Quiz: CompTIA Security+ Fundamental Security Concepts
1. An organization implements a secondary authentication method to ensure that a user is truly who they claim to be. Which pillar of the CIA Triad is primarily supported by this action?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
2. A security team is currently drafting new data classification standards and identifying potential threats to the company's cloud infrastructure. Which NIST Cybersecurity Framework function are they performing?
A) Protect
B) Identify
C) Detect
D) Recover
3. Which of the following describes the "Due Care" responsibility within an organization?
A) The technical configuration of firewalls by the ISSO.
B) The 24/7 monitoring of network logs by the SOC.
C) The legal liability and reasonable actions taken by directors to protect the company.
D) The daily backup of server data by system administrators.
4. A company installs a physical lock on a server room door. Which security control category and type does this best represent?
A) Technical / Preventive
B) Physical / Preventive
C) Operational / Detective
D) Managerial / Corrective
5. Which specific business unit is responsible for ensuring that security is a primary consideration at every stage of the software development lifecycle?
A) SOC
B) CIRT
C) DevSecOps
D) ISSO
6. To prove that a sender actually sent an email and cannot later deny it, which security concept is used?
A) Confidentiality
B) Non-repudiation
C) Availability
D) Deterrence
7. An administrator uses a tool to check what folders a user can access after they have successfully logged in. Which part of the Access Control process is this?
A) Identification
B) Authentication
C) Authorization
D) Accounting
8. A "Warning: Restricted Area" sign is posted outside a data center. Which specific control type does this sign represent?
A) Deterrent
B) Corrective
C) Compensating
D) Technical
9. What is the primary difference between a CSO and a CISO in a large organization?
A) The CSO handles only digital data, while the CISO handles physical guards.
B) The CSO focuses on overall security (often physical/digital), while the CISO focuses specifically on information security.
C) The CISO reports to the CSO, but the CSO has no technical knowledge.
D) The CSO manages the SOC, while the CISO manages the CIRT.
10. After a successful malware attack, the security team uses "checkpoints" to revert a virtual server to its state from two hours ago. What type of control is being used?
A) Preventive
B) Detective
C) Recovery
D) Directive
Answer Key
A (Confidentiality ensures only authorized users see data; authentication is the gatekeeper.)
B (The Identify phase is for risk assessment and setting policies.)
C (Due Care is the legal standard for acting as a reasonable person would to protect assets.)
B (A lock is a physical barrier meant to prevent entry.)
C (DevSecOps integrates security directly into the development pipeline.)
B (Non-repudiation prevents a user from denying their actions.)
C (Authorization defines what an authenticated user is permitted to do.)
A (Deterrents work by discouraging an action through psychology/warning.)
B (The CISO is specific to Information; the CSO often has a broader safety/physical remit.)
C (Reverting to a checkpoint restores the system to a known good state.)