Top 30 multiple-choice questions (MCQs) only focused on the Credential Harvesting in the context of WEB Security covering below topics,along with their answers and explanations.
• Discussing techniques used by attackers to harvest user credentials.
• Explaining the risks associated with reused passwords.
1. What is Credential Harvesting in the context of web security?
- Growing crops for food security
- Gathering and stealing user login information
- Harvesting digital certificates
- Collecting web cookies
Credential Harvesting involves gathering and stealing user login information.
2. Which technique is commonly used by attackers to harvest credentials through deceptive websites?
- Sending postcards
- Brute-force attacks
- Planting physical traps
- Phishing attacks
Attackers commonly use phishing attacks to trick users into providing their credentials on deceptive websites.
3. What is the primary risk associated with reused passwords?
- Improved security
- Reduced cognitive load
- Credential stuffing attacks
- Enhanced user experience
The primary risk associated with reused passwords is the vulnerability to credential stuffing attacks.
4. How do attackers use keyloggers for credential harvesting?
- By playing musical instruments
- By recording keystrokes to capture login information
- By organizing key parties
- By decoding cryptographic keys
Attackers use keyloggers to record keystrokes and capture login information for credential harvesting.
5. What is the purpose of credential stuffing attacks?
- To bake cookies
- To test the strength of passwords
- To reuse credentials across multiple websites
- To harvest digital certificates
Credential stuffing attacks involve reusing credentials across multiple websites to gain unauthorized access.
6. In a phishing attack, what is a common method to trick users into revealing their credentials?
- Sending compliments via email
- Using generic email addresses
- Creating fake websites that mimic legitimate ones
- Writing long and complex messages
In phishing attacks, creating fake websites that mimic legitimate ones is a common method to trick users into revealing their credentials.
7. What is a telltale sign of a phishing website used for credential harvesting?
- Short and concise URL
- High-quality graphics and images
- A secure HTTPS connection
- Unusual or misspelled URL
Unusual or misspelled URLs are often telltale signs of phishing websites used for credential harvesting.
- By organizing social events
- By tricking users into revealing sensitive information through manipulation
- By studying social sciences
- By sending friendly emails
Attackers use social engineering in credential harvesting attacks by tricking users into revealing sensitive information through manipulation.
9. What is the significance of password managers in preventing credential harvesting?
- They increase the risk of phishing attacks
- They store passwords in plain text
- They help generate and manage complex, unique passwords for each site
- They are not effective against credential harvesting
Password managers help generate and manage complex, unique passwords for each site, enhancing security against credential harvesting.
10. How do attackers exploit weak passwords in credential harvesting attacks?
- By organizing password parties
- By using advanced encryption techniques
- By guessing or cracking passwords easily
- By promoting strong password policies
Attackers exploit weak passwords in credential harvesting attacks by guessing or cracking them easily.
11. What is the primary motive behind attackers using credential harvesting techniques?
- To enhance cybersecurity awareness
- To gather statistics on password strength
- To gain unauthorized access to accounts
- To improve user experience
The primary motive behind attackers using credential harvesting techniques is to gain unauthorized access to accounts.
12. How can users recognize phishing emails attempting credential harvesting?
- By trusting all emails received
- By verifying the sender's email address and checking for signs of phishing
- By ignoring all emails
- By responding to all email requests
Users can recognize phishing emails attempting credential harvesting by verifying the sender's email address and checking for signs of phishing.
13. What is the role of multi-factor authentication (MFA) in preventing credential harvesting attacks?
- It is not effective against credential harvesting attacks
- It adds an extra layer of security by requiring additional verification
- It increases the risk of phishing attacks
- It only works for email security
Multi-factor authentication (MFA) adds an extra layer of security by requiring additional verification, helping prevent credential harvesting attacks.
14. How do attackers use malware in credential harvesting?
- By planting physical traps
- By creating fake social media profiles
- By recording keystrokes or stealing stored credentials
- By organizing password parties
Attackers use malware in credential harvesting by recording keystrokes or stealing stored credentials on infected devices.
- By sharing the messages on social media
- Ignoring the messages
- Forwarding the messages to relevant authorities or service providers
- Deleting the messages without any action
Users can report potential credential harvesting attempts by forwarding the messages to relevant authorities or service providers.
16. What is the significance of educating users about credential harvesting attacks?
- It helps users become professional hackers
- It creates awareness and reduces the likelihood of falling victim to credential harvesting attacks
- It increases the risk of phishing attacks
- It is not necessary as credential harvesting attacks are not real threats
Educating users about credential harvesting attacks creates awareness and reduces the likelihood of falling victim to such deceptive tactics.
17. What is the primary danger of using easily guessable passwords?
- Enhanced security
- Increased efficiency
- Vulnerability to credential harvesting attacks
- Improved user experience
The primary danger of using easily guessable passwords is vulnerability to credential harvesting attacks.
18. How do attackers use compromised accounts for further credential harvesting?
- By organizing social events
- By sending complimentary emails to friends
- By accessing stored passwords on the compromised accounts
- By promoting cybersecurity awareness
Attackers use compromised accounts for further credential harvesting by accessing stored passwords on those accounts.
19. What is a common method attackers use to distribute phishing emails for credential harvesting?
- Sending postcards
- Creating fake social media profiles
- Organizing password parties
- Mass email campaigns
Attackers commonly use mass email campaigns to distribute phishing emails for credential harvesting.
20. How can users enhance their security against credential harvesting attacks?
- Ignoring all emails and messages
- Using easily guessable passwords
- Implementing multi-factor authentication (MFA)
- Responding to all email requests
Users can enhance their security against credential harvesting attacks by implementing multi-factor authentication (MFA).