Skip to main content
HashnodeIsabella's Cyber NotesIsabella's Cyber Notes

Command Palette

Search for a command to run...

Quiz: Comparing Threat Types

Updated
3 min read
I
isabellaguran
Building a Cybersecurity foundation
Part of seriesCompTIA Security+
  1. How is "Risk" calculated in a security environment?

  • A) Vulnerability + Impact

  • B) Vulnerability + Threat

  • C) Asset + Threat

  • D) Impact + Likelihood

Answer: B Explanation: As you noted on page one, Risk is the combination of a weakness (vulnerability) and the probability/potential of it being used (threat).

2. An employee uses an unapproved cloud storage service to bypass slow company servers. This is an example of:

  • A) Malicious Insider

  • B) Social Engineering

  • C) Shadow IT

  • D) Phishing

Answer: C Explanation: This is a classic "unintentional" threat. Even if the intent is helpful, using unauthorized tech creates a security gap outside of IT's control.

3. Which actor is most likely to use "Novel Vectors" and have the highest level of sophistication and funding?

  • A) Script Kiddie

  • B) Hacktivist

  • C) Competitor

  • D) APT (Advanced Persistent Threat)

Answer: D Explanation: APTs (often nation-states) have the resources to develop entirely new attack methods rather than relying on common, pre-made tools.

4. A scammer calls an employee pretending to be an IT manager and asks for their password to "fix a critical server error." Which social engineering principle is this?

  • A) Scarcity

  • B) Authority

  • C) Consensus

  • D) Familiarity

Answer: B Explanation: By impersonating a manager (a person in power), the attacker relies on the employee's natural inclination to follow orders from a superior.

5. What is the main difference between Tailgating and Piggybacking?

  • A) Tailgating is digital; Piggybacking is physical.

  • B) Tailgating involves a disguise; Piggybacking does not.

  • C) Piggybacking involves the consent of the authorized person; Tailgating does not.

  • D) There is no difference; they are synonyms.

Answer: C Explanation: In Tailgating, the attacker sneaks in behind someone. In Piggybacking, the authorized person "holds the door" knowingly (often out of politeness).

6. If a nation-state actor performs an attack and leaves digital clues pointing to a different country, this is called:

  • A) Disinformation

  • B) False Flag

  • C) Data Exfiltration

  • D) Pharming

Answer: B Explanation: A False Flag operation is designed to mislead investigators about who is actually responsible for the attack.

7. An attacker registers amaz0n.com (using a zero) to trick users into entering credit card info. This is:

  • A) Typosquatting

  • B) Pretexting

  • C) Shoulder Surfing

  • D) Dumpster Diving

Answer: A Explanation: This exploits common user typing errors or visual similarities in URLs to redirect traffic to a malicious site.

8. Which motivation is most common for "Organized Crime" threat actors?

  • A) Revenge

  • B) Curiosity

  • C) Political Change

  • D) Financial Gain

Answer: D Explanation: Unlike hacktivists (politics) or nation-states (strategic advantage), organized crime groups are almost exclusively focused on profit.

Comments

Join the discussion

No comments yet. Be the first to comment.

CompTIA Security+

Part 4 of 13

Notes for Security+ Exam

Up next

Social Engineering Cheat Sheet: The 7 Triggers

Attackers rely on these psychological "short-circuits" to make people act without thinking. Memorizing these is essential for the Security+ exam. TriggerHow it WorksExample ScenarioAuthorityRelying on

More from this blog

I

Isabella's Cyber Notes

13 posts