Module 1 Review Questions
Which of the following groups have the lowest level of technical knowledge? 1. Script Kiddies 2. Hacktivists 3. State actors 4. Insiders
Answer: 1. Script Kiddies
Which of the following is true regarding the relationship between security and convenience? 1. Security and convenience are inversely proportional. 2. Security and convenience have no relationship. 3. Security is less important than convenience. 4. Security and convenience are equal in importance.
Answer: 1. Security and convenience are inversely proportional.
What is the term used to describe the connectivity between an organization and a third party? 1. System Integration 2. Platform support 3. Resource migration 4. Network layering
Answer: 1. System Integration
Which tool is most commonly associated with nation state threat actors? 1. Closed-Source Resistant and Recurrent Malware (CSRRM) 2. Advanced Persistent Threat (APT) 3. Unlimited Harvest and Secure Attack (UHSA) 4. Network Spider and Worm Threat (NSAWT)
Answer: 2. Advanced Persistent Threat (APT)
Which of the following ensures that only authorized parties can view protected information? 1. Authorization 2. Confidentiality 3. Availability 4. Integrity
Answer: 2. Confidentiality
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks were mainly for what purpose? 1. Fortune 2. Fame 3. Financial gain 4. Personal Security
Answer: 2. Fame
Which of the following of the CIA Triad ensures that information is correct, and no unauthorized person has altered it? 1. Confidentiality 2. Integrity 3. Availability 4. Assurance
Answer: 2. Integrity
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? 1. Black hat hackers 2. White hat hackers 3. Gray hat hackers 4. Red hat hackers
Answer: 2. White hat hackers
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? 1. Cyberterrorists 2. Competitors 3. Brokers 4. Resource managers
Answer: 3. Brokers
Which of the following is not used to describe those who attack computer systems? 1. Threat Actor 2. Hacker 3. Malicious agent 4. Attacker
Answer: 3. Malicious agent
Which of the following is not a recognized attack vector? 1. Supply chain 2. Social media 3. On-perm 4. Email
Answer: 3. On-perm
How do vendors decide which should be the default settings on a system? 1. Those that are the most secure are always the default settings 2. There is no reason specific default settings are chosen 3. Those settings that provide the means by which that user can immediately begin to use the product 4. The default settings are always mandated by industry standards.
Answer: 3. Those settings that provide the means by which that user can immediately begin to use the product
What is the objective of state-sponsored attackers? 1. To right a perceived wrong 2. To amass a fortune over fame 3. To spy on citizens 4. To sell vulnerabilities to the highest bidder.
Answer: 3. To spy on citizens
Which of the following is not a reason a legacy platform has not been updated? 1. Limited hardware capacity 2. An application only operates on a specific OS version 3. Neglect 4. No compelling reason for any updates
Answer: 4. No compelling reason for any updates
Which of the following is not an issue with patching? 1. Difficulty patching firmware 2. Few patches exist for application software 3. Delays in patching OSs 4. Patches address Zero-day vulnerabilities.
Answer: 4. Patches address Zero-day vulnerabilities.
Which of the following is false about the CompTIA Security+ certification? 1. Security+ is one of the most widely acclaimed security certifications. 2. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. 3. The Security+ certification is a vendor-neutral credential. 4. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
Answer: 4. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
Which of the following is NOT true regarding security? 1. Security is a goal 2. Security includes the necessary steps to protect from harm 3. Security is a process 4. Security is a war that must be won at all costs
Answer: 4. Security is a war that must be won at all costs
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and supervise a group of security technicians. Which of these generally recognized security positions has she been offered? 1. Security administrator 2. Security Technician 3. Security officer 4. Security manager
Answer: 4. Security manager
Which of the following groups use advanced persistent threats? 1. Brokers 2. Criminal syndicates 3. Shadow IT 4. State actors
Answer: 4. State actors
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. 1. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network. 2. through a long-term process that results in ultimate security. 3. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources. 4. through products, people, and procedures on the devices that store, manipulate, and transmit information.
Answer: 4. through products, people, and procedures on the devices that store, manipulate, and transmit information.
