Ethical Hacking Essentials Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Study for the Ethical Hacking Essentials Test. Explore interactive flashcards and multiple-choice questions with hints and explanations. Prepare thoroughly and boost your exam readiness!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

In which attack does an attacker capture authentication tokens and resend them to access a system as a valid user?

  1. Wiretapping

  2. Replay attack

  3. Phishing attack

  4. Denial of Service

The correct answer is: Replay attack

The scenario described in the question refers to a replay attack. In this type of attack, the perpetrator captures authentication tokens, which could include session cookies, access tokens, or any other identifiers that allow access to a system as if they were the legitimate user. Once these tokens are obtained, the attacker can resend or "replay" them to gain unauthorized access to the system without needing to know the user’s actual password or credentials. Replay attacks exploit the lack of proper authentication measures that ensure tokens are used only once or are tied to a specific user session. Effective countermeasures against this type of attack involve the use of time-stamped tokens, nonce values, or cryptographic techniques to ensure that tokens can’t simply be reused. With this understanding, other options such as wiretapping involve intercepting communications but do not specifically focus on reusing authentication tokens like a replay attack does. Phishing attacks typically involve deceiving users into providing their credentials rather than capturing existing tokens. Denial of Service attacks aim to make a system unavailable rather than gaining unauthorized access through token reuse.

More Questions Like This