CertHead

Threats, Vulnerabilities, and Mitigations — Security+ practice questions

Domain 2 of the CompTIA Security+ (SY0-701) exam. 218 questions on this domain in the full bank — here are four free samples with answers and explanations.

Question 1 · Difficulty 2/5

Which of the following best describes the primary mechanism of a SQL injection (SQLi) attack? (Select the best answer.)
  1. Injecting malicious script tags into a web page that execute in another user's browser
  2. Inserting attacker-controlled SQL syntax into an application query to manipulate the database
  3. Sending oversized input to a memory buffer to overwrite adjacent memory and redirect execution
  4. Intercepting HTTP requests between a client and server to modify parameters in transit
Show answer & explanation

Correct answer: B

Inserting attacker-controlled SQL syntax into an application query to manipulate the database
SQL injection works by embedding attacker-supplied SQL syntax into a query the application passes to the database, causing the database to execute unintended commands such as bypassing authentication, dumping tables, or deleting data. Injecting script tags into a page describes cross-site scripting (XSS), not SQLi. Overwriting adjacent memory describes a buffer overflow. Intercepting and modifying HTTP traffic in transit describes an on-path (man-in-the-middle) attack.

Question 2 · Difficulty 3/5

A penetration tester submits the following input into a login form's username field and observes that the application logs the user in without a valid password: 
admin'--
Which SQLi technique does this payload demonstrate, and what is its immediate impact on the application? (Select the best answer.)
  1. Stored injection that persists the payload in the database for later retrieval by other users
  2. Comment-based authentication bypass that neutralizes the password check in the SQL query
  3. Union-based injection that appends a second SELECT statement to extract additional column data
  4. Blind boolean injection that infers database structure by observing true or false application responses
Show answer & explanation

Correct answer: B

Comment-based authentication bypass that neutralizes the password check in the SQL query
The payload admin'-- closes the username string literal and uses the SQL line-comment sequence -- to comment out the remainder of the query (including the password comparison clause), achieving authentication bypass without a valid credential. Stored injection involves persisting a payload in the database so it is later rendered to other users, which is a different delivery method. Union-based injection appends a UNION SELECT to retrieve extra columns from the database, which requires a different payload structure. Blind boolean injection sends payloads that yield no direct output but infer schema details from true/false application behavior, which is not what this single-comment payload does.

Question 3 · Difficulty 3/5

A developer asks why stored XSS is considered more dangerous than reflected XSS. Which of the following best explains the key difference in impact? (Select the best answer.)
  1. Stored XSS executes only when the victim clicks a crafted link, requiring attacker-controlled delivery to each target individually
  2. Stored XSS persists the malicious script in the application's data layer, causing it to execute automatically for every user who loads the affected page
  3. Stored XSS bypasses the database entirely and injects commands directly into the operating system shell
  4. Stored XSS is browser-specific and only affects users who have disabled Content Security Policy enforcement
Show answer & explanation

Correct answer: B

Stored XSS persists the malicious script in the application's data layer, causing it to execute automatically for every user who loads the affected page
With stored (persistent) XSS, the injected script is saved in the application's database or file system and is served to every user who subsequently loads the affected page, multiplying the attack surface without requiring individual victim interaction. Reflected XSS, not stored XSS, depends on the victim clicking a specially crafted link that echoes the payload back in the response. Injecting commands into the OS shell describes OS command injection, a distinct vulnerability. Content Security Policy (CSP) is a browser-level mitigation that can reduce XSS impact, but stored XSS is not limited to browsers that disable CSP.

Question 4 · Difficulty 2/5

Which threat actor type is primarily motivated by financial gain, operates as a coordinated group with defined roles, and frequently relies on ransomware-as-a-service toolkits purchased on dark-web markets? (Select the best answer.)
  1. Nation-state
  2. Organized crime
  3. Hacktivist
  4. Unskilled attacker
Show answer & explanation

Correct answer: B

Organized crime
Organized crime groups are distinguished by their profit-driven motive, division of labor (developers, money mules, negotiators), and use of commoditized tools such as ransomware-as-a-service platforms. Nation-state actors are government-sponsored and typically motivated by espionage or geopolitical objectives, not direct financial return. Hacktivists are motivated by ideology or political causes rather than profit. Unskilled attackers (formerly called script kiddies) use pre-built tools without deep technical understanding and typically act alone for notoriety rather than organized financial gain.

More Security+ domains

Ready to test yourself for real?

The free quiz pulls live questions from the same banks — no account required.

Start the free quiz