Text preview & study summary
CompTIA Security+ Threats Attacks and Vulnerabilities
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
Which THREE techniques are commonly used in a password attack?
Explanation
Password attack types: (A) Brute Force — systematically tries every possible combination; effective against short/simple passwords but computationally expensive; (B) Dictionary Attack — uses wordlists (common passwords, dictionary words, variations); extremely effective against common passwords; (C) Credential Stuffing — takes breached credentials from one site and automates login attempts on others; effective because ~65% of users reuse passwords. Mitigations: strong unique passwords, MFA, account lockout policies, password managers. VLAN hopping and DNS poisoning are network attacks, not password attacks.
Question 2
An attacker finds a web application that reflects user input directly back in the HTTP response without encoding. The attacker hosts a malicious link that embeds `<script>alert(document.cookie)</script>` in a URL parameter. Which XSS type is this?
Explanation
Reflected XSS occurs when malicious script is embedded in a request (typically URL parameter) and the server reflects it back in the HTML response without sanitizing — executing in the victim's browser. It requires tricking the victim into clicking a crafted URL (via phishing). The script is NOT stored server-side. Stored XSS: malicious script saved in the database (comments, forum posts) — affects all visitors. DOM-Based XSS: client-side JavaScript processes attacker-controlled data without server involvement. Blind XSS: payload executes in a context the attacker can't directly observe (admin panels). Mitigations: output encoding, Content Security Policy (CSP), input validation, HTTPOnly cookies.
Question 3
Which TWO techniques are used in a pass-the-hash (PtH) attack?
Explanation
Pass-the-Hash exploits a fundamental weakness in Windows NTLM authentication: NTLM accepts the password hash as proof of identity, not just the plaintext password. Attack process: (1) Attacker obtains NTLM hash from memory (using Mimikatz, secretsdump.py), SAM database, or network capture; (2) Uses the hash directly in authentication protocols without ever knowing the plaintext password. This enables lateral movement across the network. Mitigations: Credential Guard (Windows 10+, protects LSA secrets in virtualized container), disable NTLM where possible (use Kerberos), Protected Users security group, privileged account separation. PtH does not require the plaintext password.
Question 4
A penetration tester is hired by a company and given no prior information about the target environment. What type of engagement is this?
Explanation
Penetration testing knowledge levels: Black-box — tester has NO prior knowledge of the target environment (simulates an external attacker with no insider information); most realistic simulation of real-world attack. White-box — tester has full knowledge (network diagrams, source code, credentials); most thorough coverage, tests defenses with complete information. Gray-box — tester has partial knowledge (some network info, maybe a low-privilege account); balances realism with efficiency. Red team — extended adversarial simulation covering physical, social engineering, and technical attack vectors; tests detection and response capabilities, not just defenses. Scope is defined in the Rules of Engagement (ROE)/Statement of Work.
Question 5
An organization conducts a threat intelligence exercise and classifies a threat actor as having high sophistication, significant financial resources, and nation-state backing. Which threat actor category BEST describes this?
Explanation
APT threat actors are highly sophisticated, well-funded organizations (often nation-states or state-sponsored groups) that conduct targeted, long-term cyberattacks. Characteristics: custom malware/exploits, patient multi-stage attacks, persistence mechanisms, espionage or sabotage goals, zero-day exploitation. Examples: APT28 (Fancy Bear/Russia), APT41 (China), Lazarus Group (North Korea). Script kiddies use existing tools without deep knowledge. Hacktivists are motivated by ideology (Anonymous). Insider threats involve current/former employees, contractors. APTs represent the most sophisticated and persistent threat category.
