1. A polymorphic virus mutates as it replicates, therefore, the hash value will keep changing.

2. A backdoor is put into an application by a programmer so that if the user locks themselves out, they can gain access to the application. A backdoor attack is where they use this password that has been in place since the application was created.

3. The attack here is launched by telephone; therefore, it is a vishing attack.

4. Letting a fireman into your server room is a social engineering urgency attack; if you don't let him in, your building could burn down.

5. This is a disguised ransomware attack; you are parting with money to purchase the full version of the product.

6. A Remote Access Trojan (RAT) sends passwords to the hacker who then uses them to access your computer system.

7. A zero‐day virus can only be detected by using baselines. Day zero is when it is launched and it might take the vendor a few days to find a solution.

8. A logic bomb is a virus that is triggered by an event such as time.

9. Spyware is a stealth attack that secretly tracks your internet usage and habits.

10. Adware uses pop ups as its attack vector.

11. A watering hole attack infects a well‐known trusted website.

12. A phishing attack is launched against a manager using email.

13. A spear phishing attack is launched against managers using email. In the exam, ensure you look to see whether it is singular or plural.

14. Employing a third party to incinerate your paper waste prevents dumpster diving.

15. Obtaining an email from the CEO or HR demanding you complete an attached form is a social engineering authority attack.

16. Social engineering consensus is where you want to be accepted as part of a team, so you do what the team does.

17. This is whaling where the CEO clicks on a link.

18. Cross-Site Scripting uses HTML tags and/or JavaScript.

19. An intrusive scan is used during a penetration test and can cause considerable damage to your system.

20. A wireless disassociation attack keeps disconnecting you from your wireless access point.

21. Taking control and sending messages or texts is called Bluejacking; you are basically hijacking the phone.

22. Stealing contacts from a Bluetooth phone is called bluesnarfing.

23. A man‐in‐the‐middle attack is an interception attack where the data is replayed immediately.

24. A replay attack is an interception attack where the data is replayed at a later date.

25. A virus could use port 1900 and a worm could use port 5000.

26. This is a vishing attack where my financial details are obtained via a telephone.

27. This is social engineering tailgating as you have let someone in who has not produced any credentials.

28. This is a social engineering impersonation attack as they pretend to be from your company.

29. This is a botnet carrying out a Distributed Denial of Service (DDoS) attack.

30. This is where someone stands behind you in the ATM queue with a camera videoing your transaction; this is a more modern version of a shoulder surfing attack.

31. Inserting too much data into a data field is a buffer overflow attack.

32. A SQL injection attack uses the phrase 1 = 1. The best form of mitigation is to use stored procedures where the SQL commands are embedded into a script. You would then run the script name. Input validation is another form of mitigation where you control the input.

33. The only way to prevent a DDoS attack is to use a firewall to prevent the attack from reaching the website. You may use a Web Application Firewall or a stateful firewall if your web server is located inside your DMZ. A load balancer cannot deal with DDoS.

34. This is an evil twin where the attacker's WAP looks like the legitimate WAP by using a similar SSID.

35. You can use 802.1x on a managed switch where the legitimate devices use a certificate. This way the 802.1x can validate the device that it lets connect to the switch and rogue devices will be rejected.

36. Jamming is a wireless interference attack.

37. In the CompTIA Security+ exam, if you reinstall an operating system but the virus keeps returning, this is known as a rootkit virus.

38. A computer system that uses NTLM authentication is vulnerable to the pass the hash attack. This can be prevented by using Kerberos authentication or disabling NTLM.

39. A script kiddie is someone who will purchase a program to launch his attack from. A good place to purchase dangerous tools would be the unregulated dark web.

40. A hacktivist is a politically motivated attacker.

41. The most difficult threat actor to detect is the insider threat, sometimes called a malicious insider. He is already inside your network legitimately and therefore is more difficult to track.

42. A competitor is a threat actor who will steal your trade secrets to beat you to market.

43. Pivoting is a technique where you will gain access to a network via a vulnerable low‐level host then launch an attack against a more critical computer system such as a SQL database server.

44. A gray box penetration tester knows something about your company network, no matter how trivial it seems.

45. Fuzzing is a technique where random information is submitted to an application to see what information is output. A white box tester does this to see whether any vulnerabilities need to be addressed before putting the application into production.

46. A black box penetration tester is given no information at all. He would try and use a vulnerability scanner to see whether your computer systems have any vulnerabilities that he could exploit. First of all he looks at initial exploitation.

47. Penetration testing is aggressive and penetrates deep into your network and could cause severe damage, whereas a vulnerability scan is passive and identifies missing patches.

48. You would place an end of life HVAC controller into a VLAN to mitigate the risk of attack.

49. The Chief Security Information Officer (CISO) should write that errors on the customer side should be short and very vague but on the internal side should be long and as detailed as possible to help the support team to diagnose the problem.

50. A monitoring system that does not detect any attacks is known as a false negative.

51. Resource exhaustion is where the CPU usage is running at 100%. You would mitigate this by purchasing a faster processor, installing another processor, or moving some of the load to another server.

52. A smurf attack is an amplification attack launching directed IP broadcasts to the border router. This is a massive amount of ping packets that are seen to be coming from the victim, and this results in the victim getting four times the replies. You can prevent this by disabling IP broadcasts on the border router.

53. A pharming attack redirects you from going to a legitimate website and sends you to a fraudulent website.

54. DNSSEC encrypts the DNS traffic to prevent DNS poisoning attacks. It produces RRSIG records. 

55. Session hijacking is an attack where the attacker steals cookies from your computer system.

56. If you type your URL incorrectly, you could be redirected to a fraudulent website; this is known as typo‐squatting.

57. Rainbow tables are pre-computed lists of passwords and their corresponding hash values. Rainbow tables are used for collision attacks against passwords stored as hash values.

58. A dictionary attack uses only proper words that you would expect in a dictionary. Any passwords that have random characters or passwords that are misspelled prevent a dictionary attack.

59. A brute force attack is a password attack that uses every available combination of letters and characters. It can be prevented using account lockout with a low value.

60. To prevent duplicate passwords being stored, we would salt them; this would append random characters to the password, making them longer and unique. This is sometimes known as key stretching.