CompTIA Security+ SY0-701 Exam Acronyms 3 Flashcards
Which of the answers listed below refers to a concept that provides insights into methods and tools that cybercriminals use to carry out attacks?
a. TTP
b. CVE
c. ATT&CK
d. CVSS
** Answer: TTP **
TTPs stands for tactics, techniques, and procedures. This is the term used by cybersecurity professionals to describe the behaviors, processes, actions, and strategies used by a threat actor to develop threats and engage in cyberattacks.
A dedicated security solution that filters, monitors, and blocks HTTP/HTTPS traffic between a web application and the Internet is referred to as:
a. UTM
b. NGFW
c. UEM
d. WAF
** Answer: WAF **
“Web Application Firewall,” which is a security tool designed to protect web applications by monitoring and filtering HTTP traffic, blocking malicious requests that could exploit vulnerabilities in the application, and safeguarding against attacks like SQL injection, cross-site scripting (XSS), and other common web application threats; essentially acting as a protective layer between the web application and the internet.
Which of the following solutions provides active network security breach response on an individual computer system?
a. NIDS
b. HIDS
c. NIPS
d. HIPS
** Answer: HIPS **
A host intrusion prevention system (HIPS) is an approach to security that relies on third-party software tools to identify and prevent malicious activities. Host-based intrusion prevention systems are typically used to protect endpoint devices.
Which of the acronyms listed below refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?
a. ARO
b. SLE
c. ALE
d. SLA
** Answer: ALE **
Annual Loss Expectancy (ALE), which is the total loss we can expect from a risk in a one-year timeframe, and is calculated by multiplying SLE by ARO.
A software technology designed to provide confidentiality for an entire data storage device is known as:
a. TPM
b. FDE
c. EFS
d. HSM
** Answer: FDE **
Full-disk encryption (FDE) is a security method for protecting sensitive data at the hardware level by encrypting all data on a disk drive. FDE automatically encrypts data and operating systems (OSes) to prevent unauthorized access.
A high MTBF value indicates that a component or system provides low reliability and is more likely to fail.
True
False
** Answer: False **
Mean time between failures (MTBF) is a metric used in cybersecurity to measure how long a system can run before it fails. It’s a key indicator of a system’s reliability and availability.
Which part of the AAA security architecture deals with the verification of the identity of a person or process?
a. Accounting
b. Authentication
c. Auditing
d. Authorization
** Answer: Authentication **
In cybersecurity, “authentication” refers to the process of verifying a user’s identity before granting access to a system or network, essentially confirming “who you are” by requiring them to provide credentials like a password, biometric data, or a security token, thus acting as the first step in the security process to prevent unauthorized access.
Which of the following answers refers to a routing protocol used in computer networks to determine the best path for routing data packets from one network node to another?
a. BGP
b. EIGRP
c. RIP
d. OSPF
** Answer: OSPF **
Open Shortest Path First (OSPF) is a routing protocol that can be used to secure networks from cyber attacks. OSPF Authentication is a security protocol that can be used with OSPF to protect communication between routers.
Which of the answers listed below refers to an industry standard for assessing and scoring the severity of computer system security vulnerabilities?
a. SIEM
b. CVSS
c. OSINT
d. SOAR
** Answer: CVSS **
Which of the following answers refers to a hardware or software solution providing secure remote access to networks and resources?
a. NAC
b. RDP
c. SSH
d. RAS
** Answer: RAS **
RAS can refer to resource access security or remote access servers in cybersecurity.
Resource access security (RAS)
- Prevents unauthorized access to resources by applications running in dependent regions
- Does not limit the scheduling of application programs
Remote access server (RAS)
- A combination of hardware and software that allows users to access a network or computer system remotely
- A central hub that connects remote users to a local area network (LAN)
- Allows users to access files, applications, and system resources remotely
- Used by IT administrators, managed service providers, and network admins to perform cybersecurity and network management tasks
Which of the wireless technologies listed below are deprecated and should not be used due to their known vulnerabilities? (Select 2 answers)
a. WPS
b. WAP
c. WPA2
d. WAF
e. WEP
** Answer: WPS, WEP **
WEP:
- Outdated: Considered one of the first wireless encryption methods, WEP is now widely considered obsolete due to easily exploitable vulnerabilities in its encryption algorithm.
- Static Key Issue: Uses a single static key for all devices on the network, making it easy for hackers to crack once they intercept a few packets.
- Do not use: Cybersecurity experts strongly advise against using WEP on any network.
WPS:
- Easy Connection: Aims to simplify connecting devices to a network by allowing users to press a button on the router or enter a PIN.
- Vulnerability to Brute Force Attacks: The PIN-based authentication method can be easily cracked using brute force attacks, making it a security risk.
- Disable if possible: Most security professionals recommend disabling WPS on routers if the feature is available.
Which of the following answers refer(s) to SSDs? (Select all that apply)
a. Low performance
b. Relatively high device cost
c. Lower capacity in comparison to magnetic drives
d. High performance
e. Relatively low device cost
f. Higher capacity in comparison to magnetic drives
g. Lack of moving parts (takes advantage of memory chips instead of magnetic platters)
** Answer: b,c, g **
Solid-state drives (SSDs) can be vulnerable to cyber-attacks, but they can also be used to enhance data security
Security features
- Self-encrypting drives (SEDs): SSDs with SEDs have built-in hardware encryption capabilities.
- Sanitization features: SSDs can have features that allow users to sanitize data so it can’t be decrypted.
- Wear-leveling technology: SSDs use wear-leveling technology to make it difficult to recover deleted data.
- Access controls: SSDs can have access controls and authentication methods like password protection or biometric access.
- Self-defending SSDs: SSDs with self-defending capabilities can detect and respond to attacks.
An SWG is a software component, or a hardware device designed to prevent unauthorized traffic from entering an internal network of an organization. An SWG implementation may include various security services, such as packet filtering, URL/content filtering, malware inspection, application controls, AUP enforcement, or DLP.
True
False
** Answer: True **
“Secure Web Gateway,” which is a security solution that monitors and filters internet traffic to protect users from malicious websites, malware, and other web-based threats by acting as a checkpoint between users and the internet, ensuring only safe content is accessed according to defined policies; essentially, it’s a key tool for enforcing corporate internet usage guidelines and safeguarding against online risks.
A type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities is called:
a. CVE
b. IoC
c. AIS
d. OSINT
** Answer: IoC **
Indicators of compromise (IoCs) are information about a specific security breach that can help security teams determine if an attack has taken place. This data can include details about the attack, such as the type of malware used, the IP addresses involved, and other technical details.
Which of the answers listed below refers to a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking?
a. EAP
b. CHAP
c. PAP
d. PEAP
** Answer: IoC **
Challenge Handshake Authentication Protocol (CHAP) is a challenge-response identity authentication protocol. It depends on a combination of CHAP security credentials and a “shared secret” between the requestor (client) and the authenticator (server), and it does not expose a password.
A type of surveillance system comprising video cameras and monitors that enable continuous monitoring and recording of specific areas is commonly referred to as CCTV.
True
False
** Answer: True **
Which of the following answers refers to an ECC-based method for creating and verifying digital signatures?
a. DHE
b. ECDSA
c. HMAC
d.ECDHE
** Answer: ECDSA **
The Elliptic Curve Digital Signature Algorithm (ECDSA) is a Digital Signature Algorithm (DSA) that uses keys derived from elliptic curve cryptography (ECC). It is a particularly efficient equation based on public key cryptography (PKC).
Elliptic Curve Digital Signature Algorithm (ECDSA) is a cryptographic method that creates digital signatures to verify the authenticity of digital messages. It’s a public key cryptography algorithm that’s used in blockchain technology and other applications.
Which of the actions listed below can be taken by an IDS? (Select 2 answers)
a. Firewall reconfiguration
b. Closing down connection
c. Logging
d. Terminating process
e. Sending an alert
** Answer: c, e **
An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system.
FTPS is an extension to the SSH protocol and runs by default on port number 22.
a. True
b. False
** Answer: False **
In cyber security, the port typically associated with FTPS (File Transfer Protocol Secure) is port 990 when using an “implicit” connection, while for an “explicit” connection, it can use the standard FTP port 21, where the client explicitly requests to switch to a secure connection during the initial handshake.
Which of the following terms refers to a dedicated transport mechanism for cyber threat information?
a. STIX
b. CVE
c. TAXII
d. CVSS
** Answer: TAXII **
Trusted Automated eXchange of Intelligence Information (TAXII) is a protocol that allows organizations to share cyber threat information. TAXII is a community effort that uses a RESTful API to enable the exchange of information across organizations and products.
Which of the answers listed below refers to a legacy symmetric-key block cipher encryption algorithm?
a. RC4
b. DES
c. RSA
d. DSA
** Answer: DES **
The DES (Data Encryption Standard) algorithm is a symmetric-key block cipher created in the early 1970s by an IBM team and adopted by the National Institute of Standards and Technology (NIST).
A Microsoft-proprietary protocol providing a user with a graphical interface for connecting to another networked host is known as:
a. VDI
b. RDP
c. SSH
d. VNC
** Answer: DES **
Remote Desktop Protocol (RDP) is a Microsoft protocol that allows users to remotely access and control computers. It’s a useful tool for businesses, but it can also be a target for cyberattacks.
Which of the following acronyms refers to a comprehensive strategy and set of procedures designed to ensure that an organization can continue its critical operations and functions during and after a disruptive event?
a. DRP
b. CP
c. BCP
d. COOP
** Answer: BCP **
“Business Continuity Plan,” which refers to a set of strategies and procedures an organization develops to maintain critical operations even during a cyber attack or other significant disruption, allowing them to recover quickly and minimize damage to their business functions.
Which type of Trojan enables unauthorized remote access to a compromised system?
a. APT
b. RAT
c. MaaS
d. PUP
** Answer: RAT **
A RAT, or Remote Access Trojan, is a type of malware that allows a hacker to remotely access and control a computer or server. RATs are a subcategory of Trojan malware.
Some RATs are specifically designed malware, but many legitimate network administration tools intended for legitimate network operations can also be used as RATs as they offer remote system control capabilities. RATs are a subcategory of Trojan malware.
The term “AI” refers to computer systems and algorithms that can perform tasks typically requiring human intelligence, such as problem-solving, learning, and decision-making.
True
False
** Answer: True **
Which of the algorithms listed below does not fall into the category of asymmetric encryption?
a. RSA
b. GPG
c. DSA
d. AES
e. DHE
f. ECDHE
g. PGP
** Answer: AES **
Advanced Encryption Standard,” which is a widely used, robust symmetric block cipher algorithm that encrypts data using a secret key, is considered a highly secure method for protecting sensitive information across various digital systems; essentially, it transforms data into an unintelligible format that can only be decrypted with the correct key, making it a crucial component in data security practices.
A type of cyberattack focused on making a website, service, or network unavailable to users by overloading it with traffic or malicious requests is called:
a. SQLi
b. XSS
c. CSRF
d. DoS
** Answer: DoS **
A denial-of-service (DoS) attack is a cyberattack on devices, information systems, or other network resources that prevents legitimate users from accessing expected services and resources. This is usually accomplished by flooding the targeted host or network with traffic until the target can’t respond or crashes.
