Week 1 review Sec+

An organization has set up an intrusion detection system (IDS) to monitor network traffic for suspicious activity and alert the security team in case of a potential threat. This system is an example of which type of security control?

A government agency is upgrading its physical security measures to safeguard its premises from unauthorized entry. They plan to install security guards, access control vestibules, and bollards. Which security concept best describes their approach to controlling physical access to their facilities?

An IT department is rolling out a new version of software used across multiple departments. During the change management process, they identify that the new software version is incompatible with an older application that one department relies on. What aspect of the change management process did they likely overlook?

During a routine security audit, the IT team discovers gaps in log monitoring and reporting. Which tool or technology can the team implement to address this issue effectively?

A company's sensitive data was stolen by a highly sophisticated group that appeared to be well-funded and had access to advanced tools and techniques. This group was later identified as working on behalf of a foreign government. Which type of threat actor is responsible for this attack?

A disgruntled employee intentionally leaked confidential company information to the public after being passed over for a promotion. What type of threat actor does this scenario describe?

A large financial institution experiences a coordinated attack on its systems, resulting in a significant loss of customer data. The attackers demand a ransom to stop further attacks and to return the stolen data. Which motivation aligns with this scenario?

An activist group defaces the website of a major corporation, posting political messages and disrupting services to draw attention to their cause. What type of threat actor and motivation best describe this situation?

A company has noticed an increase in phishing attacks where employees receive emails that appear to be from reputable sources, asking for sensitive information. Which type of threat vector is being exploited in this scenario?

An employee plugs a USB flash drive they found in the parking lot into their work computer, which subsequently gets infected with malware. Which type of threat vector is being exploited in this scenario?