The Comptia Security+ Certification Is A Vendor Neutral Credential
20 community-sourced questions and answers. Free — no login.
False
The Sarbanes-Oxley Act restricts electronic and paper data containing personally identifiable financial information.
True
One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government.
a
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information? a. Gramm-Leach-Bliley b. Sarbanes-Oxley c. California Database Security Breach d. USA Patriot
c
What term best describes any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents? a. cybercriminal b. cracking c. cyberterrorism d. hacking
d
In information security, which of the following is an example of a threat actor? a. a force of nature such as a tornado that could destroy computer equipment b. a virus that attacks a computer network c. a person attempting to break into a secure computer network d. all of the above
b
What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? a. cyberterrorism b. identity theft c. phishing d. social scam
b,c,d
Which of the following is a valid fundamental security principle? (Choose all that apply.) a. signature b. diversity c. simplicity d. layering
b,c
Which of the following describes various supporting structures for implementing security that provides a resource of how to create a secure IT environment? (Choose all that apply.) a. regulatory frameworks b. reference architectures c. industry-standard frameworks d. reference frameworks
a,b,c
Which of the following is a common security framework? (Choose all that apply.) a. ISO b. COBIT c. RFC d. ASA
a,b
Which of the following are considered threat actors? (Choose all that apply.) a. brokers b. competitors c. administrators d. individuals
With modern tools at their disposal, attackers can quickly scan systems to find weaknesses and launch attacks with unprecedented speed. Many tools can even initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.
Why is the speed of malicious attacks making the challenge of keeping computers secure more difficult?
At the current rate of submissions of potential malware on a daily basis, updates for anti-virus software would need to be released every few seconds.
Why are there delays in updating products such as anti-virus software to resist attacks?
Three of the characteristics of information that must be protected by information security are: 1. Confidentiality-Confidentiality ensures that only authorized parties can view the information. 2. Integrity-Integrity ensures that the information is correct and no unauthorized person or malicious software has altered that data. 3. Availability-Availability ensures that data is accessible to authorized users.
List and describe three of the characteristics of information that must be protected by information security?
Products (physical security): The physical security around the data. May be as basic as door locks or as complicated as intrusion-detection systems and firewalls. People (personnel security): Those who implement and properly use security products to protect data. Procedures (organizational security): Plans and policies established by an organization to ensure that people correctly use the products.
Information security is achieved through a combination of what three entities? Provide at least one example of each entity.
Script kiddies are individuals who want to break into computers to create damage yet lack the advanced knowledge of computers and networks needed to do so. Instead, script kiddies do their work by downloading automated attack software (scripts) from Web sites and using it to perform malicious acts.
What are script kiddies?
Many security researchers believe that nation state actors might be the deadliest of any threat actors. Nation state actors target very specific resources and the attackers keep working until they are successful. State sponsored attackers are highly skilled and have enough government resources to breach almost any security defense
What threat actors are generally believed to be the most dangerous threat actors? Explain your answer.
The PCI DSS is a set of security standards that all companies that process, store, or transmit credit or debit card information must follow. PCI applies to any enterprise or merchant, regardless of its size or number of card transactions, that processes transactions either online or in person.
What is the Payment Card Industry Data Security Standard (PCI DSS)?
Accept, transfer, avoid, and mitigate.
What are the four different risk response techniques?
Vulnerable business processes, also called business process compromise (BPC), occurs when an attacker manipulates commonplace actions that are routinely performed within an organization.
What is occurring when an attacker manipulates commonplace actions that are routinely performed in a business?
Because attacks can come from a variety of sources and in many ways, information security is by its very nature complex. The more complex something becomes, the more difficult it is to understand. In addition, complex systems allow many opportunities for something to go wrong. Complex security systems can be hard to understand, troubleshoot, and feel secure about. As much as possible, a secure system should be simple for those on the inside to understand and use. Complex security schemes are often compromised to make them easier for trusted users to work with, yet this can also make it easier for the attackers. In short, keeping a system simple from the inside but complex on the outside can sometimes be difficult but reaps a significant benefit.
Describe the security principle of simplicity.
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials