Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

A+ Certification Exam: CIST 1601 Questions & Answers (2025 Edition), Exams of Information Security and Markup Languages

Canadian Valley Technology CenterInformation Security and Markup Languages

A comprehensive set of multiple-choice questions and answers covering various aspects of information technology security, including data security, network security, cloud computing, and iot. It provides a valuable resource for students preparing for the comptia a+ certification exam, offering insights into key concepts and practical applications.

Typology: Exams

2024/2025

Available from 12/07/2024

Martin-Ray-1
Martin-Ray-1 🇺🇸

5

(8)

6.1K documents

1 / 19

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CIST 1601 Main Examination
Certification with A+ Assessed
Questions with Answers 2025 Edition.
1. Cleartext is a name for text that appears to be transparent or
invisible during a data transmission. - Answer:::✔✔False
2. A threat is any action or actor that could damage an asset. -
Answer:::✔✔True
3. One of the functions of a EULA is to protect the software vendor
from liability. - Answer:::✔✔True
4. The standard CIA triangle consists of Confidentiality, Integrity, and
Authorization. - Answer:::✔✔False
5. An example of cryptography is to encrypt data, thus producing
ciphertext - Answer:::✔✔True
6. To make the process of information security more manageable,
an typical IT infrastructure is often dived into nine domains. -
Answer:::✔✔False
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13

Partial preview of the text

Download A+ Certification Exam: CIST 1601 Questions & Answers (2025 Edition) and more Exams Information Security and Markup Languages in PDF only on Docsity!

CIST 1601 Main Examination

Certification with A+ Assessed

Questions with Answers 2025 Edition.

  1. Cleartext is a name for text that appears to be transparent or invisible during a data transmission. - Answer:::✔✔False
  2. A threat is any action or actor that could damage an asset. - Answer:::✔✔True
  3. One of the functions of a EULA is to protect the software vendor from liability. - Answer:::✔✔True
  4. The standard CIA triangle consists of Confidentiality, Integrity, and Authorization. - Answer:::✔✔False
  5. An example of cryptography is to encrypt data, thus producing ciphertext - Answer:::✔✔True
  6. To make the process of information security more manageable, an typical IT infrastructure is often dived into nine domains. - Answer:::✔✔False
  1. Different communication protocols, firewalls, routers, and VPNs are components commonly managed within the WAN domain. - Answer:::✔✔True
  2. The user is often the weakest link in IT infrastructure security. - Answer:::✔✔True
  3. Private, Confidential, Internal Use Only, and Public Domain are four common government data classification standards. - Answer:::✔✔False
  4. A common information security acronym is AUP, which stands for Authorized User Practices. - Answer:::✔✔False
  5. The IoT is a concept dealing with the growing interconnectivity of almost everything over the Internet (which means almost everything may be vulnerable to security issues). - Answer:::✔✔True
  6. RFID allows the embedding of small communication devices within goods to keep track of inventory. - Answer:::✔✔true
  7. Data Analytics, Cloud Computing, and acceptance of TCP/IP as a global standard have had minimal effect on the growth of IOT. - Answer:::✔✔false

manufacturer to support. But if a manufacturer waits too long to bring a product to market, the manufacturer runs the risk of losing market share to a competitor. - Answer:::✔✔true

  1. Drug formulas, engineering plans, and patents are all examples of intellectual property. - Answer:::✔✔true
  2. A white-hat hacker probably has the permission of a company to do penetration testing. - Answer:::✔✔true
  3. OS fingerprint scanners, vulnerability scanners, and keystroke loggers are all examples of common attack tools. - Answer:::✔✔true
  4. A port scanner is a specialized type of monitoring tool used to examine packages at shipping yards on the east, west, and southern coasts of the United States. - Answer:::✔✔false
  5. A dictionary attack consists of attempting to break into a user's account by trying all possible combinations of letters, numerals, and special characters to guess the user's password. - Answer:::✔✔false
  6. DoS stands for Distributed online Services. - Answer:::✔✔false
  1. Passive wiretapping will look at data transmission without altering the data, while active wiretapping will try to change the data. - Answer:::✔✔true
  2. A rootkit gets its name from the attacker having to obtain root or system privileges to install the rootkit. - Answer:::✔✔true
  3. ARP poisoning relies primarily on changing the IP address of the person sending an IP packet - Answer:::✔✔false
  4. Breaking into computer system A, and then using system A to launch an attack on against computer system B (which trusts system A) is called a transitive attack - Answer:::✔✔true
  5. Vulnerability = Risk X Threat - Answer:::✔✔false
  6. A Risk Register is a detailed description of all the identified risks. - Answer:::✔✔true
  7. The following represents a logical order of research and document production.
  8. BCP leads to DRP which leads to BIA - Answer:::✔✔false
  1. One component of a DRP might be to use preemptive techniques (such as disk mirroring, interruptible power supplies, fire prevention systems, and anti virus software) that prevent the DRP from ever needing to be executed. - Answer:::✔✔true
  2. Identification, Authentication, Authorization, and Accountability are 4 basic components of access controls. - Answer:::✔✔true
  3. Operating systems for smartphones often lack the same level of security as found in Windows, Linux, and Mac OS 10. - Answer:::✔✔true
  4. Managing user authorization at an individual user level is usually easier than managing user authorization at a group level. - Answer:::✔✔false
  5. A dictionary password attack will try significantly more possible password values than a brute-force password attack. - Answer:::✔✔false
  6. Attempting to reset an online password and getting a code on your smartphone that must be entered as part of the reset process is referred to as synchronous authorization. - Answer:::✔✔false
  1. Adjusting the accuracy of biometric authentication methods to produce more accurate results can results in unacceptably long response times. - Answer:::✔✔true
  2. Kerberos is an authentication standard that was developed to address weaknesses in the SESAME authentication method. - Answer:::✔✔false
  3. Mandatory Access Control (MAC) is determined by the sensitivity of the material as opposed to specific access permissions being assigned to individual users. - Answer:::✔✔true
  4. Implicit deny means that all permissions not specifically denied are automatically granted to a user. - Answer:::✔✔false
  5. While cloud computing is more secure than a traditional data center, the cost of migrating to and maintaining a data center in the cloud can be prohibitive. - Answer:::✔✔false
  6. The main advantage of outsourcing security is that the outsourcing firm will have a higher level of expertise. - Answer:::✔✔true
  1. The persons responsible for each asset
  2. The organization's policies, procedures, and guidelines
  3. A functional security policy with have detailed instructions on how a security control should be applied. - Answer:::✔✔false
  4. Which of the following are primary reasons for data classification? (choose all that apply) - Answer:::✔✔to comply with privacy law and regulations
  5. to lower cost by protecting only information that needs to be protected
  6. to properly identify/classify the importance of the data
  7. What is fuzzing? - Answer:::✔✔Testing program input with randomly generated data
  8. Agile development methodology has a slow controlled series of steps (to reduce the chance of making errors), while the

waterfall method consist of developing software quickly and fixing the bugs later. - Answer:::✔✔false

  1. With "permissive" permission levels a reasonable list of actions is permitted, but everything else is prohibited. - Answer:::✔✔false
  2. All audits should be conducted at the same time, on the same schedule, to improve consistency in the audit results. - Answer:::✔✔false
  3. COBIT is an industry standard framework for assessing security controls, while COSO is an industry standard framework for how to manage your IT infrastructure. - Answer:::✔✔false
  4. Vulnerability testing consist of looking for weakness in security controls, while penetration testing is an attempt to exploit identified weakness. - Answer:::✔✔true
  5. Reconnaissance is the process of finding as much initial information as you can about a system (often through public sources), while network mapping is an attempt to actually probe a network and determine the network configuration and addresses of computers on that network. - Answer:::✔✔true
  1. A young growing company is usually less willing to take risks, while an older successful company is usually more willing to take risks. - Answer:::✔✔false
  2. Risk is the probability that a particular threat will exploit a specific vulnerability. - Answer:::✔✔true
  3. Changes in regulations and laws are not considered a potentially new or emerging threat. - Answer:::✔✔false
  4. A qualitative risk assessment involves significant personal judgment, while a quantitative risk assessment relies more on concrete measurable values. - Answer:::✔✔true
  5. An IDS will detect and attempt to correct an intrusion, while a IPS will only detect the activity and create a log entry or raise an alarm. - Answer:::✔✔false
  6. The following is the standard sequence of events in the risk management process. - Answer:::✔✔false
  7. Interviews, Surveys, Brainstorming, and Working Groups are all standard ways of identifying risks. - Answer:::✔✔true
  1. Single loss expectancy = asset value X exposure factor (% of value lost if an incident occurs). - Answer:::✔✔true
  2. RPO is the tolerable data loss for each function of the business. - Answer:::✔✔true
  3. A full-interuption test represents a complete and realistic test of your BCP or DRP without risking company data or assets. - Answer:::✔✔false
  4. Plaintext must be decrypted before it can be read, while cyphertext is immediately readable without decryption. - Answer:::✔✔false
  5. Symmetric cryptography use a single private key, while Asymmetric cryptography uses one public and one private key. - Answer:::✔✔true
  6. A brute-force attack would be more effective on a small keyspace as opposed to a large keyspace. - Answer:::✔✔false
  7. A digital signature is the same thing as a digitized signature. - Answer:::✔✔false
  1. The TCP/IP model of communications includes all the functionality of the OSI model, but only has 4 main levels. - Answer:::✔✔true
  2. An IPv4 address consist of four numbers separated by 3 dots. Each number can range from 1 to 256. - Answer:::✔✔false
  3. A firewall that implements stateful packet inspection will only base its filtering decisions on one packet at a time (i.e. the firewall is not considering the information that was transmitted before or after the current packet). - Answer:::✔✔false
  4. Level 5 of the OSI model deals with the routing of packets based on IP address. - Answer:::✔✔false
  5. A Hub is an intelligent Switch that forwards information only to the destination machine. - Answer:::✔✔false
  6. The ICMP protocol supports the Ping and Traceroute commands. - Answer:::✔✔true
  7. Limiting physical access to cables, using switches networks, and encrypting data are standard ways to protect against eavesdropping. - Answer:::✔✔true
  1. Implicit Deny means that all traffic is denied unless it is specifically allowed. - Answer:::✔✔true
  2. Having a high-powered anntenae is a standard way to increase the security of a WAP. - Answer:::✔✔false
  3. Network security focuses on the protection of physical items, objects, or areas from unauthorized access and misuse. a. True b. False - Answer:::✔✔a.True
  4. A breach of possession may not always result in a breach of confidentiality. a. True b. False - Answer:::✔✔a.True
  5. The bottom-up approach to information security has a higher probability of success than the top-down approach. a. True b. False - Answer:::✔✔b.False
  6. A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. a. True b. False - Answer:::✔✔a.True
  7. The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as _____.
  1. A computer is the _____ of an attack when it is used to conduct an attack against another computer. a. object b. target c. facilitator d. subject - Answer:::✔✔d. subject
  2. The community of interest made up of IT managers and skilled professionals in systems design, programming, networks, and other related disciplines is called _____. a. Executive Management b. Information Technology Management and Professionals c. Organizational Management and Professionals d. Information Security Management and Professionals - Answer:::✔✔b. Information Technology Management and Professionals