81. What is "credential stuffing"?
- a) Reusing breached credentials across multiple sites
- b) Encrypting password databases
- c) Generating random passwords
- d) Brute-forcing hashes
Answer: A - Automated injection of stolen username/password pairs to gain unauthorized access.
82. Which attack exploits insecure direct object references (IDOR)?
- a) Unauthorized access to resources by manipulating IDs
- b) SQL injection
- c) Cross-site scripting
- d) DNS spoofing
Answer: A - IDOR occurs when an application provides direct access to objects based on user input.
83. What is "memory scraping" malware?
- a) Extracting sensitive data from RAM
- b) Corrupting memory addresses
- c) Encrypting memory contents
- d) Scanning for open ports
Answer: A - Commonly used by POS malware to steal credit card data from process memory.
84. Which tool is used for Wi-Fi penetration testing?
- a) Aircrack-ng
- b) Nmap
- c) Burp Suite
- d) sqlmap
Answer: A - Aircrack-ng suite includes tools for Wi-Fi cracking (e.g., WEP/WPA2).
85. What is "form jacking"?
- a) Stealing form data by injecting malicious JavaScript
- b) Bypassing CAPTCHAs
- c) Encrypting web forms
- d) Scanning for vulnerable forms
Answer: A - Compromises payment/checkout pages to harvest credit card details.
86. Which vulnerability allows "server-side template injection" (SSTI)?
- a) Injecting malicious templates in server-side engines (e.g., Jinja2)
- b) SQL injection
- c) Cross-site request forgery
- d) XML external entities
Answer: A - SSTI can lead to RCE in template engines like Twig or Smarty.
87. What is "living off the land" (LOTL) attack?
- a) Using legitimate system tools for malicious purposes
- b) Exploiting zero-day vulnerabilities
- c) Physical security breaches
- d) Social engineering
Answer: A - Leverages tools like PowerShell, WMI, or PsExec to evade detection.
88. Which protocol is vulnerable to "DNS cache poisoning"?
- a) DNS
- b) HTTPS
- c) SSH
- d) FTP
Answer: A - Corrupts DNS cache to redirect users to malicious sites.
89. What is "canary trap" in cybersecurity?
- a) Planting fake data to detect leaks
- b) A type of honeypot
- c) Encrypting sensitive files
- d) A firewall rule
Answer: A - Unique fake documents help identify insiders leaking information.
90. Which tool analyzes Windows memory dumps?
- a) Volatility
- b) Ghidra
- c) IDA Pro
- d) OllyDbg
Answer: A - Volatility extracts artifacts (processes, network connections) from RAM captures.
91. What is "SIM swapping" attack?
- a) Transferring a victim's phone number to attacker's SIM
- b) Cloning SIM cards
- c) Intercepting SMS messages
- d) Brute-forcing SIM PINs
Answer: A - Used to bypass SMS-based 2FA by social engineering mobile carriers.
92. Which vulnerability allows "business logic flaws"?
- a) Exploiting application workflow design errors
- b) SQL injection
- c) Buffer overflow
- d) Cross-site scripting
Answer: A - Examples include price manipulation or privilege escalation via flawed workflows.
93. What is "Typosquatting"?
- a) Registering domains similar to popular brands (e.g., g00gle.com)
- b) Exploiting keyboard input errors
- c) A type of phishing attack
- d) Scanning for vulnerable websites
Answer: A - Relies on users mistyping URLs to direct them to malicious sites.
94. Which attack exploits "race conditions" in file operations?
- a) TOCTOU (Time of Check to Time of Use)
- b) SQL injection
- c) Cross-site scripting
- d) ARP spoofing
Answer: A - Changes file states between validation and access (e.g., /tmp exploits).
95. What is "beaconing" in malware?
- a) Periodic C2 server check-ins
- b) Encrypting files
- c) Spreading to other systems
- d) Hiding processes
Answer: A - Malware contacts command-and-control servers at set intervals.
96. Which tool is used for binary reverse engineering?
- a) Ghidra
- b) Wireshark
- c) Metasploit
- d) Nmap
Answer: A - NSA's Ghidra analyzes compiled code for vulnerabilities.
97. What is "ISO 27001" certification?
- a) International standard for information security management
- b) A penetration testing methodology
- c) A malware analysis framework
- d) A cryptography standard
Answer: A - Specifies requirements for establishing/maintaining an ISMS.
98. Which attack exploits "HTTP request smuggling"?
- a) Bypassing security controls via malformed requests
- b) SQL injection
- c) Cross-site scripting
- d) DNS spoofing
Answer: A - Manipulates how front-end and back-end servers parse HTTP requests.
99. What is "zero trust" security model?
- a) "Never trust, always verify" approach
- b) Default-deny firewall rules
- c) Encryption for all data
- d) Physical security controls
Answer: A - Requires continuous authentication and least-privilege access.
100. Which header prevents "cross-origin resource sharing" (CORS) misconfigurations?
- a) Access-Control-Allow-Origin
- b) Content-Security-Policy
- c) X-Frame-Options
- d) Strict-Transport-Security
Answer: A - Restricts which domains can access resources (e.g., Access-Control-Allow-Origin: https://trusted.com).