CompTIA Security + Mock Flashcards
Things To Study | Test 19-24
A detailed agreement between a client and a vendor that describes the work to be performed on a project is called:
MSA, SLA, WO or SOW ?
SOW (Statement of Work)
A formal document that outlines what work needs to be done, who does it, and when it should be completed. It prevents misunderstandings by clearly defining project expectations.
Think of it as a recipe—it tells you the ingredients (tasks), steps (timeline), and who’s cooking (roles).
Which of the following terms describes an investigation or assessment done upfront to ensure all facts and risks are known before proceeding?
A. Fiduciary duty
B. Due care
C. Standard of care
D. Due diligence
Due Diligence
The process of thoroughly researching and verifying information before making a decision, especially in business or security contexts. It helps identify risks, ensure compliance, and avoid costly mistakes.
Think of it like checking a used car’s history and test-driving it before buying—you want to know exactly what you’re getting into.
Which of the terms listed below is used to describe actions taken to address and mitigate already identified risks?
A. Due diligence
B. Standard of care
C. Due care
D. Fiduciary duty
Due Care
Taking reasonable steps to protect assets, follow laws, and prevent harm—like installing security patches or training employees. It’s about acting responsibly to avoid negligence.
Think of it like locking your front door; it’s a basic precaution to prevent theft.
Under data privacy regulations, the individual whose personal data undergoes collection and processing is known as:
A. Data holder
B. Data owner
C. Data user
D. Data subject
Data Subject
The individual whose personal data is being collected, stored, or processed - like a customer, employee, or website visitor.
Think of it as you being the “main character” in a company’s data collection story.
In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.
TRUE or FALSE ?
FALSE !
Active reconnaissance involves direct interaction with the target system (e.g., port scanning, vulnerability scanning, or sending probes to gather technical details). This can trigger security alerts because the tester is engaging with the system.
In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.
TRUE or FALSE ?
FALSE !
Passive reconnaissance involves collecting information without directly interacting with the target system (e.g., searching public records, DNS lookups, or social media scraping).
In the context of third-party risk assessment and management, which process involves conducting thorough investigations to verify the credentials, reliability, and integrity of potential vendors?
A. Reference check
B. Compliance review
C. Due diligence
D. Vendor appraisal
Due Diligence
The process of thoroughly researching and verifying information before making a decision, especially in business or security contexts. It helps identify risks, ensure compliance, and avoid costly mistakes.
Think of it like checking a used car’s history and test-driving it before buying—you want to know exactly what you’re getting into.
Which of the following terms refers to an agreement that specifies performance requirements for a vendor?
A. MSA
B. SLA
C. MOU
D. SOW
SLA (Service Level Agreement)
A contract between a service provider and customer that defines measurable metrics like uptime, response times, and resolution deadlines. It sets clear expectations for performance and consequences if standards aren’t met.
Think of it like a gym membership contract - it specifies how often equipment must be working, or you get a refund.
Which of the following acronyms refers to a document that authorises, initiates, and tracks the progress and completion of a particular job or task?
A. SOW
B. WO
C. SLA
D. MSA
WO (Work Order)
A formal document authorising specific tasks or services to be performed, including details like scope, costs, timeline, and responsible parties.
Think of it like a doctor’s prescription - it specifies exactly what needs to be done, by whom, and when.
Which of the answers listed below refers to an organisation that develops a wide range of standards on a global level?
A. IEEE
B. ANSI
C. ISO
D. NIST
ISO (International Organisation for Standardisation)
An independent global body that develops and publishes voluntary international standards for products, services, and systems, including cybersecurity frameworks.
Think of it as the rulebook for how things should work worldwide, like the universal sizing system for shoes.
Which of the answers listed below refer(s) to individuals responsible for the day-to-day management, storage, and protection of data? (Select all that apply)
A. Processors
B. Controllers
C. Stewards
D. Owners
E. Custodians
Custodians (in Cybersecurity/Data Protection)
Individuals or teams responsible for securely storing, maintaining, and protecting an organisation’s data or assets on a day-to-day basis.
Think of them like librarians—they don’t own the books (data), but they ensure they’re stored safely and accessible only to authorised users.
The process of determining potential risks that could affect an organisation’s ability to achieve its objectives is called:
A. Risk assessment
B. Risk identification
C. Risk analysis
D. Risk management
Risk Identification
The process of finding and documenting potential threats that could harm an organisation’s assets, operations, or data.
Think of it like a doctor’s check-up—you list all possible health risks before they become emergencies.
The process of evaluating discovered risks to understand their potential impact and likelihood is referred to as:
A. Risk analysis
B. Risk assessment
C. Risk identification
D. Risk management
Risk Assessment
The structured process of identifying, analysing, and evaluating risks to determine their potential impact on an organisation.
Think of it like a weather forecast for threats—predicting storms (risks) and deciding if you need an umbrella (controls).
Which of the following answers refers to a risk assessment method based on need, typically conducted in response to specific events or changes, such as after a major organisational change or a security breach?
A. Ad hoc
B. Recurring
C. One-time
D. Continuous
Ad Hoc
Refers to something created spontaneously for a specific, immediate purpose without prior planning—like a temporary fix or informal process. In cybersecurity, it often describes unplanned, reactive measures (e.g., patching a vulnerability after an attack).
Think of it like duct-taping a leaky pipe instead of calling a plumber—it works short-term but isn’t a real solution.
Which of the terms listed below refers to a process that deals with coordinating and managing multiple repetitive tasks?
A. Sequencing
B. Orchestration
C. Scripting
D. Automation
Orchestration
The automated coordination and management of multiple systems, tools, or workflows to execute complex tasks efficiently. In cybersecurity, it connects security tools (like SIEMs, firewalls) to respond to threats without manual steps.
Think of it like a conductor leading an orchestra—each instrument (tool) plays its part automatically at the right time.
Which of the following technologies enables automated handling of multiple security incidents?
SOAP, SASE, SOAR or SIEM ?
SOAR (Security Orchestration, Automation, and Response)
A cybersecurity approach that combines three key capabilities to streamline threat detection and response:
- Orchestration – Connects security tools (SIEMs, firewalls, EDR) to work together
- Automation – Eliminates manual steps (e.g., auto-isolating infected devices)
- Response – Executes predefined actions (like blocking IPs or resetting passwords)
Think of it like a self-driving security team—it detects threats, makes decisions, and acts instantly, 24/7.
Which of the following answers refers to a set of rules, policies, or automated controls designed to regulate technology-related decisions and actions within an organisation?
A. Technical standards
B. Compliance requirements
C. Guardrails
D. Security baselines
Guardrails
Predefined security policies, controls, or boundaries that prevent risky actions while allowing flexibility within safe limits.
Think of them like bumper lanes in bowling—they keep the ball (users/systems) from going completely off track while still allowing movement.
Which of the following answers refers to a more in-depth exercise, which can include activating systems and performing real actions to respond to the incident?
A. Penetration testing
B. Threat hunting
C. Simulation
D. Vulnerability scanning
Simulation
A controlled imitation of real-world cyber threats or incidents (like mock attacks or disaster scenarios) to test security defences, processes, and team responses.
Think of it like a fire drill for cybersecurity—practicing how to react before a real emergency happens.
During the post-incident activity stage, this step involves analysing logs, forensics data, and other evidence to prevent incident reoccurrence.
A. Reporting
B. E-discovery
C. Root cause analysis
D. Threat hunting
Root Cause Analysis (RCA)
The process of identifying the underlying source of a security incident or failure—not just treating symptoms. Think of it like detective work: Instead of just mopping up a flood, you find (and fix) the broken pipe that caused it.
The process of identifying, collecting, and producing electronically stored information with the intent of using it in a legal proceeding or investigation is referred to as:
A. Litigation hold
B. Evidence management
C. Digital forensics
D. E-discovery
E-Discovery (Electronic Discovery)
The legal process of identifying, collecting, and producing electronically stored information (ESI) for lawsuits or investigations.
Think of it like a digital treasure hunt—finding specific emails, files, or logs that could be evidence in court.
Which type of server is used for collecting diagnostic and monitoring data from networked devices?
A. Jump server
B. C2 server
C. Syslog server
D. ICS server
Syslog Server
A centralised logging system that collects, stores, and analyses log messages from network devices (routers, servers, firewalls) for monitoring and troubleshooting.
Think of it like a security camera DVR—it records all activity so you can review it later.
A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorised user is called:
A. FAR
B. CER
C. CRC
D. FRR
FRR (False Rejection Rate)
A biometric security metric that measures how often the system wrongly rejects an authorised user (e.g., fails to recognise a legitimate fingerprint).
Think of it like a bouncer refusing entry to the club owner by mistake.
Which of the answers listed below refers to a software tool specifically designed to store and manage login credentials?
A. BitLocker
B. Password manager
C. Key escrow
D. Password vault
Password Manager
A secure tool that generates, stores, and autofills complex passwords for your accounts, encrypted under one master password.
Think of it like a digital vault where each account gets its own unbreakable lock—and you only need to remember one key.
OTPs
OTP (One-Time Password)
A temporary, single-use code for authentication, valid for one login session or transaction.
Think of it like a concert ticket—works once, then expires, making it useless if stolen.
A security solution that provides control over elevated (i.e., administrative type) accounts is referred to as:
MFA
IAM
SSO
PAM
PAM (Privileged Access Management)
A security framework that controls, monitors, and secures access to elevated accounts (like admins, root, or service accounts).
Think of it like a fingerprint-locked vault for the “keys to the kingdom”—only authorised users can access critical systems, and their actions are logged.
Which of the answers listed below refers to a solution designed to minimise the risk of unauthorised access to privileged accounts?
A. Principle of least privilege
B. Just-in-time-permissions
C. Passwordless authentication
D. Multifactor authentication
Just-in-Time Permissions ( JIT )
A security model that grants temporary, minimal access to users or systems—only when needed, for the shortest time required.
Think of it like a time-limited backstage pass—it expires after the concert, so it can’t be misused later.
Which of the following answers refers to an encrypted database that provides secure storage space for user credentials?
A. Secure enclave
B. Password manager
C. Rainbow table
D. Password vault
Password Vault
A secure, encrypted digital storage system that centralises and protects passwords, credentials, and sensitive data—accessible via one master password or MFA.
Think of it like a bank safe deposit box, but for your digital keys.
Which of the following answers refers to an email authentication mechanism that allows domain owners to specify which IP addresses are authorised to send emails on behalf of their domain?
A. DMARC
B. PEM
C. DKIM
D. SPF
SPF (Sender Policy Framework)
An email authentication protocol that verifies if a sender’s IP address is authorised to send emails for a specific domain.
Think of it like a guest list for a club—if your IP isn’t on the domain’s “approved senders” list, your email gets bounced.
Which of the answers listed below refers to a cryptographic standard (and a file format) used for the storage and transmission of private keys in email communications?
A. PEM
B. DMARC
C. SPF
D. DKIM
PEM (Privacy-Enhanced Mail)
A widely used file format for storing and transmitting cryptographic keys, certificates, and other secure data. Originally designed for secure email, it’s now the standard for SSL/TLS certificates, SSH keys, and more.
Think of it like a universal container for digital security credentials—compatible with almost everything.
Which of the following answers refers to a solution that helps organisations mitigate risks associated with data breaches, insider threats, and compliance violations?
EDR, DLP, IAM or UTM ?
DLP (Data Loss Prevention)
A security strategy and tools designed to detect, monitor, and block unauthorised sharing or leakage of sensitive data.
Think of it like a bouncer for your data—it stops confidential info from sneaking out the door.
Which of the answers listed below refers to a security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats at the device level?
SWG, ASB, EDR or NGFW ?
EDR (Endpoint Detection and Response)
A security solution that continuously monitors and collects data from endpoints (like computers and servers) to detect, investigate, and respond to cyber threats. Unlike traditional antivirus, EDR provides real-time analysis, threat hunting, and automated responses to stop attacks before they spread.
Think of it as an advanced security guard for your devices.
Which of the following answers refers to a cybersecurity approach that focuses on recognising and addressing potential threats originating from multiple sources?
XDR, WAF, EDR or SWG ?
XDR (Extended Detection and Response)
An advanced security solution that goes beyond EDR by integrating and analysing threat data across multiple security layers—endpoints, networks, emails, servers, and cloud environments. It provides a centralised view of threats, improving detection and response capabilities.
Think of it as a security system that connects all your defences to work together against cyberattacks.
Which of the answers listed below refers to a cybersecurity approach aimed at identifying insider threats, compromised accounts, or malicious activity?
A. Threat intelligence
B. User behaviour analytics
C. Security policies and procedures
D. Defence in depth
User Behaviour Analytics (UBA)
A security approach that monitors and analyses users’ actions to detect unusual or suspicious behaviour that may indicate a cyber threat, such as insider threats or compromised accounts. It establishes a baseline of normal activity and flags deviations.
Think of it as a security system that notices when someone acts strangely compared to their usual patterns.
Which of the following answers refers to a framework for managing access control to digital resources?
PAM, SSO, IAM or MFA ?
IAM (Identity and Access Management)
A framework of policies and technologies that ensures the right individuals have access to the right resources at the right times. It includes authentication (verifying identity) and authorisation (granting permissions).
Think of it as a digital security guard that checks who you are and what you’re allowed to do.
OpenID Connect is a protocol used for:
A. Attestation
B. Authorisation
C. Auditing
D. Authentication
Authentication (in relation to OpenID)
OpenID is an authentication protocol that allows users to log in to multiple websites using a single set of credentials from an OpenID provider (e.g., Google, Microsoft). Instead of creating separate accounts for each site, OpenID lets you prove your identity through a trusted third party.
Think of it as using one key to unlock multiple doors instead of carrying a different key for each one.
What are the characteristic features of SAML?
- Handles both authentication and authorisation for SSO
- Uses XML for data exchange
- Commonly used in enterprise environments and legacy systems
SAML (Security Assertion Markup Language)
An open standard that enables Single Sign-On (SSO) by allowing identity providers (IdPs) to send authentication and authorisation data to service providers (SPs). This lets users log in once and access multiple applications without re-entering credentials. Think of it as a digital passport that verifies your identity across different services.
DAC
DAC (Discretionary Access Control)
A type of access control where the owner of a resource (like a file or folder) decides who can access it and what they can do with it. Permissions are assigned based on user identity or group membership.
It’s like giving someone a key to your house—you decide who gets in and what they can do inside.
