CompTIA Security+ 701 Practice Exams
Terms in this set (325)
In a corporate office, employees are required to use their Physical control
access cards to enter different sections of the building. - The use of access cards to enter different sections of the building is an example
What type of control is being implemented in this of physical control, as it restricts and controls physical access to specific areas.
scenario?
Detective control
Preventive control
Physical control
Corrective control
Detective controls Help to identify and respond to security incidents after they have occurred.
- ex. security cameras
Preventive controls Aim to stop security incidents before they occur.
Corrective controls Implemented in response to identified security incidents.
A financial institution implements encryption for all Technical control
sensitive data transmitted between its branches to ensure - Encryption is a technical control that involves the use of technology to protect
confidentiality. What type of control is being applied sensitive data during transmission, ensuring its confidentiality.
here?
Technical control
Administrative control
Physical control
Operational control
Administrative controls involve policies, procedures, and training to shape behavior.
Physical controls Restrict access to physical areas and assets.
,Operational control Focus on day-to-day processes and procedures to ensure the security of
information systems.
A company encrypts sensitive customer data to prevent Confidentiality
unauthorized access. What security principle does this - Encrypting sensitive customer data helps maintain confidentiality by protecting
primarily address? it from unauthorized access.
Confidentiality
Integrity
Availability
Accountability
Integrity Ensures that data remains accurate and unaltered.
Availability Focuses on ensuring that resources are accessible when needed.
Accountability Is about tracking actions and identifying responsible parties.
A system administrator implements regular backups to Availability
ensure that critical data can be restored in the event of a - Regular backups contribute to the ability of critical data by ensuring it can be
hardware failure. Which security principle does this align stores in case of a hardware failure or data loss.
with?
Confidentiality
Integrity
Availability
Non-repudiation
Confidentiality Is about preventing unauthorized access to sensitive information.
Non-repudiation Focuses on ensuring that a party cannot deny its actions.
A security mechanism is implemented to verify that data Integrity
remains unchanged during transmission over a network. - Verifying data integrity ensures that it remains unchanged during transmission,
Which security principle is being emphasized? guarding against unauthorized alterations.
Confidentiality
Integrity
Availability
Authentication
In a network environment, what AAA component is Accounting
responsible for tracking the activities of users and - Involves tracking user activities and resource usage for the purpose of billing,
monitoring resource usage? auditing, and security monitoring.
Authentication
Authorization
Accounting
Auditing
Auditing Involves the analysis of logs and records to ensure compliance and detect
security incidents.
, Authorization Determines the user's access rights and permissions after successful
authentication.
Authentication Involves verifying the identity of a user.
In a multi-factor authentication system, which of the One-time password
following is an example of something you know? - Something you know refers to knowledge-based factors, such as a password or
PIN, and a one-time password is an example of this.
Fingerprint scan
One-time password
Smart card
Retina scan
Something you are A biometric factor
- ex. fingerprint scan, retina scan
Something you have A possession-based factor
- ex. smart card
What is a common outcome of a gap analysis process in Establishment of a remediation plan
the context of cybersecurity? - A common outcome of gap analysis is the identification of security gaps and the
development of a remediation plan to address these gaps.
A) Development of a risk management plan
B)Implementation of compensating controls Incorrect Answers Explanation:
C) Creation of a security policy A) While gap analysis contributes to risk assessment, developing a
D) Establishment of a remediation plan risk management plan is a broader process.
B)Compensating controls may be part of the remediation plan but are not
the primary outcome of a gap analysis.
C) A security policy may be reviewed during gap analysis, but creating one is not
a direct outcome.
A company has recently implemented a new Reviewing existing security controls, policies, and procedures against the new
cybersecurity policy and wants to assess its current policy.
security posture. What specific steps might they take in a - Gap analysis involves comparing the current state against desired goals. In this
gap analysis process to identify areas for improvement? scenario, reviewing existing security controls, policies, and procedures against the
new policy helps identify gaps and areas for improvement.
A) Conducting penetration testing to
identify vulnerabilities.
B)Reviewing existing security controls, policies,
and procedures against the new policy.
C) Assessing the organization's compliance with
industry standards.
D) Implementing new security measures without analysis.
Gap analysis Involves comparing the current state against desired goals.
Penetration testing Specific to identifying vulnerabilities
Terms in this set (325)
In a corporate office, employees are required to use their Physical control
access cards to enter different sections of the building. - The use of access cards to enter different sections of the building is an example
What type of control is being implemented in this of physical control, as it restricts and controls physical access to specific areas.
scenario?
Detective control
Preventive control
Physical control
Corrective control
Detective controls Help to identify and respond to security incidents after they have occurred.
- ex. security cameras
Preventive controls Aim to stop security incidents before they occur.
Corrective controls Implemented in response to identified security incidents.
A financial institution implements encryption for all Technical control
sensitive data transmitted between its branches to ensure - Encryption is a technical control that involves the use of technology to protect
confidentiality. What type of control is being applied sensitive data during transmission, ensuring its confidentiality.
here?
Technical control
Administrative control
Physical control
Operational control
Administrative controls involve policies, procedures, and training to shape behavior.
Physical controls Restrict access to physical areas and assets.
,Operational control Focus on day-to-day processes and procedures to ensure the security of
information systems.
A company encrypts sensitive customer data to prevent Confidentiality
unauthorized access. What security principle does this - Encrypting sensitive customer data helps maintain confidentiality by protecting
primarily address? it from unauthorized access.
Confidentiality
Integrity
Availability
Accountability
Integrity Ensures that data remains accurate and unaltered.
Availability Focuses on ensuring that resources are accessible when needed.
Accountability Is about tracking actions and identifying responsible parties.
A system administrator implements regular backups to Availability
ensure that critical data can be restored in the event of a - Regular backups contribute to the ability of critical data by ensuring it can be
hardware failure. Which security principle does this align stores in case of a hardware failure or data loss.
with?
Confidentiality
Integrity
Availability
Non-repudiation
Confidentiality Is about preventing unauthorized access to sensitive information.
Non-repudiation Focuses on ensuring that a party cannot deny its actions.
A security mechanism is implemented to verify that data Integrity
remains unchanged during transmission over a network. - Verifying data integrity ensures that it remains unchanged during transmission,
Which security principle is being emphasized? guarding against unauthorized alterations.
Confidentiality
Integrity
Availability
Authentication
In a network environment, what AAA component is Accounting
responsible for tracking the activities of users and - Involves tracking user activities and resource usage for the purpose of billing,
monitoring resource usage? auditing, and security monitoring.
Authentication
Authorization
Accounting
Auditing
Auditing Involves the analysis of logs and records to ensure compliance and detect
security incidents.
, Authorization Determines the user's access rights and permissions after successful
authentication.
Authentication Involves verifying the identity of a user.
In a multi-factor authentication system, which of the One-time password
following is an example of something you know? - Something you know refers to knowledge-based factors, such as a password or
PIN, and a one-time password is an example of this.
Fingerprint scan
One-time password
Smart card
Retina scan
Something you are A biometric factor
- ex. fingerprint scan, retina scan
Something you have A possession-based factor
- ex. smart card
What is a common outcome of a gap analysis process in Establishment of a remediation plan
the context of cybersecurity? - A common outcome of gap analysis is the identification of security gaps and the
development of a remediation plan to address these gaps.
A) Development of a risk management plan
B)Implementation of compensating controls Incorrect Answers Explanation:
C) Creation of a security policy A) While gap analysis contributes to risk assessment, developing a
D) Establishment of a remediation plan risk management plan is a broader process.
B)Compensating controls may be part of the remediation plan but are not
the primary outcome of a gap analysis.
C) A security policy may be reviewed during gap analysis, but creating one is not
a direct outcome.
A company has recently implemented a new Reviewing existing security controls, policies, and procedures against the new
cybersecurity policy and wants to assess its current policy.
security posture. What specific steps might they take in a - Gap analysis involves comparing the current state against desired goals. In this
gap analysis process to identify areas for improvement? scenario, reviewing existing security controls, policies, and procedures against the
new policy helps identify gaps and areas for improvement.
A) Conducting penetration testing to
identify vulnerabilities.
B)Reviewing existing security controls, policies,
and procedures against the new policy.
C) Assessing the organization's compliance with
industry standards.
D) Implementing new security measures without analysis.
Gap analysis Involves comparing the current state against desired goals.
Penetration testing Specific to identifying vulnerabilities
