A nuclear facility’s control system is not connected to the internet for security reasons. What security measure is this?

A security analyst notices that IoT devices are sending large volumes of outbound traffic to random IP addresses. What is most likely happening?

An attacker compromises an OAuth provider and steals authentication tokens. They use these tokens to log in without needing usernames or passwords. What is this attack called?

Malware includes a sleep function before executing malicious actions to evade security analysis. What is this technique called?

An organization detects unusual outbound traffic, long-term data exfiltration, and persistence mechanisms over several months. What best describes this attack?

A web application allows users to input a URL, which the server fetches and displays. An attacker enters http://169.254.169.254/latest/meta-data/, exposing AWS credentials. Which vulnerability is this?

A group of malicious miners gain control of more than 50% of the mining power of a blockchain network. What can they do?

An attacker exploits a Bluetooth vulnerability to gain remote access to a victim’s phone and send messages without their consent. What type of attack is this?

An attacker injects the following payload into a web app's comment section:

<script>alert('Hacked!');</script>

The script runs every time someone views the comments. What vulnerability is this?

A security team implements the X-Frame-Options HTTP header to prevent a malicious website from embedding their login page inside an invisible frame. What attack does this mitigate?

An attacker successfully installs a rogue Certificate Authority (CA) certificate on victims’ devices, allowing them to intercept and decrypt HTTPS traffic. What type of attack is this?

Malware changes its code structure every time it executes to avoid signature-based detection. What is this technique called?

A user finds that they can modify security logs because file permissions allow all users to write to them. What is the security issue?

An attacker forces a user to log in using a predefined session ID, allowing session hijacking. Which security measure prevents this?

An attacker spoofs their network adapter’s MAC address to bypass access controls. What is this attack?

A DLP (Data Loss Prevention) system flags an employee transferring company data to a personal USB drive. What is the primary risk?

Malware injects itself into a legitimate system process like svchost.exe, replacing its code while keeping its process ID (PID). What is this attack called?

An attacker captures an NTLM authentication hash from a network and replays it to authenticate as the victim without cracking it. What is this attack?

A security engineer implements randomized memory addressing to make it harder for attackers to predict where code is loaded. Which security measure is this?

An attacker uses a precomputed set of password hashes to quickly crack a password hash from a compromised database. What is the best defense against this?

A company implements a security feature that blocks multiple failed login attempts from the same IP address. What is this an example of?

A penetration tester enters the following input into a login form: ' OR 1=1; --

The application bypasses authentication and grants access. Which vulnerability is present?

A security engineer implements a mechanism where each login request includes a random value that cannot be reused. Which security measure is being used?

A security team suspects an attacker is hiding malware commands inside image files and sending them over email. What technique is the attacker using?

A web developer accidentally configures a website’s CORS policy to allow requests from any origin (*). An attacker exploits this by making unauthorized API calls on behalf of users. What vulnerability is being exploited?