Free CompTIA Security+ Practice Chapter8

Ref:📕CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 8

1 / 141

What does a vulnerability scanner detect with relation to weak configurations?

A. Open ports and services

B. Default accounts and passwords

C. Unpatched systems

D. All of the above

2 / 141

Which of the following is an example of a vulnerability due to lack of organizational policies?

A. An operating system not updated with the latest patches

B. A user installed a wireless router using the default configurations

C. Job rotation, mandatory vacations, and least privilege policies aren’t implemented within an organization

D. Lack of up to date antivirus and anti-malware definitions

3 / 141

What does the SOC 2 Type I report cover in an organization?

A. Operational effectiveness of security controls over a range of dates

B. Design effectiveness of security controls on a specific date

C. Compliance with ISO 27001

D. Best practices for information security management

4 / 141

What does ARO stand for in quantitative risk assessment, and what does it signify?

A. Annual ratio of occurrence, It indicates the numerical ratio of the loss occurring.

B. Annual rate of occurrence, It indicates how many times the loss will occur as a ratio.

C. Annual rate of occurrence, It indicates how many times the loss will occur in a year.

D. Asset replacement occurrence, It indicates when the asset should be replaced yearly.

5 / 141

What could potentially happen if a system lacks malware protection or updated definitions?

A. The system becomes more vulnerable to fraud and collusion from employees.

B. The system may be more vulnerable to attacks due to default configurations.

C. The system could be more vulnerable to malware attacks.

D. The system becomes more susceptible to network and Internet-based attacks.

6 / 141

What does it mean when a system is not ’hardened’?

A. The system is made of tough material

B. The system is updated with the latest patches

C. The system is left with default hardware and software configurations

D. The system is protected with a firewall

7 / 141

What is the main differentiation between passive and active reconnaissance based on the given passage?

A. Passive reconnaissance uses open source intelligence while active doesn’t

B. Active reconnaissance methods involve engaging targets

C. Passive reconnaissance includes sending information to targets and analyzing the responses

D. Active reconnaissance uses the Whois lookup site

8 / 141

What is one primary use of the Metasploit Framework?

A. It is used to identify web browser vulnerabilities.

B. It is used to store information about security vulnerabilities and execute exploits.

C. It is a tool for web application developers to ensure their applications are not vulnerable.

D. It is a tool that runs on Windows systems to detect attacks.

9 / 141

What does the process of ’Pivoting’ refer to in the context of a penetration test?

A. Using an exploited system to shut down other systems

B. Using an exploited system to spread viruses to other systems

C. Using an exploited system to target other systems and gather information

D. Using an exploited system to erase information from other systems

10 / 141

What is the main difference between vulnerability scanners and penetration tests?

A. Vulnerability scanners exploit weak points in the system while penetration tests identify them.

B. Vulnerability scanners check for weaknesses in the system while penetration tests attempt to exploit them.

C. Vulnerability scanners repair weak points in the system while penetration tests bypass them.

D. Vulnerability scanners and penetration tests perform the same tasks.

11 / 141

What is the purpose of threat intelligence fusion in the process of threat hunting?

A. To forecast the financial costs of a potential cyber attack

B. To combine all relevant data to understand likely threats and risks

C. To prevent attackers from accessing any part of the network

D. To ensure that all automated tools are functioning properly

12 / 141

What are the seven steps in the Risk Management Framework (RMF) according to NIST SP 800-37?

A. Analyze, Prepare, Identify, Adjust, Implement, Assess, Monitor

B. Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor

C. Identify, Protect, Protect, Detect, Respond, Recover, Monitor

D. Prepare, Authorize, Categorize, Adjust, Implement, Assess, Monitor

13 / 141

What is the difference between offline and online password crackers?

A. Offline password crackers analyze a database or file containing passwords while online password crackers guess passwords in a brute force attack

B. Offline password crackers use weak hashing methods while online password crackers use strong hashing methods

C. Offline password crackers perform a vulnerability assessment while online password crackers analyze network traffic

D. Offline password crackers analyze MD5 hashes while online password crackers analyze other types of encryption

14 / 141

Which of the following is NOT considered a risk type based on the given text?

A. User error

B. External

C. IP theft

D. Multiparty

15 / 141

Which of the following accurately describes Threat Hunting?

A. The process of relying on automated tools to report threats

B. Passively waiting for IDS alerts for threat identification

C. Actively looking for threats within a network before an automated tool detects the threat

D. A practice of ignoring historical data for threat identification

16 / 141

What is the significance of open ports and services in the context of system vulnerabilities?

A. Open ports and services do not contribute to system vulnerabilities.

B. Open ports may signal a vulnerability if the services associated with these ports aren’t actively managed.

C. Open ports and services are only significant in the context of application vulnerabilities.

D. Open ports and services are usually secure and rarely signal any sort of vulnerability.

17 / 141

What is the Common Vulnerability Scoring System (CVSS)?

A. It is a database of antivirus software

B. It is a proprietary signature file

C. It is a system that assigns severity scores to vulnerabilities

D. It is a list of common misconfigurations

18 / 141

What is the main functionality of the Sn1per tool during the network reconnaissance and discovery phase?

A. It sends ICMP pings to a range of IP addresses in a network

B. It performs vulnerability assessments, listing all discovered vulnerabilities and gathering detailed information on targets

C. It transfers and retrieves data to and from servers

D. It enumerates DNS records for domains

19 / 141

Which risk management strategy involves transferring the risk to an entity?

A. Mitigation

B. Risk awareness

C. Transference

D. Acceptance

20 / 141

What is a reference architecture in cybersecurity?

A. A document which lists all the software projects

B. A document or set of documents providing standards

C. A method used in complex projects

D. A type of reusable module

21 / 141

What are some examples of unsecure protocols mentioned in the text?

A. SSH and IPSec

B. Telnet and SSL

C. DNS and SNMP

D. ICMP and HTTP

22 / 141

What does the term ’Control risk’ refer to in the context of risk management?

A. The acceptance of risk that remains after managing or mitigating risk to an acceptable level

B. The risk that exists before controls are in place to manage the risk

C. The amount of risk an organization is willing to accept

D. The risk that exists if in-place controls do not adequately manage risks

23 / 141

What is one of the primary benefits of bug bounty programs for companies?

A. Companies pay researchers for their time always, regardless of findings.

B. Companies can work exclusively with one researcher.

C. Companies pay researchers only when they discover bugs or vulnerabilities.

D. All Bug bounty programs are open to the public.

24 / 141

What is the definition of a false positive in vulnerability scanning?

A. A false positive is when a vulnerability exists, but the scanner doesn’t detect it and doesn’t report the vulnerability.

B. A false positive is when a vulnerability scanner incorrectly reports that a vulnerability exists, but the vulnerability does not exist on the scanned system.

C. A true positive indicates that the vulnerability scanner correctly identified a vulnerability.

D. A true negative indicates that a system doesn’t have a vulnerability, and the vulnerability scanner did not report the vulnerability.

25 / 141

Which standard provides organizations with best practices guidance in complement to ISO 27001?

A. ISO 27002

B. ISO 27701

C. ISO 31000

D. SOC 2 Type I

26 / 141

What is the main difference between NetFlow and sFlow protocols?

A. NetFlow uses templates and sFlow doesn’t.

B. sFlow is a sampling protocol while NetFlow captures all data.

C. NetFlow captures payload data while sFlow doesn’t.

D. sFlow was created by Cisco while NetFlow is an IETF standard.

27 / 141

What is the best way to define risk in the context of cybersecurity?

A. It is the damage caused by a threat exploiting a vulnerability

B. It is a weakness in a system that can be exploited by a threat

C. It is the likelihood of a threat exploiting a vulnerability

D. It is the act of mitigating threats and vulnerabilities

28 / 141

Why are open permissions considered a potential vulnerability on systems?

A. Open permissions allow anyone who finds certain files to have access to them

B. Open permissions allow for strong password creation

C. Open permissions ensure all systems are patched

D. Open permissions ensure usage of secure protocols

29 / 141

What is the main function of the Dnsenum command in network reconnaissance?

A. It is used to transfer and retrieve data to and from servers

B. It lists the DNS servers holding the records and identifies the mail servers

C. It is used for banner grabbing, a technique used to gain information about remote systems

D. It identifies all IP addresses active in a network and the operating system running on individual systems

30 / 141

What is one purpose of threat feeds in relation to threat hunting?

A. They provide subscribers with coupons and special offers.

B. They list the most recent cybersecurity related job postings.

C. They provide subscribers with up-to-date information on current threats, including specific indicators of compromise.

D. They send personalized threat alerts tailored to each subscriber’s device.

31 / 141

What is the risk associated with ’Software compliance/licensing’ in an organization?

A. The risk of software being outdated and not supported by the vendor

B. The risk of unauthorized use of purchased software licenses leading to a financial loss

C. The risk of intellectual property theft

D. The risk of Multi-party threats through vendors or third-party services

32 / 141

What does a supply chain include according to the given text?

A. Only the supply of raw materials

B. The processes required to manufacture and distribute a product

C. The method to sell the product only

D. Only the third-party suppliers

33 / 141

What happens if root accounts, such as the Administrator account on Windows systems or the Root account on Linux systems, are not protected with strong passwords?

A. Attackers are unable to access these accounts and exploit the systems.

B. Attackers may be able to access these accounts and exploit the systems.

C. The vulnerability scanners cannot function effectively.

D. The systems can automatically generate strong passwords.

34 / 141

What does the Common Vulnerability Scoring System (CVSS) do?

A. It explicitly details the steps for mitigating known vulnerabilities

B. It assigns severity scores to vulnerabilities within a range of 0 to 10

C. It finds weak encryption in systems

D. It determines whether antivirus software is up-to-date

35 / 141

What step of the Risk Management Framework (RMF) involves determining the adverse impact to operations and assets if there is a loss of confidentiality, integrity, and availability?

A. Prepare

B. Categorize information systems

C. Select security controls

D. Implement security controls

36 / 141

What is the primary function of Nessus in security testing?

A. It lists DNS servers and their records

B. It remotely accesses Linux Systems

C. It performs vulnerability scans and configuration reviews

D. It sends pings using TCP, UDP or ICMP

37 / 141

Which techniques are often used by penetration testers to gain more privileges in a system?

A. Exploiting vulnerabilities within the network

B. Sending malicious links to the system’s users

C. Using Advanced Persistent Threats

D. Disabling the firewall

38 / 141

What is the difference between SOC 2 Type I and SOC 2 Type II report in terms of operational effectiveness?

A. Type I report deals with operational effectiveness over a range of dates, while Type II does not.

B. Type II report deals with operational effectiveness over a range of dates, while Type I does not.

C. Both Type I and Type II reports address operational effectiveness over a range of dates.

D. Neither Type I nor Type II reports address operational effectiveness over a range of dates.

39 / 141

What is the main purpose of conducting ’Initial Exploitation’ as part of a penetration testing process?

A. To recognize the architectural landscape of the target.

B. To install patches for known vulnerabilities.

C. To exploit identified vulnerabilities and gain full access to the system.

D. To map out the network for potential vulnerabilities.

40 / 141

Which of the following is NOT typically included in the high-level steps of a vulnerability assessment?

A. Identifying assets and capabilities

B. Prioritizing assets based on value

C. Interviewing personnel

D. Recommending controls to mitigate serious vulnerabilities

41 / 141

What are the four tiers in the Framework implementation component of the NIST Cybersecurity Framework (CSF)?

A. Alpha, Beta, Gamma, Delta

B. Basic, Intermediate, Advanced, Expert

C. Tier 1, Tier 2, Tier 3, Tier 4

D. Partial, Risk Informed, Repeatable, Adaptive

42 / 141

What is a false positive in context of vulnerability scanning?

A. It is when a vulnerability scanner correctly identifies a vulnerability

B. It is when a vulnerability scanner does not detect and report an existing vulnerability

C. It is when a vulnerability scanner incorrectly reports that a vulnerability exists where there is none

D. It is when a scanner does not report a vulnerability on a secure system

43 / 141

What would be the best practice when configuring a Windows system for increased security?

A. Use a general-purpose guide to identify secure settings

B. Use a Linux guide to identify secure settings

C. Use a Windows guide to identify secure settings

D. Use a vendor-specific guide without considering the operating system

44 / 141

What information does the output of a vulnerability scan typically show?

A. A list of hosts that it discovered and scanned, a detailed list of applications running on each host, a list of open ports and services found on each host, a list of vulnerabilities discovered on any of the scanned hosts, and recommendations to resolve any of the discovered vulnerabilities

B. A list of users and administrators on each host, a list of all installed software, and a record of all activities performed on the host

C. A list of all network connections, past and present, and a list of all external devices connected to the host

D. A list of all files and folders on the host, a list of all changes made on the host, and a log of all input commands

45 / 141

What is residual risk in the context of risk management?

A. The risk an organization is willing to accept

B. The risk that exists before controls are in place

C. The risk that remains after managing or mitigating risk to an acceptable level

D. The risk that exists if in-place controls do not adequately manage risks

46 / 141

What does Single loss expectancy (SLE) in a quantitative risk assessment represent?

A. The number of times a loss will occur in a year

B. The expected annual loss

C. The cost of any single loss

D. The expected total cost of all losses in a year

47 / 141

What is the purpose of a risk register in cybersecurity?

A. To list all known risks for a system or an organization.

B. To plot risks onto a graph or chart.

C. To audit the financial status of an organization.

D. To provide a record of project management tasks.

48 / 141

What is the purpose of a protocol analyzer in respect to packet capture and replay?

A. To send files over the network.

B. To analyze and modify packet headers and their payloads.

C. To connect unauthorized switches within the network.

D. To protect cabling.

49 / 141

What is an ARP ping scan used for in network scanning?

A. To check for open ports on a system

B. To identify the operating system of the host

C. To verify the protocol or service running on each host

D. To determine if a host is operational within a certain IP address

50 / 141

What is the purpose of the ’Categorize information systems’ step in the Risk Management Framework (RMF) as described in the NIST SP 800-37?

A. Selection and implementation of suitable security controls.

B. Continuous monitoring of implemented security controls.

C. Identification of the adverse impacts to operations and assets due to a loss of confidentiality, integrity, and availability.

D. Assessment of the chosen security controls and their effectiveness.

51 / 141

What is a reason for not using Secure Sockets Layer (SSL) as per the text?

A. SSL is unsupported by modern systems

B. SSL does not provide data encryption

C. SSL has known weaknesses and is thus deprecated

D. SSL is only used to encrypt HTTPS

52 / 141

What does the ISO 31000 family of standards provide?

A. Guidance on managing and protecting Personally Identifiable Information (PII)

B. Requirements for an information security management system (ISMS)

C. Guidelines that organizations can adopt to manage risk

D. Best practice techniques for information technology security

53 / 141

What is the primary difference between a vulnerability scan and a penetration test?

A. A vulnerability scan is active while a penetration test is passive

B. Vulnerability scans have a strong impact on the system during a test, whereas penetration tests have little to no impact

C. A vulnerability scan tries to exploit vulnerabilities, while a penetration test only identifies weaknesses

D. A vulnerability scan is a passive attempt to identify weaknesses without exploiting any vulnerabilities, while a penetration test actively tries to exploit these vulnerabilities

54 / 141

What is the purpose of Framework profiles as a part of the NIST Cybersecurity Framework?

A. To identify the roles of personnel.

B. To provide a list of outcomes based on an organization’s needs and risk assessments.

C. To implement security controls.

D. To categorize information systems.

55 / 141

What is the primary challenge associated with a qualitative risk assessment?

A. Assigning numbers to the risk probabilities

B. Deciding how to allocate resources effectively

C. Gaining consensus on the probability and impact

D. Working out the monetary values of risks

56 / 141

What process do personnel follow during the ’Select security controls’ step of the RMF as defined by NIST SP 800-37?

A. Personnel prioritize the system for operation.

B. Personnel select and tailor the controls necessary to protect their operations and assets, usually starting with baselines.

C. Personnel determine the adverse impact to operations and assets if there is a loss of confidentiality, integrity, and availability to these operations or assets.

D. A senior management official determines if the system is authorized to operate.

57 / 141

What step does a senior management official authorize information systems in the seven-step process of the Risk Management Framework (RMF)?

A. Select security controls

B. Categorize information systems

C. Assess security controls

D. Authorize information systems

58 / 141

Which network reconnaissance tool uses plug-ins to perform various scans against both Windows and Unix systems and is often used for configuration reviews?

A. Netcat

B. Dnsenum

C. Nessus

D. hping

59 / 141

What is the purpose of the ’Prepare’ step in the Risk Management Framework (RMF) outlined in NIST SP 800-37?

A. To categorize information systems based on the impact they could have on operations and assets.

B. An organization makes the decision to authorize systems to operate based on the outputs of previous steps.

C. The organization identifies key roles for implementing the framework, determines risk tolerance strategies, updates risk assessments, and identifies in-place controls.

D. The organization is required to constantly assess changes in the system and environment through regular risk assessments and analyzing risk responses.

60 / 141

Which of the following correctly explains the function and purpose of the Common Vulnerability Scoring System (CVSS)?

A. It is a dictionary of known vulnerabilities and exposures maintained by MITRE Corporation.

B. It is a system that assesses vulnerabilities and assigns severity scores, aiding security professionals in prioritizing their work.

C. It is a protocol used to detect weak configuration of systems and potential attacks.

D. It is an antivirus software that uses proprietary files to detect malware.

61 / 141

What is the primary advantage of performing a penetration test on test systems rather than the live production systems?

A. It reduces the cost of testing

B. It prevents disruption of actual operations and system instability

C. It ensures that all employees are aware of the test

D. It tests the system in real-world conditions

62 / 141

Which of the following methods that a network scanner uses involves checking for open ports on a system?

A. Arp ping scan

B. Syn stealth scan

C. Port scan

D. OS detection

63 / 141

What is the main purpose of ISO 27002 standard?

A. It provides guidelines on risk management.

B. It outlines a framework for protection of Personally Identifiable Information.

C. It offers best practices guidance to organizations for IT security techniques.

D. It provides information on Information Security Management System (ISMS) requirements.

64 / 141

What is a common technique used by penetration testers and attackers to maintain persistence within a network?

A. Creating a public Wi-Fi hotspot

B. Posting the network credentials on a public forum

C. Creating a backdoor into the network

D. Disabling the firewall

65 / 141

What is the role of senior management in risk management?

A. They are responsible for identifying and mitigating the risks

B. They are not directly involved in risk management

C. They are responsible for residual risk and choosing the level of acceptable risk

D. They are responsible for keeping the antivirus systems up to date

66 / 141

Which of the following best describes the ’Scanless’ tool?

A. Is a scanning utility that uses another website’s IP to perform scans

B. Enumerates DNS records for domains

C. A robust automated scanner used for vulnerability assessments

D. A tool used to transfer data between servers

67 / 141

What is the primary function of the Curl in network reconnaissance and discovery?

A. To block firewalls

B. To transfer and retrieve data to and from servers, such as web servers

C. To perform port scans

D. To enumerate (or list) Domain Name System (DNS) records for domains

68 / 141

What is the role of the Purple team in cybersecurity readiness exercises?

A. To establish the rules of engagement and oversee testing

B. To defend the organization’s network resources

C. To attack systems and exploit vulnerabilities

D. To perform either attack or defense activities

69 / 141

What is the purpose of a configuration compliance scanner in the configuration review process?

A. To identify any viruses or malware on systems

B. To validate that systems have the appropriate and defined configuration

C. To overcome systems’ credentialed access

D. To remove undesired applications from systems

70 / 141

What is the role of the ’Assess security controls’ step in the Risk Management Framework (RMF)?

A. Personnel implement the selected controls

B. Personnel assess the controls to see if they are producing the desired outcome

C. A senior management official determines if the system is authorized to operate

D. Personnel constantly assess changes in the system and environment

71 / 141

What is the purpose of changing many default settings as mentioned in system security?

A. To make applications run faster

B. To make the system more secure from the default configuration

C. To make applications look more appealing

D. To make the system more user-friendly

72 / 141

What are Internal risks in the context of risk categories?

A. Risks that occur when an organization contracts with an external organization for goods or services.

B. Risks from within an organization, including employees and all the hardware and software used within the organization.

C. Risks from outside the organization, includes any threats from external attackers.

D. Risks related to legacy systems and platforms, especially when the vendor doesn’t support them.

73 / 141

What characterizes known environment testing in the context of system and application tests?

A. Testers have no previous knowledge about the environment or system to be tested.

B. Testers have full access to product documentation, source code, and possibly even login details before starting the test.

C. Testers conduct tests with the same knowledge level as an attacker.

D. Testers have only partial knowledge about network documentation, but don’t know the full network layout.

74 / 141

What does the Annual Loss Expectancy (ALE) represent in a quantitative risk assessment?

A. The number of times the loss will occur in a year

B. The total expected cost of all losses in a year

C. The cost of any single loss

D. The cost of implementing a risk control measure

75 / 141

What is the purpose of the final phase of a risk assessment?

A. To test the implemented controls

B. To document the vulnerabilities and the recommended controls

C. To execute the recommended controls

D. To assess the potential damage caused by potential risks

76 / 141

What are the forms of threats discussed in the context of risk management?

A. Accidental human threats only

B. Malicious human threats and Accidental human threats

C. Malicious human threats, Accidental human threats, and Environmental threats

D. Malicious human threats only

77 / 141

What is Open Source Intelligence (OSINT) and where can it be sourced from?

A. Information obtained from restricted databases.

B. Data collected from the internal organization’s networks.

C. Knowledge obtained from the internet, including blogs, reports, media items, and more.

D. Insights derived solely from device logs.

78 / 141

What is the primary purpose of the Common Vulnerability Scoring System (CVSS)?

A. To maintain a list of known malware signatures

B. To assign severity scores to known vulnerabilities

C. To detect open permissions on systems

D. To scan data for Social Security numbers and classify proprietary data

79 / 141

What are the two methods of reconnaissance used by penetration testers?

A. Active and passive reconnaissance

B. Passive and malicious reconnaissance

C. Active and defensive reconnaissance

D. Defensive and malicious reconnaissance

80 / 141

Which of the following correctly describes partially known environment testing?

A. Testers have full knowledge of the environment and access to product documentation, source code, and possibly even logon details.

B. Testers have zero knowledge of the environment and approach the test with the same knowledge as an attacker.

C. Testers have some knowledge of the environment and might have access to some network documentation but not know the full network layout.

D. Testers have detailed knowledge of the environment and application, including access to specialized testing tools.

81 / 141

What is a cybersecurity framework?

A. A software used for detecting cyber threats

B. A structure used to provide a foundation on how to implement security in various systems

C. A hardware for blocking cyber attacks

D. A new type of cyber attack

82 / 141

What is the purpose of the Monitor Security Controls step in the Risk Management Framework?

A. To identify the adverse impact to operations and assets in the event of a loss

B. To select and tailor controls necessary to protect operations and assets

C. To constantly assess changes in the system and environment

D. To authorize the system to operate

83 / 141

What are Adversary tactics, techniques, and procedures (TTPs) as defined by The National Institute of Standards and Technology (NIST)?

A. They refer to the physical elements related to the attacker’s strategy.

B. They refer to an attacker’s technical proficiency and social engineering skills.

C. They refer to an attacker’s method and tools for breaching a firewall.

D. They refer to attackers’ methods when exploiting a target with detailed descriptions of behavior.

84 / 141

What does the term ’mitigation’ refer to in the context of risk management?

A. The acceptance of risk when the cost of the control outweighs a risk

B. The act of outsourcing or contracting a third party to handle the risk

C. The implementation of controls to reduce vulnerabilities or impact

D. The refusal to participate in a risky activity or provide a service

85 / 141

What is a false negative in the context of vulnerability scanning?

A. When a scanner wrongly detects a vulnerability where none exists

B. When a scanner does not detect a vulnerability where one does exists

C. When a scanner accurately identifies a vulnerability

D. When a scanner accurately identifies the lack of a vulnerability

86 / 141

What does the Intellectual Property (IP) theft risk category refer to?

A. Risks arising from outdated systems and platforms which are not supported by the vendor

B. Risks associated with carrying out businesses with third-parties

C. Theft of an organization’s copyrights, patents, trademarks, and trade secrets

D. Risks from within an organization that are generally predictable

87 / 141

Which of the following describes a Multiparty risk?

A. Risk from software not being licensed

B. Risk when an organization contracts with an external organization

C. Risk from internal employees and hardware and software

D. Risk when vendors don’t support their legacy systems and platforms

88 / 141

What is the primary function of the ’Red team’ in a cybersecurity exercise?

A. They defend the organization’s network resources

B. They establish the rules of engagement for a test

C. They attack using known TTPs and exploit vulnerabilities

D. They can either defend or attack based on the situation

89 / 141

What best describes the approach of testers during an unknown environment test in security testing?

A. They have full knowledge of the application or network they are testing.

B. They have some prior knowledge about the environment they are testing.

C. They test the network or application with zero prior knowledge.

D. They test only after obtaining full network documentation.

90 / 141

What is the primary focus of ISO 27701 in regards to cybersecurity?

A. It outlines standard requirements for information security management.

B. It provides a framework for managing and protecting Personally Identifiable Information.

C. It offers guidance to organizations on how to become certified.

D. It provides a family of standards related to risk management.

91 / 141

Which of the following is NOT a risk management strategy employed by organizations?

A. Avoidance

B. Recognition

C. Mitigation

D. Transference

92 / 141

What is the purpose or function of a Syn stealth scan when used by a network scanner?

A. It detects open ports on a system

B. It sends a single SYN packet to each IP address in the scan range, and if a host responds, the scanner acknowledges that a host is operational with that IP address

C. It verifies the protocol or service running on an open port

D. It tries to identify the operating system of the host through TCP/IP fingerprinting

93 / 141

What is the term for the scenario when an organization decides to tolerate the risk because the cost of implementing controls exceeds the risk?

A. Avoidance

B. Mitigation

C. Acceptance

D. Transference

94 / 141

What does the ’likelihood of occurrence’ refer to in a qualitative risk assessment?

A. The probability that a vulnerability will exist

B. The potential harm resulting from a risk

C. The probability that an event will occur, such as a threat exploiting a vulnerability

D. The use of monetary metrics to quantify a risk

95 / 141

What actions are commonly included in a vulnerability scan?

A. Identifying vulnerabilities and misconfigurations

B. Actively attacking the system

C. Identifying lack of security controls and actively testing security controls

D. Identifying vulnerabilities, misconfigurations, passively testing security controls, and identifying lack of security controls

96 / 141

What is a ’True Positive’ as referenced in scanning a system for vulnerabilities?

A. When a vulnerability scanner incorrectly reports that a vulnerability exists, but the vulnerability does not exist on the scanned system.

B. When a vulnerability exists, but the scanner doesn’t detect it and doesn’t report the vulnerability.

C. Indicates that the vulnerability scanner correctly identified a vulnerability.

D. Indicates that a system doesn’t have a vulnerability, and the vulnerability scanner did not report the vulnerability.

97 / 141

What does ’Lateral Movement’ refer to in the context of cyber security?

A. The tactic of an attacker moving physically in a secured location to have a better view of the target.

B. The literal movement of a virus through the digital network over a system.

C. The strategy used by attackers to maneuver throughout a network exploiting multiple systems.

D. The technique used by attackers to move data from one location to another for data exfiltration.

98 / 141

Which team in a cybersecurity exercise is responsible for attacking systems, breaking into defenses, and exploiting vulnerabilities?

A. Blue team

B. Purple team

C. White team

D. Red team

99 / 141

What is one of the vulnerabilities associated with a system’s default configurations?

A. The system becomes less vulnerable to attacks

B. Supports the organization’s policies

C. Default usernames and passwords are less likely to be cracked

D. They are more susceptible to attacks if not hardened by changing default settings

100 / 141

In risk assessment, why is it important to identify the value of an asset?

A. It helps to determine the type of risk assessment to be used

B. It helps to differentiate the organization’s processes

C. It allows an organization to focus on high-value assets and avoid wasting time on low-value ones

D. It is required by law

101 / 141

Which of the following best describes an accidental human threat as mentioned in the context of risk management?

A. Sophisticated advanced persistent threats (APTs) sponsored by a government

B. Users accidentally deleting or corrupting data

C. Long-term power failure that could lead to environmental threats

D. Malware release by malicious human threats

102 / 141

What does vulnerability scanner include to discover weak passwords and verify the strength of the passwords?

A. Password generator

B. Password cracker

C. Password manager

D. Password scorer

103 / 141

Which of the following is a true statement about Nmap based on the passage?

A. Nmap stands for ’Network Map’.

B. Nmap can only be run from a GUI.

C. Nmap is a type of vulnerability scanner.

D. Nmap can identify active hosts, their IP addresses, and the OS on a network.

104 / 141

What is an example of an accidental human threat within a system?

A. An inexperienced script kiddie hacking a system

B. A well-meaning administrator inadvertently causing a system outage

C. A natural disaster such as a flood or hurricane

D. An organized crime group launching a network attack

105 / 141

What different types of methods do penetration testers use during the reconnaissance phase?

A. Only Active reconnaissance

B. Only Passive reconnaissance

C. Both Active and Passive reconnaissance

D. Neither Active nor Passive reconnaissance

106 / 141

Which of the following is NOT typically included in the ’Cleanup’ step of a penetration test?

A. Removing any user accounts created on systems

B. Adding new user accounts on the system

C. Removing any scripts or applications installed on systems

D. Reconfiguring all settings modified by testers

107 / 141

What is the focus of BeEF (Browser Exploitation Framework)?

A. It focuses on identifying web application vulnerabilities.

B. It focuses on developing and testing exploit code.

C. It focuses on identifying web browser vulnerabilities.

D. It focuses on making information known to web application developers about vulnerabilities.

108 / 141

What is a primary use of a protocol analyzer?

A. To amplify the network signal

B. To analyze and modify packet headers and payloads

C. To provide firewall protection

D. To create network virtualization

109 / 141

What is a Risk Register in the context of cybersecurity risk analysis?

A. A risk register is a graph or chart that plots the likelihood of risk occurrence against the impact of a risk.

B. A risk register is a table or log that lists all known risks for a system or an organization.

C. A risk register is a tool used in project management to define project outcomes.

D. A risk register is a document that records all cybersecurity breaches that have occurred in an organization.

110 / 141

What is the purpose of OS detection as used by a network scanner?

A. It sends out a SYN packet to each IP address

B. It checks for open ports on a system

C. It analyzes packets from an IP address to identify the operating system

D. It identifies the protocols or services running by confirming the command responses

111 / 141

What is the primary purpose of the Netcat tool?

A. To automate Nessus scans

B. For remotely accessing Linux systems and gathering information

C. To enumerate Domain Name System (DNS) records for domains

D. To transfer and retrieve data from web servers

112 / 141

What is the primary purpose of ISO 27001 in the context of cybersecurity?

A. It provides guidelines on risk management.

B. It provides information on information security management system (ISMS) requirements.

C. It outlines a framework for managing PII.

D. It provides best practices for information technology security techniques.

113 / 141

What is the primary risk related to legacy systems and platforms?

A. The vendor supports them unconditionally.

B. They are exposed to internal risks.

C. They are exposed to IP theft.

D. If vulnerabilities become known, the vendor doesn’t release patches.

114 / 141

What is the primary function of an exploitation framework?

A. To store information about software development

B. To store information about security vulnerabilities

C. To store information about network architecture

D. To store information about web browser types

115 / 141

In a qualitative risk assessment, how was the risk of a library computer categorized?

A. High probability, high impact

B. Low probability, low impact

C. High probability, low impact

D. Low probability, high impact

116 / 141

What differentiates a service scan from a port scan?

A. A service scan checks if a host is operational by sending SYN packets

B. A service scan evaluates multiple values in systems responses

C. A service scan receives MAC address after sending an ARP packet to all hosts

D. A service scan verifies the protocol or service running on identified open ports

117 / 141

What is considered an ’external’ risk in relation to CompTIA Security+ understanding?

A. Unauthorized use of software licenses within the organization

B. Risks that originate from contracts with external organization for goods or services

C. Threats from external attackers and natural disasters

D. Lack of vendor support for legacy systems and platforms

118 / 141

What does ’True negative’ mean in the context of a vulnerability scanner?

A. A true negative is when a vulnerability scanner correctly reports that a vulnerability exists.

B. A true negative is when a vulnerability scanner incorrectly reports that a vulnerability exists.

C. A true negative is when a vulnerability scanner doesn’t detect a vulnerability and doesn’t report the vulnerability when no vulnerability exists.

D. A true negative is when a scanner doesn’t detect a vulnerability and reports the vulnerability anyway.

119 / 141

What are the five functions of the ’Framework core’ in the NIST Cybersecurity Framework (CSF)?

A. Prepare, Select, Implement, Assess, Monitor

B. Protect, Respond, Recover, Analyze, Authorize

C. Detect, Categorize, Tailor, Monitor, Authorize

D. Identify, Protect, Detect, Respond, Recover

120 / 141

In a qualitative risk assessment, how would experts likely rate the probability and impact of risks associated with a web server selling products on the Internet?

A. High probability, Low impact

B. High probability, High impact

C. Low probability, Low impact

D. Low probability, High impact

121 / 141

How does a credentialed scan differ from a non-credentialed scan in terms of results and impacts on the system?

A. A credentialed scan cannot access a system’s internal workings and leads to higher impact on tested systems

B. A credentialed scan can check security issues at a deeper level, providing more accurate results and fewer false positives

C. Non-credentialed scans are more accurate, producing fewer false positives

D. Both credentialed and non-credentialed scans have the same impact on the system and produce the same level of accuracy

122 / 141

What is the primary role of the white team in cybersecurity readiness exercises?

A. To attack systems and exploit vulnerabilities

B. To defend network resources

C. To establish the rules of engagement for a test and oversee the testing

D. To perform either attack or defense activities

123 / 141

How are intrusive and non-intrusive scan methods comparable to penetration testing and vulnerability scanning?

A. Intrusive methods and penetration tests are similar as they may disrupt system operations, but non-intrusive methods and vulnerability scans are generally safer.

B. Non-intrusive methods are similar to penetration tests while intrusive methods are similar to vulnerability scans.

C. Intrusive methods directly exploit system vulnerabilities while non-intrusive methods and penetration tests do not.

D. All testing methods, intrusive or non-intrusive, have the potential to disrupt system operations.

124 / 141

What type of tool was discussed in this section that is used to capture network traffic?

A. Vulnerability scanner

B. Ping scanner

C. Port scanner

D. Network traffic capturing tool

125 / 141

What is the result of improper or weak patch management?

A. The hardware becomes obsolete

B. The system becomes vulnerable to bugs and flaws in the software, which can be exploited by attackers

C. The system’s firewall gets disabled

D. The system becomes immune to viral attacks

126 / 141

What is the role of the Blue team in cybersecurity exercises?

A. The blue team attacks.

B. The blue team oversees the testing.

C. The blue team defends.

D. Members of the blue team can attack or defend.

127 / 141

What does the term ’Risk awareness’ in the context of risk management represent?

A. The amount of risk an organization is willing to accept.

B. The acknowledgement that risks exist and need to be addressed.

C. The risk existing before controls are in place.

D. The risk remaining after managing or mitigating risk to an acceptable level.

128 / 141

What is the process of footprinting in the context of penetration testing?

A. It is the process of repairing a compromised system after a breach.

B. It serves to measure the environmental impact of a network’s operation.

C. It refers to the process where a penetration tester attempts to learn as much as possible about a network.

D. It refers to the final stage of an attack where the attacker tries to cover their tracks.

129 / 141

What is the stated goal of the w3af (Web Application Attack and Audit Framework)?

A. To find and exploit all software vulnerabilities

B. To find and exploit all web browser vulnerabilities

C. To find and exploit all web application vulnerabilities and make this information known to others

D. To collect data on over 1600 exploits

130 / 141

Which risk management strategy does an organization use when it decides not to provide a service or participate in an activity it deems too risky?

A. Acceptance

B. Transference

C. Mitigation

D. Avoidance

131 / 141

What does the term ’Risk appetite’ refer to in the context of risk management?

A. The amount of risk that an organization can eliminate

B. The acknowledgment that risks exist and must be dealt with

C. The potential risk that exists if in-place controls do not adequately manage risks

D. The amount of risk an organization is willing to accept based on their goals and strategic objectives

132 / 141

What does a Port Scan in network scanning signify?

A. It identifies the operating system of the host

B. It checks for open ports on a system and indicates the underlying protocol of system

C. It sends an HTTPS command to the host

D. It uses ARP packet to resolve IP addresses

133 / 141

What does impact refer to in the context of a qualitative risk assessment?

A. The monetary value associated with a risk event

B. The likelihood of a threat attempting to exploit a vulnerability

C. The magnitude of harm resulting from a risk

D. The resources allocated to protect against risks

134 / 141

Why is obtaining authorization before beginning any vulnerability or penetration testing important?

A. It ensures the tester is aware of the boundaries and engagement rules

B. It helps in updating the tester’s résumé

C. It helps in attacking the organization’s network

D. It helps in causing an outage

135 / 141

What are the three main categories of threats discussed in the section ’Environmental threats’?

A. Network threats, System threats, Malware release

B. Accidental human threats, Malicious human threats, Environmental threats

C. Power Failure, Hurricanes, Landslides

D. Script kiddies, Organized crime group, Government sponsored threats

136 / 141

What does fingerprinting technique in a penetration test typically identify?

A. The IP addresses active on a target network

B. The operating system of a target system

C. The Internet Protocol

D. The organization’s social media platforms

137 / 141

Which among these is not a function of the tcpdump command?

A. It can capture packets like Wireshark.

B. It can be used to analyze packet captures.

C. Switches in command line need to be entered with the proper case.

D. It is used for sending packets over the network.

138 / 141

What is the correct formula for calculating Annual Loss Expectancy (ALE) in a quantitative risk assessment?

A. ALE = SLE x ARO

B. ALE = ARO / SLE

C. ALE = (SLE + ARO) / 2

D. ALE = SLE / ARO

139 / 141

What does a risk matrix do?

A. Lists all known risks for an organization.

B. Documents risk management activities using free-flowing text.

C. Plots risks onto a graph or chart.

D. Identifies potential risks that may impact organization’s goals and objectives.

140 / 141

Which command, as discussed in Chapter 1, can be used to send pings using TCP, UDP, or ICMP and also scan systems for open ports on remote systems?

A. Nmap

B. hping

C. Netcat

D. Dnsenum

141 / 141

What differentiates the three types of testing environments – Unknown, Known, and Partially Known?

A. The amount of time each test takes

B. The knowledge the testers have about the environment

C. The number of testers involved

D. The cost of each testing method

Your score is

Boost Your Skills with Free Anki Flashcards

Click the download button to get the CompTIA Security+ Anki deck.

Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 08: Using Risk Management Tools. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Covers essential techniques for using risk management tools crucial for the CompTIA Exam.

Career Advancement:

Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.

Vulnerability Management:

Master the art of using risk management tools, a key skill in cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

Chapter 08 – Using Risk Management Tools

Boost Your Skills with Free Anki Flashcards

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Career Advancement:

Vulnerability Management:

Free Anki Deck Download

Explore our other free practice tests:

Related Posts

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

The Affordable, Hands-On Cyber Security that gets Results!

JOIN OUR

NEWSLETTER