1.A _______ attack send TCP/IP traffic to each and every port to learn which services are running. SQL Injection Port scanning Spoofing Ping flood

2.An administrator takes a new firewall out the box and plugs it into the network without making any changes. What type vulnerability did this create? Default password Industry threat BYOD Weak password

3.A third world country has solicited the services of several hackers to perform an attack on the U.S. treasury department? Which time of attack would this be classified as? International Espionage Industrial Espionage World Espionage Nation State Espionage

4.Who uses Nessus software to san servers and network devices for known vulnerabilities. Vulnerabilty testers Black hat hackers Script Kiddies Insider threats

5.An unauthorized user was able to change some of the data in an accounting department's excel spreadsheet. Which category of the CIA triad was compromised? Integrity Authentication Confidentiality Availability

6.A malicious user was able to perform a password brute force attack on a human resource email account and is now reading through all their emails. Which category of the CIA triad was compromised? Confidentiality Integrity Authentication Availability

7.Which attack allows an attacker to take control of a database by inserting special commands into input boxes instead the intended data? Smurf Attack Ping Flood Buffer Overflow SQL Injection

8.What type of attack is it when the attacker discovers a software vulnerability that does not have a patch? Session hijacking Buffer overflow Zero-day ARP poisoning

9.Which type of attack send emails claiming to be your bank and asking you to verify that your username and password are correct? Man-in-the-middle Phishing Dictionary attack Brute force attack

10.When an attacker is inserting text that is too large to fit within a region of memory, what type of attack are they trying to perform? Buffer overflow SQL injection Sniffing Cross-site scripting

11.A user is upset that he has just been fired and decides to perform a ping flood attack on the email server. What type of attacker would this user be considered? Wiretapping Social engineering Insider threat Password attack