Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

Comptia Security + UPDATED ACTUAL Exam Questions and CORRECT Answers

Rating
-
Sold
-
Pages
42
Grade
A+
Uploaded on
01-07-2025
Written in
2024/2025

Comptia Security + UPDATED ACTUAL Exam Questions and CORRECT Answers Reconnaissance - CORRECT ANSWER information about an organization, including: System hardware information Network configuration Individual user information Social Engineering - CORRECT ANSWER - Reconnaissance is the process of gathering - Social engineering is the process of manipulating others to give you sensitive information such as

Show more Read less
Institution
FedVTE
Course
FedVTE

Content preview

Comptia Security + UPDATED ACTUAL
Exam Questions and CORRECT Answers
Reconnaissance - CORRECT ANSWER - Reconnaissance is the process of gathering
information about an organization, including:
System hardware information
Network configuration
Individual user information


Social Engineering - CORRECT ANSWER - Social engineering is the process of
manipulating others to give you sensitive information such as:
Intimidation
Sympathy


Technical - CORRECT ANSWER - A technical approach is using software or utilities to
find vulnerabilities in a system.
Port scan
Ping sweep


Breach - CORRECT ANSWER - A breach is the penetration of system defenses, achieved
through information gathered by reconnaissance to penetrate the system defenses and gain
unauthorized access.


Escalate Privileges - CORRECT ANSWER - Escalating privileges is one of the primary
objectives of an attacker and can be achieved by configuring additional (escalated) rights to do
more than just breaching the system.


Create a Backdoor - CORRECT ANSWER - Creating a backdoor is an alternative method
of accessing an application or operating system for troubleshooting. Hackers often create
backdoors to exploit a system without being detected.

,Stage - CORRECT ANSWER - Staging a computer involves preparing it to perform
additional tasks in the attack, such as installing software designed to attack other systems. This is
an optional step.


Exploit - CORRECT ANSWER - An exploitation takes advantage of known
vulnerabilities in software and systems. Types of exploitation include:
Stealing information
Denying services
Crashing systems
Modifying/Altering information


Layering - CORRECT ANSWER - Layering involves implementing multiple security
strategies to protect the same asset. Defense in depth or security in depth is the premise that no
single layer is completely effective in securing the assets. The most secure system/network has
many layers of security and eliminates single points of failure.


Principle of Least Privilege - CORRECT ANSWER - The principle of least privilege
states that users or groups are given only the access they need to do their job and nothing more.
When assigning privileges, be aware that it is often easier to give a user more access when they
need it than to take away privileges that have already been granted.


Variety - CORRECT ANSWER - Defensive layers should have variety and be diverse;
implementing multiple layers of the exact same defense does not provide adequate strength
against attacks.


Randomness - CORRECT ANSWER - Randomness in security is the constant change in
personal habits and passwords to prevent anticipated events and exploitation.


Simplicity - CORRECT ANSWER - Security measures should provide protection, but not
be so complex that you do not understand and use them.

,Sophisticated Attacks - CORRECT ANSWER - Sophisticated attacks are complex,
making them difficult to detect and thwart. Sophisticated attacks:
Use common internet tools and protocols, making it difficult to distinguish an attack from
legitimate traffic.
Vary their behavior, making the same attack appear differently each time.


Proliferation of Attack Software - CORRECT ANSWER - A wide variety of attack tools
are available on the internet, allowing anyone with a moderate level of technical knowledge to
download the tools and run an attack.


Attack Scale and Velocity - CORRECT ANSWER - The scale and velocity of an attack
can grow to millions of computers in a matter of minutes or days due to its ability to proliferate
on the internet. Because modern attacks are not limited to user interactions, such as using a
floppy disk, to spread an attack from machine to machine, the attacks often affect very large
numbers of computers in a relatively short amount of time.


Confidentiality - CORRECT ANSWER - Ensures that data is not disclosed to unintended
persons. This is provided through encryption, which converts the data into a form that makes it
less likely to be usable by an unintended recipient.


Integrity - CORRECT ANSWER - ensures that data is not modified or tampered with.
This is provided through hashing.


Availability - CORRECT ANSWER - which ensures the uptime of the system so that data
is available when needed


Non-repudiation - CORRECT ANSWER - provides validation of a message's origin. For
example, if a user sends a digitally signed email, they cannot claim later that the email was not
sent. Non-repudiation is enforced by digital signatures.


CIA of Security - CORRECT ANSWER - refers to confidentiality, integrity, and
availability. These are often identified as the three main goals of security.

, Physical security - CORRECT ANSWER - which includes all hardware and software
necessary to secure data, such as firewalls and antivirus software.


Users and administrators - CORRECT ANSWER - which are the people who use the
software and the people who manage the software, respectively.


Policies - CORRECT ANSWER - which are the rules an organization implements to
protect information.


Risk management - CORRECT ANSWER - is the process of identifying security issues
and deciding which countermeasures to take in reducing risk to an acceptable level. The main
objective is to reduce the risk for an organization to a level that is deemed acceptable by senior
management.


asset - CORRECT ANSWER - something that has value to the person or organization,
such as sensitive information in a database.


threat - CORRECT ANSWER - an entity that can cause the loss of an asset or any
potential danger to the confidentiality, integrity, or availability of information or systems, such as
a data breach that results in a database being stolen.


threat agent - CORRECT ANSWER - (sometimes known as an attacker) is an entity that
can carry out a threat, such as a disgruntled employee who copies a database to a thumb drive
and sells it to a competitor.


vulnerability - CORRECT ANSWER - is a weakness that allows a threat to be carried out,
such as a USB port that is enabled on the server hosting the database or a server room door that
is frequently left ajar. USB devices pose the greatest threat to the confidentiality of data in most
secure organizations. There are so many devices that can support file storage that stealing data
has become easy, and preventing it is difficult.

Written for

Institution
FedVTE
Course
FedVTE

Document information

Uploaded on
July 1, 2025
Number of pages
42
Written in
2024/2025
Type
Exam (elaborations)
Contains
Questions & answers
$14.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF


Also available in package deal

Thumbnail
Package deal
FedVTE Bundled Exam Questions WITH CORRECT Answers
-
17 2025
$ 41.02 More info

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
MGRADES Stanford University
View profile
Follow You need to be logged in order to follow users or courses
Sold
1455
Member since
2 year
Number of followers
105
Documents
97742
Last sold
3 hours ago
MGRADES

Welcome to MGRADES ,Based at Stanford University in California. I guarantee success and you may end up coming back again and again. We do this for you . We offer the best study and exam materials for a wide range of courses and units. Make your study sessions more efficient and effective. Dive in and discover all you need to excel in your academic journey!

3.8

235 reviews

5
97
4
50
3
53
2
15
1
20

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions