CompTIA PenTest+ PT0-003 Exam Dumps and Practice Test Questions Set 7 Q121-140

Visit here for our full CompTIA PT0-003 exam dumps and practice test questions.

Question 121:

Which type of attack involves sending deceptive messages to trick users into revealing credentials?

A) Phishing

B) SQL injection

C) Denial of Service (DoS)

D) Cross-site scripting (XSS)

Answer: A) Phishing

Explanation:

Phishing is a social engineering attack designed to trick users into revealing sensitive information such as usernames, passwords, or financial data. Attackers typically use email, messaging apps, or social media to deliver deceptive messages that appear legitimate, often impersonating trusted entities such as banks, corporate IT departments, or popular services. Phishing attacks may contain malicious links, attachments, or requests for confidential information. Attackers exploit human psychology by creating a sense of urgency, fear, curiosity, or trust. Successful phishing attacks can result in account compromise, financial theft, malware installation, and unauthorized access to systems. Organizations mitigate phishing risks through user awareness training, simulated phishing campaigns, email filtering, and multi-factor authentication (MFA) to protect accounts even if credentials are disclosed.

SQL injection is a technical attack targeting web applications by manipulating database queries through user input. SQL injection focuses on backend vulnerabilities to extract, modify, or delete data. It does not involve tricking users into revealing credentials. SQL injection exploits software weaknesses rather than human behavior, making it distinct from phishing attacks.

Denial of Service (DoS) attacks aim to disrupt availability by overwhelming systems, networks, or applications with traffic or resource exhaustion. DoS attacks do not attempt to steal credentials or deceive users. Their goal is to cause downtime, not to manipulate user behavior or gain sensitive information.

Cross-site scripting (XSS) targets client-side code in web applications, injecting malicious scripts to execute in users’ browsers. XSS exploits input validation flaws, enabling attackers to steal cookies, hijack sessions, or redirect users to malicious websites. While XSS can compromise data, it relies on technical flaws and script execution rather than deceiving users through social engineering.

Phishing remains highly effective because it exploits human vulnerabilities rather than technical weaknesses. Effective countermeasures combine technical controls, such as spam filters and endpoint protection, with user education to recognize suspicious messages. Incident response plans, monitoring for compromised credentials, and MFA help mitigate damage when phishing attempts succeed. Organizations often conduct ongoing awareness programs to ensure users understand phishing tactics, recognize red flags, and respond appropriately. Security teams monitor for unusual login activity, verify message authenticity, and implement email authentication protocols such as SPF, DKIM, and DMARC to reduce phishing exposure. By addressing both human and technical factors, phishing risk can be significantly minimized while maintaining secure and functional communication channels.

Question 122:

Which type of malware hides its presence to maintain persistent access on a system?

A) Rootkit

B) Ransomware

C) Adware

D) Trojan horse

Answer: A) Rootkit

Explanation:

A rootkit is a type of malware designed to hide its presence and maintain persistent access to a compromised system. Rootkits operate at the kernel or system level, manipulating operating system functions to conceal processes, files, and network connections. Attackers use rootkits to gain stealthy control over systems, monitor activity, install additional malware, or exfiltrate data without detection. Rootkits are particularly dangerous because they evade traditional security tools, including antivirus software, and often require specialized detection and removal techniques. Techniques include kernel-level integrity checks, behavioral analysis, and forensic investigation to identify and eradicate rootkits.

Ransomware is malware that encrypts files or systems and demands payment for decryption. While ransomware disrupts operations and seeks financial gain, it does not primarily hide its presence. Ransomware typically alerts the victim directly via a ransom note, making its presence obvious.

Adware is software that delivers unwanted advertisements, often displaying pop-ups or tracking user behavior for financial purposes. Adware is intrusive but does not hide system processes or maintain stealthy access. Its goal is monetization rather than persistent unauthorized control.

Trojan horses disguise themselves as legitimate software to trick users into installing malicious code. Trojans can deliver payloads like ransomware, spyware, or rootkits. While Trojans may hide their intent temporarily, the defining feature of a rootkit is stealthy persistence at the system level, not the disguise of the initial delivery mechanism.

Rootkits are challenging to detect due to their deep system integration. Security strategies to combat rootkits include applying system patches, monitoring for unusual behavior, using advanced endpoint protection tools, and performing periodic integrity checks. Forensic tools and offline scanning can identify rootkits that evade online detection. Organizations also implement least privilege access policies, network segmentation, and proactive monitoring to reduce the risk of rootkit installation. Rootkits are often used in combination with other malware to maintain long-term access, steal sensitive information, or facilitate lateral movement within networks. By understanding rootkit behavior and implementing layered security measures, organizations can reduce the likelihood of persistent unauthorized access.

Question 123:

Which method protects data by converting it into unreadable format for unauthorized users?

A) Encryption

B) Authentication

C) Authorization

D) Multi-factor authentication (MFA)

Answer: A) Encryption

Explanation:

Encryption is the process of transforming plaintext data into unreadable ciphertext to prevent unauthorized access. Encryption ensures data confidentiality during storage, transmission, or processing. Strong encryption algorithms, such as AES or RSA, rely on cryptographic keys for encoding and decoding data. Even if data is intercepted, it remains unintelligible without the appropriate key. Encryption protects sensitive information such as personal data, financial records, intellectual property, and corporate communications from theft, eavesdropping, or compromise.

Authentication verifies the identity of a user or system, ensuring that the entity accessing data is legitimate. Authentication alone does not protect data content from interception or unauthorized viewing. While critical for access control, it is not the mechanism that renders data unreadable to unauthorized parties.

Authorization determines which resources or actions an authenticated user is allowed to access. Authorization enforces permissions but does not transform the data to prevent unauthorized reading. Access control works alongside encryption but is not a substitute for data protection itself.

Multi-factor authentication (MFA) strengthens identity verification by requiring multiple forms of evidence, such as passwords, tokens, or biometrics. MFA reduces the risk of credential compromise but does not encrypt data to prevent interception or unauthorized access. MFA protects authentication processes, not data content.

Encryption is essential for securing sensitive information across networks, endpoints, and cloud environments. Organizations implement encryption for email, databases, file storage, virtual private networks (VPNs), and mobile devices. Key management, algorithm selection, and proper implementation are critical to ensure encryption effectiveness. Encryption also supports compliance with regulations such as GDPR, HIPAA, and PCI DSS. By combining encryption with authentication, access control, and monitoring, organizations maintain confidentiality and prevent data leakage or interception by malicious actors. Properly implemented encryption ensures that even if an attacker gains access to data, it remains indecipherable, preserving security and trust in digital communications and storage.

Question 124:

Which security measure enforces policies for device compliance before allowing access to corporate resources?

A) Microsoft Intune

B) Microsoft OneDrive

C) Microsoft Planner

D) Microsoft Defender for Identity

Answer: A) Microsoft Intune

Explanation:

Microsoft Intune is a cloud-based endpoint management solution that enforces device compliance policies to secure access to corporate resources. Intune allows administrators to configure mobile device management (MDM) and mobile application management (MAM) policies, ensuring that only compliant devices can access company applications and data. Compliance checks include encryption, password policies, operating system version requirements, software updates, and health monitoring. Intune integrates with Azure Active Directory to enforce conditional access policies, blocking non-compliant devices from accessing corporate resources. It supports Windows, macOS, iOS, and Android platforms, providing centralized management and reporting for all devices in an organization.

Microsoft OneDrive is a cloud storage service that provides file sharing, synchronization, and access controls. OneDrive does not enforce device compliance or control access based on security policies. It protects data storage but is not a device management or compliance solution.

Microsoft Planner is a productivity tool used to organize tasks and workflows. Planner does not manage devices, enforce security policies, or restrict access to corporate applications. Its purpose is collaboration and project management rather than security enforcement.

Microsoft Defender for Identity monitors user behavior and Active Directory for suspicious activity. While it enhances identity security, Defender for Identity does not enforce compliance policies on devices or control access to corporate resources based on device configuration.

Intune provides organizations with a comprehensive solution to ensure device compliance and secure access. Administrators can deploy configuration profiles, monitor compliance, remediate non-compliant devices, and enforce security policies consistently. Conditional access integrated with Intune prevents compromised or misconfigured devices from accessing sensitive resources. Intune also enables remote actions such as wiping lost or stolen devices, deploying security updates, and enforcing encryption to protect corporate data. By using Intune, organizations maintain a strong security posture, reduce the risk of data breaches, and support regulatory compliance across diverse devices and locations. Intune’s combination of monitoring, enforcement, and remediation capabilities provides a robust framework for managing endpoint security in modern enterprise environments.

Question 125:

Which attack attempts to disrupt service availability by overwhelming systems or networks?

A) Denial of Service (DoS)

B) SQL injection

C) Phishing

D) Password spraying

Answer: A) Denial of Service (DoS)

Explanation:

A Denial of Service (DoS) attack is designed to disrupt the availability of a system, network, or application by overwhelming it with traffic or resource-intensive requests. The objective is to render services inaccessible to legitimate users, causing downtime, operational disruption, or reputational damage. DoS attacks can target web servers, databases, or entire networks and often involve sending excessive requests, malformed packets, or exploiting protocol weaknesses. Distributed Denial of Service (DDoS) attacks amplify this effect by leveraging multiple compromised systems (botnets) to simultaneously target a victim, increasing the scale and impact of the attack.

SQL injection attacks manipulate database queries through vulnerable web application input fields. SQL injection can extract, modify, or delete data but does not inherently overwhelm systems to disrupt availability. SQL injection is a data compromise technique rather than a service disruption method.

Phishing attacks deceive users into disclosing sensitive information, such as credentials or financial details. Phishing targets human behavior and social engineering, not system resources or network bandwidth. It may lead to data compromise but does not directly cause service unavailability.

Password spraying is a credential attack that attempts common passwords across multiple accounts to gain unauthorized access. Password spraying focuses on bypassing authentication and does not aim to disrupt system availability. It is an access-focused attack rather than a service availability attack.

DoS attacks are mitigated through network monitoring, traffic filtering, load balancing, redundancy, and cloud-based DDoS protection. Organizations deploy rate-limiting, intrusion detection, and incident response strategies to maintain service continuity. DoS attacks are common against high-profile targets, including e-commerce platforms, financial institutions, and public services. Effective detection, mitigation, and response strategies are critical to reduce downtime, maintain operations, and minimize financial and reputational impact. DoS remains a fundamental threat in cybersecurity, emphasizing the need for robust infrastructure, monitoring, and proactive defense measures.

Question 126:

Which security control restricts access to resources based on user roles and permissions?

A) Authorization

B) Authentication

C) Encryption

D) Multi-factor authentication (MFA)

Answer: A) Authorization

Explanation:

Authorization is the process of granting or denying access to resources based on a user’s identity and assigned permissions. After a user has been authenticated to confirm their identity, authorization determines what actions they are allowed to perform and which resources they can access. It ensures that users can only access information or perform tasks for which they have been explicitly granted permissions, preventing unauthorized access to sensitive data or critical systems. Authorization is implemented through access control mechanisms such as role-based access control (RBAC), attribute-based access control (ABAC), and discretionary access control (DAC).

Authentication verifies the identity of users but does not define or enforce what resources they can access. While authentication is necessary before authorization, it only establishes that a user is who they claim to be. Without proper authorization, authenticated users could gain inappropriate or excessive access to sensitive information.

Encryption protects data by converting it into an unreadable format for unauthorized users. While encryption safeguards data confidentiality, it does not determine whether a user has the right to access specific resources. Authorization controls access, whereas encryption protects the content itself.

Multi-factor authentication (MFA) strengthens authentication by requiring multiple forms of verification, such as passwords, tokens, or biometrics. MFA improves the security of identity verification but does not dictate user permissions or access to specific resources.

Authorization is essential for enforcing the principle of least privilege, which restricts users to the minimum access necessary to perform their roles. By assigning roles and defining permissions, organizations can reduce the risk of data breaches, insider threats, and accidental misuse of sensitive information. Role-based access control simplifies administration by grouping permissions based on job functions, while attribute-based access control evaluates contextual factors like device health, location, or time of access. Effective authorization relies on a combination of properly defined roles, regular review of permissions, and continuous monitoring of access activity. Organizations integrate authorization with identity management systems, logging, and audit capabilities to maintain compliance with regulatory standards such as HIPAA, GDPR, and PCI DSS. Authorization provides a robust framework for securing access while enabling users to perform their job functions without unnecessary restrictions.

Question 127:

Which type of malware appears legitimate but carries a malicious payload?

A) Trojan horse

B) Ransomware

C) Rootkit

D) Adware

Answer: A) Trojan horse

Explanation:

A Trojan horse is a type of malware that disguises itself as legitimate software to trick users into installing it. Once executed, the malicious payload can perform a wide variety of harmful actions, such as stealing credentials, installing additional malware, providing remote access, or disrupting system operations. Trojans rely on social engineering to convince users that the software is safe or beneficial. They are particularly dangerous because they can bypass traditional security measures by appearing trustworthy, making them difficult to detect without specialized tools or behavioral analysis.

Ransomware encrypts files or systems and demands payment to restore access. While ransomware can be delivered by a Trojan, its defining feature is encrypting data and extorting payment. Ransomware does not necessarily masquerade as legitimate software; it is often executed directly once delivered.

Rootkits are malware that hide their presence to maintain persistent, stealthy access to a system. Rootkits do not rely on deception for installation but instead manipulate system components to conceal themselves. Their primary goal is maintaining control, not tricking users into installation.

Adware delivers unwanted advertisements and may track user activity for financial gain. Adware is generally intrusive but not designed to disguise itself as legitimate software in order to execute harmful payloads. Its main function is to display advertisements or gather usage data, not to perform malicious actions covertly.

Trojans are commonly used as a delivery mechanism for other malware, including ransomware, spyware, or rootkits. They can be distributed via email attachments, software downloads, or compromised websites. Once installed, Trojans often allow attackers to remotely control infected devices, steal sensitive data, or manipulate system functions. Detection involves behavioral analysis, heuristic scanning, and endpoint monitoring. Organizations implement endpoint protection, user training, and strict software installation policies to reduce the risk of Trojan infections. Trojans exploit user trust and lack of awareness, highlighting the importance of combining technical defenses with cybersecurity education.

Question 128:

Which method verifies a user’s identity using something they possess, such as a smart card or token?

A) Possession-based authentication

B) Knowledge-based authentication

C) Biometric authentication

D) Certificate-based authentication

Answer: A) Possession-based authentication

Explanation:

Possession-based authentication is a method where a user proves their identity by presenting a physical device or token in their possession. This can include smart cards, hardware tokens, USB security keys, or mobile authenticator applications that generate one-time passwords (OTPs). Possession-based authentication is commonly used as one factor in multi-factor authentication (MFA) to strengthen security beyond knowledge-based factors, such as passwords. By requiring a physical device, organizations reduce the risk of credential compromise because even if a password is stolen, access cannot be gained without the token.

Knowledge-based authentication relies on something the user knows, such as a password, PIN, or answer to a security question. While knowledge-based methods are widely used, they are vulnerable to attacks like phishing, social engineering, or credential reuse. Knowledge alone does not provide the added security layer of a possession-based factor.

Biometric authentication verifies identity based on unique physical or behavioral characteristics, such as fingerprints, facial recognition, or iris scans. Biometric methods are inherently different from possession-based authentication because they rely on inherence rather than something the user physically possesses.

Certificate-based authentication uses digital certificates to verify identity. Certificates rely on cryptographic keys and a trusted public key infrastructure (PKI) rather than a tangible physical device carried by the user. While certificates provide strong authentication, they do not fall under possession-based methods in the traditional sense.

Possession-based authentication enhances security by requiring both a physical token and a password or biometric factor in MFA setups. Organizations integrate tokens with identity management systems and conditional access policies to ensure that access is granted only to authorized users and devices. This approach helps prevent unauthorized access in the event of password compromise or phishing attacks. Possession-based authentication is particularly valuable for high-security environments such as financial institutions, government systems, and enterprise networks. Proper deployment, token management, and user education are critical to maximizing security benefits and ensuring reliability.

Question 129:

Which attack allows unauthorized access by exploiting weak or reused passwords across many accounts?

A) Password spraying

B) Brute force attack

C) Phishing

D) SQL injection

Answer: A) Password spraying

Explanation:

Password spraying is an attack that attempts commonly used passwords across a large number of user accounts rather than targeting one account repeatedly. Attackers exploit weak or reused passwords while avoiding triggering account lockout policies. By distributing login attempts across multiple accounts, password spraying reduces the likelihood of detection compared to brute force attacks. This method is effective against organizations where users reuse simple or predictable passwords across services. Password spraying often targets web-based authentication portals, VPNs, or cloud services. Organizations mitigate risks through strong password policies, multi-factor authentication (MFA), monitoring for abnormal login patterns, and enforcing account lockout thresholds.

Brute force attacks systematically try every possible password combination for a single account until successful. Brute force is resource-intensive and likely to trigger alerts or account lockouts. It is different from password spraying, which targets multiple accounts with minimal attempts per account to avoid detection.

Phishing relies on social engineering to trick users into revealing credentials or sensitive information. While phishing can complement password spraying, it does not involve systematically guessing passwords across multiple accounts. Phishing targets human behavior rather than technical password weaknesses.

SQL injection manipulates database queries to access or modify backend data. SQL injection does not attempt to guess passwords or access multiple user accounts. It is a server-side exploit rather than a credential-based attack.

Password spraying is particularly effective because it leverages predictable user behavior. Security measures include enforcing unique and complex passwords, implementing MFA, monitoring authentication logs for repeated failed attempts, and educating users about secure password practices. Password spraying attacks highlight the importance of combining technical controls with user awareness to prevent unauthorized access and reduce the likelihood of account compromise.

Question 130:

Which Microsoft solution provides identity threat detection for Microsoft 365 and Active Directory?

A) Microsoft Defender for Identity

B) Microsoft Intune

C) Microsoft Planner

D) Microsoft OneDrive

Answer: A) Microsoft Defender for Identity

Explanation:

Microsoft Defender for Identity is a cloud-based security solution that monitors user behavior and authentication events within Microsoft 365 and Active Directory environments. It identifies suspicious activity, unusual login patterns, and potential account compromises. Defender for Identity uses machine learning and analytics to detect threats such as lateral movement, privilege escalation, and credential theft. Alerts generated by Defender for Identity provide security teams with actionable information to investigate and remediate potential security incidents.

Microsoft Intune is a device and application management solution that enforces compliance policies and manages endpoints. While Intune ensures device security and conditional access, it does not provide identity threat detection or analyze user authentication activity.

Microsoft Planner is a project and task management tool. Planner does not monitor user behavior or detect suspicious activity in Microsoft 365 accounts. Its functionality is focused on collaboration rather than security monitoring.

Microsoft OneDrive is a cloud storage platform for file synchronization and sharing. OneDrive provides encryption and access controls but does not detect anomalous behavior, account compromise, or identity-based threats. OneDrive is data-focused rather than identity-focused.

Defender for Identity integrates with Microsoft 365 security tools to provide a comprehensive view of account security. It continuously monitors authentication patterns, network interactions, and Active Directory activity to identify abnormal behavior that may indicate attacks or compromised credentials. Alerts generated by Defender for Identity enable security teams to quickly respond to potential incidents, investigate suspicious activity, and implement remedial measures. By proactively monitoring user behavior, Defender for Identity strengthens identity security, reduces the risk of account compromise, and enhances overall organizational security posture. It provides a critical layer of protection against identity-based attacks such as credential theft, privilege escalation, and lateral movement within enterprise networks.

Question 131:

Which attack targets databases by manipulating user input to execute malicious queries?

A) SQL injection

B) Cross-site scripting (XSS)

C) Phishing

D) Brute force attack

Answer: A) SQL injection

Explanation:

SQL injection is a type of attack that targets vulnerabilities in web applications by manipulating user input to execute malicious SQL queries on backend databases. Attackers exploit poor input validation or insufficient sanitization of form fields, URL parameters, or cookies. SQL injection can allow unauthorized access to data, modification of records, deletion of information, or even full control over the database server. This attack is particularly dangerous because it allows attackers to bypass authentication, escalate privileges, and extract sensitive information, including usernames, passwords, financial data, or intellectual property. Attackers may also leverage SQL injection to pivot further into network systems or deploy additional malware.

Cross-site scripting (XSS) targets web application users by injecting malicious scripts into web pages that execute in the victim’s browser. XSS exploits client-side vulnerabilities rather than database queries. While XSS can steal credentials or session tokens, it is distinct from SQL injection in that it focuses on manipulating front-end code rather than backend databases.

Phishing is a social engineering attack that deceives users into revealing sensitive information such as passwords or credit card numbers. Phishing relies on human manipulation rather than exploiting technical vulnerabilities in web applications or databases. Although phishing can deliver payloads or malware that may facilitate other attacks, it does not directly execute queries on databases.

Brute force attacks systematically attempt every possible combination of credentials to gain access to an account or system. Brute force focuses on authentication mechanisms and does not target database queries or backend vulnerabilities. It is a different attack vector from SQL injection, which manipulates application logic.

Mitigating SQL injection requires input validation, parameterized queries, stored procedures, and use of prepared statements. Security teams perform code reviews, penetration tests, and vulnerability scans to identify potential weaknesses. Web application firewalls (WAFs) can provide an additional layer of defense by filtering suspicious requests. Developers must implement the principle of least privilege for database access to limit the potential damage if SQL injection succeeds. SQL injection is a common vulnerability in web applications due to improper coding practices, making awareness, secure development, and continuous monitoring essential to protect sensitive data and maintain system integrity.

Question 132:

Which authentication factor relies on something the user knows, such as a password or PIN?

A) Knowledge-based authentication

B) Possession-based authentication

C) Biometric authentication

D) Certificate-based authentication

Answer: A) Knowledge-based authentication

Explanation:

Knowledge-based authentication relies on information that the user knows to verify identity, such as a password, PIN, or answers to security questions. It is the most common form of authentication due to its simplicity and ease of implementation. Passwords are widely used for logging into websites, applications, and network services. Security effectiveness depends on password complexity, length, uniqueness, and frequency of updates. Knowledge-based authentication is vulnerable to attacks such as phishing, social engineering, credential stuffing, and brute force attempts. Organizations enforce policies requiring complex passwords, rotation schedules, and MFA to mitigate these risks.

Possession-based authentication requires users to present something they physically possess, such as smart cards, hardware tokens, or mobile authentication apps. While it strengthens security, it differs from knowledge-based authentication because it relies on a physical factor rather than something remembered by the user.

Biometric authentication relies on inherent physical or behavioral traits, such as fingerprints, facial recognition, or iris patterns, to verify identity. Biometrics are distinct from knowledge-based methods because they are not based on memorized information but on unique biological characteristics.

Certificate-based authentication relies on digital certificates issued by a trusted authority to verify identity. Certificates use cryptographic keys and a Public Key Infrastructure (PKI) for authentication. This method does not require the user to remember information, so it differs from knowledge-based authentication.

Knowledge-based authentication remains fundamental because it is widely supported and familiar to users. Organizations enhance security by combining passwords with possession-based or biometric factors in multi-factor authentication systems. Proper password management, including length, complexity, and rotation policies, reduces the risk of compromise. Security teams monitor for failed login attempts, unusual access patterns, and potential breaches to enforce protection. While knowledge-based methods are vulnerable when used alone, combining them with additional factors provides a stronger authentication framework that balances usability and security.

Question 133:

Which malware type displays unwanted advertisements and may track user behavior?

A) Adware

B) Rootkit

C) Ransomware

D) Trojan horse

Answer: A) Adware

Explanation:

Adware is a type of malware designed to deliver unwanted advertisements to users, often in the form of pop-ups, banners, or redirecting web pages. Adware may also collect user behavior data, including browsing history, search queries, or application usage, to serve targeted advertisements or generate revenue for the attacker. Adware infections often occur through software bundles, malicious websites, or phishing campaigns. While adware is intrusive, it typically does not cause direct system damage or encrypt files like ransomware. Its primary goal is monetization rather than sabotage, though it can impact system performance, privacy, and user experience. Security teams mitigate adware through endpoint protection software, safe browsing practices, and user education to avoid suspicious downloads or websites.

Rootkits are malware designed to hide their presence and maintain persistent access to a system. Rootkits do not primarily display advertisements or track behavior for revenue purposes. Instead, they focus on stealth and control.

Ransomware encrypts files or systems and demands payment for decryption. While ransomware is highly disruptive and financially coercive, it does not serve advertisements or collect data for ad targeting. Its objective is extortion rather than monetization through advertising.

Trojan horses disguise themselves as legitimate software to trick users into installing malware. Trojans can deliver payloads such as ransomware, spyware, or rootkits. While a Trojan may install adware, adware itself is defined by its advertising delivery and tracking functionality. Trojans are delivery mechanisms, whereas adware represents the malware’s behavior.

Adware infections highlight the importance of maintaining endpoint security, practicing safe browsing, and educating users about software sources. Removing adware may require specialized removal tools or malware scanners, as some variants persist across system restarts or browser extensions. Organizations combine technical defenses with user awareness to reduce adware risks and protect privacy, performance, and user experience.

Question 134:

Which security measure adds a layer of protection by requiring multiple types of verification?

A) Multi-factor authentication (MFA)

B) Password

C) Biometric authentication

D) Encryption

Answer: A) Multi-factor authentication (MFA)

Explanation:

Multi-factor authentication (MFA) enhances security by requiring users to provide two or more verification factors before granting access. MFA typically combines knowledge-based factors (passwords), possession-based factors (tokens or smart cards), and inherence factors (biometrics) to reduce the risk of unauthorized access. By requiring multiple forms of verification, MFA mitigates threats from stolen credentials, phishing, brute force attacks, and credential stuffing. MFA is widely used for enterprise systems, cloud services, banking, and sensitive applications.

A password alone provides a single authentication factor. While necessary, it is vulnerable to theft, guessing, and phishing. MFA strengthens password-based authentication by adding additional layers.

Biometric authentication uses unique physical traits, such as fingerprints or facial recognition, for identity verification. While secure, it is typically used as one factor within MFA systems rather than a complete multi-factor solution on its own.

Encryption protects data by converting it into unreadable ciphertext for unauthorized users. Encryption safeguards confidentiality but does not verify identity or provide multi-factor authentication.

Implementing MFA improves security without relying solely on passwords. Security teams configure MFA policies, enforce enrollment of devices or tokens, and monitor authentication logs for unusual activity. MFA also helps organizations comply with regulatory requirements for identity protection. It provides a balance between usability and security by allowing flexible combinations of verification factors, ensuring strong protection for sensitive systems while maintaining convenient user access.

Question 135:

Which Microsoft solution enforces device compliance and security policies before granting access to corporate resources?

A) Microsoft Intune

B) Microsoft OneDrive

C) Microsoft Planner

D) Microsoft Defender for Identity

Answer: A) Microsoft Intune

Explanation:

Microsoft Intune is a cloud-based solution that manages devices, applications, and compliance policies to ensure secure access to corporate resources. Intune enables administrators to enforce device compliance checks, including operating system version, encryption, password requirements, application integrity, and security patch status. Devices that do not meet compliance standards are denied access to corporate data and applications, ensuring organizational security and regulatory compliance. Intune supports multiple platforms, including Windows, macOS, iOS, and Android, and integrates with Azure Active Directory for conditional access enforcement. Security teams monitor device health, remediate non-compliant devices, and deploy policies consistently across all endpoints.

Microsoft OneDrive provides cloud storage and file-sharing capabilities. While it encrypts files and controls access permissions, it does not enforce device compliance or security policies. OneDrive protects data but does not manage endpoints.

Microsoft Planner is a project and task management tool focused on collaboration. Planner does not provide device compliance enforcement or security monitoring. Its functionality is unrelated to access control based on device security.

Microsoft Defender for Identity monitors user behavior, authentication patterns, and Active Directory activity for suspicious activity and identity threats. While it enhances identity security, it does not enforce device compliance or determine access based on device configuration.

Intune ensures that only compliant and secure devices can access corporate resources. By integrating endpoint management with identity and conditional access policies, Intune reduces the risk of data breaches, unauthorized access, and malware spread. Organizations deploy Intune to maintain security standards, protect sensitive data, and support regulatory requirements, combining monitoring, enforcement, and remediation for a comprehensive endpoint security framework. Proper implementation involves configuring policies, enrolling devices, educating users, and monitoring compliance status to maintain a secure enterprise environment.

Question 136:

Which attack exploits vulnerabilities in web applications to execute scripts in users’ browsers?

A) Cross-site scripting (XSS)

B) SQL injection

C) Phishing

D) Denial of Service (DoS)

Answer: A) Cross-site scripting (XSS)

Explanation:

Cross-site scripting (XSS) is a type of attack that targets web application vulnerabilities by injecting malicious scripts into web pages. When users view the compromised pages, the scripts execute in their browsers, allowing attackers to steal cookies, hijack sessions, manipulate content, or redirect users to malicious websites. XSS exploits occur primarily due to improper input validation, insufficient output encoding, and failure to sanitize user-provided data. XSS can be categorized into three types: stored XSS, reflected XSS, and DOM-based XSS. Stored XSS involves injecting scripts that persist on the server and affect all users accessing the page, reflected XSS executes immediately in response to user input, and DOM-based XSS manipulates the page document object model to run malicious code.

SQL injection targets backend databases by manipulating input to execute unauthorized database queries. SQL injection is focused on extracting, modifying, or deleting data stored in a database, rather than executing scripts in client browsers. Although both XSS and SQL injection exploit web application vulnerabilities, their targets and execution environments differ significantly.

Phishing relies on social engineering to trick users into revealing credentials or sensitive information. Phishing targets human behavior, often through deceptive emails or messages, rather than technical vulnerabilities in web applications. It does not inject scripts into browsers or manipulate web content directly.

Denial of Service (DoS) attacks aim to disrupt service availability by overwhelming servers, networks, or applications with excessive traffic. DoS attacks focus on resource exhaustion and service downtime, not executing scripts in a user’s browser or stealing session information.

Mitigating XSS requires a combination of secure coding practices, input validation, output encoding, and Content Security Policy (CSP) implementation. Developers should avoid directly injecting untrusted data into HTML, JavaScript, or CSS contexts and regularly test applications for vulnerabilities. Web application firewalls (WAFs) can provide additional protection by filtering suspicious requests. XSS attacks are highly effective because they exploit the trust between users and web applications, often bypassing traditional security mechanisms. Security teams conduct regular penetration testing, code reviews, and automated scans to identify XSS vulnerabilities, protecting user credentials and preventing malware distribution. By understanding attack types, execution methods, and preventive strategies, organizations can reduce the risk of XSS attacks, protect sensitive information, and maintain user trust in web applications.

Question 137:

Which authentication factor relies on unique physical or behavioral traits of a user?

A) Biometric authentication

B) Knowledge-based authentication

C) Possession-based authentication

D) Certificate-based authentication

Answer: A) Biometric authentication

Explanation:

Biometric authentication uses unique physical or behavioral traits to verify the identity of a user. Common methods include fingerprints, facial recognition, iris scans, voice patterns, and behavioral biometrics such as typing patterns or gait analysis. Biometric factors provide a high level of assurance because physical traits are difficult to replicate or steal. This authentication method is widely used in mobile devices, secure facilities, and enterprise systems to prevent unauthorized access. Biometric data can also be combined with other factors in multi-factor authentication (MFA) to further enhance security.

Knowledge-based authentication relies on something the user knows, such as passwords, PINs, or answers to security questions. While common, knowledge-based methods are vulnerable to phishing, social engineering, and brute force attacks, making them less secure than biometrics in isolation.

Possession-based authentication requires something the user physically possesses, such as smart cards, tokens, or mobile authentication devices. Possession-based authentication enhances security but depends on the user having access to the physical item, whereas biometric authentication relies on inherent physical characteristics.

Certificate-based authentication relies on digital certificates issued by a trusted authority for identity verification. Certificates use cryptographic keys and PKI for secure authentication, but they are not inherently tied to physical user traits.

Biometric authentication is highly effective for securing systems because it is inherently unique to the user and cannot easily be shared or stolen. Organizations deploy biometrics alongside knowledge- and possession-based factors to implement MFA. Proper storage, encryption, and protection of biometric templates are critical to prevent identity theft. Biometric authentication improves convenience, reduces reliance on passwords, and enhances security posture, particularly in environments requiring strong access control. Security teams integrate biometric authentication with monitoring and auditing systems to ensure legitimacy and detect potential misuse or spoofing attempts. Biometrics continue to evolve, incorporating advanced AI and behavioral analytics to improve reliability and resilience against attacks, making them a vital component of modern authentication strategies.

Question 138:

Which attack uses repeated password attempts across many accounts to avoid lockouts?

A) Password spraying

B) Brute force attack

C) Phishing

D) SQL injection

Answer: A) Password spraying

Explanation:

Password spraying is a credential attack that attempts commonly used passwords across many user accounts, rather than focusing on a single account. This approach avoids triggering account lockout policies because only a few login attempts are made per account. Password spraying is effective against organizations where users use predictable or weak passwords. Attackers target multiple accounts simultaneously, often using automation tools and credential lists obtained from breaches or leaks. Security teams monitor login patterns for repeated failures, implement multi-factor authentication (MFA), enforce strong password policies, and conduct user awareness training to mitigate password spraying risks.

Brute force attacks systematically attempt all possible combinations of a single account’s password until successful. Brute force is focused on one account and often triggers alerts or lockouts, making it distinct from password spraying, which distributes attempts across multiple accounts to remain stealthy.

Phishing is a social engineering attack that deceives users into revealing credentials or sensitive information. While phishing may provide access to passwords for use in password spraying, it does not involve systematically guessing passwords across multiple accounts. Phishing relies on human manipulation rather than technical password attempts.

SQL injection manipulates backend database queries to extract or modify data. It is unrelated to guessing passwords and does not attempt access across multiple accounts. SQL injection is a backend-focused attack rather than an authentication-focused attack.

Password spraying highlights the importance of robust authentication policies, monitoring for unusual login attempts, and deploying MFA. Users should be trained to create strong, unique passwords and avoid reuse across services. Security teams must maintain logging and alerting systems to detect early indicators of password spraying attacks. By combining technical controls with user education, organizations can reduce the likelihood of credential compromise and protect sensitive accounts from unauthorized access.

Question 139:

Which malware type encrypts files and demands a ransom to restore access?

A) Ransomware

B) Rootkit

C) Adware

D) Trojan horse

Answer: A) Ransomware

Explanation:

Ransomware is malicious software designed to encrypt files or entire systems and demand payment in exchange for a decryption key. Ransomware often spreads through phishing emails, malicious downloads, exploit kits, or compromised websites. Once executed, it renders files inaccessible and displays a ransom note with instructions for payment, usually in cryptocurrency. Ransomware can impact individuals, businesses, or government organizations, causing operational disruption, financial loss, and reputational damage. Mitigation includes regular backups, endpoint protection, patch management, and user education to prevent infection. Incident response plans and offline backups are critical for recovery without paying a ransom.

Rootkits are malware that conceal their presence to maintain persistent access on a system. Rootkits are focused on stealth and control, not encrypting data or demanding payment.

Adware delivers unwanted advertisements and tracks user activity for revenue purposes. While intrusive, adware does not encrypt files or extort money from victims.

Trojan horses disguise themselves as legitimate software to deliver malicious payloads. While a Trojan may deliver ransomware, the defining characteristic of ransomware is encryption and extortion. Trojans are a delivery mechanism rather than the ransomware behavior itself.

Ransomware attacks are highly disruptive and increasingly sophisticated. They may include double extortion, where attackers threaten to release sensitive data if the ransom is not paid. Security teams employ preventive measures such as email filtering, malware scanning, network segmentation, and user training to reduce risk. Maintaining current backups and testing recovery processes are essential to minimize operational impact. Ransomware emphasizes the need for a layered security approach that combines prevention, detection, and recovery strategies.

Question 140:

Which security measure ensures that only verified devices can access corporate resources?

A) Device compliance enforcement via Microsoft Intune

B) Microsoft OneDrive

C) Microsoft Planner

D) Microsoft Defender for Identity

Answer: A) Device compliance enforcement via Microsoft Intune

Explanation:

Device compliance enforcement via Microsoft Intune ensures that only devices meeting predefined security and compliance policies can access corporate resources. Intune allows administrators to define rules for device encryption, operating system version, password requirements, patch levels, and application integrity. Devices failing compliance checks are denied access, reducing the risk of data breaches and malware propagation. Intune integrates with Azure Active Directory to enforce conditional access policies, allowing secure access for compliant devices while blocking non-compliant endpoints. Intune also supports reporting, monitoring, and remediation, providing a centralized solution for device security management across Windows, macOS, iOS, and Android platforms.

Microsoft OneDrive provides cloud storage and file-sharing capabilities, encrypting data and managing access permissions. However, OneDrive does not enforce compliance on devices or control access based on security configurations.

Microsoft Planner is a task and project management tool. Planner focuses on collaboration and workflow organization and does not manage endpoint security or enforce compliance policies.

Microsoft Defender for Identity monitors user behavior and authentication patterns for suspicious activity. While it enhances identity security, it does not enforce device compliance or control access based on device configuration.

Device compliance enforcement ensures that corporate data remains secure by limiting access to trusted, configured devices. Intune allows administrators to deploy policies, monitor compliance status, remediate non-compliant devices, and take actions such as remotely wiping or locking devices. By integrating endpoint management with conditional access policies, organizations reduce the likelihood of unauthorized access, data leakage, and malware propagation. Device compliance enforcement is a critical layer of security in modern enterprise environments, protecting sensitive information and supporting regulatory requirements while maintaining operational efficiency and secure access for users.