A company wants to block the execution of unauthorized applications, including malware. Which security control should they use?

An anomaly detection system alerts that an employee’s workstation is sending large amounts of encoded data in DNS queries. Which attack is likely happening?

Which security mechanism can prevent attackers from using stolen hashed passwords to authenticate?

A company uses a content delivery network (CDN) to absorb traffic spikes during a large-scale DDoS attack. What type of mitigation is being used?

A DevOps team uses containers for deployment, but security finds that containers share the same kernel, leading to privilege escalation risks. Which security control should be enforced?

An attacker overwrites memory beyond a buffer’s boundary, allowing arbitrary code execution. What security measure can mitigate this?

To prevent an attacker from forging digital signatures, a security team should ensure that their cryptographic system has which property?

A company wants to prevent IoT devices from communicating directly with critical business systems. Which security measure should they implement?

A company’s DNS security solution redirects all requests to known malicious domains to a safe, controlled environment instead. What is this technique called?

A banking Trojan injects malicious scripts into a user's browser session, modifying transactions before they are sent to the bank. What is this attack called?

An attacker captures NTLM authentication requests on the network and forwards them to a target server to gain unauthorized access. Which attack is this?

An attacker discovers that a company’s API allows requests without requiring authentication, exposing sensitive customer data. Which security flaw is present?

A company uses RFID-based access control cards for entry. An attacker uses a portable RFID skimmer near an employee’s badge and later reproduces the signal to gain unauthorized access. What is this attack?

An attacker wants their malware to survive reboots. They configure it to execute at startup by modifying the Windows Run registry key. Which persistence method was used?

A penetration tester observes that a web application assigns sequential session IDs to users upon login. Which type of attack could be used to exploit this flaw?

An attacker exploits a weakness in Bluetooth pairing to send unsolicited messages and files to nearby devices. What is this attack called?

An attacker requests a service ticket for a high-privilege service account and then extracts its encrypted password hash for offline cracking. Which attack is this?

A user reports that even after removing a suspected virus, it keeps coming back after every reboot. Analysis shows that the malware loads before the operating system. Which type of malware is this?

An attacker intercepts a connection negotiation process between a client and a server and forces them to use a weaker encryption algorithm that the attacker can easily break. Which attack is this?

An attacker places a malicious DLL with the same name as a legitimate one in a directory that is searched first by a vulnerable application. When the application runs, it loads the attacker’s DLL instead of the legitimate one. Which attack technique is being used?