Comp TIA Security Plus 701

Question 1

Nation States / APT

Answer 1

Definition: Highly skilled hackers targeting systems for espionage, data theft, or sabotage.
Example: Cyber espionage against a defense contractor.

Question 2

Script Kiddies

Answer 2

Definition: Unskilled hackers using ready-made tools for unauthorized access.
Example: Running a downloaded tool to deface a website.

Question 3

Hacktivists

Answer 3

Definition: Hackers driven by ideological motives, such as political protests.
Example: DDoS attacks on government sites during a political protest.

Question 4

Organized Crime

Answer 4

Definition: Hackers seeking financial gain through deliberate, skilled actions.
Example: Stealing credit card data for resale on the dark web.

Question 5

AAA (Authentication, Authorization, and Accounting)

Answer 5

Definition: Framework for controlling access and tracking user activities.
Example: Logging into a system with credentials and recording login events.

Question 6

ACL (Access Control List)

Answer 6

Definition: A set of rules controlling access to network resources.
Example: Allowing only certain IP addresses to access a server.

Question 7

AES (Advanced Encryption Standard)

Answer 7

Definition: A widely used encryption method for secure data.
Example: Encrypting sensitive corporate files using AES-256.

Question 8

APT (Advanced Persistent Threat)

Answer 8

Definition: A prolonged attack where intruders remain undetected for extended periods.
Example: A cyber espionage group infiltrating a government agency.

Question 9

IPSec (Internet Protocol Security)

Answer 9

Definition: A suite of protocols to secure IP communications via encryption and authentication.
Example: Encrypting a VPN connection using IPSec.

Question 10

TLS (Transport Layer Security)

Answer 10

Definition: A protocol ensuring secure communication over a network.
Example: HTTPS websites using TLS to encrypt traffic.

Question 11

SSH (Secure Shell)

Answer 11

Definition: A protocol for secure remote access to devices.
Example: Admins using SSH to configure servers.

Question 12

DNS (Domain Name System)

Answer 12

Definition: A system that translates human-readable domain names into IP addresses.
Example: www.google.com resolving to an IP address.

Question 13

Social Media Attacks

Answer 13

Definition: Exploiting social media for phishing or malicious activities.
Example: Fake posts with malicious links targeting users.

Question 14

Email Attacks

Answer 14

Definition: Using malicious emails to distribute malware or steal credentials.
Example: Phishing emails impersonating a bank to gather account details.

Question 15

Cloud Vulnerabilities

Answer 15

Definition: Exploiting weaknesses in shared cloud infrastructure.
Example: Breaching a multi-tenant cloud provider to access sensitive data.

Question 16

MFA (Multi-factor Authentication)

Answer 16

Definition: Security requiring two or more authentication factors.
Example: Logging into a system with both a password and a texted code.

Question 17

IDS (Intrusion Detection System)

Answer 17

Definition: A system monitoring network traffic for signs of malicious activity.
Example: Detecting and alerting on unusual login attempts.

Question 18

SIEM (Security Information and Event Management)

Answer 18

Definition: A system analyzing security data from across a network to detect threats.
Example: Aggregating firewall logs for suspicious activity detection.

Question 19

RAID (Redundant Array of Independent Disks)

Answer 19

Definition: A technology for data redundancy and improved performance.
Example: Using RAID-5 to ensure data remains accessible even if one drive fails.

Question 20

RBAC (Role-Based Access Control)

Answer 20

Definition: Permissions are granted based on user roles within an organization.
Example: Giving a database administrator access to manage databases but not HR systems.

Question 21

MAC (Mandatory Access Control)

Answer 21

Definition: Access is enforced by the operating system based on predefined rules.
Example: A classified system where only users with a top-secret clearance can view documents.

Question 22

DAC (Discretionary Access Control)

Answer 22

Definition: Resource owners set access permissions.
Example: A user sharing a private folder with colleagues.

Question 23

OAuth (Open Authorization)

Answer 23

Definition: A protocol for granting third-party access to resources without sharing credentials.
Example: Signing into a web service using your Google or Facebook account.

Question 24

LDAP (Lightweight Directory Access Protocol)

Answer 24

Definition: Protocol for accessing and managing directory information over a network.
Example: Authenticating users in an Active Directory environment.

Question 25

SAML (Security Assertion Markup Language)

Answer 25

Definition: A standard for exchanging authentication data between systems.
Example: Single sign-on (SSO) between a company’s intranet and a third-party app.

Question 26

TACACS+ (Terminal Access Controller Access-Control System Plus)

Answer 26

Definition: Protocol for centralized authentication, authorization, and accounting.
Example: Managing user permissions for network routers.

Question 27

RSA (Rivest-Shamir-Adleman)

Answer 27

Definition: A widely used public-key encryption algorithm.
Example: Securing email communications with RSA encryption.

Question 28

ECC (Elliptic Curve Cryptography)

Answer 28

Definition: Encryption using elliptic curve math for enhanced security with smaller key sizes.
Example: Securing mobile apps with ECC-based encryption.

Question 29

SHA (Secure Hash Algorithm)

Answer 29

Definition: Produces a unique hash value to ensure data integrity.
Example: Verifying downloaded software using a SHA-256 hash.

Question 30

Diffie-Hellman

Answer 30

Definition: A key exchange algorithm enabling secure key sharing over public channels.
Example: Establishing an encrypted session between a web browser and server.

Question 31

WAF (Web Application Firewall)

Answer 31

Definition: A firewall designed to protect web applications.
Example: Blocking SQL injection attacks on a website’s login page.

Question 32

NGFW (Next-Generation Firewall)

Answer 32

Definition: Advanced firewalls with features like application awareness and intrusion prevention.
Example: Detecting malware based on network behavior.

Question 33

VPN (Virtual Private Network)

Answer 33

Definition: Creates a secure, encrypted tunnel for internet communication.
Example: A remote employee using a VPN to access company servers securely.

Question 34

Phishing

Answer 34

Definition: Fraudulent attempts to obtain sensitive data by impersonating trustworthy entities.
Example: Receiving a fake email from “your bank” asking for account credentials.

Question 35

Spear Phishing

Answer 35

Definition: A targeted phishing attack aimed at specific individuals or organizations.
Example: A CEO receiving a fake invoice from what appears to be a trusted vendor.

Question 36

Social Engineering

Answer 36

Definition: Manipulating people into divulging confidential information.
Example: Convincing an employee over the phone to reset a password.

Question 37

FDE (Full Disk Encryption)

Answer 37

Definition: Encrypts all data on a disk to prevent unauthorized access.
Example: Encrypting a laptop’s hard drive using BitLocker.

Question 38

DLP (Data Loss Prevention)

Answer 38

Definition: Tools designed to prevent unauthorized sharing or transmission of sensitive data.
Example: Blocking outgoing emails containing customer credit card numbers.

Question 39

EFS (Encrypting File System)

Answer 39

Definition: A Windows feature for encrypting individual files or folders.
Example: Encrypting sensitive files stored on a shared network drive.