.png){kind=logo}
CompTIA Security + Guide to Network Security Fundamentals, 7e Mark Ciampa
(Test Bank all Chapter)
- / 4
Name:
Class:
Date:
Mod 01: Introduction to Security
Copyright Cengage Learning. Powered by Cognero. Page 1
- Which type of threat actor would benefit the most from accessing your enterprise's new machine learning
algorithm research and development program?
- Shadow IT
- Brokers
- Criminal syndicates
- Competitors
ANSWER: d
FEEDBACK: a. Incorrect. Shadow IT are employees of the enterprise frustrated with the pace of acquiring new technology.
- Incorrect. Brokers sell their knowledge of a security weakness to other
- Incorrect. Criminal syndicates are threat actors who involve experienced
- Correct. Competitors are threat actors who launch attacks against an
attackers or governments.
online criminals who do not commit crimes themselves but acts as entrepreneurs.
opponent's system to steal classified information like industry research or customer lists.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: CIAM.SEC+.22.1.2 - Identify threat actors and their attributes ACCREDITING STANDARDS: SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources.
TOPICS: Who Are the Threat Actors?
KEYWORDS: Bloom's: Apply
DATE CREATED: 2/17/2021 6:15 PM
DATE MODIFIED: 2/17/2021 6:15 PM
- Which of the following types of platforms is known for its vulnerabilities due to age?
- On-premises platform
- Cloud platform
- Legacy platform
- Online platform
ANSWER: c
FEEDBACK: a. Incorrect. On-premises platforms ("on-prem") are the software and technology located within an enterprise's physical confines, usually consolidated in the company's data center.
- Incorrect. Cloud platforms are a new model gaining widespread use. They are
- Correct. Legacy platforms are no longer in widespread use, often because
- Incorrect. An online platform is one that has its front end and back end online.
a pay-per-use computing model in which customers pay only for the online computing resources they need.
they have been replaced by an updated version of the earlier technology.
POINTS: 1 2 / 4
Name:
Class:
Date:
Mod 01: Introduction to Security
Copyright Cengage Learning. Powered by Cognero. Page 2
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks ACCREDITING STANDARDS: SY0-601.1.6 - Explain the security concerns associated with various types of vulnerabilities.
TOPICS: Vulnerabilities and Attack
KEYWORDS: Bloom's: Remember
DATE CREATED: 2/17/2021 6:15 PM
DATE MODIFIED: 2/17/2021 6:15 PM
- Your enterprise has played fast and loose with customer information for years. While there has been no
significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs.
Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols?
- Hacktivist
- Insider
- State actor
- Script kiddy
ANSWER: a
FEEDBACK: a. Correct. A hacktivist is strongly motivated by ideology for the sake of their principles or beliefs.
- Incorrect. This serious threat to an enterprise comes from its own employees,
- Incorrect. These types of actors are employed by governments for launching
- Incorrect. Script kiddies do their work by downloading freely available
contractors, and business partners, called insiders. They pose an insider threat of manipulating data from the position of a trusted employee.
cyberattacks against their foes.
automated attack software (scripts) and using it to perform malicious acts.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: CIAM.SEC+.22.1.2 - Identify threat actors and their attributes ACCREDITING STANDARDS: SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources.
TOPICS: Who Are the Threat Actors?
KEYWORDS: Bloom's: Apply
DATE CREATED: 2/17/2021 6:15 PM
DATE MODIFIED: 2/17/2021 6:15 PM
- Threat actors focused on financial gain often attack which of the following main target categories?
- Product lists
- Individual users 3 / 4
Name:
Class:
Date:
Mod 01: Introduction to Security
Copyright Cengage Learning. Powered by Cognero. Page 3
- Social media assets
- REST services
ANSWER: b
FEEDBACK: a. Incorrect. Product lists could be used for many things, but they are not a main target of attacks motivated by financial gain.
- Correct. This category focuses on individuals as the victims. Threat actors
- Incorrect. Social media assets are attacked but do not fall into one of the main
- Incorrect. REST services could be a potential sub-level target but are not
steal and use data, credit card numbers, online financial account information, or social security numbers or send millions of spam emails to peddle counterfeit drugs, pirated software, fake watches, and pornography to profit from their victims.
categories.
considered one of the main categories.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: CIAM.SEC+.22.1.2 - Identify threat actors and their attributes ACCREDITING STANDARDS: SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources.
TOPICS: Who Are the Threat Actors?
KEYWORDS: Bloom's: Remember
DATE CREATED: 2/17/2021 6:15 PM
DATE MODIFIED: 2/17/2021 6:15 PM
- Which issue can arise from security updates and patches?
- Difficulty patching firmware
- Difficulty updating settings
- Difficulty resetting passwords
- Difficulty installing databases
ANSWER: a
FEEDBACK: a. Correct. Updating firmware to address a vulnerability can often be difficult and requires specialized steps. Furthermore, some firmware cannot be patched.
- Incorrect. While a potential difficulty in some situations, updating most
- Incorrect. Resetting passwords is not included in updates and patches.
- Incorrect. Installing databases is not a function of security updates.
settings is an easy change in many cases.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks ACCREDITING STANDARDS: SY0-601.1.6 - Explain the security concerns associated with various types of vulnerabilities.
TOPICS: Vulnerabilities and Attacks
- / 4
.png)