61. What is "logical bombing"?
- a) Malicious code triggered by specific conditions
- b) Overloading a system with logs
- c) Encrypting log files for ransom
- d) Deleting audit logs
Answer: A - Logical bombs execute payloads when predefined conditions (e.g., date, event) are met.
62. Which attack exploits JSON web tokens (JWTs)?
- a) JWT cracking
- b) Algorithm confusion
- c) Token replay
- d) All of the above
Answer: D - JWT attacks include cracking weak secrets, algorithm switching (HS256 → RS256), and replaying tokens.
63. What is "container escape" in hacking?
- a) Breaking out of a container to access the host OS
- b) Encrypting container filesystems
- c) Isolating containers for security
- d) Scanning container images
Answer: A - Exploiting misconfigurations (e.g., privileged mode) to gain host-level access from a container.
64. Which tool analyzes malware behavior in a sandbox?
- a) Cuckoo Sandbox
- b) Ghidra
- c) Volatility
- d) IDA Pro
Answer: A - Cuckoo Sandbox executes malware in an isolated environment to observe its actions.
65. What is "pass the hash" attack?
- a) Using hashed credentials to authenticate without plaintext passwords
- b) Cracking password hashes with rainbow tables
- c) Encrypting hash values
- d) Brute-forcing hashes
Answer: A - Exploits NTLM/LM hashes to move laterally in Windows networks.
66. Which vulnerability affects IoT devices with default credentials?
- a) Mirai botnet
- b) Heartbleed
- c) Shellshock
- d) Dirty COW
Answer: A - Mirai malware infects devices using factory-default usernames/passwords (e.g., admin:admin).
67. What is "SOAP injection"?
- a) Manipulating XML-based SOAP APIs
- b) Exploiting REST API endpoints
- c) Overloading web services
- d) Spoofing API tokens
Answer: A - Similar to SQLi but targets SOAP (XML) web services.
68. Which tool performs automated web vulnerability scanning?
- a) Nikto
- b) Tcpdump
- c) Aircrack-ng
- d) John the Ripper
Answer: A - Nikto scans web servers for misconfigurations and known vulnerabilities.
69. What is "time-based blind SQL injection"?
- a) Inferring data via server response delays
- b) Encrypting SQL queries
- c) Deleting database logs
- d) Overwriting SQL tables
Answer: A - Uses conditional delays (e.g., SLEEP(5)) to extract data when errors are suppressed.
70. Which protocol is vulnerable to "KRACK" attack?
- a) WPA2
- b) SSL
- c) SSH
- d) DNSSEC
Answer: A - KRACK (Key Reinstallation Attack) exploits WPA2’s handshake process.
71. What is "canary token"?
- a) A digital tripwire to detect intrusions
- b) A malware signature
- c) A firewall rule
- d) A VPN configuration
Answer: A - Canary tokens alert defenders when accessed (e.g., fake API keys, hidden files).
72. Which attack exploits insecure deserialization?
- a) Remote Code Execution (RCE)
- b) DDoS
- c) Phishing
- d) ARP spoofing
Answer: A - Deserializing malicious objects can lead to RCE (e.g., Java/Python pickle).
73. What is "VLAN hopping"?
- a) Gaining unauthorized access to other VLANs
- b) Encrypting VLAN traffic
- c) Isolating VLANs
- d) Scanning VLAN ports
Answer: A - Achieved via switch spoofing or double-tagging attacks.
74. Which tool decrypts SSL/TLS traffic?
- a) SSLstrip
- b) Nmap
- c) Metasploit
- d) Wireshark (with private keys)
Answer: D - Wireshark can decrypt traffic if server private keys are available.
75. What is "PIVOTING" in penetration testing?
- a) Using a compromised host to attack other systems
- b) Rotating encryption keys
- c) Bypassing firewalls
- d) Scanning multiple subnets
Answer: A - Leveraging one system as a bridge to access restricted networks.
76. Which vulnerability allows "server-side request forgery" (SSRF)?
- a) Unvalidated user input fetching remote resources
- b) Weak password policies
- c) Missing HTTP security headers
- d) CSRF tokens
Answer: A - SSRF tricks servers into making requests to internal/arbitrary systems.
77. What is "FIDO2" used for?
- a) Passwordless authentication
- b) Network scanning
- c) Malware analysis
- d) Firewall configuration
Answer: A - FIDO2 enables secure login via hardware keys/biometrics (e.g., WebAuthn).
78. Which attack manipulates biometric systems?
- a) Presentation attack
- b) SQL injection
- c) Buffer overflow
- d) DNS spoofing
Answer: A - Uses fake fingerprints/face masks to bypass biometric checks.
79. What is "Threat Intelligence Platform" (TIP)?
- a) Centralized system for analyzing threat data
- b) A penetration testing tool
- c) A malware signature database
- d) A firewall
Answer: A - TIPs aggregate and correlate threat feeds (e.g., MISP, ThreatConnect).
80. Which header prevents "MIME confusion" attacks?
- a) X-Content-Type-Options
- b) Content-Security-Policy
- c) Strict-Transport-Security
- d) Cache-Control
Answer: A - X-Content-Type-Options: nosniff enforces declared MIME types.