security+ 1
Which of the following ensures that only authorized parties can view protected information? a. Integrity b. Authorization c. Confidentiality d. Availability
c. Confidentiality
Which of the following is not used to describe those who attack computer systems? a. Threat actor b. Hacker c. Malicious agent d. Attacker
c. Malicious agent
Which of the following groups have the lowest level of technical knowledge? a. State actors b. Insiders c. Script kiddies d. Hactivists
c. Script kiddies
Which of the following are the phases in Open Source Intelligence (OSINT)? [Choose all that apply] Data Processing Data Harvesting Data Analysis Source Identification Result Delivery
ALL
Which of the following type of attacker keeps exfiltrating the data quietly, without being detected? Script kiddies Advanced Persistent Threat (APT) Criminal syndicates Hacktivists Insider threats
Advanced Persistent Threat (APT)
Which of the following describes state actors using advanced tools to infect a system to silently and slowly extract data? System integration Social engineering Advanced persistent threat (APT) Outsourced code
Advanced persistent threat (APT)
You received a call from a person who was pretending to be from a law firm. The caller wanted to know some confidential information about your organization. Which of the following social engineering method was the person using? Authority Scarcity Intimidation Urgency
Authority
Which of the following attack uses CDs, DVDs, or USB drives? Hoax Baiting Tailgaiting Shoulder Surfing
Baiting
Which type of hackers break into systems for personal or financial gain? Black Hat Grey Hat Blue Hat White Hat
Black Hat
Unsecure protocols are classified as which type of vulnerability? Platform vulnerability Patching vulnerability Third-party vulnerability Configuration vulnerability
Configuration vulnerability
Recently, a computerized electrical power supply unit failed due to a cyberattack. This resulted in a power grid disruption for an entire region of the country. In your study on the attack, how should you categorize the threat actor(s)? Shadow IT Cyberterrorist Grey hat hacker Hacktivist
Cyberterrorist
Which of the following performs hacking for either a political reason or wants to bring in a social change? Criminal syndicates Hacktivists Insider threats Script kiddies
Hacktivists
Which of the following is a social engineering attack that uses social media and other sources to achieve its goal? Dumpster diving Cyberterrorism Hybrid warfare influence campaign Vishing
Hybrid warfare influence campaign
What is it called when a threat actor takes information for the purpose of impersonating someone? Identity theft Data breach Data exfiltration Data loss
Identity theft
MegaCorp is a multinational enterprise. Their customer payment files were recently stolen and sold on the black market. Customers have reported that their credit cards are being charged for fraudulent purchases made in countries where they do not live and have never been. What is the most likely impact on MegaCorp from this attack? Availability loss Identity theft Reputation loss Data loss
Reputation loss
A threat actor employed by the victimized organization is referred to as which of the following? Cyberterrorist Shadow IT Broker Competitor
Shadow IT
Which type of phishing targets specific individuals and companies? Smishing Whaling Waterhole Vishing Spear Phishing
Spear Phishing
Insider threats are generated by the individuals who are either the organization's employees or are closely associated with the organization as a vendor or a third-party. [TRUE/FALSE] TRUE FALSE
TRUE
Over the last few years, an organization has brought up the need to replace old systems. While the organization has made these old systems function with various workarounds, custom middleware applications, and other methods to make up for their shortcomings, it has become increasingly apparent that they need to be replaced soon. Which of the following security concerns does the company face if they continue to use the outdated systems? The age of the systems means they need numerous entry points from the outside, making the platforms' security impossible to configure. The age of the systems means they are accessible from virtually anywhere, making them vulnerable to security breaches from outside actors. The age of the systems means they use insufficient hardware, making it impossible to secure communications between them and more modern devices. The age of the systems means they run on outdated OSs that are no longer supported, making security updates impossible to install.
The age of the systems means they run on outdated OSs that are no longer supported, making security updates impossible to install.
A weakest link vulnerability can be caused by mismanagement of which of the following? Outsourced code development Patching firmware Vendor management Data storage
Vendor management
Which type of phishing is conducted over the Voice over IP (VoIP) lines where the attacker pretends to be a legitimate caller from a bank or a financial institution? Vishing Watering Hole Smishing Whaling
Vishing
Which type of attack does the attacker infect a website that is often visited by the target users? Smishing Vishing Watering hole Phishing
Watering hole
Your company's Accounts Payable department reports that an invoice was marked as paid, but the vendor has shown proof they never received any of the $783,296 payment. Accounts Payable confirms that the amount was deducted from the company's accounts, but the recipient account number does not match the vendor's. After an investigation, you discover that the invoice was paid by the Chief Financial Officer. He says he paid the invoice after receiving an after-hours, past-due invoice from the vendor claiming that they would be filing a civil action in court the next morning. Rather than wait for Accounts Payable to come in the next day and verify the invoice date, the CFO immediately paid the full amount. Which type of social engineering attack was your company most likely the victim of? Hoax Whaling Phishing Credential harvesting
Whaling
Which tool is most commonly associated with state actors? a. Advanced Persistent Threat (APT) b. Closed-Source Resistant and Recurrent Malware (CSRRM) c. Unlimited Harvest and Secure Attack (UHSA) d. Network Spider and Worm Threat (NSAWT)
a. Advanced Persistent Threat (APT)
Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it? a. Integrity b. Confidentiality c. Availability d. Assurance
a. Integrity
Choose which statement is wrong by applying your knowledge from the reading. a. The goal of impersonation is often prepending, which is obtaining private information. b. "I'm the CEO calling" is an example of the psychological principle of authority. c. Spear phishing targets specific users.
a. The goal of impersonation is often prepending, which is obtaining private information.
What is an objective of state-sponsored attackers? a. To spy on citizens b. To sell vulnerabilities to the highest bidder c. To right a perceived wrong d. To amass fortune over of fame
a. To spy on citizens
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? a. Cyberterrorists b. Brokers c. Competitors d. Resource managers
b. Brokers
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose? a. Fortune b. Fame c. Financial gain d. Personal security
b. Fame
Which of the following is not a recognized attack vector? a. Social media b. On-prem c. Email d. Supply chain
b. On-prem
Choose which statement is wrong by applying your knowledge from the reading. a. Brokers sell their knowledge of a weakness to other attackers or a government. b. Script kiddies are responsible for the class of attacks called Advanced Persistent Threats. c. Hacktivists are strongly motivated by ideology.
b. Script kiddies are responsible for the class of attacks called Advanced Persistent Threats.
Which of the following is true regarding the relationship between security and convenience? a. Security and convenience have no relationship. b. Security and convenience are inversely proportional. c. Security and convenience are equal in importance. d. Security is less importance than convenience.
b. Security and convenience are inversely proportional.
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered? a. Security technician b. Security manager c. Security administrator d. Security officer
b. Security manager
Choose which statement is wrong by applying your knowledge from the reading. a. A security manager works on tasks identified by the CISO and resolves issues identified by technicians. b. Since 2015, the number of unfilled cybersecurity positions has increased by 10 percent. c. The relationship between security and convenience is inversely proportional: as security is increased, convenience is decreased.
b. Since 2015, the number of unfilled cybersecurity positions has increased by 10 percent.
What is the term used to describe the connectivity between an organization and a third party? a. Platform support b. System integration c. Network layering d. Resource migration
b. System integration
How do vendors decide which should be the default settings on a system? a. The default settings are always mandated by industry standards. b. Those settings that provide the means by which the user can immediately begin to use the product. c. Those that are the most secure are always the default settings. d. There is no reason behind why specific default settings are chosen.
b. Those settings that provide the means by which the user can immediately begin to use the product.
Which of the following is not true regarding security? a. Security is a process. b. Security is a goal. c. Security is a war that must be won at all costs. d. Security includes the necessary steps to protect from harm.
c. Security is a war that must be won at all costs.
Which of the following groups use Advanced Persistent Threats? a. Shadow IT b. Criminal syndicates c. State actors d. Brokers
c. State actors
Which of the following is false about the CompTIA Security+ certification? a. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification. b. Security+ is one of the most widely acclaimed security certifications. c. The Security+ certification is a vendor-neutral credential. d. Security+ is internationally recognized as validating a foundation level of security skills and knowledge.
c. The Security+ certification is a vendor-neutral credential.
Which of the following is not a reason why a legacy platform has not been updated? a. Neglect b. Limited hardware capacity c. An application only operates on a specific OS version d. No compelling reason for any updates
d. No compelling reason for any updates
Which of the following is not an issue with patching? a. Few patches exist for application software b. Delays in patching OSs c. Difficulty patching firmware d. Patches address zero-day vulnerabilities
d. Patches address zero-day vulnerabilities
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? a. Black hat hackers b. Gray hat hackers c. Red hat hackers d. White hat hackers
d. White hat hackers
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. a. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources b. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network c. through a long-term process that results in ultimate security d. through products, people, and procedures on the devices that store, manipulate, and transmit the information
d. through products, people, and procedures on the devices that store, manipulate, and transmit the information