CompTIA Security+ Review Flashcards

These flashcards cover key CompTIA Security+ concepts found throughout the lecture transcript, focusing on threats, controls, encryption, incident response, risk management, network design, and security best practices.

Which threat actor is most likely sponsored by a government to attack another nation’s critical infrastructure?

A nation-state actor

What security process adds random data to a password before hashing it to defeat pre-computed attacks?

Salting

Clicking an email link that leads to a fake payment site designed to steal credentials is an example of what attack?

Phishing

Which jump-off device should administrators use when direct access to a protected network segment is blocked?

A jump server (bastion host)

What appliance sits in front of web servers to block attacks such as SQL injection or buffer overflows?

Web Application Firewall (WAF)

Adding a second factor such as an authenticator app to logins is an example of which control?

Multifactor authentication (MFA)

A text message that tricks users into entering payroll credentials is which two social-engineering techniques?

Smishing and impersonation

An email that appears to come from the CEO asking for gift cards is most likely what attack type?

Business Email Compromise (BEC)

Which best mitigates the risk of buying counterfeit network gear?

Thorough supply-chain analysis

What document spells out scope, tools, and boundaries for a third-party penetration test?

Rules of Engagement (RoE)

Running a port scan that actively sends packets to the target is what kind of reconnaissance?

Active reconnaissance

Which plan outlines steps to restore systems after a disaster?

Disaster Recovery Plan (DRP)

Installing apps outside an official mobile store is known as what vulnerability?

Sideloading

Trying one common password against many accounts is called?

Password spraying

In Zero-Trust networking, dividing the environment to reduce lateral movement is called?

Threat-scope reduction (micro-segmentation)

What URL pattern could a web filter block to deny non-encrypted sites?

"http://"

To block a single IP from entering the network, which ACL action is required?

Inbound deny with the attacker’s IP as the source

Which hardened host on the perimeter provides admin access while limiting traffic?

Bastion / jump host

To learn what program ran on a compromised laptop, which log source is most useful?

Endpoint (host) logs

Proactively searching logs for new attacker TTPs before alerts exist is called?

Threat hunting

Buying cyber-insurance to cover breaches illustrates which risk strategy?

Risk transfer

Encrypting an entire laptop drive is known as what technique?

Full-disk encryption (FDE)

An Acceptable-Use Policy is which type of control?

Preventive (administrative) control

Limiting help-desk console access to the manager and lead enforces which principle?

Principle of Least Privilege

What document lists risks, owners, and thresholds for action?

Risk register

Before deploying new firewall rules, what procedural step is mandatory?

Submit and follow a change-management procedure

Paying researchers for responsibly disclosed vulnerabilities is called a?

Bug bounty program

Using a form field to run DB commands illustrates which attack?

SQL injection

Design files and formulas used daily by R&D staff are classified as what data type?

Intellectual property

Asset tags tied to employee IDs help security teams do what two things?

1) Notify the correct user after an incident; 2) Account for company data when the employee departs

Updating the content of mandatory recurring training helps improve what?

User situational and environmental awareness

A one-page visual showing quarterly incident counts for executives is best delivered via?

A security dashboard

A changed hash on cmd.exe without recent patches likely indicates what malware?

A rootkit

In IaaS, who is responsible for securing the database running on a VM?

The client / customer

A document describing project scope, cost, and time line is a?

Statement of Work (SOW)

Validating and sanitising input to stop XSS should be done via which technique?

Input validation

Two key design factors for high-availability networks are?

Ease of recovery and minimizing attack surface

What should be done first before applying a high-priority patch to production?

Create and approve a change-control request

Why perform root-cause analysis after an incident?

To prevent future incidents of the same nature

Failing an internal PCI-DSS assessment most often results in?

Fines from card brands

Calculating minimum staff needed for continuity after a disaster is called?

Capacity planning

Blocking document access based on the user’s country is enforced with?

A geolocation policy

Using outdated router firmware represents which vulnerability type?

Hardware-specific (firmware version) vulnerability

Preventing unknown programs from running is best achieved with?

An application allow-list

A consultant hired to perform pentesting & social engineering is part of what team?

Red team

Digitally signing internally developed code ensures what property?

Authenticity (code signing)

A decoy server that lures attackers without touching production is a?

Honeypot

Determining root cause and scope of an incident occurs in which IR phase?

Analysis

After vulnerabilities are fixed, what should occur next?

Rescan the environment to verify remediation

Copying large data to a personal device after hours exemplifies what threat?

Malicious insider threat

Digital signatures that prove a sender cannot deny sending provide what?

Non-repudiation

Daily automated checks for changed server settings exemplify what?

Configuration-compliance automation

Which tool alerts when PII is emailed outside the company?

Data Loss Prevention (DLP) solution

A legal hold following a breach requires what action?

Retain all communications related to the breach until further notice

Password + hardware token + thumbprint fulfils what requirement?

MFA using something you know, have, and are

After writing new incident documents, what activity validates them?

Conduct a tabletop exercise

Users blocked from a retail site mis-categorized as gambling need what fix?

Update the content-filter categorization

Automatically disabling accounts of departing staff is an example of what automation use case?

Disabling access / de-provisioning

Showing only the last four digits of a credit card uses which data-security method?

Data masking

Files renamed with a .ryk extension and ransom note indicate what malware?

Ransomware (Ryuk variant)

For an emergency-reporting health-care web app, which design attribute is paramount?

Availability