CompTIA Security+ Certification Exam SY0-701 Practice Test 6 Flashcards
Which of the following answers can be used to describe self-signed digital certificates? (Select 3 answers)
A) Backed by a well-known and trusted third party
B) Not trusted by default by web browsers and other applications
C) Used in trusted environments, such as internal networks and development environments
D) Suitable for websites and other applications that are accessible to the public
E) Trusted by default by web browsers and other applications
F) Not backed by a well-known and trusted third party
B) Not trusted by default by web browsers and other applications
C) Used in trusted environments, such as internal networks and development environments
F) Not backed by a well-known and trusted third party
A self-signed digital certificate is also referred to as:
A) Client certificate
B) EV certificate
C) Server certificate
D) Wildcard certificate
E) None of the above
E) None of the above
Third-party digital certificates, issued by trusted CAs, are automatically trusted by most browsers and operating systems, involve a cost, and require validation of the applicant’s identity. In contrast, self-signed certificates, issued by the entity to itself, are not automatically trusted, are free to create and use, and do not require validation by a CA.
A) True
B) False
A) True
In the context of digital certificates, the term “Root of trust” refers to the highest level of trust within a PKI system. It is typically represented by a root CA, which is a trusted third party that serves as the foundation for the entire PKI. All other entities in the PKI hierarchy, including intermediate CAs and end-entities (such as web servers, email servers, user devices, IoT devices, and individual users), derive their trust from this root. When a certificate is issued and signed by an intermediate CA, it gains trust through a chain of trust back to the root CA. This hierarchical trust model allows users and systems to trust certificates presented by websites, services, or individuals because they can trace the trust back to the well-established root of trust.
A) True
B) False
Which of the answers listed below refers to a PKI trust model?
A) Single CA model
B) Hierarchical model (root CA + intermediate CAs)
C) Mesh model (cross-certifying CAs)
D) Web of trust model (all CAs function as root CAs)
E) Chain of trust model (multiple CAs in a sequential chain)
F) Bridge model (cross-certifying between separate PKIs)
G) Hybrid model (combining aspects of different models)
H) All of the above
H) All of the above
Which of the following answers refers to a cryptographic file generated by an entity requesting a digital certificate from a CA?
A) OID
B) CSR
C) DN
D) CRL
B) CSR
A type of digital certificate that can be used to secure multiple subdomains within a primary domain is known as:
A) Root signing certificate
B) Subject Alternative Name (SAN) certificate
C) Extended Validation (EV) certificate
D) Wildcard certificate
D) Wildcard certificate
Which of the answers listed below refers to an identifier used for PKI objects?
A) OID
B) DN
C) SAN
D) GUID
A) OID
In IT security, the term “Shadow IT” is used to describe the practice of using IT systems, software, or services within an organization without the explicit approval or oversight of the organization’s IT department.
A) True
B) False
A) True
Choose an answer from the drop-down list on the right to match a threat actor type on the left with its common attack vector attribute.
1) External
2) Internal/External
3) Internal
Nation-state
Unskilled attacker
Hacktivist
Insider threat
Organized crime
Shadow IT
Nation-state = External
Unskilled attacker = Internal/External
Hacktivist = External
Insider threat = Internal
Organized crime = External
Shadow IT = Internal
Match each threat actor type with its corresponding resources/funding attribute. Using
1) High resources and funding
2) Low resources and funding
3) Low to medium resources and funding
4) Low to high resources and funding
5) Medium to high resources and funding
6) Low to medium resources and funding
Nation-state
Unskilled attacker
Hacktivist
Insider threat
Organized crime
Shadow IT
Nation-state = High resources and funding
Unskilled attacker = Low resources and funding
Hacktivist = Low to medium resources and funding
Insider threat = Low to high resources and funding
Organized crime = Medium to high resources and funding
Shadow IT = Low to medium resources and funding
Assign the level of sophistication attribute to each threat actor type listed below.
1) High level of sophistication
2) Low level of sophistication
3) Low to medium level of sophistication
4) Low to high level of sophistication
5) Medium to high level of sophistication
6) Low to medium level of sophistication
Nation-state
Unskilled attacker
Hacktivist
Insider threat
Organized crime
Shadow IT
Nation-state = High level of sophistication
Unskilled attacker = Low level of sophistication
Hacktivist = Low to medium level of sophistication
Insider threat = Low to high level of sophistication
Organized crime = Medium to high level of sophistication
Shadow IT = Low to medium level of sophistication
From the drop-down list on the right, select the typical motivations behind the actions of each threat actor type.
1) Espionage, political/philosophical beliefs, disruption/chaos, war
2) Disruption/chaos, financial gain, revenge
3) Ethical beliefs, philosophical/political beliefs, disruption/chaos
4) Revenge, financial gain, service disruption
5) Financial gain, data exfiltration, extortion
6) Convenience, lack of awareness of security risks, meeting specific needs
Nation-state
Unskilled attacker
Hacktivist
Insider threat
Organized crime
Shadow IT
Nation-state = Espionage, political/philosophical beliefs, disruption/chaos, war
Unskilled attacker = Disruption/chaos, financial gain, revenge
Hacktivist = Ethical beliefs, philosophical/political beliefs, disruption/chaos
Insider threat = Revenge, financial gain, service disruption
Organized crime = Financial gain, data exfiltration, extortion
Shadow IT = Convenience, lack of awareness of security risks, meeting specific needs
Which of the following terms is used to describe sophisticated and prolonged cyberattacks often carried out by well-funded and organized groups, such as nation-states?
A) MitM
B) APT
C) XSRF
D) DDoS
C) XSRF
An attack surface is the sum of all the potential points (vulnerabilities) through which an attacker can interact with or compromise a system or network, indicating the overall exposure to potential threats. Examples of attack surfaces can be all software, hardware, and network interfaces with known security flaws. A threat vector represents the method or means through which a cyber threat is introduced or delivered to a target system. It outlines the pathway or avenue used by attackers to exploit vulnerabilities. Common threat vector types include phishing emails, malware, drive-by downloads, and social engineering techniques.
A) True
B) False
A) True
