SRA 221 module 1

Which of the following ensures that only authorized parties can view protected information? a. Confidentiality b. Authorization c. Integrity d. Availability

a. Confidentiality

Which of the following is true regarding the relationship between security and convenience? a. Security and convenience are inversely proportional. b. Security and convenience have no relationship. c. Security is less importance than convenience. d. Security and convenience are equal in importance.

a. Security and convenience are inversely proportional.

Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? a. White hat hackers b. Gray hat hackers c. Black hat hackers d. Red hat hackers

a. White hat hackers

Which tool is most commonly associated with state actors? a. Network Spider and Worm Threat (NSAWT) b. Advanced Persistent Threat (APT) c. Closed-Source Resistant and Recurrent Malware (CSRRM) d. Unlimited Harvest and Secure Attack (UHSA)

b. Advanced Persistent Threat (APT)

Which of the following is not a reason why a legacy platform has not been updated? a. An application only operates on a specific OS version b. No compelling reason for any updates c. Neglect d. Limited hardware capacity

b. No compelling reason for any updates

Which of the following is not an issue with patching? a. Few patches exist for application software b. Patches address zero-day vulnerabilities c. Difficulty patching firmware d. Delays in patching OSs

b. Patches address zero-day vulnerabilities

Which of the following groups have the lowest level of technical knowledge? a. State actors b. Script kiddies c. Insiders d. Hactivists

b. Script kiddies

What is the term used to describe the connectivity between an organization and a third party? a. Network layering b. System integration c. Platform support d. Resource migration

b. System integration

What is an objective of state-sponsored attackers? a. To amass fortune over of fame b. To spy on citizens c. To sell vulnerabilities to the highest bidder d. To right a perceived wrong

b. To spy on citizens

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network b. through products, people, and procedures on the devices that store, manipulate, and transmit the information c. through a long-term process that results in ultimate security d. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources

b. through products, people, and procedures on the devices that store, manipulate, and transmit the information

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? a. Cyberterrorists b. Competitors c. Brokers d. Resource managers

c. Brokers

Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose? a. Financial gain b. Personal security c. Fame d. Fortune

c. Fame

Which of the following is not used to describe those who attack computer systems? a. Attacker b. Hacker c. Malicious agent d. Threat actor

c. Malicious agent

Which of the following is not a recognized attack vector? a. Social media b. Supply chain c. On-prem d. Email

c. On-prem

Which of the following is false about the CompTIA Security+ certification? a. The Security+ certification is a vendor-neutral credential. b. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. c. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification. d. Security+ is one of the most widely acclaimed security certifications.

c. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.

Which of the following is not true regarding security? a. Security includes the necessary steps to protect from harm. b. Security is a process. c. Security is a war that must be won at all costs. d. Security is a goal.

c. Security is a war that must be won at all costs.

After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered? a. Security technician b. Security administrator c. Security manager d. Security officer

c. Security manager

Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it? a. Confidentiality b. Availability c. Assurance d. Integrity

d. Integrity

Which of the following groups use Advanced Persistent Threats? a. Brokers b. Shadow IT c. Criminal syndicates d. State actors

d. State actors

How do vendors decide which should be the default settings on a system? a. The default settings are always mandated by industry standards. b. There is no reason behind why specific default settings are chosen. c. Those that are the most secure are always the default settings. d. Those settings that provide the means by which the user can immediately begin to use the product.

d. Those settings that provide the means by which the user can immediately begin to use the product.