Exam (elaborations)
Test Bank For CompTIA Security+ Guide to Network Security Fundamentals - 7th - 2022 All Chapters - 9780357424377
Test Bank For CompTIA Security+ Guide to Network Security Fundamentals - 7th - 2022 All Chapters
[Show more]
Connected book
Book Title:
Author(s):
- Edition:
- ISBN:
- Edition:
Content preview
Mod 01: Introduction to Security 1. Which type of threat actor would benefit the most from accessing your enterprise's new machine learning algorithm research and development program? a. Shadow IT b. Brokers c. Criminal syndicates d. Competitors ANSWER: d FEEDBACK: a. Incorrect. Shadow IT are employees of the enterprise frustrated with the pace of acquiring new technology. b. Incorrect. Brokers sell their knowledge of a security weakness to other attackers or governments. c. Incorrect. Criminal syndicates are threat actors who involve experienced online criminals who do not commit crimes themselves but acts as entrepreneurs. d. Correct. Competitors are threat actors who launch attacks against an opponent's system to steal classified information like industry research or customer lists. POINTS: 1 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: CIAM.SEC+.22.1.2 - Identify threat actors and their attributes ACCREDITING STANDARDS: SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources. TOPICS: Who Are the Threat Actors? KEYWORDS: Bloom's: Apply DATE CREATED: 2/16/2022 10:23 PM DATE MODIFIED: 2/16/2022 10:23 PM 2. Which of the following types of platforms is known for its vulnerabilities due to age? a. On-premises platform b. Cloud platform c. Legacy platform d. Online platform ANSWER: c FEEDBACK: a. Incorrect. On-premises platforms ("on-prem") are the software and technology located within an enterprise's physical confines, usually consolidated in the company's data center. b. Incorrect. Cloud platforms are a new model gaining widespread use. They are a pay-per-use computing model in which customers pay only for the online computing resources they need. c. Correct. Legacy platforms are no longer in widespread use, often because they have been replaced by an updated version of the earlier technology. d. Incorrect. An online platform is one that has its front end and back end online. 1 Mod 01: Introduction to Security POINTS: 1 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks ACCREDITING STANDARDS: SY0-601.1.6 - Explain the security concerns associated with various types of vulnerabilities. TOPICS: Vulnerabilities and Attack KEYWORDS: Bloom's: Remember DATE CREATED: 2/16/2022 10:23 PM DATE MODIFIED: 2/16/2022 10:23 PM 3. Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs. Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols? a. Hacktivist b. Insider c. State actor d. Script kiddy ANSWER: a FEEDBACK: a. Correct. A hacktivist is strongly motivated by ideology for the sake of their principles or beliefs. b. Incorrect. This serious threat to an enterprise comes from its own employees, contractors, and business partners, called insiders. They pose an insider threat of manipulating data from the position of a trusted employee. c. Incorrect. These types of actors are employed by governments for launching cyberattacks against their foes. d. Incorrect. Script kiddies do their work by downloading freely available automated attack software (scripts) and using it to perform malicious acts. POINTS: 1 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: CIAM.SEC+.22.1.2 - Identify threat actors and their attributes ACCREDITING STANDARDS: SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources. TOPICS: Who Are the Threat Actors? KEYWORDS: Bloom's: Apply DATE CREATED: 2/16/2022 10:23 PM DATE MODIFIED: 2/16/2022 10:23 PM 4. Threat actors focused on financial gain often attack which of the following main target categories? 2 Mod 01: Introduction to Security a. Product lists b. Individual users c. Social media assets d. REST services ANSWER: b FEEDBACK: a. Incorrect. Product lists could be used for many things, but they are not a main target of attacks motivated by financial gain. b. Correct. This category focuses on individuals as the victims. Threat actors steal and use data, credit card numbers, online financial account information, or social security numbers or send millions of spam emails to peddle counterfeit drugs, pirated software, fake watches, and pornography to profit from their victims. c. Incorrect. Social media assets are attacked but do not fall into one of the main categories. d. Incorrect. REST services could be a potential sub-level target but are not considered one of the main categories. POINTS: 1 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: CIAM.SEC+.22.1.2 - Identify threat actors and their attributes ACCREDITING STANDARDS: SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources. TOPICS: Who Are the Threat Actors? KEYWORDS: Bloom's: Remember DATE CREATED: 2/16/2022 10:23 PM DATE MODIFIED: 2/16/2022 10:23 PM 5. Which issue can arise from security updates and patches? a. Difficulty patching firmware b. Difficulty updating settings c. Difficulty resetting passwords d. Difficulty installing databases ANSWER: a FEEDBACK: a. Correct. Updating firmware to address a vulnerability can often be difficult and requires specialized steps. Furthermore, some firmware cannot be patched. b. Incorrect. While a potential difficulty in some situations, updating most settings is an easy change in many cases. c. Incorrect. Resetting passwords is not included in updates and patches. d. Incorrect. Installing databases is not a function of security updates. POINTS: 1 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks 3The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller GreenTestBank. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $49.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78121 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now