CompTIA Module 1-4 Review Questions
What is the difference between a Trojan and a RAT?
A RAT gives the attacker unauthorized remote access to the victim's computer.
Which of the following is technology that imitates human abilities?
AI
What are the two limitations of private information sharing centers?
Access to data and participation
What is another name for footprinting?
Active reconnaissance?
Which of the following is NOT a characteristic of a penetration test?
Automated
Which of the following is NOT a characteristic of malware?
Diffusion
Which of the following is NOT a means by which a bot communicates with a C&C device?
An IOC occurs when what metric exceeds its normal bounds?
KRI
Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet?
LOLBins
Which of the following is NOT an advantage of crowdsourced penetration testing?
Less expensive
Which of the following is not a reason a legacy platform has not been updated?
No compelling reason for any updates
Which of the following is not a recognized attack vector?
On-prem
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Planning
What are the two concerns about using public information sharing centers?
Privacy and speed
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red Team
What term refers to changing the design of existing code?
Refactoring
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
Regulations
Which is the final rule of engagement that would be conducted in a pen test?
Reporting
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
Which of the following is NOT an important OS security configuration?
Restricting patch management
Which of the following can automate an incident response?
SOAR
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute?
SSAE SOC 2 Type II
Which of the following manipulates the trusting relationship between web servers?
SSRF
Which of the following groups have the lowest level of technical knowledge?
Script kiddies
Which of the following is true regarding the relationship between security and convenience?
Security and convenience are inversely proportional.
Which of the following is not true regarding security?
Security is a war that must be won at all costs.
Which of the following is false about the CompTIA Security+ certification?
Security+ is one of the most widely acclaimed security certifications.
Which of these would NOT be considered the result of a logic bomb?
Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
Which statement regarding a keylogger is NOT true?
Software keyloggers are generally easy to detect.
Which stage conducts a test that will verify the code functions as intended?
Staging stage
Which of the following groups use advanced persistent threats?
State actors
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?
White hat hackers
Which of these is a list of preapproved applications?
Whitelist
Which of the following is known as a network virus?
Worm
Which of the following attacks is based on a website accepting user input without sanitizing it?
XSS
Which tool is most commonly associated with state actors?
advanced persistent threat (APT)
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and supervise a group of security technicians. Which of these generally recognized security positions has she been offered? a) Security administrator b) Security technician c) Security officer d) Security manager
d) Security manager
Complete this definition of information security:
through products, people, and procedures on the devices that store, manipulate, and transmit the information.
Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into the team's technology security. What technology will Oskar recommend?
Automated Indicator Sharing (AIS)
Which of the following ensures that only authorized parties can view protected information?
Availability
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Black box
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer?
Blocking ransomware
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
Brokers
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
Which group is responsible for the Cloud Controls Matrix?
CSA
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
CSRF
Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation?
Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports that he was unable to find anything because looking for information on the dark web is different from using the regular web. Which of the following is FALSE about looking for information on the dark web?
Dark web search engines are identical to regular search engines.
What type of analysis is heuristic monitoring based on?
Dynamic analysis
Which of the following attacks targets the external software component that is a repository of both code and data?
Dynamic-link library (DLL) injection attack
What word is the currently accepted term to refer to network-connected hardware devices?
Endpoint
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks were mainly for what purpose?
Fame
Which type of malware relies on LOLBins?
Fileless virus
Which of the following tries to detect and stop an attack?
HIPS
Which ISO contains controls for managing and controlling risk?
ISO 31000
Which of the following is NOT something that a SIEM can perform?
Incident response
Which of the following of the CIA Triad ensures that information is correct, and no unauthorized person has altered it?
Integrity
Which of the following is FALSE about a quarantine process?
It holds a suspicious application until the user gives approval.
What is the advantage of a secure cookie?
It is sent to the server over HTTPS.
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
What does Windows 10 Tamper Protection do?
Limits access to the registry.
Which of the following is not used to describe those who attack computer systems?
Malicious agent
Which boot security mode sends information on the boot process to a remote server?
Measured Boot
Which of the following is a standard for the handling of customer card information?
PCI DSS
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this?
PUP
Which of the following is not an issue with patching?
Patches address zero-day vulnerabilities
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
Which of the following is NOT an improvement of UEFI over BIOS?
Support of USB 3.0
What is the term used to describe the connectivity between an organization and a third party?
System integration
Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS?
TAXII
Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information?
TLP
Which of the following is NOT a limitation of a threat map?
They can be difficult to visualize.
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?
They would have to stay overnight to perform the test.
How do vendors decide which should be the default settings on a system?
Those settings that provide the means by which the user can immediately begin to use the product.
Which premise is the foundation of threat hunting?
Threat actors have already infiltrated our network.
What race condition can result in a NULL pointer/object dereference?
Time of check/time of use race condition
What is an objective of state-sponsored attackers?
To spy on citizens
Which of the following is not a general information source that can provide valuable in-depth information on cybersecurity?
Which of the following is NOT an advantage of an automated patch update service?
Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
Which model uses a sequential design process?
Waterfall model
