Chapter 1 - Q

Which of the following groups have the lowest level of technical knowledge? a. State actors b. Hactivists c. Script kiddies d. Insiders

c. Script kiddies

Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? a. Red hat hackers b. Black hat hackers c. Gray hat hackers d. White hat hackers

d. White hat hackers

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? a. Competitors b. Brokers c. Cyberterrorists d. Resource managers

b. Brokers

Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose? a. Financial gain b. Fame c. Fortune d. Personal security

b. Fame

Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it? a. Confidentiality b. Integrity c. Assurance d. Availability

b. Integrity

Which of the following is not used to describe those who attack computer systems? a. Threat actor b. Malicious agent c. Hacker d. Attacker

b. Malicious agent

Which of the following ensures that only authorized parties can view protected information? a. Authorization b. Availability c. Confidentiality d. Integrity

c. Confidentiality

Which of the following is not an issue with patching? a. Difficulty patching firmware b. Delays in patching OSs c. Patches address zero-day vulnerabilities d. Few patches exist for application software

c. Patches address zero-day vulnerabilities

Which of the following is true regarding the relationship between security and convenience? a. Security is less importance than convenience. b. Security and convenience have no relationship. c. Security and convenience are inversely proportional. d. Security and convenience are equal in importance.

c. Security and convenience are inversely proportional.

Which of the following groups use Advanced Persistent Threats? a. Criminal syndicates b. Brokers c. Shadow IT d. State actors

d. State actors

How do vendors decide which should be the default settings on a system? a. Those settings that provide the means by which the user can immediately begin to use the product. b. Those that are the most secure are always the default settings. c. There is no reason behind why specific default settings are chosen. d. The default settings are always mandated by industry standards.

a. Those settings that provide the means by which the user can immediately begin to use the product.

What is an objective of state-sponsored attackers? a. To spy on citizens b. To right a perceived wrong c. To amass fortune over of fame d. To sell vulnerabilities to the highest bidder

a. To spy on citizens

Which type of data impact would result if an attacker stole a list of customers for the purpose of selling the list to a competitor? a. Data loss b. Data exfiltration c. Data breach d. Identity theft

b. Data exfiltration

Which of the following is not a reason why a legacy platform has not been updated? a. Limited hardware capacity b. No compelling reason for any updates c. An application only operates on a specific OS version d. Neglect

b. No compelling reason for any updates

Which of the following is not true regarding security? a. Security includes the necessary steps to protect from harm. b. Security is a process. c. Security is a war that must be won at all costs. d. Security is a goal.

c. Security is a war that must be won at all costs.

What is the term used to describe the connectivity between an organization and a third party? a. Resource migration b. Platform support c. System integration d. Network layering

c. System integration

Which of the following is not a recognized attack vector? a. Supply chain b. On-prem c. Email d. Social media

b. On-prem

Which tool is most commonly associated with state actors? a. Closed-Source Resistant and Recurrent Malware (CSRRM) b. Unlimited Harvest and Secure Attack (UHSA) c. Advanced Persistent Threat (APT) d. Network Spider and Worm Threat (NSAWT)

c. Advanced Persistent Threat (APT)

Which of the following is false about the CompTIA Security+ certification? a. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification. b. The Security+ certification is a vendor-neutral credential. c. Security+ is one of the most widely acclaimed security certifications. d. Security+ is internationally recognized as validating a foundation level of security skills and knowledge.

a. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.

After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered? a. Security technician b. Security officer c. Security administrator d. Security manager

d. Security manager

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network b. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources c. through a long-term process that results in ultimate security d. through products, people, and procedures on the devices that store, manipulate, and transmit the information

d. through products, people, and procedures on the devices that store, manipulate, and transmit the information