CompTIA ITF+ Information Security Principles Questions and Answers

Question 1

An attacker sends a fraudulent email that appears to be from a legitimate online retailer, complete with official logos and a link to a fake login page. The email asks the recipient to confirm their account details due to a supposed security breach. What type of attack is this?

Accepted Answer

Phishing

Answer

Phishing is a type of social engineering attack where an attacker masquerades as a trusted entity to trick a victim into opening an email, clicking a malicious link, and revealing sensitive information like login credentials.

Question 2

A company wants to ensure its critical sales data has not been altered or tampered with, either accidentally or maliciously. Which principle of the CIA triad is PRIMARILY concerned with the accuracy and trustworthiness of data?

Accepted Answer

Integrity

Answer

Integrity is the principle of the CIA triad that ensures data is accurate, consistent, and has not been subject to unauthorized modification. Confidentiality is about preventing unauthorized disclosure, and Availability is about ensuring access for authorized users.

Question 3

A user logs into their online banking portal. After entering their password correctly, the system sends a unique, one-time code to their smartphone via a text message, which they must also enter to gain access. This is an example of which security practice?

Accepted Answer

Multi-factor Authentication (MFA)

Answer

Multi-factor Authentication (MFA) is a security process that requires users to provide two or more different authentication factors to verify their identity. In this case, the factors are 'something you know' (the password) and 'something you have' (the smartphone receiving the code).

Question 4

An employee's computer suddenly becomes unusable. A message appears on the screen, stating that all of their files have been encrypted and will be deleted unless a payment is made to an anonymous digital wallet. Which of the following BEST describes this type of malware?

Accepted Answer

Ransomware

Answer

Ransomware is a type of malicious software that blocks access to a victim's files or system by encrypting them and demands a ransom payment to restore access.

Question 5

A company policy requires employees to create strong passwords for all their accounts. Which of the following passwords BEST adheres to the principles of creating a strong password?

Accepted Answer

BlueCar!Sun98Flower?

Answer

A strong password should be long (12-16 characters or more is recommended), use a mix of uppercase letters, lowercase letters, numbers, and symbols, and avoid easily guessable information or common words. 'BlueCar!Sun98Flower?' is the longest, most complex, and most random of the choices.

CompTIA Practice Test

CompTIA Practice Test

CompTIA ITF+ Information Security Principles Questions and Answers