Threats, Vulnerabilities, and Mitigations Questions
Practice questions for Threats, Vulnerabilities, and Mitigations topic in CompTIA Security+. 22 questions covering this domain.
An attacker sends a carefully crafted email to a specific executive at a company, referencing their recent business trip and mimicking a vendor they u...
A security analyst observes that a newly discovered vulnerability in a widely used library has no available patch from the vendor. The organization re...
An organization's security team detects unusual outbound traffic from a server to an unfamiliar external IP address at regular intervals. Investigatio...
A web application stores user passwords using a fast hashing algorithm without any additional randomization. An attacker who obtains the hash database...
A user receives a text message claiming to be from their bank, asking them to click a link to verify their account. Which type of attack is this?
Which type of malware encrypts a victim's files and demands payment for the decryption key?
An attacker registers a domain name that is visually similar to a legitimate company's domain (e.g., 'paypa1.com' instead of 'paypal.com') and uses it...
An organization deploys an IoT environmental sensor connected to the corporate network. A security review finds that the device uses default manufactu...
A developer writes a web application that directly concatenates user input into SQL queries without validation. An attacker submits `' OR '1'='1` as a...
A security analyst discovers that an attacker has compromised a software vendor's update server and injected malicious code into a legitimate software...
Which social engineering attack involves an attacker impersonating a trusted authority figure (such as IT support) to manipulate a victim into reveali...
Which attack floods a target system or network with traffic to make it unavailable to legitimate users?
An attacker sends an email to an employee impersonating the organization's CEO, urgently requesting an immediate wire transfer to a new vendor account...
A penetration tester discovers that a web application reflects user-supplied input directly in the HTML response without encoding, allowing script exe...
An attacker compromises a popular website that is frequently visited by software developers at a specific company. The attacker injects malware that t...
A security team receives a report that credentials from their organization appeared in a public credential dump from a breach at a third-party service...
A vulnerability scanner reports a finding with a CVSS base score of 9.8 on an internet-facing web server. The affected service has no authentication r...
Which type of malware disguises itself as a legitimate, desirable program to trick users into installing it, while secretly performing malicious funct...
A security analyst discovers that an attacker gained access to an application server by exploiting a vulnerability that was publicly known and had a p...
An organization discovers that an attacker has been present in their network for several months, exfiltrating data slowly while remaining undetected. ...
Sign in to see all 22 questions
Create a free account to browse all questions — completely free during our launch phase.