CompTIA Security+ Certification Exam SY0-701 Practice Test 24 Flashcards
A detailed agreement between a client and a vendor that describes the work to be performed on a project is called:
A) MSA
B) SLA
C) WO
D) SOW
D) SOW
A legal contract between the holder of confidential information and another person to whom that information is disclosed restricting that other person from disclosing the confidential information to any other party is referred to as:
A) ISA
B) NDA
C) BPA
D) SLA
B) NDA
Which of the terms listed below refers to a formal contract between business partners outlining the rights, responsibilities, and obligations of each partner regarding the management, operation, and decision-making processes within the business?
A) MSA
B) SLA
C) BPA
D) MOA
C) BPA
Which of the following terms describes an investigation or assessment done upfront to ensure all facts and risks are known before proceeding?
A) Fiduciary duty
B) Due care
C) Standard of care
D) Due diligence
D) Due diligence
Which of the terms listed below is used to describe actions taken to address and mitigate already identified risks?
A) Due diligence
B) Standard of care
C) Due care
D) Fiduciary duty
C) Due care
Under data privacy regulations, the individual whose personal data undergoes collection and processing is known as
A) Data holder
B) Data owner
C) Data user
D) Data subject
D) Data subject
Which of the following answers refers to an entity (such as an organization or individual) that determines the purpose and means of processing personal data?
A) Data processor
B) Data owner
C) Data controller
D) Data subject
C) Data controller
An entity that acts under the instructions of a controller by processing personal data on behalf of the controller is called:
A) Data steward
B) Data processor
C) Data subject
D) Data custodian
B) Data processor
hich of the terms listed below refers to a legal principle that allows individuals to request the removal of personal information from Internet searches and other public sources?
A) De-identification
B) Right to be forgotten
C) Anonymization
D) Consent management
B) Right to be forgotten
A formal declaration by an auditor that they have performed their work in accordance with all relevant standards and regulations is referred to as:
A) Assertion
B) Certification
C) Validation
D) Attestation
D) Attestation
In the context of audits, an attestation is typically provided by:
A) Regulatory body
B) External auditor
C) Audit committee
D) Internal audit team
B) External auditor
In cybersecurity exercises, red team takes on the role of:
A) An attacker
B) A defender
C) Both an attacker and a defender
D) An exercise overseer
A) An attacker
In cybersecurity exercises, the defending team is known as:
A) Red team
B) Blue team
C) White team
D) Purple team
B) Blue team
In cybersecurity exercises, the role of an event overseer (i.e., the referee) is delegated to:
A) Red team
B) Blue team
C) White team
D) Purple team
C) White team
In cybersecurity exercises, a purple team assumes the integrated role of all other teams (i.e., red, blue, and white).
A) True
B) False
B) False
A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:
A) Black-hat hacking
B) White-box testing
C) Black-box testing
D) White-hat hacking
B) White-box testing
Which of the following terms is used to describe a penetration test in which the person conducting the test has limited access to information on the internal workings of the targeted system?
A) Black-box testing
B) Fuzz testing
C) Gray-box testing
D) White-box testing
C) Gray-box testing
A penetration test of a computer system performed without prior knowledge of how the system that is to be tested works is referred to as black-box testing.
A) True
B) False
A) True
In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.
A) True
B) False
B) False
In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.
A) True
B) False
B) False
In email communication, what signs can be of help in recognizing a phishing attempt?
A) The message contains poor spelling and grammar
B) The message asks for personal information
C) The message includes a call to action with a sense of urgency
D) The message includes suspicious links or attachments
E) Any of the above
E) Any of the above
What would be an appropriate user response to an email phishing attempt? (Select all that apply)
A) Not replying to the message or providing any personal information
B) Reporting the message to the IT or security department, if applicable
C) Deleting the message from the inbox
D) Not clicking on any links or downloading any attachments in the message
E) Forwarding the message to the sender to verify its legitimacy
F) Opening the attachment in a sandbox environment to check its safety
A) Not replying to the message or providing any personal information
B) Reporting the message to the IT or security department, if applicable
C) Deleting the message from the inbox
D) Not clicking on any links or downloading any attachments in the message
Which term best describes a disgruntled employee abusing legitimate access to a company’s internal resources?
A) APT
B) Insider threat
C) Gray hat
D) Threat actor
B) Insider threat
Due to added functionality in its plug, a malicious USB cable can be used for:
A) GPS tracking
B) Capturing keystrokes
C) Sending and receiving commands
D) Delivering and executing malware
E) Any of the above
E) Any of the above
What is the best countermeasure against social engineering attacks?
A) Situational awareness
B) Implicit deny policy
C) User education
D) Strong security controls
C) User education
