QUESTION BANK

1. What is cybersecurity, and why is it critical in today’s digital environment?

2. Describe three common types of cyber threats and attacks. How can organizations
protect themselves against these threats?
3. What are the key components of network architecture, and what role do network
protocols play in network security?
4. Explain the purpose and functions of firewalls and Intrusion Detection Systems (IDS)
in network security. How do they differ from each other?
5. What is a Virtual Private Network (VPN), and how does it contribute to network
security? Describe a scenario where using a VPN would be beneficial.
6. Discuss the security features and common vulnerabilities of popular operating
systems. How can user access controls and permissions help mitigate these
vulnerabilities?
7. What is patch management, and why is it important for system security? Explain how
regular updates contribute to maintaining system security.
8. Explain the basics of encryption and decryption. What is the difference between
symmetric and asymmetric encryption algorithms?
9. What is Public-Key Infrastructure (PKI), and how do digital certificates play a role in
securing communications?
10. Identify and explain two common vulnerabilities in web applications, such as SQL
injection and cross-site scripting. How can secure coding practices and Web
Application Firewalls (WAF) help prevent these vulnerabilities?
11. Outline the incident response lifecycle. What are the key steps involved in incident
detection, analysis, and containment?
12. What is business continuity planning, and how does disaster recovery fit into a
comprehensive security strategy? Describe some strategies for effective disaster
recovery
13. What is threat intelligence, and how is it gathered and analyzed to improve
cybersecurity defenses?
14. Describe the methodologies used in cyber threat hunting. How do these
methodologies help in proactively identifying and mitigating threats?
15. What are Security Information and Event Management (SIEM) tools, and how do
they assist in managing and analyzing security data?
16. Explain the concept of a defense-in-depth strategy. How does it contribute to network
and system security?
17. What are some best practices for securely configuring network devices? Provide
examples of configuration settings that enhance network security.
18. What is ethical hacking, and how does it differ from malicious hacking? Describe the
general methodologies used in penetration testing, such as reconnaissance,
vulnerability assessment, and exploitation.
19. How should vulnerabilities identified during penetration testing be reported and
remediated? What are the key components of an effective vulnerability management
process?
20. What are the primary cloud computing models (IaaS, PaaS, SaaS), and what are the
specific security challenges associated with each model?
21. Discuss the best practices for managing identity and access in a cloud environment.
How can organizations ensure secure access to cloud resources?
22. What are some common security risks and challenges associated with mobile and
IoT devices? How can mobile app security and IoT networks be effectively
secured?
23. What are some key cybersecurity laws and regulations that organizations must
comply with? How do these laws impact data protection and privacy?
24. What are the ethical considerations in cybersecurity practices? Discuss how
ethical issues should be addressed in the context of security testing and incident
response