SEC+ 601 Practice 1-5
A contractor has been hired to conduct penetration testing on a company's network.
They have used the company's website to identify employees. They have found several
of the employees' Facebook pages and have found a popular restaurant the employees
like to go to after work for a drink. A member of the team goes to the restaurant and
starts small talk with the employees. The member discovers that several key positions
are vacant in the IT department and that there are shortfalls in terms of information
security. What reconnaissance phase techniques has the contractor used? (Select all
that apply.)
A. Open Source Intelligence (OSINT)
B. Scanning
C. Social engineering
D. Persistence - ANSWER A. Open Source Intelligence (OSINT)
C. Social engineering
Which security related phrase relates to the integrity of data?
A. Accessibility is authorized
B. Modification is authorized
C. Knowledge is authorized
D. Non-repudiation is authorized - ANSWER Modification is authorized
An engineer looks to implement security measures by following the five functions in the
National Institute of Standards and Technology (NIST) framework. When documenting
the "detect" function, what does the engineer focus on?
A. Evaluate risks and threats
B. Install, operate, and decommission assets
C. Ongoing proactive monitoring
D. Restoration of systems and data - ANSWER C. Ongoing proactive monitoring
How might the goals of a basic network management not be well-aligned with the goals
of security?
A. Management focuses on confidentiality and availability.
B. Management focuses on confidentiality over availability.
C. Management focuses on integrity and confidentiality.
D. Management focuses on availability over confidentiality. - ANSWER D. Management
focuses on availability over confidentiality.
Any external responsibility for an organization's security lies mainly with which
individuals?
A. The owner
B. Tech staff
C. Management
,SEC+ 601 Practice 1-5
D. Public relations - ANSWER A. The owner
What distinguishes DevSecOps from a traditional SOC?
A. Software code is the responsibility of a programming or development team.
B. Identification as a single point-of-contact for the notification of security incidents.
C. A cultural shift within an organization to encourage much more collaboration.
D. Security is a primary consideration at every stage of software development. -
ANSWER D. Security is a primary consideration at every stage of software
development.
A company has an annual contract with an outside firm to perform a security audit on
their network. The purpose of the annual audit is to determine if the company is in
compliance with their internal directives and policies for security control. Select the
broad class of security control that accurately demonstrates the purpose of the audit.
A. Managerial
B. Technical
C. Physical
D. Compensating - ANSWER A. Managerial
The _____ requires federal agencies to develop security policies for computer systems
that process confidential information.
A. Sarbanes-Oxley Act (SOX)
B. Computer Security Act
C. Federal information Security Management Act (FISMA)
D. Gramm-Leach-Bliley Act (GLBA) - ANSWER B. Computer Security Act
After a poorly handled security breach, a company updates its security policy to include
an improved incident response plan. Which of the following security controls does this
update address?
A. Compensating
B. Deterrent
C. Corrective
D. Detective - ANSWER C. Corrective
The IT department head returns from an industry conference feeling inspired by a
presentation on the topic of defense in depth. A meeting is scheduled with IT staff to
brainstorm ideas for implementing defense in depth throughout the organization. Which
of the following ideas are consistent with this industry best practice? (Select all that
apply.)
,SEC+ 601 Practice 1-5
A. Provide user training on identifying cyber threats.
B. Adopt a vendor-specific stance.
C. Align administrative and technical controls with control functions.
D. Move endpoint security to the firewall. - ANSWER A. Provide user training on
identifying cyber threats.
C. Align administrative and technical controls with control functions.
Which of the following focuses exclusively on IT security, rather than IT service
delivery?
A. National Institute of Standards and Technology (NIST)
B. International Organization for Standardization (ISO)
C. Control Objectives for Information and Related Technologies (COBIT)
D. Sherwood Applied Business Security Architecture (SABSA) - ANSWER A. National
Institute of Standards and Technology (NIST)
A company has one technician that is solely responsible for applying and testing
software and firmware patches. The technician goes on a two-week vacation, and no
one is tasked to perform the patching duties during this time. A critical patch is released
and not installed due to the absence. According to the National Institute of Standards
and Technology (NIST), what has the delay in applying the patch caused?
A. Control
B. Risk
C. Threat
D. Vulnerability - ANSWER D. Vulnerability
Any part of the World Wide Web that is accessed through non-standard methods and is
intentionally not indexed and hidden from a search engine is called a _____.
A. Dark net
B. Cyber threat actor
C. Deep web
D. Dark web - ANSWER C. Deep web
Which of the following could represent an insider threat? (Select all the apply.)
A. Former employee
B. Contractor
C. Customer
D. White box hacker - ANSWER A. Former employee
B. Contractor
, SEC+ 601 Practice 1-5
One aspect of threat modeling is to identify potential threat actors and the risks
associated with each one. When assessing the risk that any one type of threat actor
poses to an organization, what are the critical factors to profile? (Select all that apply.)
A. Education
B. Socioeconomic status
C. Intent
D. Motivation - ANSWER C. Intent
D. Motivation
A user with authorized access to systems in a software development firm installs a
seemingly harmless, yet unauthorized program on a workstation without the IT
department's sanction. Identify the type of threat that is a result of this user's action.
A. Unintentional insider threat
B. Malicious insider threat
C. Intentional attack vector
D. Shadow IT - ANSWER A. Unintentional insider threat
What is Open Source Intelligence (OSINT)?
A. Obtaining information, physical access to premises, or even access to a user account
through the art of persuasion
B. The means the organization will take to protect the confidentiality, availability, and
integrity of sensitive data and resources
C. Using web search tools and social media to obtain information about the target
D. Using software tools to obtain information about a host or network topology -
ANSWER C. Using web search tools and social media to obtain information about the
target
By searching through a company's postings on a job board, a hacker is able to
determine from the job requirement descriptions that it uses Windows Server 2008 R2,
Windows 7, PostgreSQL 9, and XenApp 6. What stage of the kill chain does this
represent?
A. Reconnaissance
B. Data exfiltration
C. Active scanning
D. Scoping - ANSWER A. Reconnaissance
An IT manager in the aviation sector checks the industry's threat intelligence feed to
keep up on the latest threats and ensure the work center implements the best practices
A contractor has been hired to conduct penetration testing on a company's network.
They have used the company's website to identify employees. They have found several
of the employees' Facebook pages and have found a popular restaurant the employees
like to go to after work for a drink. A member of the team goes to the restaurant and
starts small talk with the employees. The member discovers that several key positions
are vacant in the IT department and that there are shortfalls in terms of information
security. What reconnaissance phase techniques has the contractor used? (Select all
that apply.)
A. Open Source Intelligence (OSINT)
B. Scanning
C. Social engineering
D. Persistence - ANSWER A. Open Source Intelligence (OSINT)
C. Social engineering
Which security related phrase relates to the integrity of data?
A. Accessibility is authorized
B. Modification is authorized
C. Knowledge is authorized
D. Non-repudiation is authorized - ANSWER Modification is authorized
An engineer looks to implement security measures by following the five functions in the
National Institute of Standards and Technology (NIST) framework. When documenting
the "detect" function, what does the engineer focus on?
A. Evaluate risks and threats
B. Install, operate, and decommission assets
C. Ongoing proactive monitoring
D. Restoration of systems and data - ANSWER C. Ongoing proactive monitoring
How might the goals of a basic network management not be well-aligned with the goals
of security?
A. Management focuses on confidentiality and availability.
B. Management focuses on confidentiality over availability.
C. Management focuses on integrity and confidentiality.
D. Management focuses on availability over confidentiality. - ANSWER D. Management
focuses on availability over confidentiality.
Any external responsibility for an organization's security lies mainly with which
individuals?
A. The owner
B. Tech staff
C. Management
,SEC+ 601 Practice 1-5
D. Public relations - ANSWER A. The owner
What distinguishes DevSecOps from a traditional SOC?
A. Software code is the responsibility of a programming or development team.
B. Identification as a single point-of-contact for the notification of security incidents.
C. A cultural shift within an organization to encourage much more collaboration.
D. Security is a primary consideration at every stage of software development. -
ANSWER D. Security is a primary consideration at every stage of software
development.
A company has an annual contract with an outside firm to perform a security audit on
their network. The purpose of the annual audit is to determine if the company is in
compliance with their internal directives and policies for security control. Select the
broad class of security control that accurately demonstrates the purpose of the audit.
A. Managerial
B. Technical
C. Physical
D. Compensating - ANSWER A. Managerial
The _____ requires federal agencies to develop security policies for computer systems
that process confidential information.
A. Sarbanes-Oxley Act (SOX)
B. Computer Security Act
C. Federal information Security Management Act (FISMA)
D. Gramm-Leach-Bliley Act (GLBA) - ANSWER B. Computer Security Act
After a poorly handled security breach, a company updates its security policy to include
an improved incident response plan. Which of the following security controls does this
update address?
A. Compensating
B. Deterrent
C. Corrective
D. Detective - ANSWER C. Corrective
The IT department head returns from an industry conference feeling inspired by a
presentation on the topic of defense in depth. A meeting is scheduled with IT staff to
brainstorm ideas for implementing defense in depth throughout the organization. Which
of the following ideas are consistent with this industry best practice? (Select all that
apply.)
,SEC+ 601 Practice 1-5
A. Provide user training on identifying cyber threats.
B. Adopt a vendor-specific stance.
C. Align administrative and technical controls with control functions.
D. Move endpoint security to the firewall. - ANSWER A. Provide user training on
identifying cyber threats.
C. Align administrative and technical controls with control functions.
Which of the following focuses exclusively on IT security, rather than IT service
delivery?
A. National Institute of Standards and Technology (NIST)
B. International Organization for Standardization (ISO)
C. Control Objectives for Information and Related Technologies (COBIT)
D. Sherwood Applied Business Security Architecture (SABSA) - ANSWER A. National
Institute of Standards and Technology (NIST)
A company has one technician that is solely responsible for applying and testing
software and firmware patches. The technician goes on a two-week vacation, and no
one is tasked to perform the patching duties during this time. A critical patch is released
and not installed due to the absence. According to the National Institute of Standards
and Technology (NIST), what has the delay in applying the patch caused?
A. Control
B. Risk
C. Threat
D. Vulnerability - ANSWER D. Vulnerability
Any part of the World Wide Web that is accessed through non-standard methods and is
intentionally not indexed and hidden from a search engine is called a _____.
A. Dark net
B. Cyber threat actor
C. Deep web
D. Dark web - ANSWER C. Deep web
Which of the following could represent an insider threat? (Select all the apply.)
A. Former employee
B. Contractor
C. Customer
D. White box hacker - ANSWER A. Former employee
B. Contractor
, SEC+ 601 Practice 1-5
One aspect of threat modeling is to identify potential threat actors and the risks
associated with each one. When assessing the risk that any one type of threat actor
poses to an organization, what are the critical factors to profile? (Select all that apply.)
A. Education
B. Socioeconomic status
C. Intent
D. Motivation - ANSWER C. Intent
D. Motivation
A user with authorized access to systems in a software development firm installs a
seemingly harmless, yet unauthorized program on a workstation without the IT
department's sanction. Identify the type of threat that is a result of this user's action.
A. Unintentional insider threat
B. Malicious insider threat
C. Intentional attack vector
D. Shadow IT - ANSWER A. Unintentional insider threat
What is Open Source Intelligence (OSINT)?
A. Obtaining information, physical access to premises, or even access to a user account
through the art of persuasion
B. The means the organization will take to protect the confidentiality, availability, and
integrity of sensitive data and resources
C. Using web search tools and social media to obtain information about the target
D. Using software tools to obtain information about a host or network topology -
ANSWER C. Using web search tools and social media to obtain information about the
target
By searching through a company's postings on a job board, a hacker is able to
determine from the job requirement descriptions that it uses Windows Server 2008 R2,
Windows 7, PostgreSQL 9, and XenApp 6. What stage of the kill chain does this
represent?
A. Reconnaissance
B. Data exfiltration
C. Active scanning
D. Scoping - ANSWER A. Reconnaissance
An IT manager in the aviation sector checks the industry's threat intelligence feed to
keep up on the latest threats and ensure the work center implements the best practices
