread autonomously. They require a user to actively execute them, often by opening an attachment, downloading a file, or running an application that appears legitimate. The deceptive nature of Trojans is central to their operation. Attackers often disguise them as harmless or useful software, tricking users into installing them on their systems. Once executed, Trojans can serve as a delivery mechanism for additional malicious activities. They may install other malware, create backdoors to provide unauthorized remote access, steal sensitive data, or manipulate system behavior in ways that compromise security. The focus of Trojans is not on propagation but on providing attackers with a foothold in the target system. Their reliance on social engineering and user action differentiates them from malware types that spread automatically, as they exploit human trust and curiosity rather than software vulnerabilities to gain access.

Trojans are often used in combination with other malware to achieve broader objectives. For instance, a Trojan may install spyware to capture user keystrokes, a rootkit to maintain stealthy control, or ransomware to encrypt files for financial gain. Because Trojans do not replicate on their own, their distribution usually depends on phishing campaigns, malicious downloads, or other methods that involve convincing a user to take an action. This makes user awareness and caution critical for preventing Trojan infections. Security measures such as email filtering, antivirus software, and scrutiny of downloads can mitigate the risk, but the underlying principle is that the Trojan only succeeds if the user is deceived into executing it.

Phishing, while also a social engineering attack, differs in its mechanics and goals. Phishing aims to manipulate users into voluntarily disclosing sensitive information, such as usernames, passwords, financial data, or other confidential details. Attackers craft messages that appear to come from trusted sources, often using emails, text messages, or social media platforms to reach potential victims. The success of phishing depends entirely on the target’s reaction. Users are prompted to click links, open attachments, or provide credentials on fraudulent websites. Unlike Trojans, phishing does not install malware or compromise the system directly. It relies on the human element to achieve its purpose and does not propagate across networks automatically. Phishing campaigns may target large numbers of users, but each success depends on individual interactions, making it a low-automation, high-reliance-on-deception attack.

Both Trojans and phishing illustrate the critical role of human behavior in cybersecurity. Trojans exploit trust to execute malicious software on endpoints, providing a platform for further compromise, while phishing exploits trust to extract sensitive information without deploying any software. In both cases, user vigilance is the primary defense. Technical safeguards can help, but awareness, skepticism of unsolicited communications, and cautious handling of files and links are essential for preventing these attacks.

Trojans require user execution and use deception to deliver additional malware or grant attackers access to systems, without self-replicating capabilities. Phishing relies entirely on deceiving users to obtain sensitive information and does not propagate autonomously. Both depend on social engineering and the user’s actions, emphasizing the importance of human factors in preventing security breaches.

Adware, the fourth choice, delivers unwanted advertisements and collects user data. Adware is typically visible and does not self-replicate or spread autonomously across systems, making it distinct from worms.

The correct answer is worm because it specifically self-replicates and spreads without user intervention. Security+ candidates should understand worm propagation methods, attack consequences, detection, and mitigation strategies. Worms illustrate the need for timely patching, network monitoring, endpoint protection, and layered defenses to prevent large-scale infections and protect the confidentiality, integrity, and availability of organizational systems. Understanding worms emphasizes proactive security practices to mitigate rapid malware spread and highlights the importance of automated defenses and human vigilance.