Visit here for our full CompTIA SY0-701 exam dumps and practice test questions.
Question 41
Which security control type is designed to proactively prevent unauthorized access before it occurs?
( A ) Detective control
( B ) Preventive control
( C ) Corrective control
( D ) Deterrent control
Answer: B
Explanation:
Preventive controls are proactive mechanisms aimed at stopping security incidents before they occur. These controls enforce policies, restrict unauthorized activities, and provide barriers to malicious actions. Examples include firewalls, access control lists, intrusion prevention systems (IPS), multi-factor authentication, and encryption protocols. Detective controls, in contrast, identify security events after they occur, providing alerts for monitoring and analysis. Corrective controls mitigate the impact of an incident after detection, while deterrent controls aim to discourage malicious behavior through warnings or policies.
Preventive controls form the foundation of a robust security framework, reducing the likelihood of breaches and minimizing operational risk. Implementation requires understanding threat vectors, asset value, and potential vulnerabilities. Strong preventive controls combine technical solutions with administrative measures such as security policies, employee training, and incident response planning. Evaluating the effectiveness of preventive controls involves testing, auditing, and continuously updating defenses to address emerging threats.
Organizations that rely solely on detective or corrective measures are exposed to higher risk, as incidents may occur before mitigation. A layered approach, integrating preventive, detective, and corrective strategies, ensures comprehensive security coverage and improves resilience against both internal and external threats. Preventive controls are crucial for protecting sensitive information, maintaining system availability, and achieving regulatory compliance in dynamic cybersecurity environments.
Question 42
Which attack exploits vulnerabilities in web applications by injecting malicious scripts into users’ browsers?
( A ) SQL injection
( B ) Cross-site scripting (XSS)
( C ) Directory traversal
( D ) Man-in-the-middle
Answer: B
Explanation:
Cross-site scripting (XSS) is a type of web application attack where malicious scripts are injected into web pages viewed by unsuspecting users. XSS exploits input validation weaknesses, allowing attackers to manipulate client-side scripts to steal credentials, hijack sessions, or deliver malware. SQL injection targets backend databases by manipulating queries, directory traversal attempts unauthorized file access, and man-in-the-middle attacks intercept communications. XSS attacks are categorized into stored, reflected, and DOM-based types, each with distinct execution methods. Stored XSS permanently injects scripts into databases, reflected XSS sends scripts through URLs or forms, and DOM-based XSS exploits client-side scripts. Preventive measures include input sanitization, secure coding practices, content security policies, and proper output encoding.
Security testing, vulnerability scanning, and continuous monitoring are essential to detect and remediate XSS flaws. XSS poses severe risks because it bypasses server-side protections and targets end-users directly, making awareness and mitigation critical. Developers should adopt secure frameworks, implement strict validation rules, and monitor web applications for anomalous behavior. In addition, educating users about suspicious links and site behavior enhances overall defense. A comprehensive XSS mitigation strategy integrates technical solutions, secure development practices, and user education, safeguarding sensitive data and maintaining system integrity against client-side threats.
Question 43
Which type of attack floods a target system with excessive requests to disrupt normal operations?
( A ) Denial-of-service (DoS)
( B ) Phishing
( C ) SQL injection
( D ) Man-in-the-middle
Answer: A
Explanation:
A denial-of-service (DoS) attack is a type of cyberattack that aims to make a system, service, or network unavailable to legitimate users by overwhelming it with excessive traffic or resource requests. By targeting network bandwidth, server capacity, or application vulnerabilities, DoS attacks disrupt normal operations, preventing users from accessing critical services. When multiple compromised systems are used to carry out such an attack, it is classified as a distributed denial-of-service (DDoS) attack, which significantly amplifies the impact and makes mitigation more challenging. While DoS attacks focus on availability, other attack types, such as phishing, target human behavior to steal sensitive information, SQL injection exploits database vulnerabilities, and man-in-the-middle attacks intercept or manipulate communications.
DoS attacks can have severe consequences for organizations, including operational downtime, financial losses, reputational damage, and customer dissatisfaction. Even short periods of service unavailability can disrupt business processes and erode trust in online services. Mitigating these attacks requires a combination of technical, procedural, and strategic measures. Techniques such as rate limiting, traffic filtering, and the use of redundant infrastructure help absorb or block excessive traffi( C ) Specialized DDoS protection services and cloud-based mitigation solutions can detect and neutralize attacks before they reach critical systems. Implementing network segmentation and ensuring redundancy across servers and data centers also contribute to maintaining service continuity during an attack.
Beyond technical defenses, monitoring network traffic, establishing incident response plans, and performing regular vulnerability assessments are essential to reduce risk and respond effectively when attacks occur. Security teams should leverage threat intelligence to anticipate potential attack vectors and understand emerging patterns in DoS and DDoS tactics. By combining preventive, detective, and corrective measures, organizations can maintain resilience and minimize disruption. Effective defense against DoS attacks requires a proactive, layered approach that includes robust infrastructure design, continuous monitoring, and well-defined response strategies, ensuring that critical services remain available even under adverse conditions.
Question 44
Which type of malware pretends to be legitimate software while performing malicious actions?
( A ) Trojan
( B ) Worm
( C ) Rootkit
( D ) Spyware
Answer: A
Explanation:
Trojans are a type of malicious software designed to deceive users by appearing as legitimate or useful programs, prompting them to execute the malware willingly. Unlike worms, which have the ability to self-replicate across networks without user intervention, or rootkits, which primarily focus on hiding their presence while providing unauthorized access, Trojans rely heavily on social engineering tactics to trick individuals into initiating the infection. Similarly, spyware operates covertly to gather information without making visible changes to the system, whereas Trojans often carry more destructive capabilities. Once executed, a Trojan can create backdoors that allow attackers to remotely access and control a system, steal sensitive information such as credentials or financial data, or act as a delivery mechanism for additional malware.
Trojans are commonly distributed through deceptive means, including email attachments, fake software downloads, compromised websites, or seemingly harmless links. The deceptive nature of Trojans makes them difficult to detect, as they often blend in with legitimate software, requiring more than basic antivirus solutions for identification. Effective detection typically relies on behavioral analysis, threat intelligence, endpoint monitoring, and heuristics that can identify anomalous or malicious activity within the system. Preventing Trojan infections requires a multi-layered approach that addresses both technical and human factors. Users must be educated on safe computing practices, including avoiding downloads from untrusted sources, verifying software authenticity, and being cautious of unsolicited emails and attachments.
Organizations should also enforce robust endpoint protection, apply timely software patches, and maintain strict access controls to limit the potential damage if a Trojan does infiltrate a system. Continuous monitoring and logging of system activity help identify suspicious behavior early, allowing security teams to respond quickly and mitigate threats. Trojans demonstrate the critical interplay between human behavior and technical vulnerabilities in cybersecurity, highlighting the need for comprehensive strategies that combine user awareness, preventive controls, and proactive monitoring. By implementing these measures, organizations can significantly reduce the likelihood of Trojan infections, protecting the confidentiality, integrity, and availability of their systems and sensitive dat( A )
Question 45
Which type of encryption uses a pair of keys for secure communication?
( A ) Symmetric encryption
( B ) Asymmetric encryption
( C ) Hashing
( D ) Digital signature
Answer: B
Explanation:
Asymmetric encryption is a cryptographic technique that relies on a pair of mathematically linked keys—one public and one private—to secure data communication. Unlike symmetric encryption, which uses a single shared key for both encryption and decryption, asymmetric encryption allows data to be encrypted with a public key and decrypted only with the corresponding private key. This eliminates the need to transmit or share a secret key between parties, making it particularly effective for secure communication over untrusted networks. In comparison, hashing provides a mechanism to verify data integrity, while digital signatures combine hashing with asymmetric encryption to ensure authenticity and non-repudiation.
In asymmetric encryption, the public key can be widely distributed and used by anyone to encrypt messages intended for the key’s owner, while the private key must remain secret and is used to decrypt the messages. This method underpins a wide range of security applications, including secure email communication, digital certificates, TLS/SSL protocols, VPN connections, and authentication mechanisms. Popular asymmetric algorithms include RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman key exchange, each offering varying levels of security and computational efficiency. While asymmetric encryption provides strong security guarantees, it is computationally more intensive than symmetric encryption. For this reason, it is often combined with symmetric encryption in hybrid encryption schemes, where asymmetric encryption secures the exchange of a symmetric session key that then encrypts the bulk of the dat( A )
Effective implementation of asymmetric encryption requires careful key management, including secure generation, storage, rotation, and revocation of keys. Improper handling of private keys or weak algorithms can compromise security, leading to eavesdropping, impersonation, or data tampering. Organizations must also ensure that cryptographic protocols are correctly configured and updated to address known vulnerabilities. Cybersecurity professionals must understand the underlying principles of asymmetric encryption, including the mathematical foundations, key lifecycle management, and deployment best practices, to maintain secure communications and comply with regulatory requirements. By integrating asymmetric encryption into layered security strategies alongside symmetric encryption, hashing, and digital signatures, organizations can enhance confidentiality, integrity, and trust across digital systems while protecting sensitive data from unauthorized access or manipulation.
Question 46
Which attack involves intercepting communication between two parties without their knowledge?
( A ) Man-in-the-middle (MITM)
( B ) Brute-force attack
( C ) Phishing
( D ) SQL injection
Answer: A
Explanation:
A man-in-the-middle (MITM) attack is a type of cyberattack in which an attacker secretly intercepts, monitors, or manipulates communication between two parties without their knowledge. By positioning themselves between the sender and receiver, attackers can eavesdrop on sensitive information, steal credentials, or modify transmitted dat( A ) MITM attacks pose a significant threat because they compromise the core principles of cybersecurity: confidentiality, integrity, and authentication. Unlike brute-force attacks that rely on systematic password guessing, phishing that manipulates human behavior, or SQL injection that targets database vulnerabilities, MITM attacks exploit weaknesses in communication channels, protocols, and user trust.
These attacks can occur in various ways. On unsecured networks, such as public Wi-Fi, attackers can intercept data traffic to capture login credentials or financial information. Techniques like DNS spoofing allow attackers to redirect users to fraudulent websites, while ARP poisoning can trick network devices into sending data through the attacker’s system. Attackers can also set up malicious Wi-Fi hotspots to lure unsuspecting users, enabling interception of emails, messages, and other sensitive communications. Because MITM attacks often exploit protocol vulnerabilities or poor certificate handling, they can remain undetected unless proper monitoring and security measures are in place.
Mitigating MITM attacks requires a combination of technical controls, policy enforcement, and user awareness. End-to-end encryption, HTTPS protocols, and virtual private networks (VPNs) ensure that data remains secure even if intercepted. Strong authentication methods, such as multi-factor authentication and certificate validation, reduce the risk of unauthorized access. Continuous monitoring of network traffic, anomaly detection, and intrusion detection systems help identify suspicious activity indicative of MITM attempts. Educating users about the dangers of unsecured networks, phishing, and suspicious links further strengthens defenses.
A layered security approach is essential because MITM attacks exploit multiple vulnerabilities simultaneously. Combining secure communication protocols, robust encryption, proper key management, vigilant monitoring, and user training helps organizations maintain data confidentiality, integrity, and trust in digital interactions. By proactively addressing these risks, businesses and individuals can significantly reduce their exposure to MITM attacks and protect sensitive communications from interception or manipulation.
Question 47
Which security principle ensures users have only the access necessary to perform their job functions?
( A ) Separation of duties
( B ) Least privilege
( C ) Need-to-know
( D ) Role-based access control (RBAC)
Answer: B
Explanation:
The principle of least privilege is a fundamental concept in cybersecurity that ensures users are granted only the minimum level of access necessary to perform their specific job functions. By restricting permissions to what is strictly required, organizations reduce the potential attack surface, limiting opportunities for both accidental misuse and malicious activity. This principle helps protect sensitive data, maintain system integrity, and prevent unauthorized actions that could compromise operational security. Unlike more general access policies, least privilege focuses on precision and minimalism, ensuring that users do not have unnecessary rights that could be exploited if their accounts are compromised.
Implementing least privilege involves a combination of technical controls, policy enforcement, and ongoing management practices. Access control configurations must be carefully planned, assigning permissions based on clearly defined roles and responsibilities. Role-based access control (RBAC) often supports this approach by mapping job functions to appropriate access levels, while the need-to-know principle ensures that even within those roles, users only access information relevant to their tasks. Separation of duties complements least privilege by dividing critical functions among multiple users to prevent fraud or error, further strengthening internal controls.
Maintaining least privilege requires continuous oversight. Organizations must regularly review permissions, audit account activity, and remove or adjust access as roles change. Violations of least privilege can create significant risks, including insider threats, lateral movement within networks, and the accidental disclosure or modification of sensitive information. Integration with other security measures, such as multi-factor authentication, automated access reviews, and monitoring tools, enhances the effectiveness of least privilege by adding layers of verification and accountability.
Ultimately, least privilege is more than a technical control—it is a security philosophy that underpins operational discipline and data protection. By minimizing unnecessary access, enforcing role-specific permissions, and continuously monitoring adherence, organizations reduce exposure to internal and external threats, maintain compliance with regulatory standards, and support a secure, accountable, and resilient information environment. Proper application of least privilege is essential for ensuring that sensitive systems and data remain protected while enabling users to perform their duties efficiently and safely.
Question 48
Which type of attack uses fraudulent wireless access points to capture sensitive data from users?
( A ) Evil twin
( B ) Phishing
( C ) Denial-of-service
( D ) SQL injection
Answer: A
Explanation:
An evil twin attack is a type of cyberattack where an attacker sets up a fraudulent Wi-Fi access point designed to imitate a legitimate network. These rogue access points often carry the same network name (SSID) as a trusted public or corporate Wi-Fi, making it difficult for users to distinguish between the genuine network and the attacker-controlled one. When unsuspecting users connect to the malicious network, attackers can intercept sensitive data such as usernames, passwords, financial information, or other private communications. In some cases, attackers may also inject malware or redirect traffic to malicious websites, further compromising the victim’s system. Unlike phishing, which relies primarily on social engineering, or SQL injection, which targets databases, evil twin attacks exploit weaknesses in wireless network security and human behavior. They are particularly effective in public spaces, such as coffee shops, airports, or hotels, where users often connect automatically to familiar Wi-Fi networks.
Detection and prevention of evil twin attacks can be challenging because the malicious access point may appear legitimate to standard devices. Mitigation strategies focus on both technical controls and user awareness. Using virtual private networks (VPNs) encrypts network traffic, protecting sensitive data even if users connect to a rogue network. Network authentication protocols and strong encryption, such as WPA3, enhance security by making it more difficult for attackers to spoof legitimate networks. Disabling auto-connect features on devices reduces the risk of automatic connection to unknown networks. Network monitoring, anomaly detection, and access control policies can help identify and block suspicious access points before they compromise sensitive dat( A )
User education also plays a critical role in preventing this type of attack. Teaching users to verify network authenticity, avoid entering credentials on unsecured Wi-Fi, and recognize potential signs of rogue networks strengthens the human component of defense. Organizations can further enhance security by implementing robust wireless security standards, continuously monitoring network activity, and combining multiple layers of protection. By adopting a comprehensive approach that includes both technical measures and awareness programs, organizations can reduce the likelihood of successful evil twin attacks, maintain the confidentiality of sensitive information, and ensure the integrity and reliability of their wireless network environments.
Question 49
Which process verifies that a user’s identity is genuine before granting access to systems?
( A ) Authentication
( B ) Authorization
( C ) Accounting
( D ) Auditing
Answer: A
Explanation:
Authentication is a critical security process that ensures the identity of a user, device, or system before granting access to sensitive resources or systems. It serves as the first line of defense in access control, establishing confidence that the entity requesting access is legitimate. Authentication precedes authorization, which defines what actions the verified user is permitted to perform, and complements accounting, which tracks user activities, and auditing, which reviews and analyzes events to ensure compliance and support investigation. Without effective authentication, organizations cannot reliably enforce access policies or protect confidential dat( A )
Various methods are used to authenticate users, each offering different levels of security. Knowledge-based authentication relies on something the user knows, such as passwords or personal identification numbers (PINs). Biometric authentication uses unique physical or behavioral traits, such as fingerprints, facial recognition, or voice patterns, to verify identity. Possession-based methods involve physical devices like smart cards, hardware tokens, or mobile devices capable of generating one-time passwords (OTPs). Multi-factor authentication (MFA) combines two or more methods, providing an added layer of security that significantly reduces the risk of unauthorized access.
Strong authentication helps prevent unauthorized access and data breaches while supporting regulatory compliance with standards such as GDPR, HIPAA, and PCI DSS. Implementing secure authentication requires careful management of credentials, including safe storage, hashing, salting, and encryption of sensitive dat( A ) Proper session management, such as automatic logouts and timeout policies, further protects systems from hijacking or misuse. Attackers often attempt to bypass authentication mechanisms through phishing, credential stuffing, brute-force attacks, social engineering, or malware targeting stored credentials.
A robust authentication strategy combines technical controls, user training, monitoring, and adherence to security best practices. Logging authentication attempts, analyzing patterns for anomalies, and enforcing strict password policies enhance overall resilience. By prioritizing secure authentication, organizations can safeguard sensitive data, maintain network and system integrity, and reduce the likelihood of security incidents. Ultimately, authentication is foundational for building trust in digital environments and ensuring that only authorized individuals gain access to critical resources.
Question 50
Which method ensures data integrity by producing a fixed-length output unique to input data?
( A ) Hashing
( B ) Symmetric encryption
( C ) Asymmetric encryption
( D ) Digital signature
Answer: A
Explanation:
Hashing is a fundamental cryptographic technique that transforms input data of any size into a fixed-length string known as a hash value or digest. This transformation is one-way, meaning it is computationally infeasible to reverse the process to retrieve the original input. One of the key purposes of hashing is to ensure data integrity, as any alteration to the original input—even a single character—results in a completely different hash value. This property makes hashing an essential tool for verifying the authenticity and integrity of data during transmission, storage, or processing.
Unlike encryption, which protects data confidentiality, hashing does not hide the content of the information; it only ensures that the data has not been tampered with. Symmetric encryption uses a single shared key for both encryption and decryption, whereas asymmetric encryption relies on a public-private key pair to secure communications. Digital signatures combine hashing with asymmetric encryption to provide both integrity and authentication, ensuring that messages are not altered and verifying the sender’s identity.
Hashing is widely used in various security applications. In password storage, passwords are hashed before being saved in databases, so even if the database is compromised, the original passwords are not exposed. Hashes also enable message integrity checks, where the hash of a received message is compared to a known, expected hash to confirm that the message has not been modified. Digital certificates use hashing to ensure that certificates have not been tampered with, and blockchain technology relies on hashing to link blocks securely, maintaining the immutability of the ledger.
Strong, collision-resistant algorithms such as SHA-256, SHA-3, and BLAKE2 are critical for effective hashing, as they minimize the risk of two different inputs producing the same hash. While hashing ensures integrity, it is often combined with encryption to provide both confidentiality and integrity of sensitive dat( A ) Organizations also perform regular audits, integrity checks, and adhere to cryptographic best practices to maximize the effectiveness of hashing mechanisms. Understanding how hashing works and implementing it correctly is essential for cybersecurity professionals to maintain trust in digital data and prevent unauthorized tampering across systems and networks.
Question 51
Which security principle separates critical tasks among multiple users to prevent fraud?
( A ) Least privilege
( B ) Separation of duties
( C ) Need-to-know
( D ) Role-based access control (RBAC)
Answer: B
Explanation:
Separation of duties is a core security principle designed to enhance organizational control and reduce the risk of fraud, errors, or abuse by dividing responsibilities across multiple individuals. By ensuring that no single person has complete control over critical processes or transactions, organizations can prevent unauthorized actions and maintain operational integrity. This approach is particularly important in environments handling sensitive information, financial operations, or high-risk administrative tasks, where the potential for misuse or accidental errors could have significant consequences.
The principle works in conjunction with other access control measures such as least privilege, which limits users’ access to only what is necessary for their roles, and the need-to-know concept, which restricts information exposure to only those who require it for their duties. Role-based access control (RBAC) complements separation of duties by assigning permissions according to predefined roles, ensuring that responsibilities are distributed consistently and securely. Together, these measures form a comprehensive framework for minimizing risk while maintaining operational efficiency.
Implementing separation of duties requires careful workflow design, where critical tasks are broken into multiple steps and assigned to different individuals or teams. Access controls and permission settings are configured to enforce these divisions, while auditing and logging mechanisms track actions to detect anomalies or policy violations. Regular reviews of roles and responsibilities are essential to ensure that permissions remain aligned with organizational needs and do not inadvertently create opportunities for abuse.
Question 52
Which authentication factor relies on physical characteristics unique to an individual?
( A ) Something you know
( B ) Something you have
( C ) Something you are
( D ) Something you do
Answer: C
Explanation:
Biometric authentication is a method of verifying an individual’s identity based on unique physical or behavioral characteristics, often referred to as “something you are.” This includes fingerprints, iris patterns, facial features, voice recognition, and even behavioral traits like typing rhythm or gait. Unlike traditional knowledge-based authentication, such as passwords or PINs, or possession-based methods like smart cards or security tokens, biometric authentication relies on inherent traits that are extremely difficult to replicate or share. This makes it a powerful tool for strengthening security and reducing the risk of unauthorized access.
The implementation of biometric systems requires careful attention to data capture, storage, and processing. Biometric templates must be stored securely, often using encryption and secure hardware modules, to prevent theft or misuse. Additionally, privacy regulations, such as GDPR and other local data protection laws, impose strict requirements on how biometric data can be collected, used, and retained. Organizations must ensure compliance to protect both user privacy and their own legal standing.
Biometric authentication is widely applied across various domains, including unlocking smartphones and laptops, securing physical access to facilities, verifying identities for online services, and authorizing financial transactions. By integrating biometrics into multi-factor authentication, organizations can achieve a layered security approach that combines “something you are” with “something you know” or “something you have,” further reducing vulnerabilities associated with password compromise or lost tokens.
Despite its advantages, biometric authentication has inherent challenges. Systems may produce false positives, incorrectly granting access, or false negatives, denying legitimate users. Environmental factors, such as poor lighting, dirty sensors, or changes in physical traits, can also affect accuracy. Moreover, attackers may attempt spoofing attacks using fake fingerprints, photos, or voice recordings, which necessitates liveness detection and continuous monitoring to ensure system reliability.
Effectively deployed biometric authentication enhances organizational security by ensuring that access is granted only to authorized individuals while reducing dependence on potentially weak or compromised credentials. When combined with secure infrastructure, access controls, and user education, biometric systems provide a robust and practical solution for identity verification, helping organizations maintain operational integrity, protect sensitive information, and build trust in digital and physical environments.
Question 53
Which type of vulnerability scanning identifies security weaknesses in real time without exploiting them?
( A ) Passive scanning
( B ) Active scanning
( C ) Penetration testing
( D ) Social engineering
Answer: B
Explanation:
Active vulnerability scanning is a proactive security practice that involves systematically examining systems, networks, and applications to identify potential security weaknesses in real time. Unlike passive scanning, which monitors network traffic without generating additional activity, active scanning actively sends probes and queries to target systems to detect open ports, misconfigured services, outdated software, missing patches, and other known vulnerabilities. This approach does not exploit the vulnerabilities but identifies areas that could be targeted by attackers, allowing organizations to address them before they are compromised.
Active scanning differs from penetration testing, which goes a step further by actively exploiting vulnerabilities to evaluate the potential impact of an attack. While penetration testing provides a more in-depth assessment of security risks, active scanning is faster, can be conducted more frequently, and serves as a critical first line of defense in vulnerability management. It also complements other security practices, such as social engineering tests, which focus on human factors rather than technical weaknesses.
To be effective, active vulnerability scanning relies on up-to-date vulnerability databases and accurate configuration information. Modern scanning tools are regularly updated with the latest threat intelligence, enabling them to detect recently discovered vulnerabilities and common misconfigurations. Organizations should integrate active scanning into broader security management practices, combining it with patch management, configuration audits, intrusion detection systems, and threat intelligence to create a comprehensive approach to risk mitigation.
Reporting and prioritization are essential components of an effective active scanning program. Identified vulnerabilities must be classified according to severity and potential impact, and remediation plans should be developed and implemented promptly. Continuous scanning ensures that new vulnerabilities introduced by software updates, configuration changes, or newly deployed systems are detected in a timely manner.
Question 54
Which wireless security protocol provides the highest level of encryption for modern Wi-Fi networks?
( A ) WEP
( B ) WPA
( C ) WPA2
( D ) WPA3
Answer: D
Explanation:
WPA3 is the most recent wireless security protocol designed to provide stronger encryption and enhanced authentication for modern Wi-Fi networks. It addresses the limitations and vulnerabilities present in older standards such as WEP, WPA, and WPA2. WEP, being the earliest protocol, is now considered highly insecure due to its weak encryption and susceptibility to simple attacks. WPA improved security over WEP but still suffered from flaws in key management and encryption robustness. WPA2, while widely used today, lacks certain modern protections, making networks vulnerable to sophisticated attacks such as offline dictionary attacks.
WPA3 introduces several improvements that significantly enhance wireless network security. One key feature is the use of Simultaneous Authentication of Equals (SAE), which strengthens the authentication process by making it more resistant to offline password guessing attacks. SAE also provides forward secrecy, ensuring that even if a session key is compromised, previous communications remain secure. This makes WPA3 far more resilient to attempts by attackers to intercept and decrypt Wi-Fi traffi( C )
Implementing WPA3 requires careful configuration and adherence to security best practices. Organizations should disable legacy protocols such as WEP and WPA to prevent fallback to less secure modes. Strong passphrases must be enforced, and access to the network should be closely monitored to detect unauthorized devices or rogue access points. Segmentation of sensitive traffic, such as separating corporate resources from guest networks, further reduces exposure to potential threats.
WPA3 adoption enhances protection against common wireless attacks, including eavesdropping, brute-force password attempts, and unauthorized access. However, robust Wi-Fi security is not solely dependent on the protocol itself. Effective wireless security strategies combine WPA3 implementation with continuous network monitoring, intrusion detection systems, and user education to ensure that all potential attack vectors are addressed. By deploying WPA3 alongside these complementary measures, organizations can maintain a high level of confidentiality, integrity, and availability for their wireless networks, keeping them secure in increasingly dynamic and hostile network environments.
Question 55
Which type of attack attempts to guess passwords by trying every possible combination?
( A ) Brute-force attack
( B ) Phishing
( C ) Man-in-the-middle
( D ) SQL injection
Answer: A
Explanation:
A brute-force attack is a method used by attackers to gain unauthorized access to accounts or systems by systematically attempting every possible combination of passwords until the correct one is discovered. Unlike social engineering attacks such as phishing, which rely on manipulating human behavior to reveal credentials, or man-in-the-middle attacks, which intercept and potentially alter communications between parties, brute-force attacks directly target authentication mechanisms. Similarly, SQL injection attacks focus on exploiting vulnerabilities in databases rather than breaking password protections.
The effectiveness of brute-force attacks largely depends on the strength of the passwords being targeted. Weak, short, predictable, or reused passwords make systems highly susceptible, while complex, unique passwords dramatically increase the time and effort required for a successful attack. Attackers often use automated tools that can rapidly test large numbers of potential passwords, including dictionary attacks that try common words and phrases, or rainbow tables that leverage precomputed hash values to speed up the cracking process. These tools allow attackers to attempt millions of password combinations in a short period, making poorly secured accounts extremely vulnerable.
To defend against brute-force attacks, organizations must implement multiple layers of security. Strong password policies that require length, complexity, and regular rotation are essential. Account lockout mechanisms temporarily block access after several failed login attempts, slowing down automated attacks. Multi-factor authentication adds an additional layer of defense, requiring users to provide a second form of verification, such as a one-time password or biometric factor, which drastically reduces the likelihood of a successful compromise.
Continuous monitoring and analysis of login attempts are also critical. Detecting unusual patterns, such as repeated failures from a single IP address, allows security teams to respond quickly to potential attacks. User education plays an important role as well, ensuring individuals understand the importance of unique and strong passwords. By combining technical controls, vigilant monitoring, and user awareness, organizations can significantly mitigate the risk of brute-force attacks and protect sensitive data and critical systems from unauthorized access.
Question 56
Which attack uses deceptive email or messaging to trick recipients into revealing sensitive information?
( A ) Phishing
( B ) Denial-of-service
( C ) SQL injection
( D ) Brute-force
Answer: A
Explanation:
Phishing is a type of cyberattack that exploits human psychology to deceive individuals into revealing sensitive information, such as usernames, passwords, financial details, or personally identifiable information. Attackers achieve this by sending fraudulent emails, text messages, or creating fake websites that appear legitimate, often imitating trusted institutions or colleagues. Unlike technical attacks like denial-of-service (DoS), which aim to disrupt system availability, SQL injection, which targets vulnerabilities in databases, or brute-force attacks that attempt to guess passwords, phishing primarily relies on tricking users into taking actions that compromise security.
Phishing attacks come in various forms. Spear-phishing is a targeted attack directed at a specific individual or organization, often using personalized information to increase credibility. Whaling focuses on high-level executives or other prominent figures within an organization, exploiting their access to sensitive systems or dat( A ) Clone phishing involves creating a nearly identical copy of a legitimate email or communication to deceive the recipient into clicking malicious links or attachments. These variations demonstrate how attackers adapt their strategies to maximize effectiveness by exploiting trust, urgency, or authority.
Mitigating phishing requires a combination of technical, administrative, and human-focused measures. Employee awareness and training programs are critical, teaching users how to recognize suspicious emails, verify requests, and avoid clicking on unknown links. Email filtering and security gateways help prevent malicious messages from reaching inboxes, while multi-factor authentication adds an additional layer of protection against compromised credentials. Continuous monitoring for unusual activity, suspicious domains, or unauthorized access attempts enhances detection capabilities. Organizations should also establish clear reporting procedures for suspected phishing attempts and conduct regular simulations to reinforce awareness.
Technical measures such as domain-based message authentication, content filtering, and integration of threat intelligence further strengthen defenses. Phishing attacks, if successful, can lead to identity theft, financial losses, system compromise, and noncompliance penalties, highlighting the need for a comprehensive security strategy. By combining user education, robust email security controls, proactive monitoring, and a prepared incident response plan, organizations can significantly reduce the risk of phishing attacks and maintain a strong security posture across all digital channels.
Question 57
Which technology isolates applications to prevent malware from affecting the host system?
( A ) Sandboxing
( B ) VPN
( C ) IDS
( D ) Firewall
Answer: A
Explanation:
Sandboxing isolates applications or processes in a controlled environment to prevent malware from impacting the host system or network. This containment strategy allows software testing, malware analysis, and safe execution of untrusted programs. VPNs secure communications, IDS monitors for suspicious activity, and firewalls filter traffic, but do not isolate execution. Sandboxing mitigates risks of malware infection, zero-day exploits, and untrusted code execution. Implementation can occur at the application, container, or virtual machine level. Security teams use sandboxes to observe malware behavior, test patches, and evaluate applications without risking production systems. Sandboxing is critical in development, research, and enterprise environments, enabling safe experimentation and threat analysis. Combined with antivirus solutions, monitoring, and access control policies, sandboxing strengthens security defenses and minimizes the potential impact of malicious software.
Question 58
Which protocol provides secure email transmission by encrypting email messages?
( A ) SMTP
( B ) HTTPS
( C ) S/MIME
( D ) FTP
Answer: C
Explanation:
S/MIME (Secure/Multipurpose Internet Mail Extensions) encrypts and signs email messages, ensuring confidentiality, integrity, and authentication. SMTP is the standard protocol for sending emails but does not inherently encrypt messages. HTTPS secures web traffic, and FTP is for file transfer. S/MIME uses asymmetric cryptography to encrypt emails, allowing only the intended recipient to decrypt them. It also supports digital signatures to verify sender authenticity and message integrity. Adoption requires certificate management, email client compatibility, and secure key handling. S/MIME is critical for sensitive communications in corporate, government, and healthcare sectors. Combined with secure email policies, monitoring, and user training, S/MIME ensures that messages remain private and tamper-proof. Proper implementation prevents interception, spoofing, and unauthorized disclosure, supporting compliance with privacy regulations and safeguarding sensitive information.
Question 59
Which principle ensures users can only access data they are explicitly authorized to see?
( A ) Least privilege
( B ) Separation of duties
( C ) Need-to-know
( D ) Role-based access control (RBAC)
Answer: C
Explanation:
The need-to-know principle limits users’ access to data strictly required for their job functions. Unlike least privilege, which focuses on system permissions, need-to-know emphasizes information access. Separation of duties divides responsibilities, and RBAC assigns permissions based on roles. Implementing need-to-know involves classifying sensitive information, enforcing access control policies, monitoring user activity, and reviewing access regularly. Violating this principle increases the risk of data leakage, insider threats, and compliance breaches. Organizations achieve compliance, security, and operational integrity by restricting information exposure to only those with legitimate business requirements. Layered controls, including encryption, auditing, and policy enforcement, support the principle. Need-to-know is vital for maintaining confidentiality, protecting sensitive information, and minimizing risk exposure in complex organizational environments.
Question 60
Which attack technique involves inserting malicious SQL commands to manipulate a database?
( A ) SQL injection
( B ) Cross-site scripting
( C ) Directory traversal
( D ) Man-in-the-middle
Answer: A
Explanation:
SQL injection (SQLi) is a technique where attackers insert malicious SQL commands into input fields or URLs to manipulate backend databases. Unlike cross-site scripting, which targets client-side scripts, directory traversal, which accesses restricted files, or MITM, which intercepts communications, SQLi directly targets database integrity and confidentiality. Attackers may retrieve, alter, or delete sensitive data, escalate privileges, or execute administrative operations. Prevention includes parameterized queries, input validation, least privilege database accounts, and regular security testing. SQL injection remains a critical threat due to its potential to bypass authentication, expose sensitive information, and compromise entire applications. Mitigation strategies require secure coding, database hardening, monitoring, and education of developers. SQLi exemplifies the importance of integrating application security into development lifecycles, combining technical and policy measures to maintain secure data operations and prevent exploitation.
