CompTIA Security + Mock Flashcards
Things To Study | Test 19-24
A detailed agreement between a client and a vendor that describes the work to be performed on a project is called:
MSA, SLA, WO or SOW ?
SOW (Statement of Work)
A formal document that outlines what work needs to be done, who does it, and when it should be completed. It prevents misunderstandings by clearly defining project expectations.
Think of it as a recipe—it tells you the ingredients (tasks), steps (timeline), and who’s cooking (roles).
Which of the following terms describes an investigation or assessment done upfront to ensure all facts and risks are known before proceeding?
A. Fiduciary duty
B. Due care
C. Standard of care
D. Due diligence
Due Diligence
The process of thoroughly researching and verifying information before making a decision, especially in business or security contexts. It helps identify risks, ensure compliance, and avoid costly mistakes.
Think of it like checking a used car’s history and test-driving it before buying—you want to know exactly what you’re getting into.
Which of the terms listed below is used to describe actions taken to address and mitigate already identified risks?
A. Due diligence
B. Standard of care
C. Due care
D. Fiduciary duty
Due Care
Taking reasonable steps to protect assets, follow laws, and prevent harm—like installing security patches or training employees. It’s about acting responsibly to avoid negligence.
Think of it like locking your front door; it’s a basic precaution to prevent theft.
Under data privacy regulations, the individual whose personal data undergoes collection and processing is known as:
A. Data holder
B. Data owner
C. Data user
D. Data subject
Data Subject
The individual whose personal data is being collected, stored, or processed - like a customer, employee, or website visitor.
Think of it as you being the “main character” in a company’s data collection story.
In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.
TRUE or FALSE ?
FALSE !
Active reconnaissance involves direct interaction with the target system (e.g., port scanning, vulnerability scanning, or sending probes to gather technical details). This can trigger security alerts because the tester is engaging with the system.
In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.
TRUE or FALSE ?
FALSE !
Passive reconnaissance involves collecting information without directly interacting with the target system (e.g., searching public records, DNS lookups, or social media scraping).
In the context of third-party risk assessment and management, which process involves conducting thorough investigations to verify the credentials, reliability, and integrity of potential vendors?
A. Reference check
B. Compliance review
C. Due diligence
D. Vendor appraisal
Due Diligence
The process of thoroughly researching and verifying information before making a decision, especially in business or security contexts. It helps identify risks, ensure compliance, and avoid costly mistakes.
Think of it like checking a used car’s history and test-driving it before buying—you want to know exactly what you’re getting into.
Which of the following terms refers to an agreement that specifies performance requirements for a vendor?
A. MSA
B. SLA
C. MOU
D. SOW
SLA (Service Level Agreement)
A contract between a service provider and customer that defines measurable metrics like uptime, response times, and resolution deadlines. It sets clear expectations for performance and consequences if standards aren’t met.
Think of it like a gym membership contract - it specifies how often equipment must be working, or you get a refund.
Which of the following acronyms refers to a document that authorises, initiates, and tracks the progress and completion of a particular job or task?
A. SOW
B. WO
C. SLA
D. MSA
WO (Work Order)
A formal document authorising specific tasks or services to be performed, including details like scope, costs, timeline, and responsible parties.
Think of it like a doctor’s prescription - it specifies exactly what needs to be done, by whom, and when.
Which of the answers listed below refers to an organisation that develops a wide range of standards on a global level?
A. IEEE
B. ANSI
C. ISO
D. NIST
ISO (International Organisation for Standardisation)
An independent global body that develops and publishes voluntary international standards for products, services, and systems, including cybersecurity frameworks.
Think of it as the rulebook for how things should work worldwide, like the universal sizing system for shoes.
Which of the answers listed below refer(s) to individuals responsible for the day-to-day management, storage, and protection of data? (Select all that apply)
A. Processors
B. Controllers
C. Stewards
D. Owners
E. Custodians
Custodians (in Cybersecurity/Data Protection)
Individuals or teams responsible for securely storing, maintaining, and protecting an organisation’s data or assets on a day-to-day basis.
Think of them like librarians—they don’t own the books (data), but they ensure they’re stored safely and accessible only to authorised users.
The process of determining potential risks that could affect an organisation’s ability to achieve its objectives is called:
A. Risk assessment
B. Risk identification
C. Risk analysis
D. Risk management
Risk Identification
The process of finding and documenting potential threats that could harm an organisation’s assets, operations, or data.
Think of it like a doctor’s check-up—you list all possible health risks before they become emergencies.
The process of evaluating discovered risks to understand their potential impact and likelihood is referred to as:
A. Risk analysis
B. Risk assessment
C. Risk identification
D. Risk management
Risk Assessment
The structured process of identifying, analysing, and evaluating risks to determine their potential impact on an organisation.
Think of it like a weather forecast for threats—predicting storms (risks) and deciding if you need an umbrella (controls).
Which of the following answers refers to a risk assessment method based on need, typically conducted in response to specific events or changes, such as after a major organisational change or a security breach?
A. Ad hoc
B. Recurring
C. One-time
D. Continuous
Ad Hoc
Refers to something created spontaneously for a specific, immediate purpose without prior planning—like a temporary fix or informal process. In cybersecurity, it often describes unplanned, reactive measures (e.g., patching a vulnerability after an attack).
Think of it like duct-taping a leaky pipe instead of calling a plumber—it works short-term but isn’t a real solution.
Which of the terms listed below refers to a process that deals with coordinating and managing multiple repetitive tasks?
A. Sequencing
B. Orchestration
C. Scripting
D. Automation
Orchestration
The automated coordination and management of multiple systems, tools, or workflows to execute complex tasks efficiently. In cybersecurity, it connects security tools (like SIEMs, firewalls) to respond to threats without manual steps.
Think of it like a conductor leading an orchestra—each instrument (tool) plays its part automatically at the right time.
Which of the following technologies enables automated handling of multiple security incidents?
SOAP, SASE, SOAR or SIEM ?
SOAR (Security Orchestration, Automation, and Response)
A cybersecurity approach that combines three key capabilities to streamline threat detection and response:
- Orchestration – Connects security tools (SIEMs, firewalls, EDR) to work together
- Automation – Eliminates manual steps (e.g., auto-isolating infected devices)
- Response – Executes predefined actions (like blocking IPs or resetting passwords)
Think of it like a self-driving security team—it detects threats, makes decisions, and acts instantly, 24/7.
Which of the following answers refers to a set of rules, policies, or automated controls designed to regulate technology-related decisions and actions within an organisation?
A. Technical standards
B. Compliance requirements
C. Guardrails
D. Security baselines
Guardrails
Predefined security policies, controls, or boundaries that prevent risky actions while allowing flexibility within safe limits.
Think of them like bumper lanes in bowling—they keep the ball (users/systems) from going completely off track while still allowing movement.
Which of the following answers refers to a more in-depth exercise, which can include activating systems and performing real actions to respond to the incident?
A. Penetration testing
B. Threat hunting
C. Simulation
D. Vulnerability scanning
Simulation
A controlled imitation of real-world cyber threats or incidents (like mock attacks or disaster scenarios) to test security defences, processes, and team responses.
Think of it like a fire drill for cybersecurity—practicing how to react before a real emergency happens.
During the post-incident activity stage, this step involves analysing logs, forensics data, and other evidence to prevent incident reoccurrence.
A. Reporting
B. E-discovery
C. Root cause analysis
D. Threat hunting
Root Cause Analysis (RCA)
The process of identifying the underlying source of a security incident or failure—not just treating symptoms. Think of it like detective work: Instead of just mopping up a flood, you find (and fix) the broken pipe that caused it.
The process of identifying, collecting, and producing electronically stored information with the intent of using it in a legal proceeding or investigation is referred to as:
A. Litigation hold
B. Evidence management
C. Digital forensics
D. E-discovery
E-Discovery (Electronic Discovery)
The legal process of identifying, collecting, and producing electronically stored information (ESI) for lawsuits or investigations.
Think of it like a digital treasure hunt—finding specific emails, files, or logs that could be evidence in court.
Which type of server is used for collecting diagnostic and monitoring data from networked devices?
A. Jump server
B. C2 server
C. Syslog server
D. ICS server
Syslog Server
A centralised logging system that collects, stores, and analyses log messages from network devices (routers, servers, firewalls) for monitoring and troubleshooting.
Think of it like a security camera DVR—it records all activity so you can review it later.
A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorised user is called:
A. FAR
B. CER
C. CRC
D. FRR
FRR (False Rejection Rate)
A biometric security metric that measures how often the system wrongly rejects an authorised user (e.g., fails to recognise a legitimate fingerprint).
Think of it like a bouncer refusing entry to the club owner by mistake.
Which of the answers listed below refers to a software tool specifically designed to store and manage login credentials?
A. BitLocker
B. Password manager
C. Key escrow
D. Password vault
Password Manager
A secure tool that generates, stores, and autofills complex passwords for your accounts, encrypted under one master password.
Think of it like a digital vault where each account gets its own unbreakable lock—and you only need to remember one key.
OTPs
OTP (One-Time Password)
A temporary, single-use code for authentication, valid for one login session or transaction.
Think of it like a concert ticket—works once, then expires, making it useless if stolen.
