Section 2.2 Demonstrate your acquired knowledge about common threat vectors and attack surfaces. This will demonstrate your proficiency for section 2.2 of the Security+ SY0-701 objectives. 1 / 25 What attack type uses a fake scenario to steal sensitive information? Brand impersonation Smishing Pretexting File-based 2 / 25 Which threat vector would most likely involve installing unauthorized software? Bluetooth-based Removable device Open ports Disinformation 3 / 25 Which example best describes a client-based vulnerability? SQL server misconfig Misconfigured switch Unpatched browser flaw Outdated wireless router 4 / 25 Which sensor would be least effective at detecting a wireless intrusion? Ultrasonic Pressure Infrared Microwave 5 / 25 Bluetooth communications can be a risk because of: Short battery life Weak antennas Unsecure pairing Poor transmission speed 6 / 25 Typosquatting primarily takes advantage of: Poor network encryption User typing errors Weak password resets Unsupported applications 7 / 25 A watering hole attack infects: Trusted websites Personal emails Secure tunnels Internal drives 8 / 25 A fake website resembling a popular brand is an example of: Pretexting Brand impersonation Smishing attack Email spoofing 9 / 25 Business email compromise attacks usually target: System administrators Internal audit teams High-level executives External customers 10 / 25 Spreading fake information on a social platform is an example of: Smishing Disinformation Pretexting Vishing 11 / 25 An attacker posing as tech support to steal information is practicing: Brand impersonation Impersonation Typosquatting Vishing 12 / 25 Smishing typically requires an attacker to: Control email servers Send fraudulent SMS Spoof wireless signals Use voice recordings 13 / 25 Which party could unknowingly introduce risks via hardware shipments? End users Security engineers Vendors Backup operators 14 / 25 If an attacker compromises a third-party IT provider, it’s a: Internal breach Supply chain attack Network loop Port scan attack 15 / 25 Using a router with factory settings is risky because of: Expired firmware Broken encryption Default credentials Limited data rates 16 / 25 Leaving unnecessary service ports open exposes the system to: Faster routing Unauthorized access Better encryption Increased caching 17 / 25 Connecting sensitive devices to a public wireless network introduces: Encrypted communication Trusted VPN tunnels Unsecure network risks Improved data speeds 18 / 25 Why are unsupported systems a major security concern? Lower performance Lack of patches Poor user training Excessive bandwidth use 19 / 25 Agentless vulnerability scanning is best described as scanning without: Installing client software Needing administrative rights Using external servers Gathering credentials 20 / 25 An attacker hiding malware in a seemingly normal spreadsheet is using: Message-based attack Image-based attack File-based attack Wireless attack 21 / 25 Which attack vector abuses live voice conversations for deception? Vishing Smishing Impersonation Typosquatting 22 / 25 A removable device introduces risk primarily by: Weak wireless signal Insufficient file storage Carrying malware Slowing network speed 23 / 25 Which method involves infecting an image file to deliver malicious code? File-based attack Image-based attack Voice-based attack Supply chain attack 24 / 25 An attack sent via SMS to lure a victim into clicking a malicious link is called: Phishing Smishing Vishing Pretexting 25 / 25 Which attack vector targets users primarily through deceptive email communication? Phishing Vishing Watering hole Typosquatting Your score isThe average score is 0% 0% Restart quiz Return to CompTia N+ 10-009 Objectives
