Module 1 Quiz
Serafina is studying to take the Security+ certification exam. Which of the following of the CIA elements ensures that only authorized parties can view protected information? a. confidentiality b. integrity c. availability d. credentiality
A
What is another name for "attack surface"? a. vulnerability exposure b. threat vector c. legacy platform d. attack floor
B
Ginevra is explaining to her roommate the relationship between security and convenience. Which statement most accurately indicates this relationship? a. Security and convenience are directly proportional. b. Security and convenience have no relationship. c. Any proportions between security and convenience depends on the type of attack. d. Security and convenience are inversely proportional.
D
What is the primary motivation of hacktivists? a. disruption/chaos b. financial gain c. data exfiltration d. war
A
Which of the following controls is NOT implemented before an attack occurs? a. detective control b. deterrent control c. preventive control d. directive control
A
Which of the following groups have the lowest level of technical knowledge for carrying out cyberattacks? a. unskilled attackers b. hacktivists c. nation-state actors d. organized crime
A
Which specific type of control is intended to mitigate (lessen) damage caused by an attack? a. corrective control b. compensating control c. preventive control d. restrictive control
A
Flavia is reading about insider threats. Which of the following is NOT true about insider threats? a. Attacks from an insider threat are hard to recognize. b. Insider threats are usually dismissed as not being a serious risk. c. Insider threats often occur because the enterprise is watching for outsiders. d. Government insiders have stolen large volumes of sensitive information.
B
Vittoria is working on her computer information systems degree at a local college and has started researching information security positions. Because she has no prior experience, which of the following positions would Vittoria most likely be offered? a. security administrator b. security technician c. security officer d. security manager
B
Which of the following AAA elements is applied immediately after a user has logged into a computer with their username and password? a. authentication b. authorization c. identification d. recording
B
Which of the following is NOT true about supply chains? a. A supply chain is a network that moves a product from its creation to the end-user. b. Vendors are the first step in a supply chain. c. Each link in a supply chain can be a potential attack surface. d. Hardware providers and software providers are types of supply chains.
B
Which of the following is not considered an attribute of threat actors? a. level of sophistication/capability b. educated/uneducated c. resources/funding d. internal/external
B
Which tool is most commonly associated with nation-state actors? a. Closed-Source Resistant and Recurrent Malware (CSRRM) b. Advanced Persistent Threat (APT) c. Unlimited Harvest and Secure Attack (UHSA) d. Network Spider and Worm Threat (NSAWT)
B
Gia has been asked to enhance the security awareness training workshop for new hires. Which category of security control would Gia be using? a. managerial b. technical c. operational d. physical
C
Ilaria is explaining to her parents why information security is the preferred term when talking about security in the enterprise. Which of the following would Ilaria NOT say? a. Cybersecurity usually involves a range of practices, processes, and technologies intended to protect devices, networks, and programs that process and store data in an electronic form. b. In a business information may be in any format, from electronic files to paper documents. c. Cybersecurity is a subset of information security. d. Information security protects "processed data" or information.
C
What is considered the motivation of an employee who practices shadow IT? a. deception b. ignorance c. ethical d. malicious
C
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network b. through a long-term process that results in ultimate security c. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources d. through products, people, and procedures on the devices that store, manipulate, and transmit the information
D
Which control is designed to ensure that a particular outcome is achieved by providing incentives? a. deterrent control b. incentive control c. detective control d. directive control
D
Which of the following is NOT a message-based attack surface? a. voice calls b. instant messages c. texts d. network protocols
D
Which of the following is false about the CompTIA Security+ certification? a. Security+ is one of the most widely acclaimed security certifications. b. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. c. The Security+ certification is a vendor-neutral credential. d. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
D
