Section 5.5 Demonstrate your acquired knowledge about the types and purposes of audits andassessments. This will demonstrate your proficiency for section 5.5 of the Security+ SY0-701 objectives. 1 / 25 Which test scenario simulates a full attack path with no insider access? Red team partial Passive blue team Unknown environment Scoped attestation 2 / 25 An audit of encryption standards would fall under which category? Physical testing Compliance audit External attestation Threat modeling 3 / 25 Which best describes the purpose of an internal audit committee? Drafting user credentials Approving backup policies Ensuring internal compliance Cleaning email inboxes 4 / 25 A company brings in an outside firm to validate its security posture. This is a: Committee review Independent audit Shadow scan License check 5 / 25 Which test would best validate a physical access control system? Network policy scan Physical penetration test Software walk-through Encryption audit 6 / 25 In penetration testing, what is the purpose of active reconnaissance? Deploy sandbox malware Monitor for alerts only Directly engage systems Analyze keyboard logs 7 / 25 An audit conducted to preempt a regulatory inspection is called a: Public attestation Preventive self-review Independent penetration Exemption report 8 / 25 Why are self-assessments sometimes limited in objectivity? Cost limitations Role overlap issues Internal bias potential Device compatibility 9 / 25 Which penetration testing approach uses open-source research only? Active reconnaissance Defensive testing Passive reconnaissance Partial awareness 10 / 25 A red team primarily simulates: Log rotation issues System administrator roles External threat actors Customer experience flaws 11 / 25 What is the main value of a regulatory audit? Increase server speed Satisfy legal mandates Encrypt cloud data Monitor load balance 12 / 25 A partially known environment test involves: Full insider data Only device lists Limited known inputs No system access 13 / 25 Which test is used to identify exploitable vulnerabilities by simulation? Attestation Penetration test Passive audit Chain of custody 14 / 25 An attestation form is most commonly used to: Test new hardware Certify internal findings Block network ports Rotate security keys 15 / 25 Which penetration test focuses only on response and defense? Integrated Red team Blue team Passive probe 16 / 25 What makes an external examination distinct? Performed by IT team Occurs quarterly Conducted by outsiders Limited to hardware 17 / 25 Which penetration test type combines both red and blue teams? Passive scope Defensive test Integrated test Regulatory scope 18 / 25 Which activity comes first in most penetration tests? Log collection Access removal Reconnaissance Dashboard review 19 / 25 Which audit type is most likely triggered by government agencies? Internal policy Independent scope Regulatory audit Peer examination 20 / 25 Which testing method mimics an outside attacker with no prior knowledge? Partial environment Known audit scope Unknown environment Self-verification 21 / 25 An audit committee is typically responsible for: Updating DNS entries Maintaining endpoint logs Overseeing control reviews Installing browser patches 22 / 25 What is a key trait of a third-party audit? Internal objectivity Enforced reporting Organizational bias Independent oversight 23 / 25 A company performs its own security review. What is this called? Passive audit Reconnaissance Self-assessment Known-pen test 24 / 25 Which best defines attestation in a compliance context? Encrypting user reports A formal declaration of status Logging system activity Masking critical fields 25 / 25 What is the primary goal of an internal compliance audit? Prevent data loss events Verify against regulations Monitor user logins Measure firewall latency Your score isThe average score is 0% 0% Restart quiz Return to CompTia S+ SY0-701 Objectives
