CompTIA Sec+ SY0-701: Domain 2, Quiz 1
These flashcards cover common cybersecurity threat actors, their motivations, and examples of vulnerabilities such as shadow IT and default credentials. They help in understanding how attackers exploit systems and what drives their actions.
Which of the following threat actors is most likely to be motivated by financial gain?
a. Nation-state
b. Insider threat
c. Hacktivist
d. Organized crime
Organized crime
Organized crime groups are often motivated by financial gain, seeking to profit from their activities.
Key Terms
Which of the following threat actors is most likely to be motivated by financial gain?
a. Nation-state
b. Insider threat
c. Hacktivist
d. Organized crime
Organized crime
Organized crime groups are often motivated by financial gain, seeking to profit from their activitie...
An employee starts using unauthorized cloud services for storing company data. This is an example of:
a. Organized crime
b. Insider threat
c. Shadow IT
d. Hacktivist
Shadow IT
Shadow IT refers to using unauthorized information technology resources within an organization, which is w...
An attacker gains unauthorized access to an organization’s network by exploiting default credentials on a network device. This is an example of a vulnerability in which part of the attack surface?
a. Open service ports
b. Human vectors/social engineering
c. Unsupported systems and applications
d. Default credentials
Default credentials
The scenario specifies that the attacker exploited default credentials, making this the correct ...
A threat actor who is motivated by philosophical or political beliefs is typically known as a:
a. Unskilled attacker
b. Hacktivist
c. Insider threat
d. Nation-state
Hacktivist
A hacktivist is an individual or group that engages in hacking or cyber-attacks for political or social r...
Which of the following is a common threat vector used in typosquatting attacks?
a. Misinformation/disinformation
b. Vulnerable software
c. Voice call
d. Removable device
Misinformation/disinformation
Typosquatting is a form of misinformation or disinformation, as it relies on deceiving...
An attacker sends an email to an employee claiming to be from the IT department and requesting the employee to confirm their password. This is an example of:
a. Business email compromise
b. Pretexting
c.Typosquatting
d. Phishing
Phishing
Phishing involves tricking recipients into revealing sensitive information, which is what the attacker is a...
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Which of the following threat actors is most likely to be motivated by financial gain? a. Nation-state | Organized crime Organized crime groups are often motivated by financial gain, seeking to profit from their activities. |
An employee starts using unauthorized cloud services for storing company data. This is an example of: a. Organized crime | Shadow IT Shadow IT refers to using unauthorized information technology resources within an organization, which is what the employee is doing in this scenario. |
An attacker gains unauthorized access to an organization’s network by exploiting default credentials on a network device. This is an example of a vulnerability in which part of the attack surface? a. Open service ports | Default credentials The scenario specifies that the attacker exploited default credentials, making this the correct answer. |
A threat actor who is motivated by philosophical or political beliefs is typically known as a: a. Unskilled attacker | Hacktivist A hacktivist is an individual or group that engages in hacking or cyber-attacks for political or social reasons, which align with philosophical or political beliefs. |
Which of the following is a common threat vector used in typosquatting attacks? a. Misinformation/disinformation | Misinformation/disinformation Typosquatting is a form of misinformation or disinformation, as it relies on deceiving users into visiting a malicious or deceptive website. |
An attacker sends an email to an employee claiming to be from the IT department and requesting the employee to confirm their password. This is an example of: a. Business email compromise | Phishing Phishing involves tricking recipients into revealing sensitive information, which is what the attacker is attempting to do in this scenario. |
Which of the following threat vectors is most commonly associated with ‘smishing’ attacks? a. Short Message Service (SMS) | Short Message Service (SMS) Smishing is a type of phishing attack that occurs via SMS messages, making SMS the most common threat vector for smishing attacks. |
An attacker sends an email to an organization’s employees containing a link to a website that appears to be the organization’s login page but is actually a malicious site controlled by the attacker. This is an example of: a. Brand impersonation | Brand impersonation Brand impersonation involves mimicking a legitimate organization’s branding to deceive individuals, which is what the attacker is doing in this scenario. |
What type of threat vector is most commonly associated with ‘vishing’ attacks? a. Instant messaging (IM) | Voice call Vishing is a type of phishing attack that occurs via voice calls, making voice calls the most common threat vector for vishing attacks. |
An attacker impersonates a trusted entity by acting like their internal IT to trick a target into revealing sensitive information over a phone call. What is it called when the user has a cover story for their phone call? a. Smishing | Pretexting Pretexting involves creating a fabricated scenario to obtain information or gain access, which is what the attacker is doing in this scenario. |
An attacker compromises a legitimate website frequently visited by a specific target group to deliver malware to the users of that site. This is an example of: a. Watering hole attack | Watering hole attack A watering hole attack involves compromising a website frequently visited by a specific target group to deliver malware to that group, which matches the scenario described. |
Which of the following is most likely to have the highest level of sophistication and capability? a. Nation-state | Nation-state Nation-states typically have significant resources and funding, making them likely to have the highest level of sophistication and capability. |
Which of the following threat vectors involves registering domains similar to legitimate ones to deceive users? a. Watering hole | Typosquatting Typosquatting involves registering domains similar to legitimate ones to deceive users, making this the correct answer. |
An attacker sends a message to a target’s mobile phone claiming to be from the target’s bank and requesting account details. This is an example of: a. Business email compromise | Smishing Smishing is a type of phishing attack that occurs via SMS messages, making SMS the most common threat vector for smishing attacks. |
Which threat vector involves misinformation or disinformation? a. File-based | Human vectors/social engineering Misinformation/disinformation falls under the category of social engineering techniques that manipulate human behavior. |