CompTIA Security Plus Example Questions

Question 1

A company filed a complaint with its IT service provider after the company discovered the service provider's external audit team had access to some of the company's confidential information. Which of the following is the most likely reason the company filed the complaint?

Your Answer: Option(s)

Correct Answer: Option(s) D

Rationale

A required NDA had not been signed.

The company's complaint likely stems from the lack of a Non-Disclosure Agreement (NDA), which is crucial for protecting confidential information from unauthorized access or disclosure. Without an NDA in place, the service provider's external audit team may have accessed sensitive information without proper legal safeguards, leading to the company's concerns.

A) The MOU had basic clauses from a template.
While a Memorandum of Understanding (MOU) with basic clauses might indicate a lack of thoroughness in the agreement, it does not directly address the issue of confidentiality. An MOU typically outlines the intentions and general agreements between parties but does not specifically govern the handling of confidential information like an NDA would.

B) A SOW had not been agreed to by the client.
The Statement of Work (SOW) outlines specific deliverables and services to be provided but does not inherently protect confidential information. The absence of an agreed SOW might lead to confusion about services rendered, but it does not directly relate to the unauthorized access of confidential data by the audit team.

C) A WO had not been mutually approved.
A Work Order (WO) describes specific tasks or jobs to be completed, but like an SOW, it does not serve to safeguard confidential information. Lack of mutual approval on a WO may affect project execution but does not have a direct bearing on the confidentiality of sensitive data shared with the service provider.

Conclusion
The filing of a complaint by the company is most likely due to the absence of a signed NDA, which is essential for ensuring that confidential information is protected from unauthorized access. While other agreements like MOUs, SOWs, and WOs are important for defining project scope and expectations, they do not specifically address the confidentiality concerns raised by the company's situation with the IT service provider.

Select an answer to continue →

Question 2

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Your Answer: Option(s)

Correct Answer: Option(s) D

Rationale

Organized crime best describes the threat actor in the CISO's report.

Ransomware-as-a-service is often facilitated by organized crime groups that provide the tools and infrastructure for cybercriminals to launch attacks. These groups operate for profit, targeting organizations to extort money through ransomware, making them the most fitting description of the threat actor in this context.

A) Insider threat
An insider threat refers to individuals within an organization who misuse their access to harm the organization, whether intentionally or unintentionally. While insider threats can pose significant security risks, they do not align with the concept of ransomware-as-a-service, which is typically executed from external criminal entities rather than internal personnel.

B) Hacktivist
Hacktivists are motivated by political or social causes and often aim to disrupt services or leak information to promote their agenda. Unlike organized crime, which focuses on financial gain through ransomware, hacktivists typically do not engage in ransomware-as-a-service activities, as their actions are more ideologically driven rather than profit-oriented.

C) Nation-state
Nation-state actors engage in cyber operations that align with their geopolitical objectives, often involving espionage or sabotage. While some nation-state actors may use ransomware, the term ransomware-as-a-service is more closely associated with criminal enterprises that prioritize financial profit, distinguishing them from the strategic motives of nation-state actors.

D) Organized crime
Organized crime refers to structured groups that engage in illegal activities for profit, including cybercrime. Ransomware-as-a-service operates within this framework, allowing various criminals to exploit ransomware tools provided by these organized groups. This makes them the most accurate description of the threat actor in the CISO's report.

Conclusion
Ransomware-as-a-service is primarily associated with organized crime, which specializes in financially motivated cyberattacks. Understanding the nature of these threat actors is crucial for organizations as they formulate strategies to counteract the growing prevalence of ransomware attacks. By accurately identifying organized crime as the threat actor, the CISO can effectively communicate the seriousness of the issue to the management team and advocate for appropriate security measures.

Select an answer to continue →

Question 3

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Your Answer: Option(s)

Correct Answer: Option(s) B

Rationale

Retain any communications related to the security breach until further notice.

In the context of a legal hold, it is essential for the security team to preserve all relevant communications that could pertain to the lawsuit. This includes any documentation or correspondence related to the security breach, as these materials may be critical for legal proceedings.

A) Retain the emails between the security team and affected customers for 30 days.
This option specifies a time limit of 30 days, which does not align with the indefinite nature of a legal hold. A legal hold requires retaining evidence until the legal matter is resolved, not just for a limited period.

C) Retain any communications between security members during the breach response.
While retaining communications among security team members is important, this option does not encompass all relevant communications related to the breach. A legal hold should include a broader scope of documentation that encompasses all aspects of the incident, not just internal communications.

D) Retain all emails from the company to affected customers for an indefinite period of time.
This choice focuses solely on emails directed at customers, which may not cover all relevant communications related to the breach. A more comprehensive approach is necessary to ensure that all pertinent information regarding the breach is preserved, as required by a legal hold.

Conclusion
In response to a lawsuit, a legal hold mandates the preservation of all communications related to the incident, ensuring that no relevant information is lost. Option B correctly captures the essence of this requirement by emphasizing the need to retain all communications associated with the security breach until further notice, thus supporting the legal process effectively.

Select an answer to continue →

Question 4

Which of the following technologies must be used in an organization that intends to automate infrastructure deployment?

Your Answer: Option(s)

Correct Answer: Option(s) A

Rationale

IaC (Infrastructure as Code) must be used in an organization that intends to automate infrastructure deployment.

IaC is a key technology for automating infrastructure deployment, allowing developers to define and manage infrastructure through code, facilitating consistency, repeatability, and speed in provisioning resources.

A) IaC
Infrastructure as Code (IaC) enables the management of infrastructure through code rather than manual processes. This approach allows for automated deployment, version control, and testing of infrastructure configurations, streamlining the deployment process significantly.

B) IaaS
Infrastructure as a Service (IaaS) provides virtualized computing resources over the internet, but it does not inherently automate deployment processes. While IaaS can host the infrastructure, automation must be implemented through additional tools or frameworks like IaC to achieve true deployment automation.

C) IoC
Inversion of Control (IoC) is a design principle used in software development to enhance modularity and decouple components but is not a technology specifically aimed at infrastructure deployment automation. IoC focuses on the flow of control within programs, rather than on the automation of infrastructure management.

D) IoT
The Internet of Things (IoT) refers to a network of interconnected devices that communicate and exchange data. While IoT can involve automation in data collection and analysis, it does not specifically address the automation of infrastructure deployment processes relevant to managing IT resources.

Conclusion
To effectively automate infrastructure deployment, organizations must leverage Infrastructure as Code (IaC), which directly facilitates this process through code-based management. Other options like IaaS, IoC, and IoT serve different purposes and do not provide the necessary framework for automating deployment tasks. Understanding and implementing IaC is essential for achieving efficiency and consistency in infrastructure management.

Select an answer to continue →

Question 5

Which of the following is a security implication of using SDN over traditional methods?

Your Answer: Option(s)

Correct Answer: Option(s) A

Rationale

Network device configuration can be dynamically adjusted to react to a detected security threat.

Software-Defined Networking (SDN) enables centralized control and programmability of the network, allowing administrators to adapt device configurations in real-time in response to security threats. This dynamic adjustment enhances the network's resilience and efficiency compared to traditional methods, where manual configuration can delay responses to security incidents.

A) Network device configuration can be dynamically adjusted to react to a detected security threat.
This choice correctly highlights a key advantage of SDN. SDN's centralized architecture allows rapid adjustments to network configurations, which is crucial for responding to and mitigating security threats as they arise. This capability contrasts sharply with traditional networking methods, where changes may require significant time and effort.

B) Network alerting and reporting is reduced due to lack of integration with analysis tools.
This option incorrectly suggests a downside of SDN. In fact, SDN can integrate with advanced analysis tools to enhance alerting and reporting capabilities. The centralized control of SDN allows for improved monitoring of network activities, leading to better security insights rather than reduced alerting.

C) Network intrusion detection results in increased false positives or false negatives.
This choice misrepresents the potential of SDN. While intrusion detection systems can produce false positives or negatives in any environment, SDN can facilitate better detection mechanisms through its programmable nature, potentially reducing these inaccuracies rather than increasing them.

D) Network infrastructure is outsourced to a third-party vendor better suited to maintaining security.
This statement inaccurately describes SDN's implications. While outsourcing may occur in some scenarios, SDN primarily focuses on enhancing in-house control and programmability of the network rather than shifting responsibility to external vendors.

Conclusion
SDN offers significant advantages over traditional networking in terms of dynamic security responses, allowing for real-time adjustments to network configurations. While there are challenges associated with security monitoring, the programmability and centralized management of SDN promote better integration with security tools and proactive threat management. Thus, the ability to dynamically adjust network configurations stands out as a critical security advantage of SDN.

Select an answer to continue →

Free Preview Ended

You've seen the first 5 questions.
Subscribe to unlock the remaining 65 questions + full features.

Unlock Full Exam See Other Exams

A required NDA had not been signed.

Organized crime best describes the threat actor in the CISO's report.

Retain any communications related to the security breach until further notice.

IaC (Infrastructure as Code) must be used in an organization that intends to automate infrastructure deployment.

Network device configuration can be dynamically adjusted to react to a detected security threat.

Free Preview Ended

Unlock Full Access

You are leaving this quiz

You're in the middle of a quiz

Report an Issue

Rate this Practice Test