1. Which of the following best describes privilege escalation?
a) Gaining access to a system without authentication
b) Increasing user permissions beyond what is intended
c) Exploiting buffer overflow to execute arbitrary code
d) Encrypting data to prevent unauthorized access
Answer: b) Increasing user permissions beyond what is intended
Explanation: Privilege escalation occurs when an attacker gains higher privileges than originally assigned, often using system vulnerabilities or misconfigurations.
2. What type of attack involves overwriting adjacent memory locations by exceeding the allocated buffer size?
a) SQL Injection
b) Cross-Site Scripting
c) Buffer Overflow
d) Directory Traversal
Answer: c) Buffer Overflow
Explanation: Buffer overflow attacks exploit programming flaws where more data is written to a buffer than it can handle, leading to code execution or crashes.
3. In which attack does an attacker execute arbitrary commands on a target system using improperly validated user input?
a) Code Injection
b) Cross-Site Request Forgery
c) DNS Poisoning
d) ARP Spoofing
Answer: a) Code Injection
Explanation: Code injection allows attackers to execute malicious code by injecting it into vulnerable applications, often due to poor input validation.
4. Which of the following is a common privilege escalation technique?
a) SQL Injection
b) Kernel Exploits
c) XSS Attack
d) Cookie Theft
Answer: b) Kernel Exploits
Explanation: Kernel exploits allow attackers to execute arbitrary code in the kernel, granting them system-wide privileges.
5. A successful exploitation of an unpatched vulnerability is often referred to as a:
a) Backdoor
b) Zero-Day Attack
c) Man-in-the-Middle Attack
d) Social Engineering Attack
Answer: b) Zero-Day Attack
Explanation: A Zero-Day Attack exploits a vulnerability before the vendor releases a fix, making it extremely dangerous.
6. Which tool is commonly used for exploiting vulnerabilities in systems?
a) Wireshark
b) Metasploit
c) Nmap
d) Snort
Answer: b) Metasploit
Explanation: Metasploit is a powerful penetration testing framework used to develop, test, and execute exploits against systems.
7. What is the primary goal of a shellcode in exploitation?
a) To modify user passwords
b) To execute arbitrary commands on a compromised system
c) To steal cookies from a browser
d) To perform phishing attacks
Answer: b) To execute arbitrary commands on a compromised system
Explanation: Shellcode is a small piece of malicious code used in exploits to gain control over a system.
8. In a Return-Oriented Programming (ROP) attack, an attacker:
a) Uses a series of legitimate code snippets to execute malicious actions
b) Directly injects and executes shellcode
c) Relies on network packet sniffing
d) Encrypts data for security
Answer: a) Uses a series of legitimate code snippets to execute malicious actions
Explanation: ROP attacks bypass security mechanisms by chaining small pieces of existing code instead of injecting new code.
9. Which of the following is an example of a client-side exploit?
a) SQL Injection
b) Buffer Overflow
c) Malicious PDF Exploit
d) Privilege Escalation
Answer: c) Malicious PDF Exploit
Explanation: Client-side exploits target users through malicious files like PDFs, tricking them into opening the file and triggering an exploit.
10. What is DLL Injection used for?
a) Injecting SQL queries into a database
b) Modifying web page content
c) Running malicious code within another process
d) Conducting phishing attacks
Answer: c) Running malicious code within another process
Explanation: DLL Injection allows attackers to execute code within another process’s memory space, often to bypass security restrictions.
11. Which Windows exploit technique involves tricking a system into loading a malicious library?
a) DLL Hijacking
b) Session Fixation
c) Packet Sniffing
d) Man-in-the-Middle
Answer: a) DLL Hijacking
Explanation: DLL Hijacking exploits how Windows applications load dynamic libraries, allowing attackers to replace them with malicious ones.
12. What is the purpose of heap spraying in an exploit?
a) Overwriting the stack with malicious payload
b) Filling memory with malicious code to increase exploit reliability
c) Escalating user privileges
d) Modifying encrypted passwords
Answer: b) Filling memory with malicious code to increase exploit reliability
Explanation: Heap spraying increases the likelihood of an exploit landing at a predictable memory address, making execution more reliable.
13. Which of the following is NOT a common exploitation technique?
a) Stack Overflow
b) Session Token Prediction
c) Heap Overflow
d) Return-Oriented Programming (ROP)
Answer: b) Session Token Prediction
Explanation: While session token prediction is an attack method, it is not typically classified as an exploitation technique.
14. What does a Remote Code Execution (RCE) attack allow an attacker to do?
a) Execute code on a remote system
b) Change DNS settings
c) Modify encryption keys
d) Bypass CAPTCHA
Answer: a) Execute code on a remote system
Explanation: RCE vulnerabilities allow attackers to execute arbitrary code on a system, often leading to full compromise.
15. Which of the following techniques can be used to bypass ASLR (Address Space Layout Randomization)?
a) Heap Spraying
b) SQL Injection
c) MAC Flooding
d) Cross-Site Scripting
Answer: a) Heap Spraying
Explanation: Heap Spraying helps exploit ASLR by filling memory with predictable patterns, increasing the chances of hitting a useful address.
16. Which tool can be used to analyze and debug shellcode?
a) OllyDbg
b) Wireshark
c) John the Ripper
d) Snort
Answer: a) OllyDbg
Explanation: OllyDbg is a debugger used for reverse engineering and analyzing shellcode behavior.
17. What is the primary purpose of an exploit payload?
a) To gain access to the target system
b) To scan for open ports
c) To encrypt network traffic
d) To log system events
Answer: a) To gain access to the target system
Explanation: Exploit payloads contain malicious code that executes after an exploit successfully compromises a system.
18. Which of the following attack techniques exploits a race condition?
a) Time-of-Check to Time-of-Use (TOCTOU)
b) SQL Injection
c) Buffer Overflow
d) Brute Force
Answer: a) Time-of-Check to Time-of-Use (TOCTOU)
Explanation: TOCTOU attacks exploit the time gap between checking a condition and executing an action.
19. What is a “NOP Sled” used for?
a) Avoiding detection by security tools
b) Ensuring reliable execution of shellcode
c) Injecting malicious SQL queries
d) Encrypting stored passwords
Answer: b) Ensuring reliable execution of shellcode
Explanation: A NOP Sled is a sequence of NOP instructions used to increase the chances of executing injected shellcode.
20. Which programming language is commonly exploited using buffer overflow attacks?
a) Python
b) Java
c) C
d) HTML
Answer: c) C
Explanation: C lacks built-in memory safety, making it vulnerable to buffer overflow attacks.
21. What is the primary purpose of a backdoor in an exploited system?
a) To prevent unauthorized access
b) To allow remote access and control
c) To improve system security
d) To log user activity
Answer: b) To allow remote access and control
Explanation: A backdoor is a hidden entry point into a system, allowing attackers to maintain persistent access.
22. What attack technique involves crafting malicious HTTP requests to manipulate a server?
a) SQL Injection
b) HTTP Request Smuggling
c) DNS Spoofing
d) XSS
Answer: b) HTTP Request Smuggling
Explanation: HTTP Request Smuggling exploits discrepancies in how web servers and proxies interpret HTTP requests, leading to security bypasses or exploitation.
23. Which component is often targeted first in an exploitation attempt?
a) Kernel
b) User Database
c) Application Entry Points
d) Firewall
Answer: c) Application Entry Points
Explanation: Attackers typically exploit application entry points like login forms, API endpoints, or file upload mechanisms to gain initial access.
24. In which type of attack does an attacker manipulate memory allocation to gain control over a system?
a) Heap Overflow
b) Clickjacking
c) CSRF
d) DNS Spoofing
Answer: a) Heap Overflow
Explanation: Heap overflow attacks target dynamically allocated memory, allowing attackers to overwrite adjacent memory structures.
25. What is the key difference between an exploit and an exploit payload?
a) Exploits gain access, while payloads execute malicious actions
b) Payloads gain access, while exploits execute commands
c) Exploits only target network vulnerabilities
d) Payloads are only used in privilege escalation
Answer: a) Exploits gain access, while payloads execute malicious actions
Explanation: An exploit is a method of taking advantage of a vulnerability, whereas the payload is the actual code executed after successful exploitation.
26. What type of malware is typically installed after exploitation to maintain long-term access?
a) Worm
b) Trojan
c) Rootkit
d) Ransomware
Answer: c) Rootkit
Explanation: Rootkits hide their presence and provide persistent access by modifying system functions and disguising malicious activity.
27. What is an Exploit Kit (EK)?
a) A set of pre-packaged vulnerabilities and exploits
b) A security patch issued by vendors
c) A firewall designed to detect attacks
d) A debugging tool for malware
Answer: a) A set of pre-packaged vulnerabilities and exploits
Explanation: Exploit Kits automate the process of identifying and exploiting vulnerabilities in target systems.
28. Which attack technique is often used to bypass application sandboxes?
a) Directory Traversal
b) Escape Exploit
c) Session Hijacking
d) Brute Force
Answer: b) Escape Exploit
Explanation: Escape exploits break out of sandboxes or virtualized environments, allowing attackers to execute code at a higher privilege level.
29. What is a “Heap Spray” attack primarily used for?
a) Exploiting buffer overflow vulnerabilities
b) Bypassing network firewalls
c) Creating phishing emails
d) Encrypting files in ransomware attacks
Answer: a) Exploiting buffer overflow vulnerabilities
Explanation: Heap spraying increases the reliability of a buffer overflow attack by placing the payload in predictable memory locations.
30. What does an attacker achieve through a JIT Spraying attack?
a) Bypassing memory protection mechanisms
b) Exploiting SQL databases
c) Gaining unauthorized root access
d) Sniffing network traffic
Answer: a) Bypassing memory protection mechanisms
Explanation: JIT Spraying exploits Just-In-Time (JIT) compilation features to introduce malicious code execution paths.
31. Which of the following helps in bypassing Data Execution Prevention (DEP)?
a) Address Space Layout Randomization (ASLR)
b) Return-Oriented Programming (ROP)
c) Stack Canaries
d) Content Security Policy (CSP)
Answer: b) Return-Oriented Programming (ROP)
Explanation: ROP uses existing code snippets to execute malicious operations, helping bypass DEP protections.
32. What does a “Watering Hole Attack” target?
a) A specific individual through phishing
b) Websites frequently visited by a targeted group
c) Cloud storage systems
d) Government email accounts
Answer: b) Websites frequently visited by a targeted group
Explanation: Attackers compromise popular websites used by their targets to distribute malware stealthily.
33. Which technique is used to gain control over a process without modifying its code?
a) DLL Injection
b) ARP Poisoning
c) IP Spoofing
d) SQL Injection
Answer: a) DLL Injection
Explanation: DLL Injection inserts malicious code into a running process by loading a custom DLL into its memory.
34. Which vulnerability allows attackers to execute arbitrary commands on a database?
a) Cross-Site Scripting
b) SQL Injection
c) ARP Spoofing
d) Privilege Escalation
Answer: b) SQL Injection
Explanation: SQL Injection exploits improper input handling, allowing attackers to manipulate database queries.
35. Which type of attack exploits race conditions in multi-threaded applications?
a) TOCTOU
b) Side-Channel Attack
c) Session Hijacking
d) Man-in-the-Middle
Answer: a) TOCTOU
Explanation: Time-of-Check to Time-of-Use (TOCTOU) exploits the time gap between a security check and the execution of an action.
36. What technique is used to analyze an exploit’s behavior without executing it?
a) Dynamic Analysis
b) Static Analysis
c) Buffer Overflow
d) Heap Overflow
Answer: b) Static Analysis
Explanation: Static analysis involves examining the exploit’s code without running it, using tools like disassemblers.
37. Which of the following is a network-based exploitation technique?
a) Pass-the-Hash Attack
b) ROP Chain Attack
c) Buffer Overflow
d) Stack Canary Attack
Answer: a) Pass-the-Hash Attack
Explanation: Pass-the-Hash attacks exploit weak authentication mechanisms in networked systems by reusing hashed credentials.
38. What does a “NOP Sled” help accomplish in an exploit?
a) Avoid execution of malicious code
b) Increase chances of payload execution
c) Encrypt files on a system
d) Redirect DNS traffic
Answer: b) Increase chances of payload execution
Explanation: A NOP Sled creates a series of NOP instructions leading to shellcode, increasing the reliability of an exploit.
39. What is the purpose of a ROP Gadget?
a) Detecting phishing websites
b) Controlling program flow in an exploit
c) Encrypting data at rest
d) Preventing SQL Injection
Answer: b) Controlling program flow in an exploit
Explanation: ROP Gadgets are small snippets of legitimate code used in Return-Oriented Programming (ROP) attacks.
40. What technique helps attackers hide their payload in another file?
a) Steganography
b) Buffer Overflow
c) Session Hijacking
d) MAC Flooding
Answer: a) Steganography
Explanation: Steganography conceals malicious code inside images, videos, or other files to evade detection.
41. Which type of attack involves replacing a legitimate executable with a malicious one to gain persistence?
a) DLL Hijacking
b) Binary Planting
c) Heap Overflow
d) Stack Pivoting
Answer: b) Binary Planting
Explanation: Binary Planting, also known as “Executable Hijacking,” replaces a legitimate program with a malicious executable to maintain persistence on a system.
42. What is the primary goal of a “pass-the-ticket” attack?
a) Stealing browser session cookies
b) Bypassing multifactor authentication
c) Using Kerberos tickets to gain unauthorized access
d) Exploiting misconfigured firewalls
Answer: c) Using Kerberos tickets to gain unauthorized access
Explanation: Pass-the-ticket attacks involve using stolen Kerberos tickets to authenticate and access network resources without needing credentials.
43. Which technique is used to execute malicious code inside the memory space of another running process?
a) Process Injection
b) Port Knocking
c) Cross-Site Scripting
d) Keylogging
Answer: a) Process Injection
Explanation: Process Injection allows attackers to inject malicious code into another running process, often used in malware and post-exploitation techniques.
44. What is a major risk of using unpatched third-party libraries in applications?
a) Increased network latency
b) Introduction of known vulnerabilities for exploitation
c) Reduced memory usage
d) Stronger encryption techniques
Answer: b) Introduction of known vulnerabilities for exploitation
Explanation: Attackers often target outdated third-party libraries because they contain known vulnerabilities that can be exploited.
45. Which of the following best describes a “bootkit”?
a) A rootkit that infects the operating system’s boot process
b) A tool for brute-force attacks
c) A browser exploit technique
d) A phishing attack
Answer: a) A rootkit that infects the operating system’s boot process
Explanation: A bootkit modifies the system’s boot process to persist beyond system reboots, making it extremely difficult to detect and remove.
**46. What is the primary goal of a “Reflective DLL Injection” attack?
a) To inject a DLL into a process without using the Windows Loader
b) To execute a SQL Injection attack
c) To modify firewall rules
d) To perform a man-in-the-middle attack
Answer: a) To inject a DLL into a process without using the Windows Loader
Explanation: Reflective DLL Injection loads a DLL directly into memory, avoiding traditional file-based detection mechanisms.
47. Which technique can be used to exploit a race condition vulnerability?
a) Dirty COW
b) SQL Injection
c) Cross-Site Scripting
d) MAC Flooding
Answer: a) Dirty COW
Explanation: Dirty COW (Copy-On-Write) is a Linux vulnerability that allows privilege escalation through a race condition in memory management.
48. Which technique involves hijacking an existing, trusted session to gain access to a system?
a) Session Fixation
b) Session Hijacking
c) Clickjacking
d) SQL Injection
Answer: b) Session Hijacking
Explanation: Session Hijacking involves stealing session tokens to gain unauthorized access to a user’s authenticated session.
49. What type of exploit takes advantage of logic errors in an application instead of memory corruption?
a) Business Logic Vulnerability
b) Buffer Overflow
c) Return-Oriented Programming
d) Heap Spraying
Answer: a) Business Logic Vulnerability
Explanation: Business Logic Vulnerabilities exploit flaws in an application’s workflow rather than software bugs.
50. What is the purpose of a “stack pivoting” attack?
a) Redirecting execution flow to a controlled stack
b) Modifying DNS records
c) Encrypting network traffic
d) Spoofing ARP requests
Answer: a) Redirecting execution flow to a controlled stack
Explanation: Stack pivoting manipulates the stack pointer to redirect execution to an attacker-controlled area, often used in Return-Oriented Programming (ROP) exploits.
51. Which technique involves modifying the system call table to intercept OS functions?
a) API Hooking
b) SQL Injection
c) DNS Spoofing
d) Web Cache Poisoning
Answer: a) API Hooking
Explanation: API Hooking intercepts system calls by modifying function pointers, allowing attackers to alter system behavior.
52. What is the purpose of a “Return-to-libc” attack?
a) To execute system calls without injecting new code
b) To bypass CAPTCHA protections
c) To steal session cookies
d) To extract sensitive data from a database
Answer: a) To execute system calls without injecting new code
Explanation: Return-to-libc exploits call existing system functions, such as system(), to execute malicious actions while avoiding security defenses.
53. What type of attack involves modifying system logs to cover an attacker’s tracks?
a) Log Tampering
b) Phishing
c) Heap Overflow
d) SQL Injection
Answer: a) Log Tampering
Explanation: Log Tampering allows attackers to erase or modify security logs to hide traces of their activities.
54. What type of vulnerability does a “race condition” typically exploit?
a) Improper timing in concurrent execution
b) Buffer overflow in kernel modules
c) Weak encryption in database storage
d) Cross-Site Scripting in user input
Answer: a) Improper timing in concurrent execution
Explanation: Race conditions occur when concurrent processes access shared resources without proper synchronization, leading to unexpected behavior.
55. Which technique can help bypass User Account Control (UAC) in Windows?
a) Token Impersonation
b) Cross-Site Request Forgery
c) SQL Injection
d) HTTP Smuggling
Answer: a) Token Impersonation
Explanation: Token Impersonation allows attackers to execute code with elevated privileges by hijacking high-privilege access tokens.
56. Which attack involves taking control of a legitimate session and injecting additional commands?
a) Command Injection
b) Session Fixation
c) Cross-Site Scripting
d) SQL Injection
Answer: a) Command Injection
Explanation: Command Injection allows attackers to insert system commands into application inputs, executing arbitrary code on the host system.
57. What is the primary goal of “Heap Feng Shui” in exploit development?
a) Manipulating heap memory to control execution flow
b) Encrypting network traffic
c) Predicting session tokens
d) Poisoning ARP tables
Answer: a) Manipulating heap memory to control execution flow
Explanation: Heap Feng Shui strategically arranges heap memory to improve the reliability of exploitation.
58. What type of attack allows modifying an application’s execution path using debugger-like techniques?
a) Code Injection
b) API Hooking
c) HTTP Smuggling
d) SQL Injection
Answer: b) API Hooking
Explanation: API Hooking intercepts function calls to modify an application’s execution path, often used in reverse engineering and malware analysis.
59. Which attack exploits misconfigured symbolic links to gain unauthorized access?
a) Symlink Attack
b) Clickjacking
c) Brute Force
d) Heap Overflow
Answer: a) Symlink Attack
Explanation: Symlink Attacks manipulate symbolic links to access restricted files or directories.
60. What attack targets memory corruption in dynamically allocated variables?
a) Heap Overflow
b) Stack Overflow
c) SQL Injection
d) Session Hijacking
Answer: a) Heap Overflow
Explanation: Heap Overflow attacks target dynamically allocated memory regions to corrupt adjacent memory and execute malicious code.
61. What is the primary goal of a “ROP Chain” in an exploit?
a) To execute arbitrary commands by reusing existing code snippets
b) To hijack user sessions through token prediction
c) To bypass firewall rules using encrypted payloads
d) To sniff network traffic for sensitive data
Answer: a) To execute arbitrary commands by reusing existing code snippets
Explanation: A ROP Chain consists of multiple Return-Oriented Programming (ROP) gadgets linked together to execute malicious actions without injecting new code.
62. What does the “Shellshock” vulnerability exploit?
a) Misconfigured SSL certificates
b) Improper input validation in the Bash shell
c) Weak hashing algorithms
d) Unpatched Windows services
Answer: b) Improper input validation in the Bash shell
Explanation: Shellshock (CVE-2014-6271) allows remote code execution by injecting malicious commands into Bash environment variables.
63. Which attack method involves leveraging a system’s built-in functionalities to execute malicious commands?
a) Living Off the Land (LotL) attacks
b) Credential Stuffing
c) Cross-Site Request Forgery
d) Subdomain Takeover
Answer: a) Living Off the Land (LotL) attacks
Explanation: LotL attacks exploit legitimate system tools (e.g., PowerShell, WMI, mshta) to avoid detection while executing malicious activities.
64. What is “Side-Channel Attack” used for?
a) Extracting sensitive data by analyzing system behavior
b) Exploiting SQL Injection vulnerabilities
c) Injecting malicious JavaScript into web pages
d) Overwriting kernel memory to gain root access
Answer: a) Extracting sensitive data by analyzing system behavior
Explanation: Side-Channel Attacks use indirect information (e.g., power consumption, timing variations, or electromagnetic emissions) to extract sensitive data.
65. What vulnerability does “Rowhammer” exploit?
a) Weak SSL/TLS implementations
b) Physical memory corruption in DRAM
c) Misconfigured access control lists
d) Buffer overflow in Java applications
Answer: b) Physical memory corruption in DRAM
Explanation: Rowhammer manipulates memory cells to cause bit flips, potentially allowing privilege escalation or data corruption.
66. Which attack technique involves using multiple compromised systems to amplify an attack?
a) Distributed Denial of Service (DDoS)
b) Heap Spraying
c) API Hooking
d) Stack Smashing
Answer: a) Distributed Denial of Service (DDoS)
Explanation: DDoS attacks use multiple infected devices (botnets) to flood a target with traffic, overwhelming its resources.
67. What is the primary purpose of “Return-to-Shellcode” exploitation?
a) Executing shell commands after bypassing ASLR
b) Extracting password hashes from memory
c) Spoofing DNS responses to redirect traffic
d) Injecting malicious JavaScript into web pages
Answer: a) Executing shell commands after bypassing ASLR
Explanation: Return-to-Shellcode attacks use return addresses to jump to attacker-injected shellcode, bypassing security measures like ASLR.
68. What does the “EternalBlue” exploit target?
a) A Windows SMB vulnerability
b) An SSH brute-force vulnerability
c) A SQL Injection flaw in web applications
d) A Bluetooth misconfiguration
Answer: a) A Windows SMB vulnerability
Explanation: EternalBlue exploits an SMBv1 vulnerability (CVE-2017-0144), allowing remote code execution and lateral movement within a network.
69. Which attack leverages a timing discrepancy in cryptographic operations?
a) Timing Attack
b) Heap Overflow
c) ARP Poisoning
d) Clickjacking
Answer: a) Timing Attack
Explanation: Timing Attacks analyze variations in response time to infer sensitive information, such as cryptographic keys.
70. What is “Heap Spray Allocation” used for in exploits?
a) Placing malicious payloads in predictable memory locations
b) Spoofing email headers to bypass spam filters
c) Modifying kernel parameters to escalate privileges
d) Bypassing firewall rules using encrypted payloads
Answer: a) Placing malicious payloads in predictable memory locations
Explanation: Heap Spray Allocation increases the likelihood that an exploit will execute malicious code by filling memory with attacker-controlled data.
71. Which attack method exploits a web application’s deserialization process?
a) Insecure Deserialization
b) Buffer Overflow
c) DNS Spoofing
d) Heap Corruption
Answer: a) Insecure Deserialization
Explanation: Insecure Deserialization occurs when an application deserializes untrusted data, allowing attackers to execute arbitrary code.
72. What is the main security risk of using an unpatched Java Runtime Environment (JRE)?
a) Remote Code Execution vulnerabilities
b) SQL Injection
c) Cookie Theft
d) Cross-Site Request Forgery
Answer: a) Remote Code Execution vulnerabilities
Explanation: Unpatched Java environments often contain vulnerabilities that allow attackers to execute arbitrary code on a system.
73. What is a key feature of a “Bootkit” compared to a standard rootkit?
a) It persists by modifying the Master Boot Record (MBR)
b) It only operates in user-space
c) It encrypts system files using AES-256
d) It targets web applications exclusively
Answer: a) It persists by modifying the Master Boot Record (MBR)
Explanation: Bootkits infect a system’s bootloader or MBR, allowing attackers to maintain persistence even after OS reinstallation.
74. Which memory protection technique prevents the execution of code in certain memory regions?
a) Data Execution Prevention (DEP)
b) Buffer Overflow Protection (BOP)
c) TLS Handshake Verification
d) SSL Pinning
Answer: a) Data Execution Prevention (DEP)
Explanation: DEP marks memory regions as non-executable, preventing attackers from running arbitrary code in those areas.
75. What type of vulnerability does “Spectre” exploit?
a) Speculative Execution in CPUs
b) Weak AES encryption
c) Open database connections
d) Unpatched CMS vulnerabilities
Answer: a) Speculative Execution in CPUs
Explanation: Spectre (CVE-2017-5753) exploits speculative execution to leak sensitive data from CPU memory.
76. Which attack method can be used to bypass Content Security Policy (CSP) protections?
a) JSONP Hijacking
b) Stack Smashing
c) Heap Overflow
d) ICMP Flooding
Answer: a) JSONP Hijacking
Explanation: JSONP Hijacking exploits misconfigured JSON endpoints to execute unauthorized cross-origin requests.
77. What is the main goal of a “Stack Canary” in modern security defenses?
a) Detect and prevent buffer overflow exploits
b) Hide encryption keys from forensic tools
c) Mask IP addresses in network logs
d) Encrypt user passwords using SHA-256
Answer: a) Detect and prevent buffer overflow exploits
Explanation: Stack Canaries are security mechanisms that place a known value before the return address; if modified, an overflow is detected.
78. Which malware spreads via SMB exploits, similar to EternalBlue?
a) WannaCry
b) Zeus
c) KeyloggerX
d) DarkComet
Answer: a) WannaCry
Explanation: WannaCry ransomware used the EternalBlue SMB exploit to spread across networks.
79. What does “ROP” stand for in exploitation techniques?
a) Return-Oriented Programming
b) Reverse Online Proxy
c) Redundant OS Patch
d) Remote Object Patching
Answer: a) Return-Oriented Programming
Explanation: ROP is an exploitation technique used to bypass security mechanisms like DEP.
80. What is a “gadget” in Return-Oriented Programming (ROP)?
a) A short sequence of existing instructions used to create an exploit
b) A network monitoring tool
c) A keylogger variant
d) A database security mechanism
Answer: a) A short sequence of existing instructions used to create an exploit
Explanation: ROP gadgets are snippets of executable code that attackers chain together to execute arbitrary functions.
81. What is the primary purpose of Address Space Layout Randomization (ASLR)?
a) To prevent buffer overflow attacks by randomizing memory addresses
b) To detect phishing attacks in email clients
c) To encrypt user passwords before storing them
d) To restrict access to administrative functions in a web application
Answer: a) To prevent buffer overflow attacks by randomizing memory addresses
Explanation: ASLR randomizes memory locations used by system processes, making it harder for attackers to predict addresses for exploitation.
82. Which technique allows an attacker to execute code on a system by modifying a shared memory segment?
a) Shared Library Injection
b) Heap Spraying
c) ARP Spoofing
d) DNS Poisoning
Answer: a) Shared Library Injection
Explanation: Shared Library Injection exploits shared memory segments to inject malicious code into running processes.
83. What is the primary goal of a “JOP” (Jump-Oriented Programming) attack?
a) To bypass security mechanisms like DEP without using return instructions
b) To inject SQL queries into a vulnerable application
c) To exploit improper authentication mechanisms
d) To manipulate network packets for MITM attacks
Answer: a) To bypass security mechanisms like DEP without using return instructions
Explanation: Jump-Oriented Programming (JOP) is similar to ROP but avoids using return instructions, making it harder to detect.
84. Which vulnerability is associated with side-channel attacks on modern processors?
a) Meltdown
b) Buffer Overflow
c) SQL Injection
d) Clickjacking
Answer: a) Meltdown
Explanation: Meltdown exploits vulnerabilities in modern processors to access privileged memory, bypassing isolation protections.
85. What attack method leverages speculative execution vulnerabilities in CPUs?
a) Spectre
b) Cross-Site Scripting
c) Pass-the-Hash
d) Man-in-the-Middle
Answer: a) Spectre
Explanation: Spectre tricks processors into executing unauthorized speculative instructions, potentially leaking sensitive data.
86. Which of the following is a key characteristic of a format string vulnerability?
a) It occurs when user input is improperly handled in formatted output functions
b) It results from improper SQL query construction
c) It relies on excessive recursion in function calls
d) It allows attackers to modify network packets dynamically
Answer: a) It occurs when user input is improperly handled in formatted output functions
Explanation: Format string vulnerabilities occur when functions like printf() process unvalidated user input, leading to memory corruption or code execution.
87. What is the main goal of a kernel exploit?
a) To gain elevated privileges by executing malicious code in the kernel space
b) To inject malicious JavaScript into a user’s browser
c) To steal user passwords from a website database
d) To manipulate network packets for data interception
Answer: a) To gain elevated privileges by executing malicious code in the kernel space
Explanation: Kernel exploits target vulnerabilities in the operating system kernel, allowing attackers to gain full control over the system.
88. Which of the following best describes a Time-of-Use (TOU) vulnerability?
a) A vulnerability that exploits race conditions between checking and using a resource
b) A method of executing shellcode through return-oriented programming
c) A timing discrepancy in cryptographic operations
d) A denial-of-service attack that disrupts CPU scheduling
Answer: a) A vulnerability that exploits race conditions between checking and using a resource
Explanation: Time-of-Check to Time-of-Use (TOCTOU) vulnerabilities occur when a system state changes between the time it is checked and the time it is used.
89. Which tool is commonly used for fuzz testing to discover vulnerabilities?
a) AFL (American Fuzzy Lop)
b) Nmap
c) Netcat
d) Wireshark
Answer: a) AFL (American Fuzzy Lop)
Explanation: AFL is a widely used fuzz testing tool that helps discover vulnerabilities by injecting malformed inputs into programs.
90. What is the purpose of stack smashing in an exploit?
a) Overwriting return addresses to control execution flow
b) Encrypting data stored in memory
c) Altering the behavior of cryptographic algorithms
d) Gaining unauthorized access to user sessions
Answer: a) Overwriting return addresses to control execution flow
Explanation: Stack smashing occurs when a buffer overflow overwrites a function’s return address, redirecting execution to malicious code.
91. What is the primary objective of an attacker exploiting a use-after-free vulnerability?
a) Executing arbitrary code by reusing memory allocated to freed objects
b) Disabling memory encryption mechanisms
c) Triggering excessive CPU usage to cause a DoS attack
d) Redirecting users to phishing websites
Answer: a) Executing arbitrary code by reusing memory allocated to freed objects
Explanation: Use-after-free vulnerabilities occur when a program continues to reference memory that has already been freed, allowing attackers to manipulate it.
92. Which of the following describes a directory traversal attack?
a) Gaining unauthorized access to files outside the intended directory
b) Injecting commands into a vulnerable application
c) Exploiting a flaw in web server configurations
d) Intercepting user credentials in transit
Answer: a) Gaining unauthorized access to files outside the intended directory
Explanation: Directory traversal attacks manipulate file paths (e.g., ../) to access restricted system files.
93. Which of the following is an example of a payload used in exploitation?
a) Meterpreter
b) TCP Handshake
c) ARP Request
d) Subdomain Enumeration
Answer: a) Meterpreter
Explanation: Meterpreter is a powerful post-exploitation payload used in Metasploit to maintain access and execute commands on a compromised system.
94. What technique can be used to execute malicious code by modifying function pointers?
a) Function Hooking
b) Heap Spraying
c) ARP Poisoning
d) ICMP Tunneling
Answer: a) Function Hooking
Explanation: Function Hooking modifies function pointers to redirect execution flow to attacker-controlled code.
95. What does an attacker achieve by performing “Syscall Proxying”?
a) Redirecting system calls to bypass security mechanisms
b) Extracting login credentials from memory
c) Encrypting data with symmetric algorithms
d) Establishing covert communication between two servers
Answer: a) Redirecting system calls to bypass security mechanisms
Explanation: Syscall Proxying allows attackers to manipulate system calls, often used in post-exploitation scenarios.
96. What is the purpose of “ROP NOP Sledding”?
a) To increase the reliability of return-oriented programming (ROP) exploits
b) To execute SQL Injection attacks more efficiently
c) To modify browser cookies for authentication bypass
d) To perform DNS tunneling
Answer: a) To increase the reliability of return-oriented programming (ROP) exploits
Explanation: ROP NOP Sledding involves placing “NOP-like” instructions in memory to increase exploit reliability.
97. What is the key risk of misconfigured PowerShell execution policies?
a) Attackers can execute unsigned scripts remotely
b) Unauthorized database access
c) Session hijacking in web applications
d) Tampering with HTTP headers
Answer: a) Attackers can execute unsigned scripts remotely
Explanation: Misconfigured PowerShell execution policies allow attackers to run malicious scripts without proper security checks.
98. What does the term “heap metadata corruption” refer to in exploitation?
a) Modifying internal heap structures to execute arbitrary code
b) Encrypting heap memory to evade detection
c) Using heap spraying to fill memory with NOPs
d) Overwriting stack-based buffers with malicious input
Answer: a) Modifying internal heap structures to execute arbitrary code
Explanation: Heap metadata corruption involves altering heap structures (e.g., free lists, headers) to gain control over memory allocation and execution.
99. Which technique involves manipulating exception handling to gain code execution?
a) SEH Overwrite
b) Directory Traversal
c) Credential Stuffing
d) SQL Injection
Answer: a) SEH Overwrite
Explanation: SEH Overwrite (Structured Exception Handler Overwrite) exploits Windows exception handling mechanisms to execute malicious code.
100. What does the term “NOP sled” mean in the context of an exploit?
a) A series of NOP (no-operation) instructions leading to shellcode execution
b) A method for bypassing Content Security Policy (CSP)
c) A technique to encrypt memory payloads
d) A brute-force attack on password-protected files
Answer: a) A series of NOP (no-operation) instructions leading to shellcode execution
Explanation: NOP sleds help ensure reliable execution of shellcode by guiding the instruction pointer to the payload.
101. What is a common defense against “Heap Exploitation” attacks?
a) Address Space Layout Randomization (ASLR)
b) Man-in-the-Middle (MITM) attack
c) SQL Injection Filters
d) Web Application Firewalls
Answer: a) Address Space Layout Randomization (ASLR)
Explanation: ASLR randomizes memory addresses, making heap exploitation significantly more difficult.
102. Which of the following is a technique for modifying a process to execute malicious code?
a) Process Hollowing
b) Cookie Poisoning
c) ARP Spoofing
d) SQL Injection
Answer: a) Process Hollowing
Explanation: Process Hollowing replaces the memory of a legitimate process with malicious code while keeping its original execution context.
103. What is the main advantage of “Reflective DLL Injection”?
a) The DLL is loaded directly into memory without touching disk
b) It encrypts user credentials in transit
c) It modifies JavaScript execution in the browser
d) It prevents SQL Injection attacks
Answer: a) The DLL is loaded directly into memory without touching disk
Explanation: Reflective DLL Injection bypasses file-based detection by loading the DLL into memory without writing it to disk.
104. Which Windows feature can be abused to escalate privileges using “Token Stealing”?
a) Access Tokens
b) DEP (Data Execution Prevention)
c) ASLR (Address Space Layout Randomization)
d) TLS (Transport Layer Security)
Answer: a) Access Tokens
Explanation: Token stealing allows attackers to impersonate high-privileged users by capturing and reusing access tokens.
105. What is the main risk of an “Unrestricted File Upload” vulnerability?
a) Remote Code Execution (RCE)
b) ARP Spoofing
c) DNS Hijacking
d) Email Phishing
Answer: a) Remote Code Execution (RCE)
Explanation: If an application allows unrestricted file uploads, attackers can upload malicious scripts and execute arbitrary commands on the server.
106. What is a “format string attack” commonly used for?
a) Reading or writing arbitrary memory locations
b) Injecting JavaScript into web applications
c) Sniffing network packets
d) Bypassing CAPTCHA systems
Answer: a) Reading or writing arbitrary memory locations
Explanation: Format string attacks exploit insecure use of formatted output functions (e.g., printf) to leak or modify memory contents.
107. Which vulnerability is commonly exploited to conduct an “ARP Cache Poisoning” attack?
a) Lack of ARP validation mechanisms
b) Buffer Overflow in kernel drivers
c) Weak password policies
d) Insufficient HTTPS enforcement
Answer: a) Lack of ARP validation mechanisms
Explanation: ARP Cache Poisoning manipulates the Address Resolution Protocol (ARP) to redirect network traffic to an attacker’s machine.
108. What does “DLL Sideloading” involve?
a) Placing a malicious DLL in a directory where a trusted application will load it
b) Sending malicious DLLs through phishing emails
c) Injecting DLLs into web application forms
d) Encrypting DLLs to evade antivirus detection
Answer: a) Placing a malicious DLL in a directory where a trusted application will load it
Explanation: DLL Sideloading takes advantage of how applications search for and load DLLs, allowing attackers to execute malicious code.
109. What is the main goal of a “Code Cave” in malware development?
a) Hiding malicious code inside unused portions of an executable file
b) Encrypting stored passwords in a web browser
c) Exploiting SQL Injection vulnerabilities
d) Manipulating DNS resolution for phishing attacks
Answer: a) Hiding malicious code inside unused portions of an executable file
Explanation: Code caves provide a way to embed malicious code inside legitimate executables without modifying their primary functionality.
110. What is the main goal of a “Cold Boot Attack”?
a) Extracting sensitive information from RAM after a system reboot
b) Exploiting unpatched vulnerabilities in outdated firmware
c) Bypassing two-factor authentication in login portals
d) Injecting malicious payloads into HTTP headers
Answer: a) Extracting sensitive information from RAM after a system reboot
Explanation: Cold Boot Attacks retrieve encryption keys and other sensitive data by cooling RAM and accessing its contents after power loss.
111. What is a common defense against “Privilege Escalation” attacks?
a) Least Privilege Principle
b) Packet Sniffing
c) Cookie Poisoning
d) Cross-Site Request Forgery Protection
Answer: a) Least Privilege Principle
Explanation: Enforcing the Least Privilege Principle ensures that users and processes have only the minimal necessary permissions, reducing attack surfaces.
112. What technique is used to hijack execution flow by modifying thread scheduling?
a) Thread Execution Hijacking
b) Packet Injection
c) DNS Spoofing
d) Web Cache Poisoning
Answer: a) Thread Execution Hijacking
Explanation: Thread Execution Hijacking manipulates running threads to execute malicious code instead of their intended functions.
113. What is the primary function of a “ROP Gadget”?
a) A small sequence of legitimate instructions used in Return-Oriented Programming (ROP)
b) A tool for brute-forcing login credentials
c) A network scanner used in penetration testing
d) A type of trojan designed to steal banking credentials
Answer: a) A small sequence of legitimate instructions used in Return-Oriented Programming (ROP)
Explanation: ROP gadgets are snippets of existing code that are chained together to execute malicious operations without injecting new code.
114. What is the main purpose of a “Rogue Access Point” in a wireless attack?
a) To capture network traffic and steal credentials
b) To provide free Wi-Fi access to users
c) To encrypt wireless communication
d) To perform SQL Injection attacks
Answer: a) To capture network traffic and steal credentials
Explanation: Rogue access points impersonate legitimate networks to intercept user traffic and steal sensitive data.
115. What is a key indicator of a “Race Condition” vulnerability in a multi-threaded application?
a) Unexpected behavior when two processes access the same resource simultaneously
b) Inability to execute scripts on a web server
c) Excessive memory usage due to poor garbage collection
d) Failure to properly encrypt stored passwords
Answer: a) Unexpected behavior when two processes access the same resource simultaneously
Explanation: Race conditions occur when two or more processes attempt to access a shared resource at the same time, leading to unpredictable results.
116. What technique allows attackers to execute code in a process by modifying its memory space?
a) Process Injection
b) DNS Cache Poisoning
c) SQL Injection
d) Directory Traversal
Answer: a) Process Injection
Explanation: Process Injection allows an attacker to modify another process’s memory space and execute arbitrary code within it.
117. What is the primary objective of a “Man-in-the-Browser” (MitB) attack?
a) To intercept and modify data between the browser and a web server
b) To inject SQL queries into a database
c) To exploit unpatched firmware vulnerabilities
d) To steal SSH private keys from a remote machine
Answer: a) To intercept and modify data between the browser and a web server
Explanation: MitB attacks compromise web browsers to manipulate transactions and steal credentials before encryption takes place.
118. What is a common defense mechanism against “Return-Oriented Programming (ROP)” exploits?
a) Control Flow Integrity (CFI)
b) Credential Stuffing Protection
c) Cross-Origin Resource Sharing (CORS)
d) DNS Security Extensions (DNSSEC)
Answer: a) Control Flow Integrity (CFI)
Explanation: Control Flow Integrity (CFI) detects and prevents ROP-based control hijacking attacks by ensuring valid execution flow.
119. What is a key characteristic of “Shatter Attacks” on Windows systems?
a) Exploiting window messages to gain elevated privileges
b) Exploiting SQL Injection to manipulate backend databases
c) Intercepting SSH credentials over insecure networks
d) Using fake certificates to bypass HTTPS encryption
Answer: a) Exploiting window messages to gain elevated privileges
Explanation: Shatter Attacks manipulate Windows messages to execute code with higher privileges.
120. What is the primary goal of an “Integer Overflow” exploit?
a) To manipulate arithmetic calculations to cause unexpected behavior
b) To inject JavaScript into a web page
c) To encrypt network traffic using TLS
d) To impersonate a user in an authentication system
Answer: a) To manipulate arithmetic calculations to cause unexpected behavior
Explanation: Integer overflows occur when an arithmetic operation exceeds the maximum value a variable can store, leading to unpredictable results.
121. What is the purpose of “Heap Feng Shui” in exploit development?
a) To manipulate heap memory layout for predictable exploitation
b) To perform phishing attacks on social media users
c) To analyze encrypted network traffic for sensitive information
d) To automatically generate malicious payloads in Python
Answer: a) To manipulate heap memory layout for predictable exploitation
Explanation: Heap Feng Shui arranges heap memory structures in a way that increases the reliability of an exploit.
122. What type of attack is commonly used to exploit memory corruption vulnerabilities?
a) Code Reuse Attacks
b) DNS Poisoning
c) Session Hijacking
d) Cross-Site Request Forgery (CSRF)
Answer: a) Code Reuse Attacks
Explanation: Code Reuse Attacks, such as ROP and JOP, exploit memory corruption to execute existing code in a malicious way.
123. What is the primary attack vector for “Driver Exploits” in Windows?
a) Vulnerable kernel-mode drivers allowing privilege escalation
b) Weak password policies in system accounts
c) Unpatched third-party browser extensions
d) Injection of malicious JavaScript into online forms
Answer: a) Vulnerable kernel-mode drivers allowing privilege escalation
Explanation: Attackers exploit vulnerable drivers to execute code with system-level privileges.
124. What is a key risk associated with “Lazy FP State Restore” CPU vulnerabilities?
a) Leaking sensitive information from CPU registers
b) Manipulating public-key cryptography algorithms
c) Spoofing digital certificates for MITM attacks
d) Exploiting brute-force vulnerabilities in hashing functions
Answer: a) Leaking sensitive information from CPU registers
Explanation: The Lazy FP State Restore vulnerability allows attackers to steal sensitive data by exploiting CPU state transitions.
125. What is the main purpose of “ROP Gadgets” in an attack?
a) To chain small pieces of existing code to bypass security protections
b) To inject SQL queries into a database
c) To create rogue wireless access points for phishing
d) To brute-force password hashes more efficiently
Answer: a) To chain small pieces of existing code to bypass security protections
Explanation: ROP gadgets help construct exploits that bypass defenses like DEP by reusing existing executable code snippets.
126. What is the goal of a “Blind Return-Oriented Programming” (BROP) attack?
a) To discover and chain ROP gadgets without prior knowledge of a binary
b) To modify SQL database entries using unvalidated user input
c) To create a fake DNS record for redirection
d) To conduct an offline brute-force attack on encrypted files
Answer: a) To discover and chain ROP gadgets without prior knowledge of a binary
Explanation: BROP attacks reconstruct ROP gadgets dynamically, enabling exploitation without access to the binary’s source code.
127. What security feature prevents kernel-mode code execution in Windows?
a) Kernel Patch Protection (PatchGuard)
b) TLS (Transport Layer Security)
c) CAPTCHA mechanisms
d) SQL Injection Protection
Answer: a) Kernel Patch Protection (PatchGuard)
Explanation: PatchGuard prevents unauthorized modification of the Windows kernel, mitigating certain privilege escalation attacks.
128. What is the main risk of using deprecated cryptographic functions?
a) They may contain known vulnerabilities that attackers can exploit
b) They make debugging software more difficult
c) They reduce the speed of network communication
d) They increase the risk of buffer overflow vulnerabilities
Answer: a) They may contain known vulnerabilities that attackers can exploit
Explanation: Deprecated cryptographic functions often have weaknesses that attackers can exploit to decrypt or manipulate data.
129. What is the main weakness of a “NULL Pointer Dereference” vulnerability?
a) It can lead to a crash or arbitrary code execution
b) It allows an attacker to bypass SQL authentication
c) It can be used to manipulate HTTP session tokens
d) It affects only web-based applications
Answer: a) It can lead to a crash or arbitrary code execution
Explanation: NULL Pointer Dereference vulnerabilities occur when a program attempts to access a NULL memory reference, potentially leading to crashes or exploitation.
130. What is a “KASLR Bypass” attack designed to do?
a) Circumvent Kernel Address Space Layout Randomization
b) Inject JavaScript payloads into browsers
c) Overload a web server with excessive HTTP requests
d) Spoof Bluetooth connections for unauthorized access
Answer: a) Circumvent Kernel Address Space Layout Randomization
Explanation: KASLR Bypass techniques allow attackers to predict memory addresses in the kernel, facilitating further exploitation.
131. What is the primary purpose of “ROP Chains” in modern exploits?
a) To bypass security mechanisms like DEP and ASLR
b) To inject SQL queries into a database
c) To forge digital certificates
d) To execute brute-force attacks on login pages
Answer: a) To bypass security mechanisms like DEP and ASLR
Explanation: Return-Oriented Programming (ROP) chains use existing code snippets to execute malicious operations without injecting new code, evading DEP and ASLR.
132. What is a “Side-Channel Timing Attack” used for?
a) Extracting cryptographic keys based on execution time variations
b) Injecting JavaScript payloads into web applications
c) Overwriting kernel memory to escalate privileges
d) Spoofing DNS responses to redirect traffic
Answer: a) Extracting cryptographic keys based on execution time variations
Explanation: Timing attacks analyze variations in execution times to infer sensitive data such as cryptographic keys.
133. What is “ROP Gadgets Harvesting”?
a) Extracting usable instruction sequences for Return-Oriented Programming
b) Compromising SSH keys for unauthorized access
c) Harvesting browser cookies for session hijacking
d) Exploiting Bluetooth devices to gain remote access
Answer: a) Extracting usable instruction sequences for Return-Oriented Programming
Explanation: ROP gadgets are small instruction sequences that can be chained together to execute arbitrary commands without injecting new code.
134. Which of the following best describes a “Microarchitectural Data Sampling” (MDS) attack?
a) Exploiting CPU buffer leaks to extract sensitive data
b) Manipulating SQL queries to dump a database
c) Injecting malicious DLLs into running processes
d) Overloading a server with excessive HTTP requests
Answer: a) Exploiting CPU buffer leaks to extract sensitive data
Explanation: MDS attacks, such as RIDL and Fallout, exploit speculative execution flaws in CPUs to leak sensitive data.
135. What is a “Stack Pivoting” technique used for?
a) Redirecting execution to attacker-controlled stack space
b) Manipulating JSON responses in web applications
c) Intercepting and modifying DNS requests
d) Spoofing email headers for phishing attacks
Answer: a) Redirecting execution to attacker-controlled stack space
Explanation: Stack Pivoting changes the stack pointer to redirect execution to an attacker’s controlled memory, facilitating exploits like ROP.
136. What is the primary goal of a “Page Table Attack” in exploitation?
a) Manipulating virtual memory to bypass protections
b) Injecting malware into firmware updates
c) Exploiting misconfigured permissions in cloud environments
d) Compromising authentication tokens in web sessions
Answer: a) Manipulating virtual memory to bypass protections
Explanation: Page Table Attacks modify memory mapping structures to escalate privileges and bypass security features.
137. What is a “Return-to-syscall” attack?
a) Redirecting execution flow to legitimate system calls
b) Overwriting stack memory to execute arbitrary commands
c) Exploiting SQL Injection vulnerabilities
d) Manipulating Bluetooth connections for unauthorized access
Answer: a) Redirecting execution flow to legitimate system calls
Explanation: Return-to-syscall attacks use existing system calls to execute malicious actions, bypassing DEP and ASLR protections.
138. What is the primary function of “Pointer Authentication Codes (PAC)” in security?
a) To prevent control-flow hijacking attacks
b) To encrypt session cookies in web applications
c) To authenticate users on a network
d) To protect against phishing emails
Answer: a) To prevent control-flow hijacking attacks
Explanation: PACs add cryptographic signatures to pointers, making it harder for attackers to modify control flow in memory corruption exploits.
139. What is the main risk of a “Memory Disclosure Vulnerability”?
a) Leaking sensitive information such as passwords or encryption keys
b) Corrupting file system metadata
c) Modifying HTTP request headers
d) Spoofing Bluetooth device addresses
Answer: a) Leaking sensitive information such as passwords or encryption keys
Explanation: Memory disclosure vulnerabilities allow attackers to read unintended portions of memory, potentially exposing sensitive data.
140. Which of the following is a common attack against modern Just-In-Time (JIT) compilers?
a) JIT Spraying
b) SQL Injection
c) Session Fixation
d) DNS Spoofing
Answer: a) JIT Spraying
Explanation: JIT Spraying introduces malicious code patterns into JIT-compiled memory regions to execute arbitrary commands.
141. What is a “Speculative Execution Attack”?
a) Exploiting out-of-order CPU execution to access restricted data
b) Manipulating database queries to dump sensitive records
c) Overwriting network packet headers to perform MITM attacks
d) Flooding a target with excessive ICMP packets
Answer: a) Exploiting out-of-order CPU execution to access restricted data
Explanation: Speculative execution attacks like Spectre and Meltdown exploit processor optimizations to leak sensitive information.
142. What is the purpose of a “Heap Spray” in exploitation?
a) Increasing the probability of hitting a payload in memory
b) Overwriting stack-based buffers
c) Manipulating cryptographic algorithms
d) Stealing session cookies from web applications
Answer: a) Increasing the probability of hitting a payload in memory
Explanation: Heap Spraying places payloads at predictable memory locations to increase the reliability of an exploit.
143. What is a “Kernel Mode Rootkit” primarily used for?
a) Gaining persistent, high-privilege access to an OS
b) Phishing users via malicious email attachments
c) Injecting SQL commands into a vulnerable database
d) Exploiting weak cryptographic implementations
Answer: a) Gaining persistent, high-privilege access to an OS
Explanation: Kernel-mode rootkits operate at the lowest level of an OS, making them difficult to detect and remove.
144. What is “Process Doppelgänging” in exploitation?
a) Running malicious code under the guise of a legitimate process
b) Overwriting firmware in IoT devices
c) Manipulating DNS responses to redirect users
d) Exploiting CSP bypass techniques
Answer: a) Running malicious code under the guise of a legitimate process
Explanation: Process Doppelgänging abuses the Windows process loading mechanism to execute malware undetected.
145. What is “ROP Chaining”?
a) Linking multiple ROP gadgets together for code execution
b) Overwriting browser cookies for session hijacking
c) Exploiting race conditions in multi-threaded applications
d) Injecting malicious HTML into web forms
Answer: a) Linking multiple ROP gadgets together for code execution
Explanation: ROP chaining allows attackers to perform complex operations by stringing together short sequences of existing instructions.
146. What is the goal of “Heap Grooming” in exploitation?
a) Arranging heap memory for more predictable exploitation
b) Extracting private keys from encrypted containers
c) Manipulating HTTP responses for cache poisoning
d) Spoofing biometric authentication mechanisms
Answer: a) Arranging heap memory for more predictable exploitation
Explanation: Heap Grooming is a technique used to control the memory layout before triggering a heap-based exploit.
147. What is the main goal of a “Branch Target Injection” attack?
a) Exploiting CPU branch prediction to execute malicious code
b) Redirecting network traffic using forged ARP messages
c) Injecting SQL queries into a database application
d) Manipulating session tokens in a web application
Answer: a) Exploiting CPU branch prediction to execute malicious code
Explanation: Branch Target Injection (a component of Spectre attacks) manipulates branch prediction to leak sensitive data from privileged memory.
148. What is the purpose of a “Time-of-Check to Time-of-Use” (TOCTOU) attack?
a) Exploiting race conditions to manipulate system behavior
b) Modifying HTTP request headers for unauthorized access
c) Overwriting session cookies in a browser
d) Performing cross-site request forgery (CSRF) attacks
Answer: a) Exploiting race conditions to manipulate system behavior
Explanation: TOCTOU attacks exploit the time gap between checking a condition and using a resource, leading to unexpected or unauthorized actions.
149. Which exploit technique involves leveraging memory deduplication to leak sensitive data?
a) Deduplication Side-Channel Attack
b) Stack Overflow Exploit
c) DNS Cache Poisoning
d) Clickjacking
Answer: a) Deduplication Side-Channel Attack
Explanation: Memory deduplication can be exploited by attackers to infer or retrieve sensitive data by forcing shared memory operations.
150. What is “Return-to-plt” used for in exploitation?
a) Redirecting execution flow to dynamically linked libraries
b) Bypassing Content Security Policy (CSP) in web applications
c) Extracting credentials from browser storage
d) Manipulating TLS certificates for phishing
Answer: a) Redirecting execution flow to dynamically linked libraries
Explanation: Return-to-PLT (Procedure Linkage Table) techniques bypass security mechanisms by leveraging preloaded function addresses.
151. What is the main risk of an “Uninitialized Memory Read” vulnerability?
a) Leaking sensitive data from previously allocated memory
b) Overwriting system kernel functions
c) Executing unauthorized JavaScript in a user’s browser
d) Injecting malicious code into a DLL file
Answer: a) Leaking sensitive data from previously allocated memory
Explanation: Uninitialized memory reads expose leftover data from previous processes, potentially revealing sensitive information.
152. What is “Process Injection via APC Queues” used for?
a) Running malicious code in another process’s context
b) Manipulating browser cache to execute hidden payloads
c) Overwriting DNS entries for domain hijacking
d) Bypassing firewalls using encrypted payloads
Answer: a) Running malicious code in another process’s context
Explanation: Asynchronous Procedure Call (APC) Injection allows attackers to execute arbitrary code in the context of another process.
153. What is the main purpose of a “ROP Chain with Syscalls”?
a) Directly invoking system calls to bypass security defenses
b) Stealing credentials by sniffing network traffic
c) Encrypting payloads to evade antivirus detection
d) Bypassing CAPTCHA challenges in authentication forms
Answer: a) Directly invoking system calls to bypass security defenses
Explanation: ROP Chains with Syscalls enable attackers to bypass API restrictions and directly interact with the operating system.
154. What technique allows an attacker to execute arbitrary code by modifying function pointers in the Global Offset Table (GOT)?
a) GOT Overwrite
b) Heap Spraying
c) Process Hollowing
d) Session Hijacking
Answer: a) GOT Overwrite
Explanation: GOT Overwrite exploits dynamic linking mechanisms to redirect execution to malicious code.
155. What is the purpose of a “Side-Channel Cache Attack”?
a) Extracting sensitive data by analyzing CPU cache behavior
b) Manipulating browser cookies for session fixation
c) Injecting malicious payloads into JSON responses
d) Exploiting weak cryptographic keys in HTTPS connections
Answer: a) Extracting sensitive data by analyzing CPU cache behavior
Explanation: Cache attacks exploit the way processors store and retrieve frequently used data to infer sensitive information.
156. What is “Direct Kernel Object Manipulation (DKOM)” used for?
a) Hiding malicious processes by modifying kernel structures
b) Injecting payloads into HTTP requests
c) Performing session hijacking in web applications
d) Overwriting system logs to erase attack traces
Answer: a) Hiding malicious processes by modifying kernel structures
Explanation: DKOM allows attackers to alter kernel structures, enabling process hiding, privilege escalation, or bypassing security tools.
157. Which attack abuses speculative execution to leak sensitive information from kernel memory?
a) Meltdown
b) Rowhammer
c) JIT Spraying
d) Directory Traversal
Answer: a) Meltdown
Explanation: Meltdown exploits speculative execution flaws to read kernel memory from unprivileged processes.
158. What is the purpose of “Heap Grooming” in exploit development?
a) Arranging heap memory layout to make exploitation predictable
b) Performing phishing attacks via fake login portals
c) Automating brute-force attacks against login credentials
d) Bypassing CAPTCHA challenges using AI-based scripts
Answer: a) Arranging heap memory layout to make exploitation predictable
Explanation: Heap Grooming ensures memory is organized in a way that increases the reliability of heap-based exploits.
159. What is a “Code Reuse Attack” designed to do?
a) Execute existing code sequences to bypass security defenses
b) Intercept network packets in transit
c) Forge digital certificates for SSL/TLS interception
d) Encrypt user files using ransomware
Answer: a) Execute existing code sequences to bypass security defenses
Explanation: Code Reuse Attacks, such as ROP and JOP, execute existing program instructions to bypass DEP and ASLR.
160. What is “Process Doppelgänging” primarily used for?
a) Running malware under the disguise of a legitimate process
b) Exploiting weak password policies in authentication systems
c) Manipulating DNS records to reroute network traffic
d) Performing packet injection attacks on Wi-Fi networks
Answer: a) Running malware under the disguise of a legitimate process
Explanation: Process Doppelgänging abuses Windows transaction features to replace legitimate processes with malicious ones, bypassing security software.
161. What is the main advantage of a “Heap Spray” attack?
a) It places malicious payloads at predictable memory locations
b) It overwrites stack-based buffers to execute shellcode
c) It manipulates cryptographic algorithms in memory
d) It hijacks authentication tokens from a browser
Answer: a) It places malicious payloads at predictable memory locations
Explanation: Heap spraying increases the likelihood that an exploit will execute its payload by placing it in predictable memory locations.
162. What is a “Pointer Authentication Code (PAC)” used for in security?
a) Preventing control-flow hijacking attacks
b) Encrypting browser cookies for session protection
c) Automating SQL injection detection
d) Spoofing ARP responses in a network
Answer: a) Preventing control-flow hijacking attacks
Explanation: PACs add cryptographic signatures to pointers, making it more difficult for attackers to modify them in memory corruption exploits.
163. What is a “Kernel Page Table Isolation (KPTI)” security feature designed to mitigate?
a) Meltdown attacks
b) SQL injection vulnerabilities
c) Cross-site request forgery (CSRF) attacks
d) Remote code execution (RCE) via DLL injection
Answer: a) Meltdown attacks
Explanation: KPTI isolates kernel memory from user space, preventing Meltdown attacks from leaking sensitive information.
164. What is the main goal of “ROP Chain Hardening” techniques?
a) Preventing return-oriented programming (ROP) exploits
b) Encrypting user data at rest
c) Bypassing content security policies in web applications
d) Manipulating browser fingerprinting for tracking prevention
Answer: a) Preventing return-oriented programming (ROP) exploits
Explanation: ROP chain hardening techniques, such as Control Flow Integrity (CFI), help prevent ROP-based code execution.
165. What is the purpose of a “Null Pointer Dereference” exploit?
a) Crashing or executing code by dereferencing a NULL memory address
b) Injecting JavaScript into vulnerable web applications
c) Manipulating network packets in transit
d) Escalating privileges via brute-force techniques
Answer: a) Crashing or executing code by dereferencing a NULL memory address
Explanation: Null pointer dereference vulnerabilities can lead to denial of service (DoS) or arbitrary code execution.
166. What is a “Ret2libc” attack?
a) A technique that redirects execution to standard C library functions
b) A method for performing buffer overflows in modern browsers
c) A mechanism for bypassing CAPTCHA verifications
d) A technique used to decrypt ransomware-encrypted files
Answer: a) A technique that redirects execution to standard C library functions
Explanation: Ret2libc attacks exploit vulnerabilities to call functions like system() in the C standard library without injecting new code.
167. What is the primary security risk of “Lazy FPU State Restore” CPU vulnerabilities?
a) Leaking floating-point register values across processes
b) Performing memory corruption via JavaScript execution
c) Exploiting weak password hashing algorithms
d) Bypassing multi-factor authentication (MFA) mechanisms
Answer: a) Leaking floating-point register values across processes
Explanation: Lazy FPU State Restore vulnerabilities allow attackers to steal sensitive data by exploiting CPU state-saving optimizations.
168. What is a “Type Confusion” vulnerability?
a) An exploit where an object is treated as an incompatible type, leading to code execution
b) A method for poisoning DNS caches to misroute network traffic
c) A way to brute-force encryption keys in TLS handshakes
d) An attack that modifies session cookies to escalate privileges
Answer: a) An exploit where an object is treated as an incompatible type, leading to code execution
Explanation: Type confusion vulnerabilities occur when an application misinterprets an object’s type, potentially leading to memory corruption or arbitrary execution.
169. What is a common defense mechanism against “Heap Exploitation” techniques?
a) Heap Canaries
b) SQL Injection Filters
c) DNS Security Extensions (DNSSEC)
d) Web Application Firewalls
Answer: a) Heap Canaries
Explanation: Heap canaries help detect and mitigate heap-based exploitation techniques by placing known values in memory and checking for modifications.
170. What is “Jump-Oriented Programming” (JOP)?
a) An alternative to return-oriented programming (ROP) that avoids using return instructions
b) A method for executing arbitrary SQL queries in a database
c) A way to bypass encryption protections in TLS
d) An attack on authentication mechanisms in web applications
Answer: a) An alternative to return-oriented programming (ROP) that avoids using return instructions
Explanation: JOP is a variation of ROP that does not rely on return instructions, making it harder to detect and mitigate.
171. What is the key risk of “Heap-Based Buffer Overflows”?
a) Arbitrary code execution due to memory corruption
b) Intercepting session cookies via JavaScript injection
c) Manipulating DNS queries to redirect web traffic
d) Performing a denial-of-service attack on a target server
Answer: a) Arbitrary code execution due to memory corruption
Explanation: Heap-based buffer overflows allow attackers to overwrite critical memory structures, leading to code execution.
172. What is the purpose of “Memory Tagging” in modern CPU architectures?
a) Preventing use-after-free and buffer overflow attacks
b) Enhancing cryptographic operations in memory
c) Optimizing performance for floating-point calculations
d) Increasing cache efficiency in speculative execution
Answer: a) Preventing use-after-free and buffer overflow attacks
Explanation: Memory tagging helps detect and mitigate memory corruption vulnerabilities by associating tags with allocated memory regions.
173. What is a “Stack Canary” used for?
a) Detecting buffer overflow attempts by placing a known value before a return address
b) Encrypting memory regions to prevent unauthorized access
c) Redirecting execution flow to avoid antivirus detection
d) Modifying session tokens to gain unauthorized access
Answer: a) Detecting buffer overflow attempts by placing a known value before a return address
Explanation: Stack canaries are security mechanisms that detect and prevent stack-based buffer overflow exploits.
174. What is a “JIT Compiler Exploit”?
a) Exploiting Just-In-Time (JIT) compilation to execute arbitrary code
b) Injecting malicious JavaScript into a browser
c) Overwriting network logs to hide attack traces
d) Manipulating software licenses for unauthorized access
Answer: a) Exploiting Just-In-Time (JIT) compilation to execute arbitrary code
Explanation: JIT compiler exploits manipulate dynamically compiled code to bypass security restrictions and execute malicious code.
175. What is the risk of “Insecure Deserialization” vulnerabilities?
a) Arbitrary code execution by tampering with serialized objects
b) Leaking session tokens via unprotected cookies
c) Manipulating SQL queries to retrieve sensitive data
d) Overwriting HTTP headers for request smuggling
Answer: a) Arbitrary code execution by tampering with serialized objects
Explanation: Insecure deserialization vulnerabilities allow attackers to manipulate serialized objects to execute arbitrary code.
176. What is the primary risk of “Use-After-Free” (UAF) vulnerabilities?
a) Arbitrary code execution due to accessing freed memory
b) Overwriting browser cookies to hijack user sessions
c) Intercepting network packets through ARP poisoning
d) Manipulating HTTP request headers for unauthorized access
Answer: a) Arbitrary code execution due to accessing freed memory
Explanation: Use-After-Free (UAF) vulnerabilities occur when a program continues to use a memory location after it has been freed, leading to crashes or arbitrary code execution.
177. What is “Control Flow Integrity (CFI)” designed to prevent?
a) Hijacking of execution flow in exploits like ROP and JOP
b) Brute-forcing encrypted password hashes
c) Bypassing multi-factor authentication (MFA)
d) Injecting SQL queries into web applications
Answer: a) Hijacking of execution flow in exploits like ROP and JOP
Explanation: CFI ensures that indirect jumps and calls follow valid control-flow paths, preventing control-flow hijacking attacks.
178. What type of attack can be mitigated using “Write XOR Execute (W^X)” memory protection?
a) Execution of shellcode in writable memory regions
b) Overwriting JSON responses in web applications
c) Redirecting domain traffic via DNS cache poisoning
d) Exploiting misconfigured OAuth authentication
Answer: a) Execution of shellcode in writable memory regions
Explanation: W^X ensures that memory pages are either writable or executable, but not both, making it difficult to execute injected shellcode.
179. Which attack technique abuses speculative execution to leak sensitive data?
a) Spectre
b) SQL Injection
c) Clickjacking
d) Path Traversal
Answer: a) Spectre
Explanation: Spectre exploits speculative execution flaws in modern CPUs, allowing attackers to extract sensitive information from memory.
180. What is “Heap Isolation” used for in modern operating systems?
a) Preventing memory corruption by isolating heap allocations
b) Encrypting network traffic in TLS connections
c) Storing cryptographic keys securely in memory
d) Manipulating HTTP headers in response splitting attacks
Answer: a) Preventing memory corruption by isolating heap allocations
Explanation: Heap isolation separates memory allocations to prevent exploits like heap spraying and use-after-free attacks.
181. What is the primary security risk of “JOP (Jump-Oriented Programming)”?
a) Bypassing security protections like DEP without using return instructions
b) Manipulating API keys in a web application
c) Overwriting firmware in IoT devices
d) Hijacking email accounts via password reset exploits
Answer: a) Bypassing security protections like DEP without using return instructions
Explanation: JOP chains code execution through jump instructions, making it difficult to detect and mitigate.
182. What is the purpose of “Shadow Stack” in modern processors?
a) Preventing return-oriented programming (ROP) attacks
b) Encrypting session cookies in browsers
c) Preventing DNS spoofing in enterprise networks
d) Blocking unauthorized JavaScript execution in web pages
Answer: a) Preventing return-oriented programming (ROP) attacks
Explanation: Shadow stacks maintain a separate copy of return addresses to detect and prevent ROP attacks.
183. What is a “Side-Channel Power Analysis Attack” used for?
a) Extracting cryptographic keys by analyzing power consumption patterns
b) Overwriting stored credentials in web browsers
c) Bypassing Content Security Policy (CSP) restrictions
d) Exploiting session tokens in Single Sign-On (SSO) authentication
Answer: a) Extracting cryptographic keys by analyzing power consumption patterns
Explanation: Side-channel power analysis measures power consumption variations to infer encryption keys or sensitive data.
184. What is a “Double Free” vulnerability?
a) Freeing the same memory block twice, leading to memory corruption
b) Using an invalid session token to bypass authentication
c) Manipulating JavaScript execution flow in a browser
d) Overwriting stack-based buffers for privilege escalation
Answer: a) Freeing the same memory block twice, leading to memory corruption
Explanation: Double free vulnerabilities occur when a program attempts to free the same memory block multiple times, potentially leading to arbitrary code execution.
185. What does “PAC (Pointer Authentication Code)” help prevent?
a) Modifying function pointers for control-flow hijacking
b) Injecting malicious JavaScript into web applications
c) Encrypting session data in web browsers
d) Overwriting network logs to erase evidence of an attack
Answer: a) Modifying function pointers for control-flow hijacking
Explanation: PAC uses cryptographic signatures to ensure the integrity of function pointers and prevent control-flow hijacking.
186. What is a “Kernel Heap Overflow” vulnerability?
a) Overflowing heap memory in the kernel, leading to privilege escalation
b) Exploiting race conditions in multi-threaded applications
c) Performing cross-origin requests in web applications
d) Spoofing email headers in phishing attacks
Answer: a) Overflowing heap memory in the kernel, leading to privilege escalation
Explanation: Kernel heap overflows allow attackers to manipulate kernel memory, often leading to privilege escalation or arbitrary code execution.
187. What is the function of “Page Table Randomization” in modern OS security?
a) Protecting memory mappings against address leakage
b) Encrypting cookies to prevent session hijacking
c) Modifying browser cache to execute unauthorized scripts
d) Spoofing SSL/TLS certificates for man-in-the-middle attacks
Answer: a) Protecting memory mappings against address leakage
Explanation: Page Table Randomization makes it harder for attackers to predict and manipulate memory mappings for exploitation.
188. What is “Function Hooking” commonly used for in exploitation?
a) Intercepting and modifying API calls for malicious purposes
b) Encrypting payloads to evade antivirus detection
c) Overwriting TLS certificates in secure communications
d) Modifying web forms to steal credentials
Answer: a) Intercepting and modifying API calls for malicious purposes
Explanation: Function hooking allows attackers or security researchers to alter API behavior by modifying function pointers.
189. What is the primary goal of “Speculative Store Bypass (SSB)” exploits?
a) Leaking sensitive data by exploiting CPU store operations
b) Injecting malicious JavaScript into web pages
c) Brute-forcing encryption keys in TLS handshakes
d) Redirecting email traffic via forged SPF records
Answer: a) Leaking sensitive data by exploiting CPU store operations
Explanation: SSB exploits CPU optimizations that store data speculatively, allowing attackers to leak memory contents.
190. What is a “Call-Oriented Programming” (COP) attack?
a) An exploit that chains function calls instead of return instructions
b) A technique for modifying access control lists (ACLs)
c) An attack that manipulates HTML form fields
d) A method of overwriting JSON responses in web applications
Answer: a) An exploit that chains function calls instead of return instructions
Explanation: COP attacks use function call chains to bypass security defenses like Control Flow Integrity (CFI).
191. What is “Transient Execution” in modern CPU vulnerabilities?
a) The execution of speculative instructions that may leak sensitive data
b) A technique for encrypting memory pages dynamically
c) A method for brute-forcing password hashes in real time
d) A vulnerability that allows remote code execution in cloud services
Answer: a) The execution of speculative instructions that may leak sensitive data
Explanation: Transient execution vulnerabilities (e.g., Spectre and Meltdown) exploit speculative execution in modern CPUs to leak sensitive data.
192. What is the key purpose of “Execution Guardrails” in malware development?
a) Preventing malware from executing outside a targeted environment
b) Encrypting network traffic for secure communication
c) Overwriting system logs to cover attack traces
d) Bypassing browser security policies
Answer: a) Preventing malware from executing outside a targeted environment
Explanation: Execution guardrails restrict malware execution to specific conditions, such as running only on a target system or within a specific network.
193. What is a “Kernel Stack Overflow” exploit used for?
a) Escalating privileges by overflowing a kernel-mode stack buffer
b) Bypassing two-factor authentication (2FA) mechanisms
c) Injecting JavaScript into vulnerable web applications
d) Spoofing Bluetooth devices for unauthorized access
Answer: a) Escalating privileges by overflowing a kernel-mode stack buffer
Explanation: Kernel stack overflow exploits allow attackers to execute code with kernel privileges by overflowing a buffer in kernel-mode memory.
194. What is the function of “Supervisor Mode Access Prevention (SMAP)” in modern CPUs?
a) Preventing user-mode code from accessing kernel memory
b) Encrypting user credentials stored in RAM
c) Protecting network traffic from man-in-the-middle attacks
d) Randomizing execution order to prevent timing attacks
Answer: a) Preventing user-mode code from accessing kernel memory
Explanation: SMAP prevents user-mode applications from accessing sensitive kernel memory, mitigating privilege escalation attacks.
195. What is the main characteristic of “Blind Return-Oriented Programming (BROP)”?
a) It allows attackers to construct ROP chains without knowing the binary’s code
b) It exploits unpatched SQL Injection vulnerabilities
c) It is used to forge session cookies for web authentication bypass
d) It enables brute-force decryption of AES-encrypted files
Answer: a) It allows attackers to construct ROP chains without knowing the binary’s code
Explanation: BROP attacks dynamically discover ROP gadgets without requiring knowledge of the target binary, making them effective against stripped binaries.
196. What is the primary attack vector of “Kernel Address Leak” vulnerabilities?
a) Exposing kernel memory locations to bypass ASLR
b) Injecting shellcode into the browser’s memory space
c) Overwriting JSON API responses in a web application
d) Exploiting weak passwords to gain SSH access
Answer: a) Exposing kernel memory locations to bypass ASLR
Explanation: Kernel address leaks help attackers bypass ASLR by revealing memory locations used by the kernel, facilitating further exploitation.
197. What is “Microarchitectural Data Sampling (MDS)” in CPU attacks?
a) Leaking sensitive data from CPU buffer structures
b) Manipulating stored data in a vulnerable SQL database
c) Exploiting insecure browser extensions
d) Bypassing network firewalls through packet fragmentation
Answer: a) Leaking sensitive data from CPU buffer structures
Explanation: MDS attacks exploit speculative execution flaws to extract data from CPU buffers, potentially leaking encryption keys or passwords.
198. What is the purpose of “Indirect Branch Tracking (IBT)” in CPU security?
a) Mitigating control-flow hijacking attacks
b) Detecting phishing emails in real time
c) Preventing privilege escalation in Linux-based systems
d) Encrypting firmware to prevent unauthorized modifications
Answer: a) Mitigating control-flow hijacking attacks
Explanation: IBT is a security feature that helps prevent control-flow hijacking by verifying indirect branch targets, protecting against exploits like ROP and JOP.
199. What is “Hypervisor Escape” in virtualization security?
a) Exploiting vulnerabilities in a hypervisor to gain control of the host system
b) Manipulating browser sandboxing mechanisms
c) Injecting malicious JavaScript into web applications
d) Hijacking network sessions through insecure TLS configurations
Answer: a) Exploiting vulnerabilities in a hypervisor to gain control of the host system
Explanation: Hypervisor escape occurs when an attacker exploits a vulnerability in the virtualization software, allowing them to break out of the guest VM and control the host machine.
200. What is the primary purpose of “Return Flow Guard (RFG)” in modern security mechanisms?
a) Preventing return-oriented programming (ROP) attacks
b) Encrypting data in transit over SSL/TLS connections
c) Protecting email servers from spam-based attacks
d) Detecting privilege escalation attempts in user-space applications
Answer: a) Preventing return-oriented programming (ROP) attacks
Explanation: RFG helps prevent ROP exploits by validating return addresses and ensuring that they match legitimate function return paths.