Home > Articles

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Q & A

The answers to these questions appear in Appendix A. For more practice with exam format questions, use the Pearson Test Prep software online.

  1. Which of the following involves an unauthorized individual searching and attempting to collect sensitive information from the trash?

    1. Piggybacking

    2. Fence jumping

    3. Dumpster diving

    4. Lockpicking

  2. Which of the following is a technique that is executed using disassemblers and decompilers to translate an app’s binary code or bytecode back into a more or less understandable format?

    1. Static and dynamic binary analysis

    2. Static and dynamic source code analysis

    3. Binary patching, or “modding”

    4. Binary code injection

  3. Which of the following is a sandbox built in the Linux kernel to only allow the write(), read(), exit(), and sigreturn() system calls?

    1. SUDI

    2. Seccomp

    3. SELinux

    4. Linux-jail

  4. Which of the following statements is not true?

    1. Modern web browsers provide sandboxing capabilities to isolate extensions and plugins.

    2. HTML5 has a sandbox attribute for use with iframes.

    3. Java virtual machines include a sandbox to restrict the actions of untrusted code, such as a Java applet.

    4. Microsoft’s .NET Common Language Runtime cannot enforce restrictions on untrusted code.

  5. Which of the following can attackers use to capture every keystroke of a user in a system and steal sensitive data (including credentials)?

    1. RATs

    2. Keybinders

    3. Keyloggers

    4. Ransomware

  6. Which of the following functionalities can an attacker abuse to try to elevate privileges if the service is running under SYSTEM privileges?

    1. Unquoted service paths

    2. Unquoted PowerShell scripts

    3. Writable SYSTEM services using the GetSystemDirectory function

    4. Cross-site scripting (XSS)

  7. Which of the following is not a place where Windows stores password hashes?

    1. SAM database

    2. LSASS

    3. PowerShell hash store

    4. AD database

  8. Which of the following is an open source tool that allows an attacker to retrieve user credential information from the targeted system and potentially perform pass-the-hash and pass-the-ticket attacks?

    1. SAM Stealer

    2. Mimikatz

    3. Kerberoast

    4. Hashcrack

  • + Share This
  • 🔖 Save To Your Account