11. What are two examples of when SQL injections can take place?

  • When using the login form to access a site
  • When a malicious script exists in the webpage a browser loads
  • When a malicious script is injected directly on the server
  • When a user enters their credentials

12. In a SQL injection attack, malicious hackers attempt to obtain which of the following? Select two answers.

  • Exploiting languages
  • Gain administrative rights
  • Sensitive information
  • Categorize the environment

Weekly challenge 4

13. Which of the following could be examples of social engineering attacks? Select three answers.

  • An unfamiliar employee asking you to hold the door open to a restricted area
  • An email urgently asking you to send money to help a friend who is stuck in a foreign country
  • A lost record of important customer information
  • A pop-up advertisement promising a large cash reward in return for sensitive information

14. What is the main difference between a vishing attack and a smishing attack?

  • Vishing makes use of voice calls to trick targets.
  • Vishing involves a widespread email campaign to steal information.
  • Vishing is used to target executives at an organization.
  • Vishing exploits social media posts to identify targets.

15. A digital artist receives a free version of professional editing software online that has been infected with malware. After installing the program, their computer begins to freeze and crash repeatedly.

The malware hidden in this editing software is an example of which type of malware?

  • scareware
  • spyware
  • trojan
  • adware

16. What are the characteristics of a ransomware attack? Select three answers.

  • Attackers demand payment to restore access to a device.
  • Attackers make themselves known to their targets.
  • Attackers encrypt data on the device without the user’s permission.
  • Attackers display unwanted advertisements on the device.

17. Fill in the blank: Cryptojacking is a type of malware that uses someone’s device to _____ cryptocurrencies.

  • mine
  • collect
  • invest
  • earn

18. Security researchers inserted malicious code into the web-applications of various organizations. This allowed them to obtain the personally identifiable information (PII) of various users across multiple databases.

What type of attack did the researchers perform?

  • Malware
  • Social engineering
  • Ransomware
  • Injection

Shuffle Q/A 2

19. An attacker sends a malicious link to subscribers of a sports news site. If someone clicks the link, a malicious script is sent to the site's server and activated during the server’s response.

This is an example of what type of injection attack?

  • DOM-based
  • SQL injection
  • Reflected
  • Stored

20. What is one way to prevent SQL injection?

  • Having well-written code
  • Excluding prepared statements
  • Including application design flaws
  • Downloading malicious apps

Leave a Reply