Text preview & study summary

CompTIA Security+ Threats Attacks and Vulnerabilities

A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.

Want to test your knowledge? Launch the Interactive Exam Simulator

Question 1

Which THREE techniques are commonly used in a password attack?

Answer choices

  • A. Brute force (trying all possible combinations) (Correct)

  • B. Dictionary attack (using wordlists of common passwords) (Correct)

  • C. Credential stuffing (using breached username/password pairs on other sites) (Correct)

  • D. VLAN hopping (manipulating 802.1Q tags)

  • E. DNS poisoning (inserting fake DNS records)

Explanation

Password attack types: (A) Brute Force — systematically tries every possible combination; effective against short/simple passwords but computationally expensive; (B) Dictionary Attack — uses wordlists (common passwords, dictionary words, variations); extremely effective against common passwords; (C) Credential Stuffing — takes breached credentials from one site and automates login attempts on others; effective because ~65% of users reuse passwords. Mitigations: strong unique passwords, MFA, account lockout policies, password managers. VLAN hopping and DNS poisoning are network attacks, not password attacks.

Question 2

An attacker finds a web application that reflects user input directly back in the HTTP response without encoding. The attacker hosts a malicious link that embeds `<script>alert(document.cookie)</script>` in a URL parameter. Which XSS type is this?

Answer choices

  • A. Stored (Persistent) XSS

  • B. Reflected (Non-Persistent) XSS (Correct)

  • C. DOM-Based XSS

  • D. Blind XSS

Explanation

Reflected XSS occurs when malicious script is embedded in a request (typically URL parameter) and the server reflects it back in the HTML response without sanitizing — executing in the victim's browser. It requires tricking the victim into clicking a crafted URL (via phishing). The script is NOT stored server-side. Stored XSS: malicious script saved in the database (comments, forum posts) — affects all visitors. DOM-Based XSS: client-side JavaScript processes attacker-controlled data without server involvement. Blind XSS: payload executes in a context the attacker can't directly observe (admin panels). Mitigations: output encoding, Content Security Policy (CSP), input validation, HTTPOnly cookies.

Question 3

Which TWO techniques are used in a pass-the-hash (PtH) attack?

Answer choices

  • A. The attacker needs the plaintext password to conduct the attack

  • B. The attacker captures an NTLM password hash and uses it directly for authentication without cracking it (Correct)

  • C. PtH attacks exploit Windows NTLM authentication's ability to accept password hashes as authentication proof (Correct)

  • D. PtH is only effective against accounts with no password

  • E. PtH attacks require the attacker to be on a different network segment than the victim

Explanation

Pass-the-Hash exploits a fundamental weakness in Windows NTLM authentication: NTLM accepts the password hash as proof of identity, not just the plaintext password. Attack process: (1) Attacker obtains NTLM hash from memory (using Mimikatz, secretsdump.py), SAM database, or network capture; (2) Uses the hash directly in authentication protocols without ever knowing the plaintext password. This enables lateral movement across the network. Mitigations: Credential Guard (Windows 10+, protects LSA secrets in virtualized container), disable NTLM where possible (use Kerberos), Protected Users security group, privileged account separation. PtH does not require the plaintext password.

Question 4

A penetration tester is hired by a company and given no prior information about the target environment. What type of engagement is this?

Answer choices

  • A. White-box testing

  • B. Gray-box testing

  • C. Black-box testing (Correct)

  • D. Red team exercise

Explanation

Penetration testing knowledge levels: Black-box — tester has NO prior knowledge of the target environment (simulates an external attacker with no insider information); most realistic simulation of real-world attack. White-box — tester has full knowledge (network diagrams, source code, credentials); most thorough coverage, tests defenses with complete information. Gray-box — tester has partial knowledge (some network info, maybe a low-privilege account); balances realism with efficiency. Red team — extended adversarial simulation covering physical, social engineering, and technical attack vectors; tests detection and response capabilities, not just defenses. Scope is defined in the Rules of Engagement (ROE)/Statement of Work.

Question 5

An organization conducts a threat intelligence exercise and classifies a threat actor as having high sophistication, significant financial resources, and nation-state backing. Which threat actor category BEST describes this?

Answer choices

  • A. Script kiddie

  • B. Hacktivist

  • C. APT (Advanced Persistent Threat) (Correct)

  • D. Insider threat

Explanation

APT threat actors are highly sophisticated, well-funded organizations (often nation-states or state-sponsored groups) that conduct targeted, long-term cyberattacks. Characteristics: custom malware/exploits, patient multi-stage attacks, persistence mechanisms, espionage or sabotage goals, zero-day exploitation. Examples: APT28 (Fancy Bear/Russia), APT41 (China), Lazarus Group (North Korea). Script kiddies use existing tools without deep knowledge. Hacktivists are motivated by ideology (Anonymous). Insider threats involve current/former employees, contractors. APTs represent the most sophisticated and persistent threat category.