Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SECURITY+ EXAM > Test 6 > Flashcards

Test 6 Flashcards

1
Q

Which of the following answers can be used to describe self-signed digital certificates? (Select 3 answers)

A

Not trusted by default by web browsers and other applications

Used in trusted environments, such as internal networks and development environments

Not backed by a well-known and trusted third party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A self-signed digital certificate is also referred to as:

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Third-party digital certificates, issued by trusted CAs, are automatically trusted by most browsers and operating systems, involve a cost, and require validation of the applicant’s identity. In contrast, self-signed certificates, issued by the entity to itself, are not automatically trusted, are free to create and use, and do not require validation by a CA.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In the context of digital certificates, the term “Root of trust” refers to the highest level of trust within a PKI system. It is typically represented by a root CA, which is a trusted third party that serves as the foundation for the entire PKI. All other entities in the PKI hierarchy, including intermediate CAs and end-entities (such as web servers, email servers, user devices, IoT devices, and individual users), derive their trust from this root. When a certificate is issued and signed by an intermediate CA, it gains trust through a chain of trust back to the root CA. This hierarchical trust model allows users and systems to trust certificates presented by websites, services, or individuals because they can trace the trust back to the well-established root of trust.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the answers listed below refers to a PKI trust model?

A

Single CA model
Hierarchical model (root CA + intermediate CAs)
Mesh model (cross-certifying CAs)
Web of trust model (all CAs function as root CAs)
Chain of trust model (multiple CAs in a sequential chain)
Bridge model (cross-certifying between separate PKIs)
Hybrid model (combining aspects of different models)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following answers refers to a cryptographic file generated by an entity requesting a digital certificate from a CA?

A

CSR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A type of digital certificate that can be used to secure multiple subdomains within a primary domain is known as:

A

Wildcard certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which digital certificate type allows to secure multiple domain names or subdomains with a single certificate?

A

Subject Alternative Name (SAN) certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the answers listed below refers to an identifier used for PKI objects?

A

OID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In IT security, the term “Shadow IT” is used to describe the practice of using IT systems, software, or services within an organization without the explicit approval or oversight of the organization’s IT department.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Choose an answer from the drop-down list on the right to match a threat actor type on the left with its common attack vector attribute.

Nation-state
Unskilled attacker
Hacktivist
Insider threat
Organized crime
Shadow IT

A

External
Internal/External
External
Internal
External
Internal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Match each threat actor type with its corresponding resources/funding attribute.

Nation-state
Unskilled attacker
Hacktivist
Insider threat
Organized crime
Shadow IT

A

High resources and funding
Low resources and funding
Low to medium resources and funding
Low to high resources and funding
Medium to high resources and funding
Low to medium resources and funding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Assign the level of sophistication attribute to each threat actor type listed below.

Nation-state
Unskilled attacker
Hacktivist
Insider threat
Organized crime
Shadow IT

A

High level of sophistication
Low level of sophistication
Low to medium level of sophistication
Low to high level of sophistication
Medium to high level of sophistication
Low to medium level of sophistication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

From the drop-down list on the right, select the typical motivations behind the actions of each threat actor type.

Nation-state
Unskilled attacker
Hacktivist
Insider threat
Organized crime
Shadow IT

A

Espionage, political/philosophical beliefs, disruption/chaos, war
Disruption/chaos, financial gain, revenge
Ethical beliefs, philosophical/political beliefs, disruption/chaos
Revenge, financial gain, service disruption
Financial gain, data exfiltration, extortion
Convenience, lack of awareness of security risks, meeting specific needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following terms is used to describe sophisticated and prolonged cyberattacks often carried out by well-funded and organized groups, such as nation-states?

A

APT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An attack surface is the sum of all the potential points (vulnerabilities) through which an attacker can interact with or compromise a system or network, indicating the overall exposure to potential threats. Examples of attack surfaces can be all software, hardware, and network interfaces with known security flaws. A threat vector represents the method or means through which a cyber threat is introduced or delivered to a target system. It outlines the pathway or avenue used by attackers to exploit vulnerabilities. Common threat vector types include phishing emails, malware, drive-by downloads, and social engineering techniques.

A

True

17
Q

Which of the answers listed below refers to an email-based threat vector?

A

Spoofing
Phishing
BEC attacks
Malicious links
Malware attachments

18
Q

Which of the following terms refers to a threat vector commonly associated with SMS-based communication?

A

Smishing

19
Q

Which of the answers listed below refers to an example of a potential threat vector in IM-based communication?

A

Phishing attack
Malware distribution
Spoofing attack
Eavesdropping
Account hijacking
Malicious link/attachment

20
Q

Which of the following answers refer to examples of image-based threat vectors? (Select 3 answers)

A

Steganography
Image spoofing (deepfakes)
Malware-embedded images

21
Q

Which of the answers listed below refers to a file-based threat vector?

A

PDF exploits
Malicious macros in documents
Compressed files (ZIP, RAR)
Malicious scripts in web pages
Infected images
Malicious executables

22
Q

Which of the following answer choices is an example of a threat vector type that is typical for voice communication?

A

Vishing

23
Q

Examples of threat vectors directly related to the use of removable devices include: (Select 2 answers)

A

Malware delivery
Data exfiltration

24
Q

Which of the answers listed below refer(s) to client-based software threat vector(s)? (Select all that apply)

A

Drive-by download via web browser

Malicious macro

USB-based attack
Infected executable file
Malicious attachment in email application

25
Q

Which of the following answers refer to agentless software threat vectors? (Select 2 answers)

A

Network protocol vulnerability
Packet sniffing

SECURITY+ EXAM (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions