Chapter 06 – Comparing Threats, Vulnerabilities, and Common Attacks

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 6

1 / 128

What is the classic Nigerian scam (also called a 419 scam) usually about?

2 / 128

What does the term ’consensus’ refer to in the context of cyber threats?

3 / 128

What is the main motivation behind the cyber activities of criminal syndicates?

4 / 128

What security attack tactic involves combining intimidation with urgency and impersonation?

5 / 128

Which of the following is NOT an indicator of a malware attack?

6 / 128

Which of the following is NOT a technique used by fileless malware?

7 / 128

What does closed/proprietary intelligence refer to in the context of cybersecurity?

8 / 128

What are the two common methods by which antivirus software detects viruses?

9 / 128

What is hybrid warfare?

10 / 128

What is the role of the Structured Threat Information eXpression (STIX) in open source intelligence (OSINT)?

11 / 128

What is the impact of Potentially unwanted programs (PUPs) on a user’s computer?

12 / 128

What is the primary function of a beacon in an email phishing attack?

13 / 128

Why are building rapport and likability important in the context of tailgating attacks?

14 / 128

What is a key challenge when implementing spam filters?

15 / 128

According to the passage, how do social engineers try to gain the trust of their victims?

16 / 128

Which of the following is usually a strong indicator of a system being part of a botnet?

17 / 128

Which of the following attacks are most likely to use urgency as a technique?

18 / 128

What is one way to minimize the effectiveness of social engineering attacks?

19 / 128

What is a common use of file/code repositories in the realm of cybersecurity?

20 / 128

What is the primary motivation for criminal syndicates in the context of cyberattacks?

21 / 128

What is the classic method of credential harvesting used by attackers?

22 / 128

What is Predictive analysis in the context of cybersecurity?

23 / 128

Which one of the following statements elucidates the ’upgrade’ phishing technique?

24 / 128

What is the role of a local industry group in the context of cybersecurity?

25 / 128

What is a common method attackers use to spread Trojans?

26 / 128

What do rootkits use to modify system behavior and avoid detection?

27 / 128

Which of the following is NOT an indicator of a malware-infected system based on the provided text?

28 / 128

Which of the following correctly describes the Dark Web?

29 / 128

How soon can an attacker typically begin lateral movement within a network after the initial infection?

30 / 128

What is the primary purpose of dumpster diving in the context of cybersecurity?

31 / 128

What is one possible reason an attacker might purchase a domain name similar to a legitimate one, according to the passage?

32 / 128

What are some common types of Open Source Intelligence (OSINT)?

33 / 128

Which of the following methods is NOT used by fileless viruses?

34 / 128

In the context of social engineering attacks, why is the principle of liking and rapport building effective in shoulder surfing?

35 / 128

What are some common types of open source intelligence (OSINT) utilized by penetration testers or attackers?

36 / 128

What is the Automated Indicator Sharing (AIS) used for?

37 / 128

What is the role of InfraGard in the context of public/private information sharing centers?

38 / 128

What is the purpose of using a spam filter on mail gateways?

39 / 128

Why might encrypted traffic be considered an indicator of a malware attack?

40 / 128

What is the goal of impersonation by social engineers according to the text?

41 / 128

What is the role of a ’Bot herder’ in a botnet?

42 / 128

What is a logic bomb?

43 / 128

What is ’vishing’ in the context of cyber security?

44 / 128

Criminal syndicates and Advanced Persistent Threats (APTs) are both types of organized cyber threat actors, but have different primary motivations. What are the chief motivations of these groups?

45 / 128

What is the purpose of using file integrity monitors in antivirus scanners?

46 / 128

Who sponsors Advanced Persistent Threats (APTs) and what is their characteristic?

47 / 128

Which of the following best describes Indicators of Compromise (IoC)?

48 / 128

Which of the following is NOT a common security control used to protect against malware according to the text?

49 / 128

What is the primary goal of a watering hole attack?

50 / 128

Which of the following is NOT a technique used by fileless malware?

51 / 128

What is the purpose of Trusted Automated eXchange of Indicator Information (TAXII)?

52 / 128

What is an Advanced Persistent Threat (APT) typically understood to be in the context of cyber attacks?

53 / 128

What is a significant challenge when encountering Spam over Internet Messaging (SPIM)?

54 / 128

What is the potential risk associated with opening a malicious attachment associated with invoice scams?

55 / 128

Why is it important to verify information shared in social media groups before acting on it as a cybersecurity personnel?

56 / 128

Which types of attacks can be launched via email according to the provided text?

57 / 128

Which of the following strategies is commonly utilized to mitigate the risk of malware entering the network through network traffic?

58 / 128

What is one way to thwart keyloggers as discussed in the text?

59 / 128

What is a characteristic of fileless malware?

60 / 128

Which of the following is NOT a common security control used to protect against malware?

61 / 128

Which of the following best describes a ’Black Hat’ as discussed in the given text?

62 / 128

What is the primary purpose of a Request for Comments (RFC) published by the Internet Engineering Task Force (IETF)?

63 / 128

What description is accurate regarding the threat actor referred to as a ’script kiddie’?

64 / 128

What does the term ’gaslighting’ mean in the context of information security?

65 / 128

What can be a strong indicator of infection in a network regarding traffic to specific IPs?

66 / 128

What type of cyber attack leverages the authority of legal entities to coerce executives into opening malicious attachments?

67 / 128

Which of the following statements about cybersecurity conferences is true according to the text?

68 / 128

What is the difference between identity theft and identity fraud based on the provided text?

69 / 128

Which of the following is NOT a typical indicator of a malware attack?

70 / 128

What is the importance of academic journals in cybersecurity?

71 / 128

What is the primary function of signature files in antivirus software?

72 / 128

What does data exfiltration refer to in the context of malware attacks?

73 / 128

Which types of attacks are most effective when exploiting authority?

74 / 128

Which of the following is NOT a reported name for an APT sponsored by the Russian government?

75 / 128

Which of the following best describes the main purpose of spyware?

76 / 128

What is the primary purpose of a virus?

77 / 128

What is NOT a common type of Open Source Intelligence (OSINT) as described in the text?

78 / 128

Which of the following best describes pretexting in the context of social engineering?

79 / 128

Which of the following is NOT provided as a source for taking the assistance of cybersecurity personnel during threat research?

80 / 128

Which of the following resources is especially true for finding reliable information on vulnerabilities and patches used to fix them?

81 / 128

What is one of the reasons an attacker might purchase a domain similar to a legitimate one?

82 / 128

Which of the following best describes the term ’Advanced Persistent Threat (APT)’?

83 / 128

What is the technique called that attackers use by sending text messages to trick users into giving up personal information and uses the method of phishing?

84 / 128

Which of the following best describes a ’hacktivist’ as presented in the provided text?

85 / 128

What technique do attackers often use along with malware?

86 / 128

What is the purpose of the Trusted Automated eXchange of Indicator Information (TAXII)?

87 / 128

What is one reason an attacker might buy a domain name similar to a legitimate website, as discussed in the ’Earning ad revenue’ section?

88 / 128

What is a common delivery method for a Remote Access Trojan (RAT)?

89 / 128

What is the technique of vishing as used in cyber security?

90 / 128

Which of the following best describes a zero-day vulnerability based on the provided text?

91 / 128

What defines an Advanced Persistent Threat (APT) in the cyber security context?

92 / 128

What are some effective methods to prevent shoulder surfing as mentioned in the text?

93 / 128

What is the primary purpose of Cuckoo Sandbox?

94 / 128

How do attackers use social media as an attack vector?

95 / 128

What is a characteristic of an advanced persistent threat (APT)?

96 / 128

What is the purpose of ’active listening’ in the context of social engineering?

97 / 128

What is the primary motivation for criminal syndicates in launching cyber attacks?

98 / 128

What is URL hijacking or typo squatting?

99 / 128

What is phishing?

100 / 128

What is a possible malicious intention for an attacker purchasing a domain similar to a legitimate one?

101 / 128

According to the passage, which of the following is not a technique used by social engineers in the elicitation process?

102 / 128

What tactics are considered effective for a person to get others to comply through impersonation?

103 / 128

What is the main purpose of a whaling attack?

104 / 128

Which of the following is used by social engineers during elicitation to encourage a target to speak more ?

105 / 128

What is the main purpose of a backdoor?

106 / 128

What is the main difference between ransomware and cryptomalware?

107 / 128

What is the primary risk associated with Shadow IT?

108 / 128

What is an Advanced Persistent Threat (APT) typically characterized by?

109 / 128

What potential damage could serious virus hoaxes cause?

110 / 128

According to the text, which of the following is NOT a method used by social engineers to gain unauthorized access or information?

111 / 128

What is the purpose of reflective questioning in social engineering?

112 / 128

What is one of the main benefits of Peer-to-Peer (P2P) botnets from the perspective of a cybercriminal?

113 / 128

Which of the following attack vectors is estimated to be the starting point of up to 91 percent of all attacks?

114 / 128

What term best describes the group of threat actors who are usually highly organized, funded by nation-states, and target specific organizations for long periods of time?

115 / 128

What is hybrid warfare and how is it applied in influence campaigns?

116 / 128

What is the primary function of anti-malware software on mail gateways?

117 / 128

How do criminals impersonate your friends through email according to the text?

118 / 128

Which of the following is a viable solution to prevent spear phishing attacks?

119 / 128

What are attack vectors and how do attackers use them?

120 / 128

Why do social engineers often attempt to build rapport with a victim before launching an attack?

121 / 128

What can be expected when you opt out of email services from a legitimate company?

122 / 128

What is the technique called ’Bracketing’ that is used by social engineers?

123 / 128

Which of the following best describes the primary difference between a worm and a virus?

124 / 128

What does heuristic-based detection in antivirus software aim to detect?

125 / 128

What does ’reconnaissance’ refer to within the context of social engineering?

126 / 128

Which are some of the reported names for the APTs sponsored by the Iranian government?

127 / 128

How does the concept of ’Scarcity’ apply to phishing and Trojan attacks?

128 / 128

What is the function of threat maps?

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Anki deck of CompTIA A+ Practice Questions images
Anki Deck image of CompTIA Security+

 

Free CompTIA Security+ Practice:Chapter 6 – Comparing Threats, Vulnerabilities, and Common Attacks

Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 06: Comparing Threats, Vulnerabilities, and Common Attacks. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

  • Skill Enhancement:

Covers essential knowledge of threats, vulnerabilities, and common attacks crucial for the CompTIA Exam.

  • Career Advancement:

Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.

  • Vulnerability Management:

Master the art of identifying and mitigating threats and vulnerabilities, a key skill in cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

 

Explore our other free practice tests:

Share the Post:

Related Posts

RSS  
  • Discover How to Work Remotely and Travel!
    Have you ever dreamed about working from beautiful places like Thailand or Japan, but weren’t sure if it’s possible? I’m here to share my adventures and some tips on how to make working remotely while exploring the world a reality.  Who Am I? My name is Josh, and I’m all about creating helpful content on […]
  • Why Contract Work in IT Can Be a Good Start for Your Career
    Hey buddies! Are you curious about what it’s like to work in IT and cyber security? Well, you’re in luck because today we’re diving into the world of contract work and how it might just be the jumpstart your career needed! Getting Into the World of Contract Work in IT Josh, an expert in IT […]
  • Is Cyber Security a Career That Will Last Forever?
    Hey everyone! Have you ever wondered if choosing a career in cyber security is a good idea for the long haul? Well, let’s dive into this topic with the help of Josh Maor’s insights, and find out why cyber security might just be one of the smartest career choices out there. What Is Cyber Security? […]
IT Course

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

Ready to get started your journey?
Cyber Course

The Affordable, Hands-On Cyber Security that gets Results!

Ready to get started your journey?

JOIN OUR

NEWSLETTER

Sign up for our free newsletters.

by joining 8000+ others in my weekly newsletter 

where you’ll get a dose of my thoughts on self-improvement, career,

and life!