CompTIA PenTest+ PT0-003  Exam Dumps and Practice Test Questions Set 8 Q141-160

Visit here for our full CompTIA PT0-003 exam dumps and practice test questions.

Question 141:

Which attack exploits human trust to obtain sensitive information, often via email or messaging?

A) Phishing

B) SQL injection

C) Cross-site scripting (XSS)

D) Denial of Service (DoS)

Answer: A) Phishing

Explanation:

Phishing is a social engineering attack that manipulates human trust to obtain sensitive information such as usernames, passwords, financial information, or personal data. Attackers typically use deceptive emails, instant messages, or social media posts to impersonate trusted entities such as banks, colleagues, or online services. Phishing messages often include urgent requests, links to malicious websites, or attachments that trick users into disclosing confidential information. Phishing is effective because it targets human behavior rather than technical vulnerabilities. Attackers exploit emotions such as fear, curiosity, urgency, or trust to increase the likelihood of user compliance. Phishing attacks can result in unauthorized access to accounts, identity theft, installation of malware, or financial fraud. Organizations mitigate phishing risks through user training, simulated phishing campaigns, email filtering, URL protection, and multi-factor authentication (MFA).

SQL injection targets web application databases by manipulating input to execute unauthorized queries. It exploits coding vulnerabilities in software rather than human behavior. SQL injection allows attackers to extract, modify, or delete database records but does not rely on deceiving users to reveal credentials.

Cross-site scripting (XSS) involves injecting malicious scripts into web applications to execute code in users’ browsers. While XSS can steal session information or perform unauthorized actions, it exploits application vulnerabilities rather than manipulating human trust. XSS focuses on technical exploitation, whereas phishing targets the user directly.

Denial of Service (DoS) attacks overwhelm systems or networks to disrupt availability. DoS attacks are infrastructure-focused and do not attempt to obtain sensitive information or deceive users. They are designed to cause downtime or service disruption, not to manipulate human behavior.

Effective phishing defense combines technical controls and user education. Email security tools identify suspicious senders, block malicious attachments, and analyze links for phishing content. Organizations train employees to recognize red flags, verify requests from unknown sources, and report potential phishing attempts. MFA provides an additional layer of protection in case credentials are compromised, limiting the impact of successful phishing attacks. Monitoring authentication patterns, unusual login activity, and failed attempts can help detect account compromises resulting from phishing. By implementing layered defenses, organizations reduce the likelihood of successful phishing attacks while maintaining secure operations and protecting sensitive information from unauthorized access.

Question 142:

Which malware conceals itself to maintain persistent access on a system?

A) Rootkit

B) Trojan horse

C) Ransomware

D) Adware

Answer: A) Rootkit

Explanation:

A rootkit is a type of malware designed to conceal its presence and maintain persistent access on a system. Rootkits operate at the kernel or system level, manipulating operating system functions to hide processes, files, network connections, and registry entries. Attackers use rootkits to maintain control over compromised systems, monitor user activity, steal sensitive information, or deploy additional malware. Rootkits are particularly dangerous because they evade traditional detection methods, such as antivirus software or standard monitoring tools, making them difficult to detect and remove. Specialized tools, forensic analysis, and offline scanning are often required to identify rootkit activity. Rootkits can be delivered via Trojans, phishing campaigns, or unpatched vulnerabilities, allowing attackers to establish stealthy footholds in enterprise networks.

Trojan horses disguise themselves as legitimate software to trick users into installation. While Trojans may deliver payloads like rootkits, ransomware, or spyware, they focus on deception rather than hiding their presence once installed.

Ransomware encrypts files or systems and demands payment for decryption. Ransomware is overt by design, displaying ransom notes and making its presence obvious. Its goal is disruption and extortion, not stealth or persistence.

Adware displays unwanted advertisements and may track user behavior for revenue. Adware does not conceal its presence at the system level or provide persistent control over a device. It is intrusive but not stealthy.

Rootkits are difficult to remove because they integrate deeply with the operating system and manipulate core system processes. Security teams employ advanced endpoint detection and response tools, monitor system integrity, and perform periodic forensic assessments to detect suspicious activity. Network monitoring for unusual traffic patterns or unauthorized remote access can indicate rootkit presence. Organizations combine technical measures with patch management, least privilege access policies, and continuous monitoring to reduce the risk of rootkit installation. Rootkits are often paired with other malware to maintain long-term access, steal data, or facilitate lateral movement. By understanding rootkit behavior and implementing layered defenses, enterprises strengthen their security posture and reduce exposure to persistent threats.

Question 143:

Which method converts readable data into an unreadable format to prevent unauthorized access?

A) Encryption

B) Authentication

C) Authorization

D) Multi-factor authentication (MFA)

Answer: A) Encryption

Explanation:

Encryption is the process of transforming readable data, called plaintext, into an unreadable format, called ciphertext, to prevent unauthorized access. Encryption relies on algorithms and cryptographic keys to secure data in transit, storage, or during processing. Even if intercepted, encrypted data cannot be understood without the proper decryption key. Encryption is widely used for securing emails, files, cloud storage, databases, virtual private networks (VPNs), and communications between devices. Strong encryption algorithms, such as Advanced Encryption Standard (AES) or RSA, provide high levels of confidentiality and integrity, making it difficult for attackers to compromise sensitive information. Organizations implement encryption to comply with regulatory requirements, protect intellectual property, safeguard financial data, and maintain customer trust.

Authentication verifies the identity of a user or system before granting access. While authentication ensures the user is legitimate, it does not protect the data itself from unauthorized reading or interception.

Authorization determines which resources an authenticated user can access and what actions they can perform. Authorization controls access permissions but does not transform data into an unreadable format.

Multi-factor authentication (MFA) strengthens identity verification by requiring multiple types of credentials, such as passwords, tokens, or biometrics. MFA helps prevent unauthorized access but does not encrypt data or make it unreadable to unauthorized users.

Encryption protects sensitive information by making it unintelligible without the decryption key. Key management is crucial to ensure that authorized users can access data while preventing unauthorized parties from decrypting it. Organizations implement encryption alongside access controls, monitoring, and endpoint protection to maintain a strong security posture. Encryption safeguards data in various scenarios, including cloud storage, emails, mobile devices, and network transmissions. It also supports compliance with legal and regulatory frameworks, reducing the risk of breaches, data leakage, and cyberattacks. Proper implementation, including strong algorithms, secure key storage, and periodic rotation, ensures that encrypted data remains protected even if systems are compromised. Encryption is a fundamental component of modern cybersecurity, protecting both the confidentiality and integrity of information.

Question 144:

Which type of malware disguises itself as legitimate software but carries a malicious payload?

A) Trojan horse

B) Rootkit

C) Adware

D) Ransomware

Answer: A) Trojan horse

Explanation:

A Trojan horse is malware that appears to be legitimate software but contains a malicious payload designed to compromise systems. Trojans deceive users into installation by mimicking trusted applications, such as software updates, productivity tools, or game downloads. Once executed, a Trojan can install additional malware, steal credentials, monitor user activity, provide remote access, or disrupt system functionality. Trojans rely on social engineering to trick users rather than exploiting software vulnerabilities directly. Attackers often distribute Trojans via email attachments, malicious websites, software bundles, or phishing campaigns.

Rootkits hide their presence and maintain persistent access to a system. Unlike Trojans, rootkits do not necessarily disguise themselves as legitimate software. Their primary function is stealth and persistent control.

Adware displays unwanted advertisements and may track user activity for monetization. Adware does not disguise itself as legitimate software to deliver harmful payloads and is primarily intrusive rather than maliciously destructive.

Ransomware encrypts files or systems and demands payment for decryption. Ransomware is overt and does not rely on deception to be installed; its purpose is extortion. Trojans, in contrast, depend on tricking the user to gain initial access and deliver malicious payloads.

Trojans are particularly dangerous because they serve as delivery mechanisms for various types of malware, including ransomware, spyware, and rootkits. Security teams detect Trojans through endpoint protection, behavior monitoring, and network traffic analysis. User education about avoiding unverified downloads, email attachments, and suspicious links is essential to prevent Trojan infections. Organizations implement least privilege access, patch management, and monitoring tools to reduce the risk and impact of Trojan-based attacks. Trojans exploit human trust and software execution processes, highlighting the importance of combining technical defenses with awareness training to secure systems against covert malware threats.

Question 145:

Which Microsoft solution monitors Microsoft 365 accounts for suspicious behavior and potential compromises?

A) Microsoft Defender for Identity

B) Microsoft Intune

C) Microsoft Planner

D) Microsoft OneDrive

Answer: A) Microsoft Defender for Identity

Explanation:

Microsoft Defender for Identity is a cloud-based security solution designed to monitor Microsoft 365 accounts and on-premises Active Directory environments for suspicious activity, unusual login patterns, and potential account compromises. Defender for Identity uses machine learning, behavioral analytics, and telemetry from authentication logs to detect anomalies such as lateral movement, privilege escalation, and compromised credentials. Alerts provide actionable insights for security teams to investigate incidents and remediate threats. Defender for Identity integrates with Azure Active Directory, Microsoft 365 security tools, and on-premises services to ensure comprehensive identity security monitoring.

Microsoft Intune manages devices and applications to enforce compliance and security policies. While Intune ensures devices meet security standards, it does not provide real-time monitoring of account behavior or detect identity threats.

Microsoft Planner is a collaboration and task management tool. Planner does not provide security monitoring or detect suspicious login activity. Its function is project management and workflow organization.

Microsoft OneDrive provides cloud storage and file-sharing capabilities, including encryption and access control. OneDrive does not analyze user behavior, detect compromised accounts, or provide identity threat detection.

Defender for Identity collects data from user accounts, authentication events, and network activity to identify potential threats proactively. Alerts trigger security investigations, enabling rapid response to compromised accounts. The solution improves organizational security posture by providing early detection of identity-based threats, helping prevent data breaches, credential theft, and unauthorized access. Defender for Identity combines technical monitoring, behavioral analysis, and integration with Microsoft 365 services to provide a specialized approach to identity threat detection. It complements other security tools, offering a layered defense strategy that strengthens user account protection and ensures timely remediation of threats.

Question 146:

Which security control ensures users can only perform actions they are permitted to based on their roles?

A) Authorization

B) Authentication

C) Encryption

D) Multi-factor authentication (MFA)

Answer: A) Authorization

Explanation:

Authorization is the process that determines what actions an authenticated user can perform and which resources they can access. After a user successfully proves their identity through authentication, authorization enforces access control policies to ensure that individuals only perform tasks and access information appropriate to their roles. Organizations implement authorization through mechanisms such as role-based access control (RBAC), attribute-based access control (ABAC), and discretionary access control (DAC). RBAC assigns permissions based on defined roles, simplifying administration while ensuring users operate within defined boundaries. ABAC considers attributes such as time, device health, and location to dynamically allow or restrict access. DAC allows resource owners to grant or restrict access to their assets.

Authentication verifies user identity but does not define what resources or actions a user can access. Authentication ensures legitimacy, while authorization enforces permissions and limits. Without authorization, authenticated users could gain unrestricted access, leading to potential security breaches.

Encryption converts readable data into an unreadable format to protect it from unauthorized users. Encryption secures data but does not determine which users can access resources or perform specific actions. It addresses confidentiality rather than access rights.

Multi-factor authentication (MFA) strengthens authentication by requiring multiple verification factors such as passwords, tokens, or biometrics. MFA does not control access to resources; it enhances identity verification before authorization decisions are applied.

Authorization enforces the principle of least privilege, which restricts users to only the permissions necessary to perform their tasks. By limiting access, organizations reduce the risk of data breaches, insider threats, and accidental misuse of sensitive information. Effective authorization relies on clearly defined roles, regularly reviewed permissions, and continuous monitoring of access logs. Organizations integrate authorization with identity and access management (IAM) solutions to maintain compliance with regulatory requirements such as HIPAA, GDPR, and PCI DSS. Authorization also provides audit trails, enabling security teams to investigate access patterns, detect misuse, and demonstrate compliance during audits. Implementing strong authorization controls strengthens overall organizational security, ensuring that only permitted individuals can perform sensitive operations while supporting operational efficiency. Proper configuration of roles, permissions, and policies is essential to prevent unauthorized actions, enforce security standards, and maintain accountability across enterprise systems.

Question 147:

Which type of malware encrypts files and demands payment to restore access?

A) Ransomware

B) Rootkit

C) Trojan horse

D) Adware

Answer: A) Ransomware

Explanation:

Ransomware is malicious software designed to encrypt files, applications, or entire systems and demand payment from victims to regain access. Ransomware attacks are often delivered through phishing emails, malicious downloads, exploit kits, or compromised websites. Once executed, ransomware renders files inaccessible and displays instructions for paying a ransom, often in cryptocurrency. Attackers may also use double extortion tactics, threatening to release sensitive data publicly if payment is not made. Ransomware is highly disruptive, causing operational downtime, financial losses, and reputational damage for businesses and individuals. Organizations mitigate ransomware risk through regular backups, offline data storage, endpoint protection, patch management, and user education on phishing and suspicious downloads. Recovery plans and incident response protocols are essential to restore systems without paying ransoms.

Rootkits are malware that conceal their presence and maintain persistent access on a system. Rootkits operate stealthily to avoid detection and control compromised devices but do not encrypt data or demand payment.

Trojan horses disguise themselves as legitimate software to deliver malicious payloads. Trojans may deliver ransomware as part of their payload, but the defining characteristic of ransomware is encryption and extortion. Trojans are primarily a delivery mechanism rather than ransomware behavior itself.

Adware displays unwanted advertisements and tracks user behavior for monetization purposes. While intrusive, adware does not encrypt files or extort money. Its purpose is revenue generation through ads rather than disruption or extortion.

Ransomware attacks are increasing in frequency and sophistication. Organizations employ preventive and detective controls, including email filtering, endpoint protection, application whitelisting, network segmentation, and monitoring abnormal activity. Backups should be isolated from the network to prevent ransomware from encrypting them. Awareness training for users is crucial to prevent execution of ransomware through phishing or malicious downloads. Security teams conduct exercises to ensure rapid response to ransomware incidents, including system isolation, forensic analysis, and recovery using backups. A layered approach combining prevention, detection, and recovery is essential for minimizing ransomware impact, safeguarding sensitive data, and maintaining business continuity.

Question 148:

Which malware hides its presence to maintain persistent access and avoid detection?

A) Rootkit

B) Trojan horse

C) Adware

D) Ransomware

Answer: A) Rootkit

Explanation:

Rootkits are sophisticated malware designed to hide their presence on a system while maintaining persistent access. They operate at the kernel or system level, manipulating operating system processes, files, and memory structures to evade detection. Rootkits allow attackers to monitor user activity, steal credentials, install additional malware, and control the system without alerting users or security software. Detection is challenging because rootkits integrate deeply into the operating system and may disable antivirus tools, hide processes, or intercept system calls. Rootkits can be delivered via Trojans, phishing attacks, malicious downloads, or exploiting unpatched vulnerabilities. Specialized detection tools, offline scanning, and forensic analysis are often required to remove rootkits successfully.

Trojan horses are malware disguised as legitimate software to deliver payloads. Trojans rely on deception for initial installation, but they do not necessarily conceal their operations once installed. A Trojan may install a rootkit, but the defining characteristic of rootkits is stealthy persistence.

Adware delivers unwanted advertisements and may track user behavior. While intrusive, adware does not hide itself at the system level to maintain persistent control. Adware focuses on revenue generation through pop-ups, banners, or browser tracking.

Ransomware encrypts files or systems and demands payment to restore access. Ransomware is overt and designed to alert the user to its presence, unlike rootkits that prioritize stealth. The purpose of ransomware is extortion, not hidden control.

Rootkits are particularly dangerous because they allow attackers to establish a long-term foothold, maintain administrative access, and deploy other malware. Security teams mitigate rootkit risks by enforcing least privilege policies, performing regular integrity checks, deploying endpoint detection and response tools, and monitoring unusual system activity. Organizations combine preventive, detective, and corrective controls to reduce the risk of rootkit infections. Understanding rootkit behavior is essential for maintaining enterprise security, as these threats often serve as the foundation for more complex attacks, including data exfiltration, credential theft, and system manipulation.

Question 149:

Which Microsoft solution manages devices, applications, and compliance policies for secure corporate access?

A) Microsoft Intune

B) Microsoft OneDrive

C) Microsoft Planner

D) Microsoft Defender for Identity

Answer: A) Microsoft Intune

Explanation:

Microsoft Intune is a cloud-based solution that manages devices, applications, and compliance policies to ensure secure access to corporate resources. Intune allows administrators to define compliance requirements, including operating system versions, encryption status, password policies, security patches, and application integrity. Devices that do not meet compliance standards are blocked from accessing sensitive corporate data. Intune integrates with Azure Active Directory for conditional access, ensuring that only secure and verified devices can connect to enterprise resources. Reporting, monitoring, and remediation capabilities help IT teams enforce security policies consistently across Windows, macOS, iOS, and Android devices. Intune supports application deployment, mobile device management, and endpoint protection, providing a centralized framework for device security.

Microsoft OneDrive provides cloud storage and file-sharing capabilities with encryption and access control. While it protects data, OneDrive does not manage devices or enforce compliance policies.

Microsoft Planner is a project and task management tool. Planner focuses on collaboration and workflow management and does not provide endpoint security or compliance enforcement.

Microsoft Defender for Identity monitors user behavior and authentication patterns to detect identity threats. While it protects accounts and identifies suspicious activity, it does not enforce device compliance or manage endpoints.

Intune ensures that corporate data is accessed only from secure and compliant devices. Administrators deploy policies, monitor device health, and remediate non-compliant devices to maintain security standards. Intune enables organizations to enforce least privilege access, protect sensitive information, and meet regulatory requirements. By combining device management, application control, and compliance monitoring, Intune strengthens endpoint security, reduces risk exposure, and supports operational continuity in modern enterprise environments.

Question 150:

Which authentication method uses something the user possesses, such as a smart card or token?

A) Possession-based authentication

B) Knowledge-based authentication

C) Biometric authentication

D) Certificate-based authentication

Answer: A) Possession-based authentication

Explanation:

Possession-based authentication requires a user to provide a physical object they possess to verify identity. Common examples include smart cards, hardware tokens, USB security keys, and mobile authentication apps that generate one-time passwords (OTPs). Possession-based authentication is often implemented as a second factor in multi-factor authentication (MFA) systems, enhancing security by combining something the user knows (password) with something the user possesses. It reduces the risk of unauthorized access even if passwords are compromised. Devices must be securely issued, managed, and protected to prevent theft or duplication.

Knowledge-based authentication relies on information that the user knows, such as passwords, PINs, or security questions. While fundamental, knowledge-based authentication alone is vulnerable to phishing, social engineering, and credential reuse.

Biometric authentication uses unique physical or behavioral traits, such as fingerprints, facial recognition, or voice patterns, to verify identity. Biometrics rely on inherence rather than possession.

Certificate-based authentication relies on cryptographic certificates issued by a trusted authority. Certificates use cryptographic keys to authenticate identity but are not necessarily something the user physically possesses.

Possession-based authentication strengthens security by ensuring that access requires both knowledge and possession factors. Organizations integrate it with MFA, conditional access policies, and monitoring to prevent unauthorized logins. Proper token management, secure distribution, and user education are essential to maintain security. Possession-based authentication is widely used in corporate environments, financial services, and high-security applications, providing an effective layer of protection against credential theft, phishing attacks, and unauthorized access. By combining possession with other authentication factors, enterprises enhance identity security while maintaining usability and operational efficiency.

Question 151:

Which attack involves overwhelming a system or network to make services unavailable?

A) Denial of Service (DoS)

B) Phishing

C) SQL injection

D) Cross-site scripting (XSS)

Answer: A) Denial of Service (DoS)

Explanation:

A Denial of Service (DoS) attack is a cybersecurity attack designed to overwhelm a system, server, or network with excessive traffic, requests, or resource consumption, rendering services unavailable to legitimate users. DoS attacks disrupt normal operations, causing downtime, financial losses, and reputational damage for organizations. Attackers exploit vulnerabilities in network protocols, applications, or infrastructure to exhaust processing power, bandwidth, or memory. Common types of DoS attacks include volumetric attacks, protocol attacks, and application-layer attacks. Volumetric attacks flood the network with excessive data, protocol attacks exploit weaknesses in communication protocols like TCP/IP, and application-layer attacks target specific services or applications to exhaust server resources. Organizations implement mitigation strategies, including firewalls, intrusion prevention systems, rate limiting, and traffic filtering to detect and block malicious activity.

Phishing targets human behavior to obtain sensitive information, often through deceptive emails or messages. Phishing does not aim to disrupt system availability but instead focuses on identity theft, credential compromise, or financial gain. It is a social engineering attack rather than an infrastructure-focused attack like DoS.

SQL injection exploits database vulnerabilities by manipulating input fields to execute unauthorized queries. SQL injection aims to extract, modify, or delete data from databases and does not involve overwhelming network resources or denying service. It is an application-layer data integrity attack rather than an availability attack.

Cross-site scripting (XSS) injects malicious scripts into web applications, allowing attackers to execute code in user browsers. XSS compromises data integrity, session information, or user trust but does not directly overwhelm system resources or make services unavailable.

DoS attacks can be mitigated through proactive network monitoring, redundancy, load balancing, and deployment of cloud-based content delivery networks (CDNs). Distributed Denial of Service (DDoS) attacks, a more advanced form, use multiple compromised devices to amplify attack traffic. Organizations must combine technical defenses, traffic analysis, and incident response procedures to detect and respond to attacks promptly. Educating users and administrators about attack indicators and maintaining updated infrastructure reduce vulnerabilities. DoS attacks exploit service dependency and resource limitations, emphasizing the importance of resilience, monitoring, and layered security controls to maintain operational continuity.

Question 152:

Which Microsoft 365 solution helps detect suspicious activity in user accounts and Active Directory?

A) Microsoft Defender for Identity

B) Microsoft Intune

C) Microsoft OneDrive

D) Microsoft Planner

Answer: A) Microsoft Defender for Identity

Explanation:

Microsoft Defender for Identity is a cloud-based security solution that continuously monitors Microsoft 365 accounts and on-premises Active Directory environments for suspicious behavior and potential account compromises. It uses behavioral analytics, machine learning, and telemetry from authentication logs to detect anomalies such as unusual login attempts, lateral movement, privilege escalation, and compromised credentials. Defender for Identity generates actionable alerts for security teams, enabling rapid investigation and remediation. It integrates with Azure Active Directory and other Microsoft 365 services to provide comprehensive identity security monitoring. Defender for Identity is particularly valuable for detecting threats early and preventing unauthorized access to sensitive organizational data.

Microsoft Intune manages devices, applications, and compliance policies. While Intune ensures endpoint security and enforces conditional access, it does not provide detailed monitoring of user behavior or Active Directory anomalies.

Microsoft OneDrive is a cloud storage service that provides file access, sharing, and synchronization capabilities. OneDrive does not monitor authentication patterns or detect suspicious activity in accounts.

Microsoft Planner is a task and project management tool. Planner focuses on collaboration and workflow organization rather than identity or account threat detection.

Defender for Identity collects telemetry, analyzes login events, and correlates data to identify potentially compromised accounts. Security teams can configure alerts, review anomalies, and trigger automated or manual responses to mitigate risks. The solution strengthens overall identity protection by combining advanced detection techniques with integration into Microsoft security ecosystems. It complements other security measures, such as multi-factor authentication, conditional access, and endpoint management, creating a layered security approach. Organizations implementing Defender for Identity improve visibility into potential threats, reduce response times, and enhance overall cybersecurity posture, ensuring early detection and proactive remediation of compromised accounts.

Question 153:

Which type of attack targets multiple accounts with a few common passwords to avoid lockouts?

A) Password spraying

B) Brute force attack

C) Phishing

D) SQL injection

Answer: A) Password spraying

Explanation:

Password spraying is a credential-based attack that targets many user accounts by attempting a small set of commonly used passwords. Unlike brute force attacks, which systematically try all possible combinations on a single account, password spraying spreads attempts across multiple accounts to avoid triggering lockout mechanisms. Attackers often use password lists compiled from leaked credentials or common passwords. This attack is particularly effective in organizations with weak password policies or users who reuse simple passwords. Security teams implement multi-factor authentication (MFA), enforce strong and unique passwords, monitor failed login attempts, and detect unusual access patterns to mitigate password spraying risks.

Brute force attacks attempt every possible combination of characters against a single account until successful. While effective, brute force often triggers account lockouts and alerts, unlike password spraying, which is designed to remain stealthy.

Phishing is a social engineering technique that manipulates users into revealing credentials or sensitive data. Phishing relies on deception rather than systematic password guessing across multiple accounts. It can be used in combination with password spraying if credentials are obtained, but it is not a guessing attack.

SQL injection exploits backend database vulnerabilities to manipulate queries. SQL injection targets web applications and databases rather than authentication mechanisms and does not attempt multiple login attempts across accounts.

Mitigating password spraying requires strong password policies, user training, MFA deployment, and monitoring of login activity. Attackers exploiting weak or common passwords can gain unauthorized access, but proactive defenses make this attack less effective. Security teams analyze authentication logs, investigate anomalies, and enforce conditional access rules to prevent compromise. Organizations often combine password management, MFA, and anomaly detection for a robust defense against credential-based attacks.

Question 154:

Which malware delivers unwanted advertisements and may track user behavior?

A) Adware

B) Ransomware

C) Rootkit

D) Trojan horse

Answer: A) Adware

Explanation:

Adware is malware designed to deliver unsolicited advertisements to users, often in the form of pop-ups, banners, or redirects. Adware may track user behavior, such as browsing history, search activity, or application usage, to serve targeted ads or generate revenue for attackers. Adware typically infiltrates systems through software bundles, malicious websites, or deceptive downloads. While intrusive, adware generally does not damage systems or encrypt files, focusing instead on monetization and data tracking. Endpoint protection, safe browsing practices, and user awareness reduce adware risks, along with removal tools designed to clean affected systems.

Ransomware encrypts files and demands payment to restore access. Its primary goal is disruption and extortion, not advertising.

Rootkits conceal themselves to maintain persistent access on a system. While rootkits can be used to deploy additional malware, they are designed for stealth and control rather than delivering ads.

Trojan horses disguise themselves as legitimate software to trick users into installation. While Trojans may deliver payloads like adware or ransomware, adware itself is defined by its advertising behavior and tracking functions.

Adware infections highlight the need for endpoint security, user education, and safe software installation practices. Users should avoid unknown downloads, suspicious websites, and software bundles that may include adware. Organizations often deploy web filtering, anti-malware solutions, and monitoring to detect adware activity, ensuring privacy, performance, and security are maintained. Adware may also compromise system resources and degrade user experience, making removal and preventive measures essential for operational efficiency and cybersecurity hygiene.

Question 155:

Which Microsoft solution manages device compliance, app deployment, and access policies?

A) Microsoft Intune

B) Microsoft OneDrive

C) Microsoft Planner

D) Microsoft Defender for Identity

Answer: A) Microsoft Intune

Explanation:

Microsoft Intune is a cloud-based endpoint management solution that manages devices, applications, and compliance policies to enforce secure access to corporate resources. Intune allows administrators to define compliance requirements such as device encryption, password policies, operating system versions, application integrity, and patch status. Devices that do not meet these standards are denied access to corporate data, preventing unauthorized use and reducing security risks. Intune integrates with Azure Active Directory for conditional access, ensuring that only compliant devices connect to enterprise resources. The solution supports mobile device management (MDM), mobile application management (MAM), reporting, monitoring, and remediation, providing centralized control over endpoints across Windows, macOS, iOS, and Android platforms. Intune enhances security, simplifies device management, and ensures compliance with regulatory requirements.

Microsoft OneDrive provides cloud storage and file-sharing capabilities, offering encryption and access control, but does not manage device compliance or access policies.

Microsoft Planner is a collaboration and task management tool. Planner helps organize tasks and projects but does not provide endpoint management or policy enforcement.

Microsoft Defender for Identity monitors user behavior and Active Directory activity for suspicious login attempts and compromised accounts. While it improves identity security, it does not manage devices, deploy applications, or enforce compliance policies.

Intune enables organizations to enforce consistent security policies, maintain compliance, and protect sensitive data by managing endpoints and applications centrally. It reduces risk exposure, improves operational efficiency, and integrates with identity and security tools to ensure a layered defense. Administrators can configure device policies, deploy applications, monitor compliance status, remediate non-compliant devices, and ensure that only secure devices access corporate resources. This approach provides robust endpoint protection while supporting operational continuity and regulatory compliance.

Question 156:

Which attack exploits input vulnerabilities to manipulate backend databases?

A) SQL injection

B) Phishing

C) Cross-site scripting (XSS)

D) Denial of Service (DoS)

Answer: A) SQL injection

Explanation:

SQL injection is a cyberattack that targets vulnerabilities in web application input fields by injecting malicious SQL commands into database queries. Attackers exploit insufficient input validation, improper query handling, or failure to use parameterized queries. SQL injection allows unauthorized access, retrieval, modification, or deletion of sensitive database information. It can also bypass authentication mechanisms, escalate privileges, or execute administrative operations. SQL injection is commonly executed through web forms, URL parameters, cookies, or API endpoints. Security measures include input validation, prepared statements, stored procedures, and the use of web application firewalls (WAFs) to detect suspicious query patterns. Organizations implement regular code reviews, penetration testing, and database monitoring to prevent SQL injection attacks.

Phishing is a social engineering attack that tricks users into revealing sensitive information, typically through deceptive emails or messages. Phishing relies on human behavior rather than manipulating database queries and is not a technical exploitation of backend systems.

Cross-site scripting (XSS) injects malicious scripts into web applications to execute in users’ browsers. XSS targets client-side vulnerabilities rather than backend databases. Its goal is to steal session data, manipulate web pages, or redirect users, not to compromise stored data directly.

Denial of Service (DoS) attacks overwhelm system resources, rendering services unavailable. DoS focuses on service availability rather than data integrity or manipulation. SQL injection attacks affect the database layer, whereas DoS affects system resources.

SQL injection is dangerous because it provides attackers with direct access to sensitive data, including credentials, financial information, and personally identifiable information (PII). Attackers can create backdoors, manipulate records, and gain administrative privileges, compromising the entire system. Organizations enforce secure coding practices, proper database permissions, and anomaly monitoring to detect unusual queries. Security teams often use automated scanning tools to identify potential vulnerabilities and educate developers on secure query handling. SQL injection demonstrates the importance of combining technical controls, monitoring, and user awareness to secure enterprise applications. The consequences of SQL injection breaches can be severe, including data theft, regulatory non-compliance, operational disruption, and reputational damage, making proactive prevention essential for organizational cybersecurity.

Question 157:

Which authentication factor relies on something the user knows, such as a password or PIN?

A) Knowledge-based authentication

B) Biometric authentication

C) Possession-based authentication

D) Certificate-based authentication

Answer: A) Knowledge-based authentication

Explanation:

Knowledge-based authentication (KBA) verifies identity using information that the user knows. Common examples include passwords, personal identification numbers (PINs), or answers to security questions. This method is widely used because it is easy to implement and understand, forming the basis of most traditional authentication systems. KBA relies on the assumption that only the legitimate user knows the required information. However, knowledge-based factors are vulnerable to phishing, social engineering, brute force attacks, and password reuse. Organizations mitigate these risks by enforcing strong password policies, implementing multi-factor authentication (MFA), conducting user training, and monitoring login activity. Knowledge-based authentication can be combined with possession or biometric factors to strengthen identity verification.

Biometric authentication relies on unique physical or behavioral traits, such as fingerprints, facial recognition, iris scans, or typing patterns. Biometrics validate inherence rather than knowledge and are less prone to sharing or theft compared to passwords.

Possession-based authentication requires something the user physically possesses, like smart cards, security tokens, or mobile devices. Possession-based factors enhance authentication security but do not rely on knowledge of secrets.

Certificate-based authentication uses cryptographic certificates issued by trusted authorities to verify identity. Certificates rely on digital cryptography and key management rather than user knowledge.

Knowledge-based authentication remains foundational but must be supplemented by additional factors to mitigate vulnerabilities. Security teams implement MFA, regularly update passwords, educate users on phishing threats, and monitor for anomalous login activity. Organizations also encourage strong, unique passwords and enforce password expiration policies. By combining knowledge-based factors with possession and biometrics, enterprises can reduce the likelihood of unauthorized access while maintaining usability. Knowledge-based authentication is widely deployed in corporate systems, online services, and banking environments, providing a first layer of identity verification, which, when integrated with additional safeguards, ensures secure access and operational resilience against credential-based attacks.

Question 158:

Which malware disguises itself as legitimate software to deliver a malicious payload?

A) Trojan horse

B) Rootkit

C) Adware

D) Ransomware

Answer: A) Trojan horse

Explanation:

A Trojan horse is a type of malware that appears to be legitimate software to deceive users into installing it while delivering a hidden malicious payload. Trojans exploit human trust and social engineering tactics to gain access to systems. Once installed, they can perform various malicious actions, such as installing additional malware, stealing credentials, providing remote access, or disrupting system operations. Trojans are commonly delivered via email attachments, software downloads, compromised websites, or phishing campaigns. Detection often relies on antivirus solutions, behavior monitoring, and user awareness, as Trojans do not always exhibit immediate visible effects. Trojans emphasize the importance of verifying software authenticity, using trusted sources, and maintaining endpoint protection.

Rootkits conceal themselves within operating systems to maintain persistent access and avoid detection. While a Trojan may deliver a rootkit, rootkits primarily focus on stealth and persistence rather than initial deception.

Adware delivers unwanted advertisements and tracks user behavior for revenue purposes. Adware is intrusive but generally not designed to provide unauthorized access or system compromise.

Ransomware encrypts files and demands a ransom to restore access. While Trojans can deliver ransomware, ransomware itself is defined by encryption and extortion rather than initial deception as software.

Trojans are dangerous because they rely on user trust, bypassing technical controls through deception. Organizations mitigate Trojans with endpoint protection, email filtering, network monitoring, and security awareness training. Users should avoid downloading software from unverified sources and be cautious with unexpected attachments or links. Trojans serve as delivery mechanisms for a range of malware, including rootkits, spyware, and ransomware. By understanding Trojan behavior, implementing layered defenses, and educating users, organizations reduce the risk of compromise and maintain system integrity. Trojans highlight the intersection of social engineering and malware delivery, reinforcing the need for technical, procedural, and human-focused security measures.

Question 159:

Which Microsoft 365 service provides cloud storage and file-sharing capabilities?

A) Microsoft OneDrive

B) Microsoft Intune

C) Microsoft Planner

D) Microsoft Defender for Identity

Answer: A) Microsoft OneDrive

Explanation:

Microsoft OneDrive is a cloud storage service that allows users to store, access, and share files securely from anywhere. OneDrive provides synchronization across devices, version control, and collaboration features, enabling teams to work efficiently in real-time. OneDrive integrates with Microsoft 365 applications such as Word, Excel, PowerPoint, and Teams, allowing seamless editing, co-authoring, and file sharing. Access controls, encryption in transit and at rest, and compliance certifications ensure that organizational data is protected while enabling secure collaboration. OneDrive supports features such as file recovery, ransomware detection, and activity monitoring, enhancing data integrity and security.

Microsoft Intune manages devices, applications, and compliance policies to enforce secure corporate access but does not provide general cloud storage or file-sharing functionality. Intune is primarily focused on device and endpoint management rather than collaboration.

Microsoft Planner is a task and project management tool used to organize work, assign tasks, and track progress. Planner does not provide file storage or cloud collaboration features, focusing instead on workflow management.

Microsoft Defender for Identity monitors user activity and authentication events to detect suspicious behavior and potential compromises. Defender for Identity enhances identity security but does not provide storage or collaboration capabilities.

OneDrive enables organizations and individuals to store data securely, collaborate efficiently, and ensure accessibility across devices and locations. Its security features, integration with Microsoft 365, and support for file sharing make it suitable for personal and enterprise use. OneDrive also supports compliance with regulations such as GDPR, HIPAA, and ISO standards. Users can access OneDrive from desktop, web, or mobile apps, providing flexible options for file management and teamwork. By leveraging OneDrive, organizations streamline document workflows, improve productivity, and maintain secure, centralized storage, reducing reliance on local drives or less secure file-sharing methods.

Question 160:

Which attack attempts to guess passwords systematically on a single account until successful?

A) Brute force attack

B) Password spraying

C) Phishing

D) SQL injection

Answer: A) Brute force attack

Explanation:

A brute force attack is a method used by attackers to systematically guess all possible combinations of a password for a single account until the correct one is found. This attack can target accounts, encrypted files, or network authentication systems. Brute force attacks are effective against weak passwords, especially those without complexity or length requirements. Tools automate the attack by trying thousands or millions of combinations rapidly. Countermeasures include account lockout policies, rate limiting, strong password requirements, and multi-factor authentication (MFA) to prevent successful access. Logging and monitoring unusual login attempts are also critical to detecting brute force activity.

Password spraying attempts a small number of common passwords across many accounts, avoiding lockouts. Unlike brute force, password spraying is distributed and stealthy, targeting multiple accounts rather than a single one.

Phishing relies on social engineering to trick users into revealing credentials or sensitive information. Phishing does not involve systematic guessing of passwords; it exploits human behavior instead.

SQL injection targets databases by manipulating queries to access or modify data. It is unrelated to guessing passwords or performing authentication attacks on individual accounts.

Brute force attacks highlight the importance of strong passwords, account lockout policies, and MFA. Organizations must ensure that users create complex and unique passwords, regularly monitor login attempts, and implement detection systems. Automated tools, rate limiting, and CAPTCHA mechanisms further reduce the success rate of brute force attacks. Brute force emphasizes the need for layered security controls, combining technical measures with user education, to protect accounts and sensitive data from unauthorized access attempts. Effective defenses also include monitoring for unusual access patterns and implementing incident response plans to mitigate risks in case an account is compromised.