Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ Certification Exam Studying 2 > CompTIA Security+ Certification Exam SY0-701 Practice Test 24 > Flashcards

CompTIA Security+ Certification Exam SY0-701 Practice Test 24 Flashcards

1
Q

A detailed agreement between a client and a vendor that describes the work to be performed on a project is called:

A) MSA
B) SLA
C) WO
D) SOW

A

D) SOW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A legal contract between the holder of confidential information and another person to whom that information is disclosed restricting that other person from disclosing the confidential information to any other party is referred to as:

A) ISA
B) NDA
C) BPA
D) SLA

A

B) NDA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the terms listed below refers to a formal contract between business partners outlining the rights, responsibilities, and obligations of each partner regarding the management, operation, and decision-making processes within the business?

A) MSA
B) SLA
C) BPA
D) MOA

A

C) BPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following terms describes an investigation or assessment done upfront to ensure all facts and risks are known before proceeding?

A) Fiduciary duty
B) Due care
C) Standard of care
D) Due diligence

A

D) Due diligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the terms listed below is used to describe actions taken to address and mitigate already identified risks?

A) Due diligence
B) Standard of care
C) Due care
D) Fiduciary duty

A

C) Due care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Under data privacy regulations, the individual whose personal data undergoes collection and processing is known as

A) Data holder
B) Data owner
C) Data user
D) Data subject

A

D) Data subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following answers refers to an entity (such as an organization or individual) that determines the purpose and means of processing personal data?

A) Data processor
B) Data owner
C) Data controller
D) Data subject

A

C) Data controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An entity that acts under the instructions of a controller by processing personal data on behalf of the controller is called:

A) Data steward
B) Data processor
C) Data subject
D) Data custodian

A

B) Data processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

hich of the terms listed below refers to a legal principle that allows individuals to request the removal of personal information from Internet searches and other public sources?

A) De-identification
B) Right to be forgotten
C) Anonymization
D) Consent management

A

B) Right to be forgotten

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A formal declaration by an auditor that they have performed their work in accordance with all relevant standards and regulations is referred to as:

A) Assertion
B) Certification
C) Validation
D) Attestation

A

D) Attestation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In the context of audits, an attestation is typically provided by:

A) Regulatory body
B) External auditor
C) Audit committee
D) Internal audit team

A

B) External auditor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In cybersecurity exercises, red team takes on the role of:

A) An attacker

B) A defender

C) Both an attacker and a defender

D) An exercise overseer

A

A) An attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In cybersecurity exercises, the defending team is known as:

A) Red team
B) Blue team
C) White team
D) Purple team

A

B) Blue team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In cybersecurity exercises, the role of an event overseer (i.e., the referee) is delegated to:

A) Red team
B) Blue team
C) White team
D) Purple team

A

C) White team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In cybersecurity exercises, a purple team assumes the integrated role of all other teams (i.e., red, blue, and white).

A) True
B) False

A

B) False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:

A) Black-hat hacking
B) White-box testing
C) Black-box testing
D) White-hat hacking

A

B) White-box testing

17
Q

Which of the following terms is used to describe a penetration test in which the person conducting the test has limited access to information on the internal workings of the targeted system?

A) Black-box testing
B) Fuzz testing
C) Gray-box testing
D) White-box testing

A

C) Gray-box testing

18
Q

A penetration test of a computer system performed without prior knowledge of how the system that is to be tested works is referred to as black-box testing.

A) True
B) False

A

A) True

19
Q

In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.

A) True
B) False

A

B) False

20
Q

In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.

A) True
B) False

A

B) False

21
Q

In email communication, what signs can be of help in recognizing a phishing attempt?

A) The message contains poor spelling and grammar

B) The message asks for personal information

C) The message includes a call to action with a sense of urgency

D) The message includes suspicious links or attachments

E) Any of the above

A

E) Any of the above

22
Q

What would be an appropriate user response to an email phishing attempt? (Select all that apply)

A) Not replying to the message or providing any personal information

B) Reporting the message to the IT or security department, if applicable

C) Deleting the message from the inbox

D) Not clicking on any links or downloading any attachments in the message

E) Forwarding the message to the sender to verify its legitimacy

F) Opening the attachment in a sandbox environment to check its safety

A

A) Not replying to the message or providing any personal information

B) Reporting the message to the IT or security department, if applicable

C) Deleting the message from the inbox

D) Not clicking on any links or downloading any attachments in the message

23
Q

Which term best describes a disgruntled employee abusing legitimate access to a company’s internal resources?

A) APT
B) Insider threat
C) Gray hat
D) Threat actor

A

B) Insider threat

24
Q

Due to added functionality in its plug, a malicious USB cable can be used for:

A) GPS tracking

B) Capturing keystrokes

C) Sending and receiving commands

D) Delivering and executing malware

E) Any of the above

A

E) Any of the above

25
Q

What is the best countermeasure against social engineering attacks?

A) Situational awareness
B) Implicit deny policy
C) User education
D) Strong security controls

A

C) User education

CompTIA Security+ Certification Exam Studying 2 (62 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions