270+ Cyber Security

Interview Questions and Answers

MCQ Format

Created by: Manish Dnyandeo Salunke

Online Format: https://bit.ly/online-courses-tests

Q: Which type of cybersecurity threat involves

disguising malicious activities as legitimate
requests to gain unauthorized access?
Option 1: Phishing
Option 2: Malware
Option 3: DDoS Attack
Option 4: Social Engineering
Correct Response: 4
Explanation: Social Engineering is a form of cyberattack where the
attacker manipulates people into revealing confidential information
or performing actions. It often involves disguising malicious
activities as legitimate requests to trick victims. Phishing, Malware,
and DDoS attacks are different types of cyber threats.
Q: The principle that emphasizes using multiple
layers of security measures to protect
information and systems is called what?
Option 1: Defense-in-Depth
Option 2: Single Sign-On (SSO)
Option 3: Two-Factor Authentication
Option 4: Encryption
Correct Response: 1
Explanation: Defense-in-Depth is a security strategy that advocates
implementing multiple layers of security measures. This approach
helps to provide redundancy and ensure that even if one layer is
breached, other layers can still protect the system. Single Sign-On,
Two-Factor Authentication, and Encryption are important security
concepts but not the same as Defense-in-Depth.
Q: Which type of threat actor is typically
motivated by political or ideological beliefs
rather than financial gain?
Option 1: Hacktivist
Option 2: Insider Threat
Option 3: Cybercriminal
Option 4: Script Kiddie
Correct Response: 1
Explanation: Hacktivists are individuals or groups that use hacking
skills to promote political or ideological causes. They're motivated
by beliefs rather than financial gain. Insider Threats are employees
with access to sensitive data, Cybercriminals seek financial gain,
and Script Kiddies are amateur hackers.
Q: In the context of threat intelligence, what
refers to a set of indicators related to a specific
cybersecurity threat?
Option 1: Threat Intelligence Report
Option 2: Threat Signature
Option 3: Threat Landscape
Option 4: Threat Assessment
Correct Response: 2
Explanation: A "Threat Signature" is a set of indicators that
characterize a specific cybersecurity threat, helping in its
identification and mitigation.
Q: The practice of deliberately leaving
vulnerabilities open in a system as a trap to
detect and monitor intruders is termed as what?
Option 1: Honeypot
Option 2: Zero-Day Exploitation
Option 3: Penetration Testing
Option 4: Ethical Hacking
Correct Response: 1
Explanation: A "Honeypot" is a cybersecurity mechanism that
intentionally exposes vulnerabilities to lure and monitor potential
intruders and threats.
Q: Which type of attack aims at making a service
unavailable by overwhelming it with traffic?
Option 1: DDoS (Distributed Denial of Service)
Option 2: Man-in-the-Middle Attack
Option 3: Buffer Overflow Attack
Option 4: Phishing Attack
Correct Response: 1
Explanation: A "DDoS" attack stands for Distributed Denial of
Service and is designed to make a service unavailable by
overwhelming it with traffic, often from multiple sources.
Q: A _______ is a program or piece of code that
appears harmless but carries a malicious intent.
Option 1: Trojan Horse
Option 2: Denial of Service (DoS)
Option 3: Worm
Option 4: Firewall Bypass
Correct Response: 1
Explanation: A "Trojan Horse" is a type of malware that disguises
itself as a benign program but contains malicious code, named after
the Greek myth.
Q: The act of monitoring and potentially
manipulating network traffic to extract
information or disrupt the communication is
known as _______.
Option 1: Packet Sniffing
Option 2: Encryption
Option 3: Cyberbullying
Option 4: Social Engineering
Correct Response: 1
Explanation: "Packet Sniffing" is the practice of intercepting and
examining data packets in a network to gather information, often
used in network security analysis.
Q: Advanced Persistent Threats (APTs) typically
involve long-term attacks that focus on _______
rather than immediate harm.
Option 1: Data Exfiltration
Option 2: Exploiting Vulnerabilities
Option 3: DDoS Attacks
Option 4: Phishing Campaigns
Correct Response: 1
Explanation: APTs aim at "Data Exfiltration," which involves
stealing data over an extended period, focusing on long-term gains,
not causing immediate harm.
Q: A company's IT department receives a report
of an email sent to several employees that
appears to be from the CEO, asking them to click
on a link and enter their credentials. The CEO
denies sending such an email. This situation is
most likely an example of which type of attack?
Option 1: Spear Phishing
Option 2: Ransomware Attack
Option 3: DDoS Attack
Option 4: Insider Threat
Correct Response: 1
Explanation: This scenario describes a classic spear-phishing
attack. Spear-phishing involves sending targeted, deceptive emails
to specific individuals, often impersonating someone the recipient
trusts, with the intent of stealing sensitive information or spreading
malware.
Q: John, a network administrator, notices a
sudden spike in outbound traffic from a single
workstation in the organization. Upon further
investigation, he discovers that the workstation
is contacting multiple external IP addresses.
This could be indicative of which type of threat?
Option 1: Botnet Infection
Option 2: Insider Threat
Option 3: Data Exfiltration
Option 4: Malware Infection
Correct Response: 1
Explanation: The sudden spike in outbound traffic from a
workstation contacting multiple external IP addresses is a strong
indicator of a botnet infection. A botnet is a network of
compromised devices controlled by an attacker, often used for
various malicious activities, including sending spam or launching
DDoS attacks.
Q: An organization implements a new software
solution and within a week receives a message
on their server stating that their data has been
encrypted and will only be released upon
payment. Which type of cybersecurity threat is
this scenario depicting?
Option 1: Ransomware Attack
Option 2: Data Breach
Option 3: Phishing Attack
Option 4: Zero-Day Exploit
Correct Response: 1
Explanation: This scenario depicts a ransomware attack.
Ransomware is a type of malware that encrypts a victim's data and
demands a ransom for the decryption key. It is a serious
cybersecurity threat that can lead to data loss and financial losses.
Q: What is the primary purpose of a
cybersecurity policy within an organization?
Option 1: Setting up firewalls
Option 2: Protecting against malware
Option 3: Establishing a secure perimeter
Option 4: Educating employees on threats
Correct Response: 3
Explanation: The primary purpose of a cybersecurity policy is to
establish a secure perimeter. This means defining and maintaining
boundaries to protect an organization's assets, information, and
technology infrastructure from external threats. It is a proactive
approach to safeguarding an organization's digital assets.
Q: Which term describes the act of intentionally
finding and exploiting vulnerabilities in a
system, but with the goal of improving its
security?
Option 1: Hacking
Option 2: Cracking
Option 3: Penetration Testing
Option 4: Cybercrime Prevention
Correct Response: 3
Explanation: Penetration Testing is the process of intentionally
finding and exploiting vulnerabilities in a system with the goal of
improving its security. Unlike malicious hacking or cracking,
penetration testing is done with the organization's consent to
identify and rectify vulnerabilities before potential attackers can
exploit them.
Q: For which reason might an organization
regularly update its cybersecurity procedures?
Option 1: Compliance
Option 2: Cost Reduction
Option 3: Business Expansion
Option 4: Branding Enhancement
Correct Response: 1
Explanation: Organizations may regularly update their
cybersecurity procedures to maintain compliance with evolving
regulations and standards. Compliance is crucial as non-compliance
can lead to legal issues and data breaches. Keeping procedures up-
to-date helps an organization adapt to changing legal requirements.
Q: When performing ethical hacking, what
permission level should the hacker ideally have?
Option 1: Root/Administrator Access (Option 1)
Option 2: No Permission (Option 2)
Option 3: Standard User (Option 3)
Option 4: Limited Access (Option 4)
Correct Response: 3
Explanation: Ethical hackers should ideally have Standard User
permissions. Giving them full access could lead to unintended
consequences, while having no access impedes their work. Standard
User access provides a balance of access for testing without causing
harm.
Q: What is the primary difference between a
vulnerability assessment and penetration
testing?
Option 1: Goals and Scope (Option 1)
Option 2: Tools and Techniques (Option 2)
Option 3: Timing and Frequency (Option 3)
Option 4: Reporting and Remediation (Option 4)
Correct Response: 1
Explanation: The primary difference is in their goals and scope.
Vulnerability assessments aim to identify vulnerabilities broadly,
while penetration testing is focused on exploiting vulnerabilities to
test system security. It's a difference in approach and objectives.
Q: Why is it essential for companies to have a
documented incident response procedure?
Option 1: Legal Requirement (Option 1)
Option 2: Enhances Reputation (Option 2)
Option 3: Reduces Costs (Option 3)
Option 4: Minimizes Impact (Option 4)
Correct Response: 4
Explanation: Having a documented incident response procedure
minimizes the impact of a security incident. It enables an organized
and efficient response, reducing downtime, data loss, and financial
damage. It's crucial for a company's resilience.
Q: In penetration testing, what is the
significance of a "red team" versus a "blue
team"?
Option 1: Red team simulates attackers, blue team defends
Option 2: Red team defends, blue team simulates attackers
Option 3: Red team consists of internal employees, blue team is
external
Option 4: Red team tests for software vulnerabilities
Correct Response: 1
Explanation: In penetration testing, the "red team" simulates
attackers, often from an external perspective, while the "blue team"
defends, typically from an internal perspective, helping to identify
security weaknesses and prepare for real-world threats.
Q: Which of the following best describes a "zero-
day" vulnerability?
Option 1: A vulnerability known for zero days
Option 2: A vulnerability with no known exploits
Option 3: A vulnerability that's been exploited zero times
Option 4: A vulnerability that's undisclosed to the vendor
Correct Response: 4
Explanation: A "zero-day" vulnerability is one that's undisclosed to
the software or hardware vendor, meaning there are no patches or
fixes available. It's called "zero-day" because it's effectively day zero
of the vendor's awareness.
Q: When developing cybersecurity policies, what
factor is crucial to ensure its effectiveness across
the organization?
Option 1: Compliance with legal regulations
Option 2: Involving only the IT department
Option 3: Strong encryption techniques
Option 4: Employee awareness and adherence
Correct Response: 4
Explanation: Effective cybersecurity policies require not just
compliance with regulations but also the active involvement of all
employees. Employee awareness, understanding, and adherence to
policies play a crucial role in ensuring organizational security.
Q: A(n) _______ test in penetration testing is where
the attacker has no prior knowledge of the
target system.
Option 1: Black Box
Option 2: White Box
Option 3: Gray Box
Option 4: External
Correct Response: 1
Explanation: In penetration testing, a "Black Box" test is when the
tester has no prior knowledge of the system, simulating an external
attacker's approach.
Q: Policies that dictate the criteria for granting
access to specific information or systems are
called _______ policies.
Option 1: Access Control
Option 2: Authentication
Option 3: Authorization
Option 4: Encryption
Correct Response: 3
Explanation: "Authorization" policies specify who can access what
in a system, setting the criteria for granting access to specific
resources.
Q: In cybersecurity, a detailed step-by-step
approach on how to respond to and manage a
security breach is termed a(n) _______.
Option 1: Incident Response Plan
Option 2: Security Policy
Option 3: Penetration Test Plan
Option 4: Vulnerability Assessment
Correct Response: 1
Explanation: An "Incident Response Plan" outlines the actions to
take when a security breach occurs, helping to manage and respond
to such incidents.
Q: A company hired an ethical hacker to assess
its security posture. After the assessment, the
hacker provided a detailed report showing
several vulnerabilities but did not exploit any.
Which type of test did the hacker most likely
perform?
Option 1: Penetration Test
Option 2: Vulnerability Assessment
Option 3: Security Audit
Option 4: Red Team Exercise
Correct Response: 2
Explanation: The hacker likely performed a Vulnerability
Assessment, which identifies vulnerabilities without exploiting
them. A Penetration Test would involve exploiting vulnerabilities.
Q: A financial institution enforces a policy
where users must change their passwords every
45 days, and the new password cannot be any of
the last five passwords used. This policy is
primarily designed to mitigate which type of
threat?
Option 1: Password Guessing Attacks
Option 2: Brute Force Attacks
Option 3: Credential Theft
Option 4: Insider Threats
Correct Response: 1
Explanation: The password policy is designed to mitigate Password
Guessing Attacks, where attackers attempt to guess user passwords
to gain unauthorized access.
Q: During a penetration test, a tester was able to
access a company's internal network by
mimicking an employee's behavior and
tailgating into a secure area. This tester
exploited a weakness in what area of security?
Option 1: Physical Security
Option 2: Social Engineering
Option 3: Network Security
Option 4: Access Control Systems
Correct Response: 2
Explanation: The tester exploited a weakness in Social
Engineering, as they used tactics to manipulate people into allowing
unauthorized physical access.
Q: What is the primary purpose of security
compliance?
Option 1: Ensuring Data Privacy
Option 2: Meeting Regulatory Standards
Option 3: Protecting Against All Threats
Option 4: Preventing Employee Mistakes
Correct Response: 2
Explanation: The primary purpose of security compliance is to
meet regulatory standards and ensure that an organization follows
legal and industry-specific rules and guidelines to protect sensitive
data and systems.
Q: Which of the following is a globally
recognized standard for information security
management?
Option 1: ISO/IEC 27001
Option 2: Internal Company Policy
Option 3: Commercial Off-the-Shelf Software (COTS)
Option 4: Company Trademark Policy
Correct Response: 1
Explanation: ISO/IEC 27001 is a globally recognized standard for
information security management systems (ISMS). It provides a
systematic approach for managing sensitive company information,
ensuring its confidentiality, integrity, and availability.
Q: An organization's detailed step-by-step
approach to handle and report a security breach
is known as what?
Option 1: Incident Response Plan
Option 2: System Patch Management
Option 3: Cybersecurity Awareness Program
Option 4: Server Configuration
Correct Response: 1
Explanation: An organization's detailed step-by-step approach to
handle and report a security breach is known as an Incident
Response Plan. It outlines the actions to take when a security
incident occurs, helping mitigate potential damage and protect the
organization.
Q: In the context of regulations, what does
GDPR stand for?
Option 1: General Data Protection Requirement
Option 2: Global Data Privacy Regulation
Option 3: General Data Privacy Requirement
Option 4: Global Data Protection Regulation
Correct Response: 2
Explanation: GDPR stands for the General Data Protection
Regulation, which is a European Union regulation designed to
protect the privacy and data of EU citizens. It has global
implications for organizations dealing with EU citizens' data.
Q: Which phase of incident response involves
determining the scope, size, and origin of an
incident?
Option 1: Detection
Option 2: Recovery
Option 3: Containment
Option 4: Identification
Correct Response: 4
Explanation: The Identification phase in incident response involves
understanding the incident's scope, size, and origin. This is crucial
for formulating an effective response strategy.
Q: Which regulation primarily deals with the
protection of patient health information in the
U.S.?
Option 1: HIPAA
Option 2: OSHA
Option 3: FERPA
Option 4: SOX
Correct Response: 1
Explanation: HIPAA, or the Health Insurance Portability and
Accountability Act, is the regulation primarily concerned with
protecting patient health information in the United States. It sets
standards for healthcare data security and privacy.
Q: What is the primary difference between a
security standard and a security regulation?
Option 1: Standards are voluntary, while regulations are
mandatory
Option 2: Standards are legally binding, while regulations are
recommendations
Option 3: Standards are technical, while regulations are
organizational
Option 4: Standards are long-term, while regulations are short-term
Correct Response: 2
Explanation: The primary difference lies in the legal status.
Security standards are usually voluntary and serve as best practices,
while security regulations are legally binding and mandatory, often
enforced by governments or industry bodies.
Q: Which stage of security incident response is
focused on eradicating the root cause of the
incident?
Option 1: Containment
Option 2: Identification
Option 3: Recovery
Option 4: Analysis
Correct Response: 4
Explanation: The 'Analysis' stage focuses on identifying the root
cause of the incident by examining how the breach occurred. Once
the root cause is known, efforts can be directed toward eradicating
it and preventing future occurrences.
Q: What type of assessment is primarily focused
on ensuring that a company is adhering to its
stated security policies and controls?
Option 1: Compliance Assessment
Option 2: Vulnerability Assessment
Option 3: Risk Assessment
Option 4: Penetration Testing
Correct Response: 1
Explanation: A 'Compliance Assessment' primarily aims to ensure
that a company is adhering to its established security policies and
controls. This assessment checks if the organization follows the
security standards it has set for itself.
Q: The U.S. federal law that requires financial
institutions to explain how they share and
protect their customers' private information is
known as the _______.
Option 1: Gramm-Leach-Bliley Act
Option 2: Patriot Act
Option 3: Sarbanes-Oxley Act
Option 4: Computer Fraud and Abuse Act
Correct Response: 1
Explanation: The correct answer is the "Gramm-Leach-Bliley Act."
This law mandates financial institutions to disclose their
information-sharing practices and safeguard customers' private
data.
Q: An organization's proactive approach to
anticipate and respond to future security
incidents is termed as _______ management.
Option 1: Risk
Option 2: Vulnerability
Option 3: Incident
Option 4: Security
Correct Response: 1
Explanation: The correct answer is "Risk Management." It
encompasses identifying potential security threats, assessing their
impact, and implementing strategies to mitigate them.
Q: In the context of incident response, a _______ is
a collection of data that provides detailed
information about an event that has occurred.
Option 1: Log
Option 2: Report
Option 3: Policy
Option 4: Framework
Correct Response: 1
Explanation: The correct answer is "Log." A log contains detailed
data about events and incidents, aiding in incident response,
forensics, and post-incident analysis.
Q: A company recently suffered a data breach.
Upon investigation, it was found that they failed
to encrypt customer data, which is a
requirement under the regulation they adhere
to. This situation could result in what kind of
repercussions for the company?
Option 1: Legal penalties
Option 2: Improved customer trust
Option 3: Enhanced public image
Option 4: Reduced operational costs
Correct Response: 1
Explanation: The failure to encrypt customer data, especially when
it's a requirement under regulation, can lead to legal penalties and
fines due to non-compliance with data protection laws.
Q: An organization has detected an ongoing
cyber attack. They've isolated the affected
systems and are now focused on removing the
threat and securing the systems to prevent the
same attack in the future. Which phase of
incident response are they currently in?
Option 1: Containment
Option 2: Identification and Detection
Option 3: Eradication and Recovery
Option 4: Preparation and Prevention
Correct Response: 3
Explanation: The organization is in the 'Eradication and Recovery'
phase of incident response, where they are actively working to
remove the threat and recover affected systems. This phase follows
detection and containment.
Q: A cloud service provider promises to
maintain certain security measures to protect its
customer's data. To ensure this, the customer
asks for a third-party attestation regarding the
provider's security practices. This is an example
of seeking which type of assurance?
Option 1: Third-party security assessment
Option 2: Service Level Agreement (SLA) assurance
Option 3: Vendor self-assessment assurance
Option 4: Regulatory compliance assurance
Correct Response: 1
Explanation: Seeking a third-party security assessment ensures an
independent evaluation of the cloud provider's security measures,
providing customers with assurance that their data will be
adequately protected.
Q: What primary purpose does a firewall serve
in a network?
Option 1: Filter and control network traffic
Option 2: Distribute IP addresses
Option 3: Physically connect devices
Option 4: Provide network speed optimization
Correct Response: 1
Explanation: A firewall primarily serves to filter and control
network traffic, allowing or denying packets based on specified
criteria, enhancing network security.
Q: Which layer of the OSI model is primarily
concerned with end-to-end communication and
network security?
Option 1: Layer 7 - Application
Option 2: Layer 2 - Data Link
Option 3: Layer 5 - Session
Option 4: Layer 3 - Network
Correct Response: 4
Explanation: Layer 3, the Network layer, is primarily concerned
with end-to-end communication, routing, and network security by
controlling data packet routing.
Q: What is the primary function of an Intrusion
Detection System (IDS)?
Option 1: Monitor and detect suspicious activities
Option 2: Block network connections
Option 3: Assign IP addresses to devices
Option 4: Optimize data transfer rates
Correct Response: 1
Explanation: The primary function of an Intrusion Detection
System (IDS) is to monitor and detect suspicious activities on a
network or system for enhanced security.
Q: In the context of firewalls, what does the
term "stateful inspection" refer to?
Option 1: A method for tracking network packets
Option 2: A technique for blocking network traffic
Option 3: A way to filter website content
Option 4: A process for encrypting data transmissions
Correct Response: 1
Explanation: "Stateful inspection" in firewalls refers to the method
of tracking the state of active connections and making decisions
based on the context of the traffic, enhancing security by
understanding the state of network connections.
Q: Which type of IDS analyzes network traffic
patterns and compares them with known attack
signatures?
Option 1: Host-based Intrusion Detection System
Option 2: Network-based Intrusion Detection System
Option 3: Anomaly-based Intrusion Detection System
Option 4: Antivirus Software
Correct Response: 2
Explanation: A network-based IDS (NIDS) analyzes network traffic
patterns and compares them with known attack signatures to
identify malicious activity within a network, making it a crucial
component of network security.
Q: Which device is typically used to segment a
network and control incoming and outgoing
network traffic based on security policies?
Option 1: Router
Option 2: Switch
Option 3: Hub
Option 4: Modem
Correct Response: 1
Explanation: A router is used to segment a network and control
network traffic based on security policies by directing traffic
between different network segments, effectively acting as a gateway
for traffic control.
Q: How does a network-based IDS (NIDS) differ
from a host-based IDS (HIDS)?
Option 1: NIDS monitors network traffic; HIDS monitors host
system logs and activities
Option 2: NIDS monitors host system logs and activities; HIDS
monitors network traffic
Option 3: NIDS relies on anomaly detection; HIDS relies on
signature-based detection
Option 4: NIDS is software-based; HIDS is hardware-based
Correct Response: 1
Explanation: NIDS and HIDS are distinct intrusion detection
systems. NIDS monitors network traffic for suspicious activities,
while HIDS focuses on monitoring the activities and logs of a
specific host system. They differ in their monitoring scope.
Q: In advanced firewalls, what capability allows
the inspection of encrypted SSL/TLS traffic?
Option 1: Deep Packet Inspection (DPI)
Option 2: Intrusion Prevention System (IPS)
Option 3: Stateful Packet Inspection (SPI)
Option 4: Port-based Filtering
Correct Response: 1
Explanation: Deep Packet Inspection (DPI) enables the inspection
of the actual content within encrypted SSL/TLS traffic, making it
capable of identifying malicious content or patterns. This is a
critical feature for advanced firewall security.
Q: Which type of firewall filtering technique
makes decisions based on the application layer
protocol?
Option 1: Application Layer Gateway (ALG)
Option 2: Stateful Packet Inspection (SPI)
Option 3: Network Address Translation (NAT)
Option 4: Packet Filtering
Correct Response: 1
Explanation: An Application Layer Gateway (ALG) is a firewall
filtering technique that makes decisions based on the application
layer protocol. ALGs are responsible for understanding and
processing application-specific protocols, making them suitable for
filtering at the application layer.
Q: A _______ is a set of predefined rules in a
firewall that determines whether to allow or
block specific traffic.
Option 1: Access Control List (ACL)
Option 2: Intrusion Detection System
Option 3: Encryption Algorithm
Option 4: DNS Server
Correct Response: 1
Explanation: An Access Control List (ACL) is a set of rules used in a
firewall to control traffic by allowing or blocking based on defined
criteria.
Q: An IDS that actively takes actions, such as
blocking traffic or terminating sessions, when a
threat is detected is referred to as _______.
Option 1: Intrusion Prevention System
Option 2: Firewall
Option 3: Honeypot
Option 4: Router
Correct Response: 1
Explanation: An Intrusion Prevention System (IPS) is an IDS that
not only detects threats but also takes proactive measures to block
or prevent them.
Q: Firewalls that operate at the network layer
and make decisions based on IP addresses are
called _______ firewalls.
Option 1: Stateful Firewall
Option 2: Application Firewall
Option 3: Proxy Firewall
Option 4: Packet Filtering Firewall
Correct Response: 4
Explanation: Packet Filtering Firewalls operate at the network
layer and make decisions based on IP addresses and ports.
Q: A system that combines the features of both
firewalls and IDS/IPS is commonly referred to as
a _______.
Option 1: UTM (Unified Threat Management)
Option 2: SIEM (Security Information and Event Management)
Option 3: DMZ (Demilitarized Zone)
Option 4: NAT (Network Address Translation)
Correct Response: 1
Explanation: A UTM (Unified Threat Management) system
combines the functionalities of both firewalls and IDS/IPS,
providing comprehensive security.
Q: The process of allowing certain traffic to
bypass the usual security inspection based on
specific criteria is known as firewall _______.
Option 1: Exemption
Option 2: Bypass
Option 3: Exception
Option 4: Whitelisting
Correct Response: 3
Explanation: Firewall 'Exception' allows specific traffic to bypass
regular security inspection, based on predefined criteria or
exceptions.
Q: When an IDS generates an alert for an
activity that isn't actually malicious, it's termed
as a _______.
Option 1: False Negative
Option 2: True Positive
Option 3: True Negative
Option 4: False Positive
Correct Response: 4
Explanation: When an IDS generates an alert for non-malicious
activity, it's called a 'False Positive,' indicating a potential security
concern that is, in fact, benign.
Q: A company's network administrator notices
that an external IP address is repeatedly trying
to access the company's internal resources.
However, the firewall denies each attempt, and
the source IP changes frequently. What type of
attack might this represent?
Option 1: DDoS Attack
Option 2: Port Scanning
Option 3: Spear Phishing
Option 4: Man-in-the-Middle (MitM) Attack
Correct Response: 2
Explanation: This scenario suggests 'Port Scanning,' where an
attacker systematically scans a range of ports on a network to
identify vulnerabilities or open services.
Q: Sarah, a security analyst, sees an alert from
the IDS indicating a potential attack. She
reviews the logs and finds no evidence of a
breach or unauthorized activity. What kind of
alert might this be considered?
Option 1: False Positive Alert
Option 2: True Positive Alert
Option 3: Evasion Attack Alert
Option 4: Intrusion Alert
Correct Response: 1
Explanation: In this case, it is likely a 'False Positive Alert,'
indicating that the IDS incorrectly identified benign network traffic
or normal behavior as an attack.
Q: After implementing a new firewall rule, a
company's remote employees suddenly cannot
access the internal network through the VPN.
The IT team suspects the rule is blocking the
VPN traffic. To address this issue without
compromising security, what should they
consider adjusting in the firewall?
Option 1: Rule Priority
Option 2: Rule Timing
Option 3: Rule Logging
Option 4: Rule Complexity
Correct Response: 1
Explanation: Adjusting the 'Rule Priority' allows the company to
ensure that the VPN traffic is processed before other rules, resolving
the issue without compromising security.
Q: What is the primary purpose of using a
Virtual Private Network (VPN)?
Option 1: Securely connect to a private network
Option 2: Stream high-quality videos
Option 3: Browse the web anonymously
Option 4: Improve computer performance
Correct Response: 1
Explanation: The primary purpose of a VPN is to securely connect
to a private network over the internet, ensuring data privacy and
security, often used for remote work or accessing sensitive
information.
Q: Which encryption protocol is commonly used
by modern VPNs to secure data?
Option 1: TLS (Transport Layer Security)
Option 2: HTTP (Hypertext Transfer Protocol)
Option 3: ARP (Address Resolution Protocol)
Option 4: DHCP (Dynamic Host Configuration Protocol)
Correct Response: 1
Explanation: Modern VPNs commonly use TLS (Transport Layer
Security) for data encryption. TLS ensures data confidentiality and
integrity when transmitted over the internet.
Q: In the context of wireless networks, what
does WPA stand for?
Option 1: Wi-Fi Protected Access
Option 2: Wireless Public Access
Option 3: Wireless Personal Area
Option 4: Wi-Fi Printing Adapter
Correct Response: 1
Explanation: WPA stands for Wi-Fi Protected Access, a security
protocol used in wireless networks to protect data and control
access, providing enhanced security compared to older WEP (Wired
Equivalent Privacy) standards.
Q: Why might an organization choose to
implement a split-tunneling VPN configuration?
Option 1: To reduce network bandwidth usage
Option 2: To improve security
Option 3: To ensure end-to-end encryption
Option 4: To achieve better compatibility with legacy systems
Correct Response: 1
Explanation: An organization may choose split-tunneling to
conserve bandwidth by not routing all traffic through the VPN. It's a
trade-off between security and efficiency.
Q: Which wireless security protocol was
developed as an improvement over WEP due to
its vulnerabilities?
Option 1: WPA2
Option 2: WPA
Option 3: WPA3
Option 4: WPA-Enterprise
Correct Response: 3
Explanation: WPA3 was developed as a stronger alternative to
WEP and WPA, addressing their vulnerabilities. It enhances Wi-Fi
security through encryption and authentication.
Q: When setting up a home wireless network,
which feature allows devices to connect to the
network without entering a password, but has
potential security risks?
Option 1: WPS (Wi-Fi Protected Setup)
Option 2: WEP (Wired Equivalent Privacy)
Option 3: MAC Address Filtering
Option 4: WPA3
Correct Response: 1
Explanation: WPS allows easy device connection but poses security
risks. Attackers can exploit it. Other methods like WPA3 are more
secure for home networks.
Q: In a VPN, what is the role of a "tunneling
protocol"?
Option 1: It encrypts data in transit
Option 2: It establishes connections
Option 3: It manages user authentication
Option 4: It routes traffic to external servers
Correct Response: 1
Explanation: A "tunneling protocol" plays a crucial role in VPNs by
encapsulating data in a secure "tunnel," encrypting it, and ensuring
safe transit through untrusted networks.
Q: An attacker sets up a rogue wireless access
point with the same SSID as a legitimate
network to trick users into connecting to it.
What is this type of attack called?
Option 1: Man-in-the-Middle Attack
Option 2: Phishing Attack
Option 3: Denial-of-Service Attack
Option 4: Brute Force Attack
Correct Response: 1
Explanation: This is a "Man-in-the-Middle Attack" where the
attacker intercepts communication between a user and a legitimate
network by positioning themselves between them.
Q: Which VPN protocol operates at Layer 2 of
the OSI model and is often used for remote
access?
Option 1: PPTP
Option 2: L2TP
Option 3: IPsec
Option 4: OpenVPN
Correct Response: 2
Explanation: The VPN protocol that operates at Layer 2 of the OSI
model is "L2TP" (Layer 2 Tunneling Protocol), which is commonly
used for remote access VPN connections.
Q: The process of hiding a wireless network by
not broadcasting its SSID is known as _______.
Option 1: SSID Concealing
Option 2: Network Masking
Option 3: MAC Filtering
Option 4: SSID Encryption
Correct Response: 1
Explanation: SSID Concealing, also known as SSID hiding, is a
security measure where the network name (SSID) is not broadcast,
making it less visible to potential attackers.
Q: A _______ VPN provides a secure connection
between multiple networks over the internet.
Option 1: Site-to-Site
Option 2: PPTP
Option 3: SSL
Option 4: Endpoint-to-Endpoint
Correct Response: 1
Explanation: A Site-to-Site VPN connects entire networks securely
over the internet. It's commonly used to connect remote offices or
cloud services to the main network.
Q: To prevent unauthorized access to a wireless
network, administrators can implement MAC
address _______.
Option 1: Filtering
Option 2: Encryption
Option 3: Broadcasting
Option 4: Hiding
Correct Response: 1
Explanation: MAC address filtering allows or denies access to a
network based on the unique hardware address of a device,
enhancing security by controlling device access.
Q: A company has remote employees who often
access the company's internal network from
public Wi-Fi hotspots. Which technology can
ensure that the data transmitted between the
remote employees and the company remains
confidential and secure?
Option 1: VPN (Virtual Private Network)
Option 2: Firewall
Option 3: Intrusion Detection System (IDS)
Option 4: Encryption
Correct Response: 1
Explanation: A Virtual Private Network (VPN) is the most suitable
solution to ensure data confidentiality and security when accessing
internal resources over public networks. It encrypts the data,
making it secure from eavesdroppers.
Q: Sarah, an IT administrator, notices that
several unauthorized devices have been
connecting to the company's wireless network.
To ensure only company devices can connect,
she considers implementing a security measure
based on hardware addresses. Which security
measure is she thinking of?
Option 1: MAC (Media Access Control) Filtering
Option 2: WPA3 (Wi-Fi Protected Access 3)
Option 3: SSID Hiding
Option 4: WEP (Wired Equivalent Privacy)
Correct Response: 1
Explanation: Sarah is considering implementing MAC (Media
Access Control) filtering to control which devices can connect to the
wireless network. It allows her to permit or deny devices based on
their unique hardware addresses.
Q: An organization with a global presence wants
to ensure its employees can access internal
resources securely from anywhere in the world
without exposing the network to external
threats. Which solution would best fit this
requirement?
Option 1: SD-WAN (Software-Defined Wide Area Network)
Option 2: Cloud Computing
Option 3: MPLS (Multiprotocol Label Switching)
Option 4: IoT (Internet of Things)
Correct Response: 1
Explanation: SD-WAN (Software-Defined Wide Area Network) is a
technology that allows secure and efficient access to internal
resources from anywhere while minimizing exposure to external
threats. It's an ideal solution for a global organization.
Q: Which protocol is primarily used to secure
web traffic between a browser and a server?
Option 1: HTTP
Option 2: SMTP
Option 3: HTTPS
Option 4: FTP
Correct Response: 3
Explanation: HTTPS (Hypertext Transfer Protocol Secure) is the
protocol used for secure web traffic. It provides data encryption,
authentication, and secure connections between a browser and a
server.
Q: IPsec is a suite of protocols designed to
secure what type of communication?
Option 1: Email
Option 2: Internet browsing
Option 3: Network
Option 4: Wireless connections
Correct Response: 3
Explanation: IPsec (Internet Protocol Security) is designed to
secure network communication, ensuring data integrity and
confidentiality. It's often used to create VPNs for secure network
connections.
Q: Which layer of the OSI model does SSL/TLS
primarily operate at?
Option 1: Physical Layer
Option 2: Transport Layer
Option 3: Application
Option 4: Data Link Layer
Correct Response: 3
Explanation: SSL/TLS (Secure Sockets Layer/Transport Layer
Security) primarily operates at the Application Layer (Layer 7) of
the OSI model. It provides encryption and security for application-
level data.
Q: What is the primary difference between SSL
and its successor, TLS?
Option 1: SSL is faster
Option 2: SSL is older
Option 3: TLS is more secure
Option 4: TLS is a separate protocol
Correct Response: 4
Explanation: The primary difference is that TLS (Transport Layer
Security) is an updated version of SSL (Secure Sockets Layer). They
serve the same purpose, but TLS has addressed vulnerabilities
present in SSL, making it more secure. TLS is a separate protocol
with improvements over SSL.
Q: In the context of IPsec, what does AH stand
for and what is its primary function?
Option 1: Authentication Header
Option 2: Address Header
Option 3: Access Handler
Option 4: Application Host
Correct Response: 1
Explanation: AH stands for Authentication Header in IPsec. Its
primary function is to provide data integrity, authentication, and
anti-replay protection for the IP packets, ensuring that they have
not been tampered with during transit.
Q: Which of the following best describes the
primary purpose of a certificate authority (CA)
in the SSL/TLS handshake process?
Option 1: Issuing digital certificates
Option 2: Handling encryption keys
Option 3: Authenticating users
Option 4: Providing web hosting
Correct Response: 1
Explanation: A Certificate Authority (CA) in the SSL/TLS
handshake process primarily issues digital certificates. These
certificates are used to verify the authenticity of a website, ensuring
that the connection is secure and that data is encrypted.
Q: The process of ensuring that both parties in a
communication are who they claim to be,
especially in the SSL/TLS handshake, is known
as what?
Option 1: Authentication
Option 2: Authorization
Option 3: Encryption
Option 4: Decryption
Correct Response: 1
Explanation: Authentication is the process of verifying the identity
of parties in a communication. In SSL/TLS, it ensures that the client
and server are who they claim to be, typically using digital
certificates.
Q: What mechanism does IPsec use to ensure
data integrity and confidentiality at the same
time?
Option 1: ESP (Encapsulating Security Payload)
Option 2: AH (Authentication Header)
Option 3: SSL (Secure Sockets Layer)
Option 4: PPTP (Point-to-Point Tunneling Protocol)
Correct Response: 1
Explanation: IPsec uses ESP, the Encapsulating Security Payload,
to provide both data integrity and confidentiality. ESP encapsulates
the original packet and adds encryption and integrity checks.
Q: In TLS, what cryptographic process is used to
establish a shared secret between the client and
server without ever transmitting the secret
itself?
Option 1: Diffie-Hellman Key Exchange
Option 2: RSA Key Exchange
Option 3: DES Encryption
Option 4: MD5 Hash Algorithm
Correct Response: 1
Explanation: In TLS, the Diffie-Hellman Key Exchange is used to
establish a shared secret without transmitting the secret itself. This
process allows secure key exchange even if eavesdroppers are
present.
Q: The _______ protocol of IPsec ensures
authentication and data integrity but not
confidentiality.
Option 1: AH (Authentication Header)
Option 2: ESP (Encapsulating Security Payload)
Option 3: IKE (Internet Key Exchange)
Option 4: DNS (Domain Name System)
Correct Response: 1
Explanation: The AH (Authentication Header) in IPsec provides
authentication and data integrity, but it doesn't offer
confidentiality.
Q: Regularly updating and patching network
devices is a key _______ in network security.
Option 1: Principle
Option 2: Vulnerability
Option 3: Password
Option 4: Protocol
Correct Response: 2
Explanation: One of the key principles in network security is
regularly updating and patching network devices to fix
vulnerabilities and security issues.
Q: SSL/TLS uses _______ keys to encrypt the data
and ensure secure transmission.
Option 1: Symmetric
Option 2: Asymmetric
Option 3: Private
Option 4: Public
Correct Response: 2
Explanation: SSL/TLS uses asymmetric keys, including a public key
for encryption and a private key for decryption, to secure data
transmission.
Q: A company wants to ensure that their inter-
branch communication over the internet is
secure, confidential, and has data integrity.
Which protocol would best serve this purpose?
Option 1: HTTPS
Option 2: FTP
Option 3: HTTP
Option 4: Telnet
Correct Response: 1
Explanation: HTTPS (Hypertext Transfer Protocol Secure) is a
secure communication protocol that provides encryption, data
integrity, and confidentiality over the internet.
Q: Jane, a network administrator, notices that a
server's SSL certificate has expired. If the
certificate isn't renewed, what could be a
potential impact on the server's users?
Option 1: Users will experience SSL errors while connecting to the
server.
Option 2: Users will have slower internet access.
Option 3: Users will need to update their passwords.
Option 4: Users will lose access to the server.
Correct Response: 1
Explanation: An expired SSL certificate will result in SSL errors,
which can disrupt secure connections, leading to a loss of trust and
potential security risks for the server's users.
Q: After a recent audit, a company was advised
to segregate their network to ensure sensitive
data isn't accessible to all employees. Which
network security best practice is being
recommended?
Option 1: Network Segmentation
Option 2: Port Forwarding
Option 3: IP Address Spoofing
Option 4: DMZ (Demilitarized Zone)
Correct Response: 1
Explanation: Network Segmentation involves dividing a network
into segments to restrict access, reducing the risk of unauthorized
access to sensitive data and improving security.
Q: What is the primary purpose of a Web
Application Firewall (WAF)?
Option 1: To block malicious web traffic
Option 2: To speed up web application loading
Option 3: To manage web application sessions
Option 4: To design web interfaces
Correct Response: 1
Explanation: A Web Application Firewall (WAF) primarily serves
to block malicious web traffic and protect web applications from
various cyber threats and attacks.
Q: Which of the following attacks involves the
injection of malicious scripts into web pages
viewed by other users?
Option 1: Cross-Site Scripting (XSS)
Option 2: Distributed Denial of Service (DDoS)
Option 3: SQL Injection
Option 4: Phishing
Correct Response: 1
Explanation: Cross-Site Scripting (XSS) is an attack where an
attacker injects malicious scripts into web pages, which are then
viewed by other users, potentially leading to data theft or
manipulation.
Q: In which type of attack does an attacker trick
a victim into submitting a malicious request on
their behalf?
Option 1: Cross-Site Request Forgery (CSRF)
Option 2: Man-in-the-Middle (MitM)
Option 3: Cross-Site Scripting (XSS)
Option 4: Distributed Denial of Service (DDoS)
Correct Response: 1
Explanation: Cross-Site Request Forgery (CSRF) is an attack in
which the attacker tricks a victim into submitting a malicious
request, often without the victim's knowledge, on their behalf.
Q: When securing web applications, what does
the principle of "least privilege" mean?
Option 1: Giving the least
Option 2: Giving the most
Option 3: Giving just enough access
Option 4: Giving unlimited access
Correct Response: 3
Explanation: The principle of "least privilege" in web application
security means providing users or processes with the minimum level
of access necessary to perform their tasks. This helps limit potential
damage and unauthorized actions.
Q: Stored and reflected are two types of which
web application security vulnerability?
Option 1: SQL Injection
Option 2: Cross-Site Scripting (XSS)
Option 3: Cross-Site Request Forgery
Option 4: Information Disclosure
Correct Response: 2
Explanation: "Stored" and "Reflected" are two types of Cross-Site
Scripting (XSS) vulnerabilities, which involve injecting malicious
scripts into web pages that are viewed by other users.
Q: Which header can be used by web
applications to instruct the browser to block
certain types of attacks by declaring which
sources are legitimate?
Option 1: Content-Security-Policy
Option 2: Access-Control-Allow-Origin
Option 3: Cross-Origin Resource Sharing
Option 4: Referrer-Policy
Correct Response: 1
Explanation: The "Content-Security-Policy" header is used to
instruct the browser to block certain types of attacks, such as XSS,
by specifying which sources are considered legitimate for loading
content.
Q: In the context of web application security,
what is the primary difference between
"encoding" and "escaping"?
Option 1: Encoding ensures data integrity, while escaping prevents
SQL injection.
Option 2: Encoding protects against HTML injection, while
escaping is used to secure JavaScript.
Option 3: Encoding transforms data into a different format, while
escaping makes data safe for use in specific contexts.
Option 4: Encoding is a method for securing APIs, while escaping is
used to secure session cookies.
Correct Response: 3
Explanation: Encoding involves changing data into a different
format so that it's safe for a particular context, such as converting
special characters to HTML entities. Escaping, on the other hand,
ensures data is safe for use in specific situations, like preventing
SQL injection or cross-site scripting (XSS). The main difference is in
their purpose and target use cases.
Q: Which security measure can prevent
attackers from capturing session IDs by listening
to network traffic between the client and
server?
Option 1: HTTPS Encryption
Option 2: Cross-Site Request Forgery
Option 3: Secure Cookies
Option 4: Rate Limiting
Correct Response: 1
Explanation: HTTPS (HyperText Transfer Protocol Secure)
encryption is a security measure that encrypts data in transit
between the client and server, making it difficult for attackers to
capture session IDs by eavesdropping on network traffic. It's a
fundamental method for ensuring data privacy and security during
transmission.
Q: What is the main reason behind using anti-
CSRF tokens in web forms?
Option 1: Preventing Data Breaches
Option 2: Mitigating Cross-Site Scripting Attacks
Option 3: Avoiding Distributed Denial of Service (DDoS) Attacks
Option 4: Protecting Against Cross-Site Request Forgery
Correct Response: 4
Explanation: Anti-CSRF tokens are primarily used to protect
against Cross-Site Request Forgery (CSRF) attacks. These tokens
help ensure that requests made to a server are legitimate and not
generated by malicious entities. By including these tokens in web
forms, developers can prevent attackers from tricking users into
making unwanted actions without their knowledge.
Q: Alice visits a popular news website and sees a
pop-up that says "Hacked!". Upon investigation,
it's found that the website itself was not
compromised but the script from an ad provider
was. What kind of attack was most likely
leveraged?
Option 1: Cross-Site Scripting (XSS)
Option 2: Cross-Site Request Forgery (CSRF)
Option 3: SQL Injection
Option 4: Distributed Denial of Service (DDoS)
Correct Response: 1
Explanation: Alice likely experienced a Cross-Site Scripting (XSS)
attack, where malicious code was injected into the ad provider's
script, affecting the website's visitors.
Q: Bob receives an email with a link to a site
that looks like his bank's website. When he
enters his credentials, they are sent to an
attacker instead of the bank. While the real
bank's site was not compromised, what kind of
attack did Bob fall victim to?
Option 1: Phishing Attack
Option 2: SQL Injection
Option 3: Man-in-the-Middle Attack
Option 4: Distributed Denial of Service (DDoS)
Correct Response: 1
Explanation: Bob fell victim to a Phishing Attack, where he was
deceived into entering his credentials on a fake site. The bank's site
itself wasn't compromised.
Q: Charlie is developing a web application. He
ensures that every form input is validated and
sanitized before it's processed. Despite this, an
attacker is able to inject a script that steals user
session cookies. Which vulnerability in the
application did the attacker most likely exploit?
Option 1: Insecure Deserialization
Option 2: Cross-Site Scripting (XSS)
Option 3: Cross-Site Request Forgery (CSRF)
Option 4: SQL Injection
Correct Response: 2
Explanation: The attacker likely exploited a Cross-Site Scripting
(XSS) vulnerability, allowing them to inject malicious scripts into
the web application despite input validation and sanitization.
Q: Which type of attack targets vulnerabilities in
a website's database by inserting malicious SQL
code?
Option 1: SQL Injection
Option 2: Cross-Site Scripting
Option 3: Denial of Service Attack
Option 4: Phishing Attack
Correct Response: 1
Explanation: SQL Injection is an attack where an attacker inserts
malicious SQL code into input fields to manipulate or extract data
from a database.
Q: When an attacker introduces malicious code
into a software system, causing it to behave in
unintended ways, this is known as what?
Option 1: Code Injection
Option 2: Malware Injection
Option 3: Exploiting a Vulnerability
Option 4: Software Compromise
Correct Response: 1
Explanation: Code Injection occurs when an attacker inserts
malicious code into a software system, leading to unintended and
potentially harmful behavior.
Q: Which secure coding practice helps prevent
SQL injection attacks by ensuring that user
input does not run as code?
Option 1: Input Validation
Option 2: Code Encryption
Option 3: Database Backups
Option 4: Password Hashing
Correct Response: 1
Explanation: Input Validation is a practice that checks and
sanitizes user input to prevent it from being executed as SQL code,
thereby thwarting SQL injection.
Q: A primary technique to mitigate code
injection attacks is to avoid executing code that
is:
Option 1: Dynamic
Option 2: Encoded
Option 3: Trusted
Option 4: Untrusted
Correct Response: 4
Explanation: Mitigating code injection attacks involves not
executing untrusted code. Untrusted code can contain malicious
commands that may lead to security vulnerabilities.
Q: Which of the following is NOT a
recommended practice to prevent SQL injection?
Option 1: Using Prepared Statements
Option 2: Sanitizing Input
Option 3: Using Dynamic Queries
Option 4: Storing Passwords in Plain Text
Correct Response: 3
Explanation: Using dynamic queries is not recommended to
prevent SQL injection. It opens the door to SQL injection attacks by
allowing user input directly in SQL queries.
Q: The process of examining code for security
vulnerabilities before it's executed in a live
environment is known as?
Option 1: Runtime Analysis
Option 2: Code Review
Option 3: Pre-execution Analysis
Option 4: Dynamic Testing
Correct Response: 2
Explanation: Code review is the process of examining code for
security vulnerabilities before it's executed in a live environment.
This helps identify and fix security issues in the code.
Q: Blind SQL Injection is a type of SQL injection
where:
Option 1: Attackers extract data blindly
Option 2: Attackers use UNION-based techniques
Option 3: Attackers inject code
Option 4: Attackers manipulate queries
Correct Response: 1
Explanation: Blind SQL Injection occurs when attackers blindly
extract data from a database without directly knowing the query's
result. This is typically done using boolean-based queries.
Q: Which secure coding principle emphasizes
the importance of denying everything by default
and only granting permissions intentionally?
Option 1: Principle of Least Privilege
Option 2: Defense in Depth
Option 3: Fail-Safe Defaults
Option 4: Security through Obscurity
Correct Response: 1
Explanation: The Principle of Least Privilege advocates limiting
permissions to the minimum necessary, ensuring that by default,
access is denied, and permissions are granted intentionally.
Q: In an out-of-band SQL injection attack, data is
retrieved using:
Option 1: A separate channel
Option 2: The same channel with UNION statements
Option 3: HTTP GET requests
Option 4: API endpoints
Correct Response: 1
Explanation: In an out-of-band SQL injection, attackers retrieve
data via a separate channel, such as a DNS request, rather than
through the same channel as the main application.
Q: What is the primary purpose of implementing
a Content Security Policy (CSP) on a website?
Option 1: Mitigate Cross-Site Scripting (XSS) attacks
Option 2: Enable cookies for third-party domains
Option 3: Optimize website loading speed
Option 4: Enhance search engine optimization (SEO)
Correct Response: 1
Explanation: The primary purpose of implementing a Content
Security Policy (CSP) on a website is to mitigate Cross-Site Scripting
(XSS) attacks. CSP defines and enforces the security policies for web
content by specifying which sources of content are allowed, thereby
reducing the risk of XSS attacks by controlling where resources can
be loaded from.
Q: Which header is used to define a Content
Security Policy for a web application?
Option 1: X-Content-Security-Policy
Option 2: X-Frame-Options
Option 3: X-XSS-Protection
Option 4: Content-Security-Policy
Correct Response: 4
Explanation: The header used to define a Content Security Policy
for a web application is "Content-Security-Policy." It specifies the
policy rules for content sources, script execution, and other security
directives for the web page.
Q: A popular tool that helps in identifying
vulnerabilities in web applications by scanning
their source code is called a what?
Option 1: Firewall
Option 2: Intrusion Detection System (IDS)
Option 3: Web Application Firewall (WAF)
Option 4: Static Application Security Testing (SAST) tool
Correct Response: 4
Explanation: A popular tool used to identify vulnerabilities in web
applications by scanning their source code is called a "Static
Application Security Testing (SAST)" tool. SAST tools analyze the
source code to identify security issues and vulnerabilities early in
the development process.
Q: How does a CSP help in mitigating cross-site
scripting (XSS) attacks?
Option 1: By specifying which domains can load resources
Option 2: By encrypting all data in transit
Option 3: By monitoring server logs
Option 4: By controlling user access permissions
Correct Response: 1
Explanation: A Content Security Policy (CSP) helps mitigate XSS
attacks by specifying which domains can load resources on a web
page. It provides a whitelist of approved sources for content,
helping to prevent malicious scripts from executing from
unauthorized sources, thereby enhancing security.
Q: Which of the following is NOT a directive that
can be used in a Content Security Policy?
Option 1: script-src
Option 2: font-src
Option 3: cookie-policy
Option 4: frame-ancestors
Correct Response: 3
Explanation: "cookie-policy" is not a valid directive in a Content
Security Policy (CSP). CSPs define directives to control the sources
from which certain types of content can be loaded. The other
options like "script-src," "font-src," and "frame-ancestors" are valid
directives used in CSP for different content types.
Q: When using web security assessment tools,
what is the primary benefit of dynamic analysis
over static analysis?
Option 1: Identifies vulnerabilities that can be exploited in real-
time
Option 2: Identifies vulnerabilities in the source code before
deployment
Option 3: Scans for vulnerabilities without executing the
application
Option 4: Provides insights into network infrastructure weaknesses
Correct Response: 1
Explanation: Dynamic analysis is beneficial as it identifies
vulnerabilities that can be exploited in real-time while the
application is running. It helps to discover issues that might not be
evident during static analysis, as it simulates real-world usage
scenarios and interactions with the application.
Q: In the context of CSP, what does the 'nonce'
attribute help with?
Option 1: Controlling content caching
Option 2: Preventing Cross-Site Scripting (XSS) attacks
Option 3: Enforcing secure data transmission
Option 4: Handling session management
Correct Response: 2
Explanation: In the context of Content Security Policy (CSP), the
'nonce' attribute is used to prevent Cross-Site Scripting (XSS)
attacks. It allows a server to generate a unique cryptographic nonce
for each page load. The nonce is included in the CSP header, and
the browser only executes scripts with a matching nonce, effectively
blocking any unauthorized scripts from running on the page.
Q: Which web security assessment tool focuses
specifically on spidering and analyzing web
pages to find potential vulnerabilities?
Option 1: Wireshark
Option 2: Burp Suite
Option 3: Metasploit
Option 4: Snort
Correct Response: 2
Explanation: Burp Suite is a popular web security assessment tool
that focuses on spidering and analyzing web pages to find potential
vulnerabilities. It's widely used for web application security testing,
including scanning for common web vulnerabilities like SQL
injection and Cross-Site Scripting (XSS).
Q: For a stricter CSP policy, which value would
you set for default-src to ensure that only
specific sources are allowed?
Option 1: 'self'
Option 2: 'none'
Option 3: 'strict-dynamic'
Option 4: 'unsafe-inline'
Correct Response: 1
Explanation: In a strict CSP policy, you would set the 'default-src'
value to 'none' to ensure that no resources are allowed by default.
To allow only specific sources, you would then specify those sources
individually in other CSP directives, like 'script-src', 'style-src', etc.
Q: When a policy violation occurs, the CSP can
be configured to send a report to a specified URI
using the _______ directive.
Option 1: report-uri
Option 2: content-uri
Option 3: security-uri
Option 4: policy-uri
Correct Response: 1
Explanation: The correct directive for configuring CSP to send a
report to a specified URI is report-uri. This directive is essential for
monitoring and resolving policy violations by receiving reports on
security incidents.
Q: The tool _______ is known for its ability to
automate the scanning of web applications and
can detect over 3000 web vulnerabilities.
Option 1: Nmap
Option 2: Metasploit
Option 3: Burp Suite
Option 4: OWASP ZAP
Correct Response: 3
Explanation: The tool known for automating the scanning of web
applications and detecting a wide range of web vulnerabilities,
including over 3000, is Burp Suite. It's widely used by security
professionals for web application security testing.
Q: To ensure that the browser enforces the CSP
but does not block or report any content, the
_______ directive is used.
Option 1: default-src
Option 2: report-only
Option 3: enforce
Option 4: allow-all
Correct Response: 2
Explanation: To ensure that the browser enforces the Content
Security Policy (CSP) but only reports violations without blocking
content, the report-only directive is used. This is useful for
monitoring policy violations without impacting user experience.
Q: After implementing a strict CSP on a website,
a developer notices that some of the third-party
widgets are not functioning. Which of the
following is the most likely reason?
Option 1: The widgets violate the Same-Origin Policy
Option 2: The widgets are not properly configured
Option 3: The widgets lack a Content Security Policy
Option 4: The widgets need browser extensions to function
Correct Response: 1
Explanation: The most likely reason for the third-party widgets not
functioning after implementing a strict CSP (Content Security
Policy) is that the widgets violate the Same-Origin Policy. CSP
restricts the sources from which content can be loaded on a web
page, and if the widgets come from a different origin, they may be
blocked.
Q: Sarah, a web security analyst, receives a
report that a certain page on the company's
website is vulnerable to an XSS attack. She
decides to implement a CSP. Which of the
following directives should she prioritize to
mitigate this specific threat?
Option 1: script-src
Option 2: img-src
Option 3: font-src
Option 4: media-src
Correct Response: 1
Explanation: To mitigate the threat of XSS (Cross-Site Scripting)
attacks, Sarah should prioritize the script-src directive when
implementing a CSP. This directive controls which scripts are
allowed to execute on a web page, and by restricting this, she can
mitigate the risk of malicious script execution.
Q: During a web application assessment, a
security consultant observes that even though
the application has a CSP header, it uses the
unsafe-inline directive for scripts. What
potential risk does this pose?
Option 1: It allows any script to run on the page
Option 2: It disallows all inline scripts
Option 3: It only allows scripts from external sources
Option 4: It restricts all scripting entirely
Correct Response: 1
Explanation: Using the unsafe-inline directive for scripts in a CSP
is risky because it allows any inline script to run on the page. This
essentially undermines the security benefits of CSP by permitting
potentially harmful inline scripts, which is a security vulnerability.
Q: Which of the following is a primary goal of
operating system hardening?
Option 1: Enhancing security by reducing vulnerabilities
Option 2: Increasing system performance
Option 3: Simplifying user interfaces
Option 4: Expanding network connectivity
Correct Response: 1
Explanation: The primary goal of operating system hardening is to
enhance security by reducing vulnerabilities. This involves
configuring the OS to minimize potential attack vectors and make it
more resistant to security threats and exploits.
Q: What is the primary purpose of a strong
password policy in user authentication?
Option 1: Improving user experience
Option 2: Reducing login times
Option 3: Enhancing user creativity
Option 4: Increasing security
Correct Response: 4
Explanation: The primary purpose of a strong password policy in
user authentication is to increase security. A strong password policy
enforces the use of complex passwords, making it more difficult for
unauthorized users to gain access to accounts through brute force or
dictionary attacks.
Q: Multi-factor authentication typically involves
how many different forms of evidence (or
factors) for verifying a user's identity?
Option 1: One factor
Option 2: Two factors
Option 3: Three factors
Option 4: Four factors
Correct Response: 2
Explanation: Multi-factor authentication typically involves two or
more different forms of evidence (factors) for verifying a user's
identity. These factors can include something the user knows
(password), something the user has (smart card or mobile device),
and something the user is (biometric data like fingerprints).
Q: In the context of operating systems, what
does the principle of "least privilege" refer to?
Option 1: A. Giving users the highest level of access rights
Option 2: B. Providing maximum system resources to all users
Option 3: C. Providing system access based on need
Option 4: D. Denying system access to all users
Correct Response: 3
Explanation: The principle of "least privilege" (also known as the
principle of least privilege, or POLP) refers to providing system
access based on the principle of "need to know" and giving users the
minimum levels of access rights required to accomplish their tasks.
This reduces the risk of unauthorized access and potential security
breaches.
Q: Which authentication method involves
something the user physically possesses, like a
smart card or token?
Option 1: A. Biometric authentication
Option 2: B. Two-factor authentication
Option 3: C. Password authentication
Option 4: D. Single-factor authentication
Correct Response: 2
Explanation: Two-factor authentication (2FA) involves something
the user physically possesses (like a smart card or token) and
something they know (like a PIN or password). It provides an
additional layer of security beyond just a password, making it more
challenging for unauthorized users to gain access.
Q: In operating system hardening, why might an
administrator choose to disable unused services
and protocols?
Option 1: A. To increase system performance
Option 2: B. To reduce software licensing costs
Option 3: C. To minimize security risks
Option 4: D. To improve user experience
Correct Response: 3
Explanation: Administrators might choose to disable unused
services and protocols in operating system hardening to minimize
security risks. Unused services and protocols can be exploited by
attackers, leading to vulnerabilities and potential breaches. By
disabling them, administrators reduce the attack surface and
enhance the system's security posture.
Q: What is the primary advantage of using a
biometric authentication method, such as
fingerprint or facial recognition?
Option 1: High Efficiency
Option 2: Strong Security
Option 3: Low Cost
Option 4: Easy to Implement
Correct Response: 2
Explanation: The primary advantage of biometric authentication
methods like fingerprint or facial recognition is their strong
security. Biometrics provide a high level of security because they
are based on unique physical or behavioral characteristics, making
it extremely difficult for unauthorized users to gain access. These
methods are challenging to fake or replicate, enhancing security.
Q: A process in which an operating system
ensures that an application only accesses the
resources necessary for its legitimate purpose is
called what?
Option 1: Multithreading
Option 2: Sandboxing
Option 3: Virtualization
Option 4: Clustering
Correct Response: 2
Explanation: The process in which an operating system ensures
that an application only accesses the resources necessary for its
legitimate purpose is called "Sandboxing." Sandboxing is a security
mechanism that isolates applications, preventing them from making
unauthorized changes to a system or accessing resources they
shouldn't. It enhances security by containing potentially harmful
processes.
Q: Which of the following best describes the
concept of "role-based access control"?
Option 1: Users are authenticated using biometrics
Option 2: Users are grouped based on job roles, and permissions
are assigned accordingly
Option 3: All users have equal access to all resources
Option 4: Access control is not enforced
Correct Response: 2
Explanation: Role-based access control (RBAC) is a concept in
which users are grouped based on their job roles, and permissions
are assigned accordingly. This approach simplifies access control by
granting or restricting access based on job responsibilities, ensuring
that users only have access to resources essential for their roles,
which enhances security and administrative efficiency.
Q: The security measure that ensures only
approved applications run on a system is called
_______.
Option 1: Application Whitelisting
Option 2: Firewall
Option 3: Intrusion Detection
Option 4: Anti-virus
Correct Response: 1
Explanation: Application Whitelisting is a security measure that
only allows approved applications to run on a system. It creates a
list of trusted applications, and only those on the list can execute.
This helps prevent the execution of unauthorized or malicious
software.
Q: A cryptographic method that requires two
paired keys – one private and one public – is
known as _______.
Option 1: Encryption
Option 2: Symmetric Key
Option 3: Asymmetric Key
Option 4: Hashing
Correct Response: 3
Explanation: An Asymmetric Key (or Public Key) cryptographic
method uses two keys, one public and one private, for secure
communication. Data encrypted with one key can only be decrypted
with the other, providing a high level of security.
Q: In the context of access control, the decision
to grant or deny a user's request is referred to as
_______.
Option 1: Authorization
Option 2: Authentication
Option 3: Verification
Option 4: Validation
Correct Response: 1
Explanation: Authorization is the process of deciding whether a
user's request should be granted or denied. It's the step that follows
authentication and validation and determines the level of access a
user has to resources based on their permissions or privileges.
Q: Emily, a system administrator, is configuring
a new server. She ensures that only necessary
services run, disables default accounts, and sets
strong password policies. What process is Emily
engaged in?
Option 1: Server Hardening
Option 2: Patch Management
Option 3: Server Virtualization
Option 4: Server Clustering
Correct Response: 1
Explanation: Emily is engaged in the process of "Server
Hardening." This involves securing a server by minimizing
vulnerabilities, such as disabling unnecessary services,
strengthening password policies, and removing or disabling default
accounts. The goal is to reduce the server's attack surface.
Q: After a major data breach, a company
mandates that employees use their passwords, a
smart card, and a biometric scan to access the
company's systems. This security measure is an
example of which authentication method?
Option 1: Multi-Factor Authentication (MFA)
Option 2: Single Sign-On (SSO)
Option 3: Two-Factor Authentication (2FA)
Option 4: Biometric Authentication
Correct Response: 1
Explanation: This security measure is an example of "Multi-Factor
Authentication (MFA)." MFA requires users to provide two or more
authentication factors (in this case, a password, a smart card, and a
biometric scan) to gain access, making it more secure than single-
factor authentication.
Q: An organization's new software automatically
adjusts user permissions based on their job role
and revokes access to certain files when an
employee changes departments. This approach
to managing user rights is an example of what?
Option 1: Role-Based Access Control (RBAC)
Option 2: Discretionary Access Control (DAC)
Option 3: Mandatory Access Control (MAC)
Option 4: Attribute-Based Access Control (ABAC)
Correct Response: 1
Explanation: This approach to managing user rights is an example
of "Role-Based Access Control (RBAC)." RBAC assigns permissions
based on a user's role or job function, simplifying permission
management and reducing the risk of unauthorized access.
Q: Which of the following is a software designed
to infiltrate and damage computer systems
without the user's knowledge or consent?
Option 1: Malware
Option 2: Firewall
Option 3: Antivirus
Option 4: Browser
Correct Response: 1
Explanation: Malware is a term used to describe any software
specifically designed to infiltrate and damage computer systems,
often without the user's knowledge or consent. Malware can take
various forms, including viruses, worms, Trojans, and spyware,
among others.
Q: What is the primary purpose of a software
patch?
Option 1: Enhance user interface
Option 2: Add new features
Option 3: Fix software vulnerabilities
Option 4: Improve system performance
Correct Response: 3
Explanation: The primary purpose of a software patch is to fix
software vulnerabilities. Software vulnerabilities can be exploited
by malicious actors to compromise a system's security. Patches are
essential for maintaining a secure and stable software environment.
Q: Which tool is commonly used to scan a
computer system for known malware
signatures?
Option 1: Firewall
Option 2: Antivirus
Option 3: VPN
Option 4: Browser
Correct Response: 2
Explanation: Antivirus software is commonly used to scan a
computer system for known malware signatures. It compares files
and activities on the computer to a database of known malware
signatures to detect and remove malicious software.
Q: Which type of malware typically does not
replicate itself but allows unauthorized access to
the affected computer?
Option 1: Trojan
Option 2: Worm
Option 3: Virus
Option 4: Spyware
Correct Response: 1
Explanation: A Trojan horse (option 1) is a type of malware that
disguises itself as a legitimate software or file to trick users into
downloading it. Unlike viruses or worms, Trojans typically do not
replicate themselves. Once executed, they can provide unauthorized
access to the affected computer.
Q: What is the primary benefit of a centralized
patch management system for an organization?
Option 1: Improved Security
Option 2: Increased Bandwidth
Option 3: Faster Internet Speed
Option 4: Enhanced User Experience
Correct Response: 1
Explanation: A centralized patch management system (option 1)
primarily benefits an organization by improving security. It allows
the organization to efficiently and consistently apply software
updates, patches, and fixes to all systems, reducing vulnerabilities
and enhancing protection against cyber threats.
Q: Heuristic analysis in the context of malware
detection refers to what?
Option 1: Identifying new, unknown threats based on behavior
Option 2: Scanning for known viruses and malware
Option 3: Conducting penetration testing on network security
Option 4: Analyzing network traffic for performance issues
Correct Response: 1
Explanation: Heuristic analysis (option 1) involves identifying
new, unknown threats based on their behavior rather than relying
solely on known virus definitions. It helps detect and mitigate
previously unidentified malware and suspicious activities by
analyzing patterns and behaviors.
Q: Zero-day exploits target vulnerabilities that
are known to the software vendor but:
Option 1: The vendor refuses to acknowledge the vulnerability
Option 2: The vendor has not yet released a patch
Option 3: The vendor is actively working on a fix
Option 4: The vendor can't reproduce the issue
Correct Response: 2
Explanation: Zero-day exploits target vulnerabilities that are
known to the software vendor but do not yet have an official patch
or fix available. Hackers exploit these vulnerabilities before the
vendor can respond with a patch, potentially causing significant
damage or security breaches.
Q: In a sandboxing approach for malware
detection, suspicious files are executed in what
kind of environment?
Option 1: A secure and isolated environment
Option 2: The system's production environment
Option 3: A public cloud environment
Option 4: The user's personal device
Correct Response: 1
Explanation: In a sandboxing approach for malware detection,
suspicious files are executed in a secure and isolated environment,
separate from the user's system. This isolation prevents malware
from affecting the production system and allows security analysts to
observe and analyze its behavior.
Q: Which term describes the process of testing
patches on non-critical systems before a full-
scale rollout?
Option 1: Hotfix deployment
Option 2: Zero-day mitigation
Option 3: Staging
Option 4: Shadow IT
Correct Response: 3
Explanation: The process of testing patches on non-critical systems
before a full-scale rollout is called "staging." During staging, patches
are applied to a limited number of systems or environments to
ensure they do not cause issues before wider deployment.
Q: A _______ is a piece of code that attaches itself
to a legitimate program and propagates to other
programs and systems.
Option 1: Worm
Option 2: Router
Option 3: Switch
Option 4: Firewall
Correct Response: 1
Explanation: A worm is a self-replicating piece of malicious code
that can attach itself to legitimate programs and propagate to other
systems without any user intervention. Unlike viruses, worms do
not require a host program to attach to.
Q: Patch _______ is the process of deciding which
patches should be applied to systems and in
what order.
Option 1: Management
Option 2: Deployment
Option 3: Selection
Option 4: Prioritization
Correct Response: 4
Explanation: Patch prioritization is the process of deciding which
patches should be applied to systems and in what order. It involves
assessing the criticality of vulnerabilities and the potential impact
on systems to determine the patching order.
Q: _______ is a type of malware that encrypts user
data and demands a ransom for the decryption
key.
Option 1: Trojan
Option 2: Adware
Option 3: Ransomware
Option 4: Spyware
Correct Response: 3
Explanation: Ransomware is a type of malware that encrypts a
user's data and demands a ransom for the decryption key. It's a
malicious tool used by cybercriminals to extort money from victims.
Paying the ransom is discouraged, as there's no guarantee the data
will be restored.
Q: The process of continuously monitoring
systems for vulnerabilities and applying
necessary patches is known as _______.
Option 1: Vulnerability Management
Option 2: Intrusion Detection
Option 3: Firewall Configuration
Option 4: Penetration Testing
Correct Response: 1
Explanation: Vulnerability Management involves the systematic
process of identifying and addressing vulnerabilities in a network or
system. It includes vulnerability scanning, assessment, and patch
management to ensure that the system is protected from known
vulnerabilities.
Q: A piece of malware designed to spread across
networks by exploiting vulnerabilities in
networked devices is called a _______.
Option 1: Worm
Option 2: Virus
Option 3: Trojan Horse
Option 4: Ransomware
Correct Response: 1
Explanation: A worm is a type of malware that is designed to self-
replicate and spread across networks by exploiting vulnerabilities in
networked devices. Unlike viruses, worms don't need a host file to
propagate.
Q: The use of multiple layers of security
measures, including both malware detection and
patch management, is referred to as a _______
approach.
Option 1: Multi-Factor Authentication
Option 2: Defense-in-Depth
Option 3: Redundant Backup
Option 4: Single Sign-On
Correct Response: 2
Explanation: Defense-in-Depth is a security strategy that employs
multiple layers of security controls and measures to protect against
various security threats. This approach includes not only malware
detection but also patch management, firewalls, intrusion detection
systems, and more, creating a robust security posture.
Q: An IT security analyst at a company identifies
that a number of workstations have become part
of a botnet. Which type of malware is most
likely responsible for this?
Option 1: Trojan
Option 2: Worm
Option 3: Ransomware
Option 4: Spyware
Correct Response: 2
Explanation: A botnet is typically composed of a network of
infected computers or "zombies," and it's often orchestrated by a
worm. Worms can autonomously replicate and spread across a
network, making them a common choice for botnet creators.
Q: A software company releases a critical
security update for its widely-used application.
After a week, a major cyber attack targets
organizations that have not applied this update.
This scenario underscores the importance of
what?
Option 1: Patch Management
Option 2: Intrusion Detection
Option 3: Firewall Configuration
Option 4: Secure Coding
Correct Response: 1
Explanation: This scenario highlights the critical importance of
patch management. Failing to apply security updates promptly can
leave systems vulnerable to known exploits.
Q: An organization's intrusion detection system
(IDS) flags an executable file behaving
suspiciously, trying to access system files and
sending data to an external IP. However, the
file's signature is not present in the malware
database. This situation might be an instance of:
Option 1: APT (Advanced Persistent Threat)
Option 2: Zero-Day Exploit
Option 3: False Positive
Option 4: Polymorphic Malware
Correct Response: 2
Explanation: In this situation, where the behavior is suspicious, but
the file's signature is not recognized, it could be indicative of a zero-
day exploit, which is an attack that exploits a vulnerability
unknown to the software vendor.
Q: What is the primary purpose of disk
encryption?
Option 1: Protect data from unauthorized access
Option 2: Improve disk performance
Option 3: Reduce storage space
Option 4: Prevent physical damage
Correct Response: 1
Explanation: The primary purpose of disk encryption is to protect
data from unauthorized access. When data on a disk is encrypted, it
is converted into a form that can only be read with the correct
decryption key or password, making it inaccessible to unauthorized
users. This helps safeguard sensitive information even if the
physical disk is lost or stolen.
Q: Which of the following is a benefit of
encrypting an individual file rather than an
entire disk?
Option 1: Selective protection
Option 2: Enhanced performance
Option 3: Simplified management
Option 4: Complete security
Correct Response: 1
Explanation: Encrypting an individual file offers the benefit of
selective protection. It allows you to choose specific files or folders
to encrypt, offering security where it's needed most without
affecting the performance or management of the entire disk. This is
especially useful when you only need to protect certain sensitive
files rather than an entire disk.
Q: In the context of operating systems, what is
the primary purpose of a security policy?
Option 1: Define rules and guidelines for system security
Option 2: Optimize system performance
Option 3: Manage user accounts
Option 4: Control system updates
Correct Response: 1
Explanation: In the context of operating systems, a security policy's
primary purpose is to define rules and guidelines for system
security. It outlines what actions are allowed and what is
prohibited, helping to protect the system from unauthorized access,
data breaches, and other security threats. Security policies are
crucial for maintaining the integrity and confidentiality of a
computer system.
Q: Which technology encrypts the entire hard
drive, ensuring that the data on the disk is
secure even if the computer is lost or stolen?
Option 1: TPM
Option 2: AES
Option 3: BitLocker
Option 4: Firewall
Correct Response: 3
Explanation: BitLocker is a full-disk encryption feature included
with Microsoft Windows. It encrypts the entire hard drive, making
it unreadable without the proper decryption key. This ensures the
security of data on the disk, even if the computer is lost or stolen.
Q: In file system security, what restricts or
allows specific actions (like reading, writing,
executing) on a file or a directory?
Option 1: Firewall
Option 2: ACL
Option 3: BIOS
Option 4: SMTP
Correct Response: 2
Explanation: Access Control Lists (ACLs) are used to restrict or
allow specific actions on files or directories. They define who can
access the file or directory, what actions they can perform (e.g.,
read, write, execute), and under what conditions they can do so.
Q: Which component of an operating system
ensures that only authorized users can access
specific resources?
Option 1: UEFI
Option 2: Firewall
Option 3: Authentication
Option 4: Access Control
Correct Response: 3
Explanation: Authentication mechanisms, such as passwords,
biometrics, or smart cards, are used to verify the identity of users.
Once verified, the system grants access to specific resources,
ensuring that only authorized users can access them.
Q: What encryption technique involves two
interdependent cryptographic keys, one public
and one private?
Option 1: RSA
Option 2: AES
Option 3: DES
Option 4: SSL
Correct Response: 1
Explanation: RSA (Rivest-Shamir-Adleman) is an encryption
technique that uses two interdependent cryptographic keys, a public
key for encryption and a private key for decryption. This method
ensures secure communication and data protection.
Q: In the context of operating system security,
which mechanism dictates how privileges are
escalated or restricted for processes?
Option 1: ACL (Access Control List)
Option 2: UAC (User Account Control)
Option 3: DAC (Discretionary Access Control)
Option 4: MAC (Mandatory Access Control)
Correct Response: 4
Explanation: MAC (Mandatory Access Control) is a security
mechanism that dictates how privileges are escalated or restricted
for processes. It enforces a predefined set of access rules and is
commonly used in high-security environments such as military and
government systems.
Q: Which encryption algorithm, once considered
very secure, is now deemed vulnerable due to
advances in computing power?
Option 1: DES (Data Encryption Standard)
Option 2: RSA
Option 3: AES
Option 4: SHA-1
Correct Response: 1
Explanation: DES (Data Encryption Standard) is an encryption
algorithm that was once considered very secure but is now deemed
vulnerable due to advances in computing power. It has been
replaced by more secure algorithms like AES.
Q: The process of converting data into a code to
prevent unauthorized access is known as _______.
Option 1: Encryption
Option 2: Firewall
Option 3: Authentication
Option 4: Hacking
Correct Response: 1
Explanation: Encryption is the process of converting data into a
code to prevent unauthorized access. It ensures that even if
unauthorized users gain access to the data, they cannot read or use
it without the decryption key. Encryption is crucial for data security
and privacy.
Q: In many operating systems, the _______ acts as a
central policy that defines security-related
computer settings.
Option 1: Firewall
Option 2: Operating System
Option 3: Antivirus
Option 4: Router
Correct Response: 2
Explanation: In many operating systems, the Operating System acts
as a central policy that defines security-related computer settings.
This includes user access controls, permissions, and various security
configurations.
Q: _______ is a type of malware that encrypts the
user's files and demands payment in exchange
for the decryption key.
Option 1: Worm
Option 2: Trojan
Option 3: Ransomware
Option 4: Adware
Correct Response: 3
Explanation: Ransomware is a type of malware that encrypts the
user's files and demands payment in exchange for the decryption
key. It is a significant threat to data security and has been
responsible for many high-profile cyberattacks.
Q: An encryption system that uses the same key
to encrypt and decrypt information is known as
_______ encryption.
Option 1: Symmetric
Option 2: Asymmetric
Option 3: Public
Option 4: Private
Correct Response: 1
Explanation: Symmetric encryption, also known as private-key
encryption, uses the same key for both encryption and decryption.
This means that the sender and the recipient must both have access
to the same secret key. It is typically faster and less computationally
intensive compared to asymmetric encryption.
Q: _______ provides a way to ensure the integrity
of data stored on disk by verifying that it hasn't
been tampered with.
Option 1: RAID
Option 2: Firewall
Option 3: Hashing
Option 4: Proxy
Correct Response: 3
Explanation: Hashing provides data integrity by producing a fixed-
size hash value (digest) based on the content of the data. If the data
changes, the hash value will also change, making it easy to detect
any tampering or corruption.
Q: A mandatory _______ policy is a type of security
policy that relies on labels (attached to objects
and users) to determine access.
Option 1: Access Control
Option 2: Password
Option 3: Role-Based
Option 4: Mandatory Access
Correct Response: 4
Explanation: A mandatory access control (MAC) policy is a security
policy that enforces access controls based on labels assigned to
subjects (users) and objects (resources). The labels define the
sensitivity and integrity of objects and the clearances of subjects.
Access is granted or denied based on these labels.
Q: Alice, a system administrator, notices that
some sensitive files have been accessed by
unauthorized users. She wants to ensure that, in
the future, only specific users can view and
modify these files. What security measure
should Alice implement?
Option 1: Access Control List (ACL)
Option 2: Encryption
Option 3: Two-Factor Authentication (2FA)
Option 4: Intrusion Detection System (IDS)
Correct Response: 1
Explanation: Alice should implement Access Control Lists (ACLs) to
restrict file access. ACLs define which users or system processes are
granted access to objects, as well as what operations are allowed on
given objects. In this case, Alice can specify which specific users
have access to sensitive files and what type of access they have.
Q: David is setting up a new computer for his
company's CEO. He wants to ensure that even if
the laptop is lost or stolen, the data on it cannot
be accessed without proper authentication.
Which of the following would be the most
effective solution?
Option 1: Full Disk Encryption
Option 2: Antivirus Software
Option 3: Firewall
Option 4: Biometric Authentication
Correct Response: 1
Explanation: The most effective solution for ensuring that data on
a lost or stolen laptop cannot be accessed without proper
authentication is Full Disk Encryption. Full Disk Encryption
encrypts the entire contents of the hard drive, making the data
inaccessible without the correct decryption key or password.
Q: An organization's IT department wants to
enforce a policy where all software installations
and updates can only be performed by
administrators. This is an example of which type
of security policy mechanism?
Option 1: Role-Based Access Control (RBAC)
Option 2: Mandatory Access Control (MAC)
Option 3: Discretionary Access Control (DAC)
Option 4: Administrative Access Control
Correct Response: 1
Explanation: This policy is an example of Role-Based Access
Control (RBAC). RBAC is a security mechanism that restricts system
access to authorized users or processes based on their roles and
responsibilities within the organization. It is commonly used to
delegate software installations and updates to administrators.
Q: Which method of encryption uses the same
key for both encryption and decryption
processes?
Option 1: Symmetric Key Encryption
Option 2: Asymmetric Key Encryption
Option 3: Public Key Encryption
Option 4: Secure Sockets Layer
Correct Response: 1
Explanation: Symmetric Key Encryption, also known as Private
Key Encryption, uses the same key for both the encryption and
decryption processes. It's efficient for fast and secure data transfer,
but it requires a secure way to share the key between the sender
and receiver.
Q: In the context of data protection, what is the
primary purpose of data encryption?
Option 1: Data Confidentiality
Option 2: Data Availability
Option 3: Data Integrity
Option 4: Data Compression
Correct Response: 1
Explanation: The primary purpose of data encryption is Data
Confidentiality. It ensures that unauthorized users cannot access or
read sensitive data. It transforms the data into an unreadable
format, which can only be deciphered with the appropriate
decryption key.
Q: What common practice involves creating a
duplicate copy of data to ensure its availability
in case of data loss?
Option 1: Data Archiving
Option 2: Data Encryption
Option 3: Data Compression
Option 4: Data Mirroring
Correct Response: 4
Explanation: Data Mirroring is the practice of creating a duplicate
copy of data on another storage device. This is done in real-time or
near-real-time to ensure data availability in case of data loss or
hardware failure. It provides redundancy and high availability.
Q: Which encryption technique transforms
plaintext into ciphertext by applying an
algorithm and a key, where the size of the key
determines the number of possible
transformations?
Option 1: Symmetric Encryption
Option 2: Asymmetric Encryption
Option 3: Hashing
Option 4: Steganography
Correct Response: 1
Explanation: Symmetric Encryption is a technique where the same
key is used for both encryption and decryption. It transforms
plaintext into ciphertext using a mathematical algorithm and a
secret key. The key size determines the number of possible
transformations, which affects the security of the encryption.
Q: Regularly scheduled backups that only
capture the data that has changed since the last
full backup are known as what?
Option 1: Differential Backups
Option 2: Incremental Backups
Option 3: Full Backups
Option 4: Mirror Backups
Correct Response: 2
Explanation: Incremental Backups capture only the data that has
changed since the last backup, whether it was a full backup or a
previous incremental backup. This reduces the backup time and
storage space needed.
Q: In which encryption method is a pair of keys
used, where one key encrypts the data and the
other decrypts it?
Option 1: Symmetric Encryption
Option 2: Asymmetric Encryption
Option 3: Hashing
Option 4: Steganography
Correct Response: 2
Explanation: Asymmetric Encryption, also known as Public Key
Encryption, uses a pair of keys – a public key for encryption and a
private key for decryption. This approach allows secure
communication without both parties needing to share the same
secret key.
Q: Which advanced cryptographic protocol
allows two parties to securely compute a
function over their inputs while keeping those
inputs private?
Option 1: Homomorphic Encryption
Option 2: RSA
Option 3: Diffie-Hellman
Option 4: DES
Correct Response: 1
Explanation: Homomorphic Encryption is an advanced
cryptographic technique that allows two parties to perform
computations on their encrypted data without revealing the data to
each other. This is particularly useful in secure multi-party
computation and privacy-preserving data analysis.
Q: The process of restoring a system or data
from a backup following a disaster or data
corruption is termed as what?
Option 1: Disaster Recovery
Option 2: Data Migration
Option 3: Data Archiving
Option 4: Data Deduplication
Correct Response: 1
Explanation: Disaster Recovery is the process of restoring systems,
data, and infrastructure after a disaster, such as a natural
catastrophe or a major data breach. It ensures that a business can
continue operations after a disruptive event.
Q: In the context of encryption, what ensures
that data remains unchanged from its source
and has not been accidentally or maliciously
altered?
Option 1: Data Confidentiality
Option 2: Data Integrity
Option 3: Data Availability
Option 4: Data Authentication
Correct Response: 2
Explanation: Data Integrity, in encryption, ensures that data
remains unchanged from its source and has not been accidentally or
maliciously altered. This is vital to ensure the trustworthiness of
data in transit or storage.
Q: In public-key cryptography, the decryption
key is kept private and is known as the _______
key.
Option 1: Private
Option 2: Public
Option 3: Secret
Option 4: Cipher
Correct Response: 1
Explanation: In public-key cryptography, the decryption key is
kept private, known as the "Private Key." This key is kept secret by
the owner and is used to decrypt data that has been encrypted with
the corresponding public key.
Q: The process of converting encrypted data
back into its original form is termed as _______.
Option 1: Encryption
Option 2: Deciphering
Option 3: Encoding
Option 4: Hashing
Correct Response: 2
Explanation: The process of converting encrypted data back into its
original form is termed as "Deciphering." This process uses the
decryption key to transform the encrypted data into its original,
readable format.
Q: A backup technique that captures every
version of a file or database record every time it
changes is referred to as _______ backup.
Option 1: Incremental
Option 2: Differential
Option 3: Versioning
Option 4: Full
Correct Response: 3
Explanation: A backup technique that captures every version of a
file or database record every time it changes is referred to as
"Versioning" backup. This type of backup maintains a history of
changes, allowing you to restore a file or record to a specific point
in time.
Q: An organization is looking to secure its
sensitive data transmissions over the internet.
They decide to use a system where both the
sender and the receiver have a set of keys, one
public and one private. Which encryption
system are they likely implementing?
Option 1: RSA
Option 2: AES
Option 3: DES
Option 4: SHA-256
Correct Response: 1
Explanation: They are likely implementing the RSA (Rivest-
Shamir-Adleman) encryption system. RSA is a widely used public-
key encryption system where each participant has a pair of keys: a
public key for encryption and a private key for decryption. This
ensures secure data transmission and is often used in secure
communications and digital signatures.
Q: After a ransomware attack, a company
realizes they have lost access to their critical
data. Fortunately, they have a recent backup
stored in a remote location. This situation
highlights the importance of which data
protection principle?
Option 1: Availability
Option 2: Confidentiality
Option 3: Integrity
Option 4: Authentication
Correct Response: 1
Explanation: This situation highlights the importance of data
availability. Data protection principles ensure the confidentiality,
integrity, and availability of data. In this case, the company's ability
to access the backup data stored in a remote location demonstrates
the principle of data availability.
Q: A financial institution wants to ensure that
even if their data is intercepted during
transmission, the intruder wouldn't be able to
understand it. They decide to transform this
data into a code to prevent unauthorized access.
What process are they using?
Option 1: Encryption
Option 2: Decryption
Option 3: Compression
Option 4: Hashing
Correct Response: 1
Explanation: The financial institution is using encryption.
Encryption is the process of transforming data into a code to
prevent unauthorized access during transmission. It ensures that
even if data is intercepted, it remains unintelligible to unauthorized
individuals or intruders.
Q: What is the primary purpose of Data Loss
Prevention (DLP) solutions?
Option 1: Prevent unauthorized access
Option 2: Prevent unauthorized data loss
Option 3: Ensure fast data transfer
Option 4: Enhance network performance
Correct Response: 2
Explanation: Data Loss Prevention (DLP) solutions are primarily
designed to prevent unauthorized data loss. They help organizations
monitor, detect, and prevent the unauthorized sharing or leakage of
sensitive information, ensuring data security and compliance with
data protection regulations.
Q: The GDPR regulation primarily pertains to
the protection of personal data for citizens of
which region?
Option 1: United States
Option 2: European Union
Option 3: Australia
Option 4: Canada
Correct Response: 2
Explanation: The GDPR (General Data Protection Regulation)
primarily pertains to the protection of personal data for citizens of
the European Union. It is a comprehensive data protection law that
sets strict standards for how organizations handle personal data of
EU residents, regardless of where the organization is based.
Q: Which regulation focuses specifically on the
protection and confidential handling of health
information in the United States?
Option 1: HIPAA
Option 2: GDPR
Option 3: FERPA
Option 4: COPPA
Correct Response: 1
Explanation: HIPAA (Health Insurance Portability and
Accountability Act) focuses specifically on the protection and
confidential handling of health information in the United States. It
regulates the use and disclosure of individuals' health information
by healthcare providers, health plans, and healthcare
clearinghouses, among others.
Q: In the context of DLP, what is the primary
concern of 'data in motion'?
Option 1: Data being accessed by authorized users
Option 2: Data being transmitted or transferred over a network
Option 3: Data stored on physical devices
Option 4: Data at rest in a database
Correct Response: 2
Explanation: In Data Loss Prevention (DLP), the primary concern
of 'data in motion' is data being transmitted or transferred over a
network. This includes data traveling over the internet, intranets, or
other communication channels. DLP solutions monitor and protect
data while it's in transit to prevent unauthorized access or leakage.
Q: Under GDPR, organizations must report data
breaches to the relevant supervisory authority
within how many hours of becoming aware?
Option 1: 24 hours
Option 2: 48 hours
Option 3: 72 hours
Option 4: 96 hours
Correct Response: 3
Explanation: Under the General Data Protection Regulation
(GDPR), organizations must report data breaches to the relevant
supervisory authority within 72 hours of becoming aware of the
breach. This prompt reporting requirement is designed to ensure
swift action and notification to protect individuals' privacy.
Q: HIPAA’s Privacy Rule establishes national
standards to protect what kind of individual
information?
Option 1: Financial data
Option 2: Personal communication records
Option 3: Protected health information (PHI)
Option 4: Social Security numbers
Correct Response: 3
Explanation: HIPAA's Privacy Rule establishes national standards
to protect Protected Health Information (PHI). PHI includes health
records, medical history, patient identifiers, and other health-
related data. These regulations are crucial for ensuring the privacy
and security of sensitive health information.
Q: What term describes the GDPR requirement
for organizations to design data protection into
their products and processes from the outset?
Option 1: Data Minimization
Option 2: Data Portability
Option 3: Data Protection by Design and by Default
Option 4: Data Encryption
Correct Response: 3
Explanation: GDPR (General Data Protection Regulation) requires
organizations to implement "Data Protection by Design and by
Default." This means that data protection must be an integral part of
product and process development, ensuring data security from the
start rather than added as an afterthought.
Q: In DLP strategies, which term refers to the
unauthorized transfer of data outside of an
organization's boundaries?
Option 1: Data Leak
Option 2: Data Spill
Option 3: Data Breach
Option 4: Data Exfiltration
Correct Response: 4
Explanation: Data Exfiltration is the unauthorized transfer of data
from an organization's internal network to an external location. It's
a critical concern in Data Loss Prevention (DLP) strategies, as it can
lead to data breaches.
Q: Which part of the HIPAA regulation sets the
standards for protecting electronic protected
health information?
Option 1: Title I
Option 2: Title II
Option 3: Title III
Option 4: Title IV
Correct Response: 2
Explanation: Title II of the HIPAA (Health Insurance Portability
and Accountability Act) regulation sets the standards for protecting
electronic protected health information (ePHI). It includes the
Security Rule, which outlines the requirements for securing ePHI.
Q: Under GDPR, individuals have the right to
access their personal data and the right to _______
it.
Option 1: Correct the Data
Option 2: Alter the Data
Option 3: Delete the Data
Option 4: Share the Data
Correct Response: 1
Explanation: Under the General Data Protection Regulation
(GDPR), individuals have the right to access their personal data
held by organizations. This means they can request to correct or
update the data if it's inaccurate. This helps individuals maintain
the accuracy of their personal information.
Q: DLP solutions often use _______ to detect
sensitive data based on predefined criteria.
Option 1: Machine Learning
Option 2: Encryption
Option 3: Firewalls
Option 4: Biometrics
Correct Response: 1
Explanation: Data Loss Prevention (DLP) solutions often employ
Machine Learning algorithms to identify and classify sensitive data.
These algorithms learn from historical data and predefined criteria
to recognize patterns associated with sensitive information, helping
prevent data leaks and breaches.
Q: The HIPAA Security Rule focuses specifically
on the security of _______.
Option 1: Patient Records
Option 2: Health Information
Option 3: Medical Facilities
Option 4: Healthcare Providers
Correct Response: 2
Explanation: The Health Insurance Portability and Accountability
Act (HIPAA) Security Rule primarily addresses the security of
protected health information (PHI) and electronic health records. It
sets standards for securing health information, ensuring the
confidentiality, integrity, and availability of patient data.
Q: One of the primary components of DLP is
_______ detection, which analyzes communication
patterns for potential data exfiltration.
Option 1: Anomaly
Option 2: Intrusion
Option 3: Behavioral
Option 4: Malware
Correct Response: 1
Explanation: One of the primary components of DLP (Data Loss
Prevention) is Anomaly detection, which analyzes communication
patterns for potential data exfiltration. Anomaly detection looks for
unusual patterns that may indicate data breaches or unauthorized
access.
Q: GDPR introduces the role of a _______ to ensure
compliance within organizations.
Option 1: Data Officer
Option 2: Compliance Officer
Option 3: Data Privacy Officer
Option 4: Data Protection Officer
Correct Response: 4
Explanation: GDPR (General Data Protection Regulation)
introduces the role of a Data Protection Officer (DPO) to ensure
compliance within organizations. The DPO is responsible for
monitoring data protection activities, advising on data protection
obligations, and serving as a contact point for data protection
authorities.
Q: Under HIPAA, 'covered entities' include
health care providers, health plans, and _______.
Option 1: Business Associates
Option 2: Insurance Companies
Option 3: Pharmaceutical Manufacturers
Option 4: Government Agencies
Correct Response: 1
Explanation: Under HIPAA (Health Insurance Portability and
Accountability Act), 'covered entities' include health care providers,
health plans, and Business Associates. Business Associates are
individuals or entities that perform functions or activities that
involve the use or disclosure of protected health information on
behalf of covered entities.
Q: A multinational company with its
headquarters in the US is collecting and
processing personal data of European citizens. A
customer from France requests a copy of all the
personal data the company has about him.
Which regulation mandates the company to
honor this request?
Option 1: GDPR
Option 2: HIPAA
Option 3: CCPA
Option 4: FERPA
Correct Response: 1
Explanation: GDPR (General Data Protection Regulation) is the
European Union's regulation that mandates data protection and
privacy for European citizens. It requires organizations, regardless
of where they are based, to comply with strict data protection rules
when processing personal data of European citizens.
Q: An organization's IT department notices that
a large volume of files containing sensitive
financial data is being uploaded to a cloud
storage service. This is against the company's
policy. Which system would be best suited to
detect and prevent such actions?
Option 1: DLP (Data Loss Prevention) System
Option 2: IDS (Intrusion Detection System)
Option 3: VPN (Virtual Private Network)
Option 4: NAT (Network Address Translation)
Correct Response: 1
Explanation: A DLP (Data Loss Prevention) system is designed to
monitor and protect data while it is in use, in motion, and at rest. It
can detect and prevent the unauthorized transfer or sharing of
sensitive data, such as financial information, to cloud storage
services.
Q: A hospital's electronic record system was
breached, exposing patient records. The hospital
is based in the United States. Which regulation
mandates that the hospital notify affected
patients of the breach?
Option 1: HIPAA
Option 2: GDPR
Option 3: FERPA
Option 4: CCPA
Correct Response: 1
Explanation: HIPAA (Health Insurance Portability and
Accountability Act) is a U.S. federal law that mandates the
protection of health information privacy and security. It requires
healthcare organizations to notify affected patients in the event of a
data breach involving their protected health information.
Q: What is the primary purpose of a digital
signature in electronic documents?
Option 1: Ensuring Authenticity
Option 2: Data Compression
Option 3: Data Encryption
Option 4: Data Duplication
Correct Response: 1
Explanation: The primary purpose of a digital signature in
electronic documents is to ensure authenticity. It provides a way to
verify that the document has not been tampered with and that it
was indeed signed by the claimed sender. Digital signatures use
cryptographic techniques to achieve this.
Q: Which protocol is specifically designed for
securely transferring files over a network and is
based on the SSH protocol?
Option 1: FTP
Option 2: HTTP
Option 3: SMTP
Option 4: SFTP
Correct Response: 4
Explanation: SFTP (SSH File Transfer Protocol) is a network
protocol designed for securely transferring files over a network. It's
based on the SSH (Secure Shell) protocol, which provides a secure
way to access and manage remote servers and their files. SFTP
encrypts data during transmission, enhancing security.
Q: Digital certificates are issued by trusted third
parties called what?
Option 1: Certificate Authorities
Option 2: Internet Service Providers
Option 3: Social Media Companies
Option 4: Domain Registrars
Correct Response: 1
Explanation: Digital certificates are issued by trusted third parties
known as Certificate Authorities (CAs). These entities validate the
identity of individuals, organizations, or websites and issue digital
certificates, which are used to establish trust and enable secure
communication on the internet.
Q: Which cryptographic technique ensures that
the content of a message or document has not
been altered during transmission?
Option 1: Hashing
Option 2: Encryption
Option 3: Compression
Option 4: Steganography
Correct Response: 1
Explanation: Hashing is a cryptographic technique that ensures
data integrity. It creates a fixed-size hash value from the original
data, and any alteration in the data will result in a different hash
value, indicating that the data has been tampered with.
Q: SFTP and SCP both use which protocol as
their underlying method for secure
communication?
Option 1: SSH
Option 2: SSL
Option 3: HTTPS
Option 4: TLS
Correct Response: 1
Explanation: Both SFTP (SSH File Transfer Protocol) and SCP
(Secure Copy Protocol) use the SSH (Secure Shell) protocol for
secure communication. SSH provides secure authentication and
encrypted data transfer over an insecure network.
Q: Which component of a digital certificate
proves the identity of the certificate's subject?
Option 1: Public Key
Option 2: Private Key
Option 3: Certificate Authority's Signature
Option 4: Subject's Name
Correct Response: 4
Explanation: The Subject's Name in a digital certificate is what
proves the identity of the certificate's subject. It typically contains
information about the entity or individual the certificate is issued
to, such as their name and organization.
Q: In terms of certificate management, what
refers to the process of ensuring a certificate is
still valid and has not been revoked?
Option 1: Certificate Revocation List (CRL)
Option 2: Public Key Infrastructure (PKI)
Option 3: Certificate Signing Request (CSR)
Option 4: Certificate Authority (CA)
Correct Response: 1
Explanation: Certificate Revocation List (CRL) is a vital component
of certificate management. It is a list of certificates that have been
revoked before their expiration date. It is used to verify whether a
certificate is still valid and hasn't been compromised.
Q: What differentiates SCP from SFTP in terms of
functionality and usage?
Option 1: SCP is a file transfer protocol that only supports file
transfer. SFTP, on the other hand, is an interactive file transfer
protocol that also allows file and directory manipulation, remote
file viewing, and more.
Option 2: SCP and SFTP are identical in functionality and usage.
Option 3: SCP is a more secure version of SFTP.
Option 4: SCP is a text-based protocol, whereas SFTP is binary-
based.
Correct Response: 1
Explanation: SCP (Secure Copy Protocol) and SFTP (SSH File
Transfer Protocol) have distinct differences in functionality. SCP is
primarily for file transfer, while SFTP is more versatile, offering
interactive features like file management and remote access.
Q: Which part of a digital signature process
involves generating a value that is unique to the
signed data?
Option 1: Hashing
Option 2: Public Key Encryption
Option 3: Private Key Decryption
Option 4: Digital Certificate
Correct Response: 1
Explanation: In the digital signature process, a unique hash value
is generated from the data to be signed. This hash value is then
encrypted with the sender's private key to create the digital
signature. The recipient can use the sender's public key to verify the
signature and the integrity of the data.
Q: To ensure the authenticity and integrity of
data, digital signatures use cryptographic _______.
Option 1: Algorithms
Option 2: Keys
Option 3: Hashes
Option 4: Protocols
Correct Response: 3
Explanation: To ensure the authenticity and integrity of data,
digital signatures use cryptographic hashes. Hash functions generate
unique fixed-size values (hashes) based on the content of the data
being signed, making it practically impossible for someone to alter
the data without detection.
Q: In a PKI (Public Key Infrastructure) system,
the private key is used to _______ a message, while
the public key is used to _______ it.
Option 1: Encrypt, Decrypt
Option 2: Sign, Verify
Option 3: Hash, Validate
Option 4: Encode, Decode
Correct Response: 2
Explanation: In a PKI system, the private key is used to sign a
message, providing proof of the sender's identity and ensuring data
integrity. The public key is used to verify the signature, allowing
recipients to confirm the sender's identity and data authenticity.
Q: The _______ is a standard protocol for securely
accessing and managing remote devices.
Option 1: SSH (Secure Shell)
Option 2: TCP (Transmission Control Protocol)
Option 3: FTP (File Transfer Protocol)
Option 4: IP (Internet Protocol)
Correct Response: 1
Explanation: The SSH (Secure Shell) protocol is a standard for
securely accessing and managing remote devices. It provides secure
remote access, file transfers, and network services, using strong
encryption and authentication methods to protect communication.
Q: A _______ is a list maintained by a Certificate
Authority that contains all the certificates it has
revoked.
Option 1: CRL (Certificate Revocation List)
Option 2: CSR (Certificate Signing Request)
Option 3: PKI (Public Key Infrastructure)
Option 4: CA (Certificate Authority)
Correct Response: 1
Explanation: A CRL (Certificate Revocation List) is a crucial
component of a Public Key Infrastructure (PKI). It is a list
maintained by a Certificate Authority (CA) and contains all the
certificates it has revoked before their expiration dates. This helps
ensure the security of digital certificates and public keys.
Q: For secure file transfers, SFTP operates on the
_______ layer, while SCP operates on the _______
layer of the OSI model.
Option 1: Transport, Network
Option 2: Data Link, Physical
Option 3: Presentation, Transport
Option 4: Application, Data Link
Correct Response: 3
Explanation: For secure file transfers, SFTP (Secure File Transfer
Protocol) operates at the Presentation layer of the OSI model,
providing encryption, compression, and data formatting services. In
contrast, SCP (Secure Copy Protocol) operates at the Transport layer
of the OSI model, providing secure and efficient file transfer over a
network.
Q: Digital certificates often use the _______ format,
which includes the certificate's public key and
information about the key owner.
Option 1: PEM (Privacy Enhanced Mail)
Option 2: DER (Distinguished Encoding Rules)
Option 3: PGP (Pretty Good Privacy)
Option 4: SSL (Secure Sockets Layer)
Correct Response: 1
Explanation: Digital certificates often use the PEM (Privacy
Enhanced Mail) format. This format typically includes the
certificate's public key and information about the key owner. PEM
is widely used for securing data through encryption and
authentication processes, making it an essential part of secure
communications.
Q: Alice receives an email with a signed
document from Bob. She verifies the digital
signature using Bob's public key and finds it
valid. This ensures that the document was:
Option 1: Authenticated
Option 2: Encrypted
Option 3: Not tampered with
Option 4: Sent securely
Correct Response: 3
Explanation: When Alice verifies the digital signature using Bob's
public key, it ensures that the document was not tampered with.
Digital signatures provide data integrity, and if the signature is
valid, it means the document has not been altered since it was
signed by Bob.
Q: An IT administrator is setting up a secure file
transfer service for his company. He needs a
protocol that provides directory listing, file
transfers, and file management capabilities.
Which protocol should he consider?
Option 1: FTP
Option 2: SMTP
Option 3: HTTP
Option 4: SSH
Correct Response: 1
Explanation: The protocol that provides directory listing, file
transfers, and file management capabilities is FTP (File Transfer
Protocol). FTP is commonly used for these purposes, allowing
secure and efficient file transfers.
Q: A company's IT department is implementing a
system where every employee's email will have
a digital signature. The primary reason for this
implementation is to:
Option 1: Ensure confidentiality
Option 2: Prevent email loss
Option 3: Verify sender identity
Option 4: Accelerate email delivery
Correct Response: 3
Explanation: The primary reason for implementing digital
signatures on emails is to verify the sender's identity. Digital
signatures provide authentication, ensuring that the email indeed
comes from the claimed sender and has not been altered in transit.
Q: Which type of phishing attack targets a
specific individual or organization?
Option 1: Spear Phishing
Option 2: Vishing
Option 3: Smishing
Option 4: Pharming
Correct Response: 1
Explanation: Spear Phishing is a highly targeted form of phishing
where the attacker tailors the attack to a specific individual or
organization. It often involves researching the target to create a
convincing email or message.
Q: In the context of social engineering, what
does "baiting" usually involve?
Option 1: Offering something enticing to the victim
Option 2: Threatening the victim
Option 3: Impersonating someone
Option 4: Hiding behind a mask
Correct Response: 1
Explanation: Baiting in social engineering involves offering
something enticing to the victim. This could be in the form of a free
download, a prize, or anything that would make the victim want to
take an action that benefits the attacker.
Q: What is "tailgating" in the realm of social
engineering?
Option 1: Following an authorized person into a secured area
Option 2: Manipulating a person through flattery
Option 3: Creating fake social media accounts
Option 4: Intercepting email communication
Correct Response: 1
Explanation: Tailgating is a social engineering technique where an
attacker gains unauthorized physical access to a secured area by
following an authorized person. It relies on the trust of the
authorized person to allow the attacker entry.
Q: Spear phishing and vishing are both
techniques used in what kind of cyber attack?
Option 1: Social Engineering
Option 2: Malware Attack
Option 3: DDoS Attack
Option 4: Man-in-the-Middle Attack
Correct Response: 1
Explanation: Spear phishing and vishing are both types of social
engineering attacks. Social engineering is a category of cyberattacks
that manipulate individuals into revealing confidential information,
typically through deceptive or manipulative means. Spear phishing
targets specific individuals, while vishing involves voice
communication.
Q: Which countermeasure involves training
employees to recognize and report suspicious
requests or messages?
Option 1: User Awareness Training
Option 2: Antivirus Software
Option 3: Firewall Configuration
Option 4: Intrusion Detection System
Correct Response: 1
Explanation: User Awareness Training is a proactive security
measure that educates employees on recognizing and reporting
suspicious activities, requests, or messages. This helps organizations
prevent falling victim to various forms of cyberattacks, including
phishing and social engineering.
Q: When an attacker leaves a malware-infected
USB drive in a public place hoping someone will
find it and plug it into a computer, this
technique is known as?
Option 1: Baiting
Option 2: Phishing
Option 3: Spoofing
Option 4: Pharming
Correct Response: 1
Explanation: This technique is called "baiting." It involves leaving a
device (in this case, a malware-infected USB drive) in a location
where someone may find it and plug it into a computer out of
curiosity. Once connected, the malware can infect the victim's
computer.
Q: A phishing attack that involves multiple
methods, such as emails and phone calls, to
deceive victims is known as?
Option 1: Vishing
Option 2: Smishing
Option 3: Spear Phishing
Option 4: Whaling
Correct Response: 4
Explanation: Whaling is a type of phishing attack that specifically
targets high-profile individuals or senior executives within an
organization. It often involves various methods, such as emails,
phone calls, and even in-person social engineering, to deceive
victims and gain sensitive information or access.
Q: What would be the primary objective of a
whaling attack?
Option 1: Gain access to sensitive company data
Option 2: Target a large number of individuals
Option 3: Impersonate a specific individual
Option 4: Extract personal information from random individuals
Correct Response: 3
Explanation: The primary objective of a whaling attack is to
impersonate a specific individual, usually a high-ranking executive
or influential person within an organization. Attackers aim to
deceive others into believing they are this individual to gain access
to sensitive information or resources.
Q: In a scenario where an attacker pretends to
be a maintenance worker to gain physical access
to a secured area, which social engineering
technique are they employing?
Option 1: Impersonation
Option 2: Tailgating
Option 3: Baiting
Option 4: Piggybacking
Correct Response: 2
Explanation: The attacker is employing the "Tailgating" social
engineering technique. This involves following an authorized
person into a secure area without their knowledge or consent, often
by pretending to be an employee or someone with a legitimate
reason to enter the area.
Q: A common technique used by attackers where
they trick users into revealing their passwords
by pretending to be legitimate tech support is
called _______.
Option 1: Phishing
Option 2: Spear Phishing
Option 3: Ransomware
Option 4: Social Engineering
Correct Response: 4
Explanation: The technique where attackers trick users into
revealing their passwords by pretending to be legitimate tech
support is known as Social Engineering. It's a psychological
manipulation technique to gain confidential information.
Q: The practice of sending fraudulent emails
pretending to be from reputable companies to
induce individuals to reveal personal
information is known as _______.
Option 1: Hacking
Option 2: Spoofing
Option 3: Malware
Option 4: Phishing
Correct Response: 4
Explanation: Sending fraudulent emails pretending to be from
reputable companies to trick individuals into revealing personal
information is known as Phishing. It's a common method for
cybercriminals to obtain sensitive data.
Q: _______ attacks specifically target high-ranking
officials within an organization.
Option 1: DDoS
Option 2: Spear Phishing
Option 3: Botnet
Option 4: Malware
Correct Response: 2
Explanation: Spear Phishing attacks specifically target high-
ranking officials within an organization. These attacks are highly
targeted, personalized, and often aim to trick executives into
revealing sensitive information or taking malicious actions.
Q: An employee receives an email from her bank
asking her to verify her account details due to
recent security breaches. The email contains a
link to a website that looks similar to her bank's
website. She becomes suspicious because the
email has typos and the URL seems off. This
email is likely an example of which type of
attack?
Option 1: A) Phishing
Option 2: B) Spear Phishing
Option 3: C) Malware
Option 4: D) Social Engineering
Correct Response: 1
Explanation: This scenario is an example of "A) Phishing." Phishing
attacks involve sending deceptive emails, often impersonating
trusted entities, to trick recipients into revealing sensitive
information or clicking on malicious links. In this case, the email's
typos and suspicious URL are typical signs of phishing.
Q: Mike, an IT professional, finds a USB drive in
the parking lot with a label reading "Salary
Details 2023". Curious, he plugs it into his office
computer, leading to the installation of
malware. Which social engineering technique
successfully targeted Mike?
Option 1: A) Spear Phishing
Option 2: B) Baiting
Option 3: C) Tailgating
Option 4: D) Pretexting
Correct Response: 2
Explanation: This scenario is an example of "B) Baiting." Baiting
involves leaving physical devices, such as infected USB drives, in
places where individuals might find them and be tempted to use
them. Mike's curiosity led to the installation of malware.
Q: Sarah, a new employee, is having trouble
accessing a secure office. A friendly co-worker
she hasn't met offers to let her in using his
access card. This scenario is an example of
which social engineering technique?
Option 1: A) Tailgating
Option 2: B) Phishing
Option 3: C) Spear Phishing
Option 4: D) Vishing
Correct Response: 1
Explanation: This scenario is an example of "A) Tailgating."
Tailgating involves an unauthorized person following an authorized
person into a secured area. In this case, Sarah's friendly co-worker is
exploiting her trust to gain access to the secure office.
Q: Which of the following best describes an
"insider threat"?
Option 1: A malicious actor outside the organization trying to
breach security
Option 2: A security breach caused by unintentional employee
actions
Option 3: A virus or malware designed to infiltrate a network
Option 4: A security measure that guards against external threats
Correct Response: 2
Explanation: An "insider threat" refers to a security breach caused
by unintentional or malicious actions by employees or individuals
with privileged access to the organization's systems. This threat can
result from actions like sharing sensitive data, falling victim to
phishing attacks, or intentionally causing harm.
Q: Security awareness training primarily aims to
address which of the following risks?
Option 1: External threats like hackers
Option 2: Natural disasters
Option 3: Insider threats
Option 4: Network downtime
Correct Response: 3
Explanation: Security awareness training is designed to address
insider threats. This training helps employees recognize and prevent
security breaches, making them more vigilant against unintentional
or malicious actions that could harm the organization's security.
Q: What is the most common motivation behind
insider threats in an organization?
Option 1: Personal gain
Option 2: Defending against external threats
Option 3: Lack of security measures
Option 4: Accidental actions
Correct Response: 1
Explanation: The most common motivation behind insider threats
is personal gain. This can include financial gain, revenge against the
organization, or selling sensitive information to third parties.
Understanding these motivations is essential for preventing and
mitigating insider threats.
Q: Which method is commonly used by
organizations to test the effectiveness of their
security awareness training?
Option 1: Phishing simulations
Option 2: Firewall configurations
Option 3: Virtual private networks (VPNs)
Option 4: Social engineering
Correct Response: 1
Explanation: Phishing simulations are commonly used by
organizations to test the effectiveness of their security awareness
training. They simulate phishing attacks to see how well employees
can recognize and respond to phishing attempts.
Q: Insider threats can be categorized into
malicious and _______. What fills the blank?
Option 1: Accidental
Option 2: Deliberate
Option 3: External
Option 4: Unintentional
Correct Response: 1
Explanation: Insider threats can be categorized into malicious
(deliberate) and accidental. Malicious insiders intentionally harm
the organization, while accidental insiders do so without intent,
often due to negligence or lack of awareness.
Q: Which of the following is NOT a primary
objective of security awareness training?
Option 1: Protecting against all possible threats
Option 2: Educating employees on security policies
Option 3: Reducing security risks
Option 4: Fostering a security-conscious culture
Correct Response: 1
Explanation: The primary objective of security awareness training
is not to protect against all possible threats. It is more about
educating employees on security policies, reducing security risks,
and fostering a security-conscious culture within the organization.
It's important to understand that while training is crucial, no
training can guarantee protection against all threats.
Q: In the context of insider threats, what term
describes the unintentional actions of employees
that lead to security breaches?
Option 1: Negligence
Option 2: Sabotage
Option 3: Espionage
Option 4: Fraud
Correct Response: 1
Explanation: Negligence in the context of insider threats refers to
the unintentional actions or mistakes made by employees that can
compromise security. This could include actions like clicking on a
malicious link in an email, inadvertently sharing sensitive
information, or misconfiguring security settings, all of which can
lead to security breaches.
Q: An employee using their access to steal
confidential company data for personal gain is
an example of which type of insider threat?
Option 1: Sabotage
Option 2: Negligence
Option 3: Espionage
Option 4: Fraud
Correct Response: 4
Explanation: This is an example of the "Fraud" type of insider
threat. Fraud involves malicious activities by insiders, typically for
personal gain. In this case, the employee is using their access to
commit an act of fraud by stealing confidential data for their
benefit.
Q: Which strategy focuses on limiting access to
information to only those who require it to
perform their job functions?
Option 1: Least Privilege
Option 2: Zero Trust
Option 3: Defense in Depth
Option 4: Social Engineering
Correct Response: 1
Explanation: The strategy of "Least Privilege" focuses on limiting
access to information and resources to only those individuals who
require it to perform their job functions. This minimizes the
potential for insider threats as employees only have access to what's
necessary for their role.
Q: One of the primary ways to mitigate insider
threats is to implement strict _______ controls.
Option 1: Access
Option 2: Security
Option 3: Administrative
Option 4: Network
Correct Response: 2
Explanation: One of the primary ways to mitigate insider threats is
to implement strict security controls. Security controls can include
measures like access restrictions, monitoring, and policies designed
to prevent unauthorized access and data breaches.
Q: Regular _______ sessions are essential to ensure
that employees are up-to-date with the latest
security policies and practices.
Option 1: Training
Option 2: Evaluation
Option 3: Maintenance
Option 4: Reporting
Correct Response: 1
Explanation: Regular training sessions are essential to ensure that
employees are up-to-date with the latest security policies and
practices. Security training helps employees recognize and respond
to security threats effectively.
Q: Security awareness training often includes
real-world simulations of _______ to test
employees' reactions.
Option 1: Attacks
Option 2: Guidelines
Option 3: Policies
Option 4: Hardware
Correct Response: 1
Explanation: Security awareness training often includes real-world
simulations of attacks to test employees' reactions. These
simulations help employees practice responding to security
incidents and identifying potential threats.
Q: The principle of "_______" ensures that critical
tasks or functions are not controlled by a single
individual.
Option 1: Least Privilege
Option 2: Defense in Depth
Option 3: Vulnerability Scanning
Option 4: Access Control
Correct Response: 1
Explanation: The principle of "Least Privilege" is a security concept
that restricts individual users' access rights to the minimum levels
necessary to accomplish their tasks. It ensures that no single person
has excessive access, reducing the risk of unauthorized actions or
potential damage.
Q: Insider threats can be particularly
challenging to detect because they often exploit
legitimate _______ rather than external
vulnerabilities.
Option 1: Software Bugs
Option 2: System Flaws
Option 3: Permissions
Option 4: Weak Passwords
Correct Response: 3
Explanation: Insider threats often exploit legitimate "Permissions"
granted to them as part of their job. This can make it challenging to
distinguish malicious behavior from regular activities, increasing
the risk of data breaches.
Q: To effectively mitigate insider threats,
organizations should focus on both
technological solutions and fostering a culture
of _______.
Option 1: Security Awareness
Option 2: Least Privilege
Option 3: Vulnerability Scanning
Option 4: Access Control
Correct Response: 1
Explanation: Organizations should focus on fostering a culture of
"Security Awareness" to mitigate insider threats. This involves
educating employees about security best practices and encouraging
a shared responsibility for protecting the organization's data and
systems.
Q: An employee in the finance department is
found accessing confidential HR records without
a valid reason. This action is indicative of which
type of security concern?
Option 1: Insider Threat
Option 2: Phishing
Option 3: Ransomware
Option 4: Firewall
Correct Response: 1
Explanation: This situation points to an insider threat. An insider
threat occurs when someone within an organization misuses their
access or privileges to compromise security, such as unauthorized
access to sensitive data.
Q: After completing security awareness training,
an employee promptly reports a suspicious
email they received, which turns out to be a
phishing attempt. This situation emphasizes the
importance of which aspect of cybersecurity?
Option 1: Human Behavior
Option 2: Network Security
Option 3: Endpoint Security
Option 4: Encryption
Correct Response: 1
Explanation: The scenario highlights the importance of human
behavior in cybersecurity. An educated and vigilant workforce can
play a crucial role in identifying and reporting potential security
threats, such as phishing attempts.
Q: A company conducts a simulated phishing
attack on its employees as part of its security
training. A majority of employees report the
email and don't click on the links. This type of
simulation is primarily used to assess what?
Option 1: Employee Awareness
Option 2: Firewall Effectiveness
Option 3: Encryption Strength
Option 4: Malware Detection
Correct Response: 1
Explanation: This simulation primarily assesses employee
awareness. Conducting simulated phishing attacks helps gauge how
well employees can recognize and respond to phishing attempts,
contributing to an overall culture of cybersecurity awareness.
Q: What is the primary purpose of an incident
reporting procedure in an organization?
Option 1: A. To assign blame
Option 2: B. To improve system performance
Option 3: C. To prevent all incidents
Option 4: D. To identify and address security incidents
Correct Response: 4
Explanation: The primary purpose of an incident reporting
procedure in an organization is to identify and address security
incidents. This process is essential for recognizing and responding
to events that could potentially harm the organization's information
security. Incident reporting helps in containment and recovery,
minimizing the impact of security breaches.
Q: In the context of mobile security, what does
BYOD stand for?
Option 1: A. Bring Your Own Data
Option 2: B. Bring Your Own Device
Option 3: C. Build Your Own Device
Option 4: D. Business Yearning Over Devices
Correct Response: 2
Explanation: BYOD stands for "Bring Your Own Device." This
policy allows employees to use their personal devices (such as
smartphones, tablets, or laptops) for official work purposes. It can
enhance flexibility and productivity but also poses security
challenges that need to be addressed.
Q: Which policy allows employees to use their
personal devices for official work, but also
emphasizes security measures to protect
company data?
Option 1: A. BYOB Policy
Option 2: B. COPE Policy
Option 3: C. CYOD Policy
Option 4: D. BYOD Policy
Correct Response: 4
Explanation: The policy that allows employees to use their
personal devices for official work but also emphasizes security
measures to protect company data is the BYOD (Bring Your Own
Device) policy. This policy outlines guidelines and security
measures to ensure that sensitive company information remains
secure when accessed on personal devices.
Q: After detecting a potential security incident
on a mobile device, what is the first step an
employee should typically take, as per standard
reporting procedures?
Option 1: Disconnect from the network
Option 2: Attempt to resolve the incident independently
Option 3: Immediately report it to the organization's IT or security
team
Option 4: Continue using the device as usual
Correct Response: 3
Explanation: The first step an employee should take upon detecting
a potential security incident on a mobile device is to immediately
report it to the organization's IT or security team. This ensures that
the incident is addressed promptly and the necessary steps are
taken to mitigate any potential risks.
Q: Mobile Device Management (MDM) solutions
are primarily used to enforce what within an
organization's BYOD policy?
Option 1: Data encryption
Option 2: Restricting personal app usage
Option 3: Monitoring device location
Option 4: Enforcing security policies and configurations
Correct Response: 4
Explanation: MDM solutions are primarily used to enforce security
policies and configurations within an organization's Bring Your
Own Device (BYOD) policy. These policies can include things like
password requirements, app restrictions, and encryption settings to
ensure that personal devices used for work are secure and
compliant with company standards.
Q: Which of the following is not typically a part
of an effective incident response plan?
Option 1: Communication plan
Option 2: Data backup plan
Option 3: Incident classification and prioritization
Option 4: Security awareness training
Correct Response: 4
Explanation: Security awareness training is not typically a direct
part of an incident response plan but rather a proactive measure to
educate employees about security best practices. An incident
response plan focuses on how to react to and mitigate security
incidents after they occur.
Q: In the context of BYOD policies, what refers
to the isolation of personal and work data on a
single device?
Option 1: Containerization
Option 2: Segmentation
Option 3: Virtualization
Option 4: Integration
Correct Response: 1
Explanation: Containerization, in the context of BYOD (Bring Your
Own Device) policies, refers to the practice of isolating personal and
work-related data on a single device within separate, secure
containers. These containers keep the data separate, ensuring
privacy and security for both personal and work-related
information.
Q: A company's incident reporting procedure
mandates the use of a specific platform for
logging incidents to ensure traceability and
accountability. This is an example of what kind
of control?
Option 1: Administrative Control
Option 2: Technical Control
Option 3: Physical Control
Option 4: Preventive Control
Correct Response: 1
Explanation: This is an example of an Administrative Control.
Administrative controls are measures and policies put in place to
manage and regulate security practices. In this case, mandating the
use of a specific platform is an administrative measure to ensure
traceability and accountability when logging incidents.
Q: An effective incident reporting procedure
should prioritize which aspect to ensure timely
remediation?
Option 1: Incident Identification
Option 2: Incident Classification
Option 3: Incident Escalation
Option 4: Incident Notification
Correct Response: 2
Explanation: An effective incident reporting procedure should
prioritize incident classification to ensure timely remediation.
Properly classifying incidents based on their severity and impact
helps in allocating resources efficiently. Critical incidents can be
addressed with higher priority, leading to timely remediation and
reduced potential damage.
Q: In an incident reporting procedure, a _______ is
typically designated to coordinate the response
and recovery efforts.
Option 1: CISO
Option 2: CSIRT
Option 3: CEO
Option 4: CTO
Correct Response: 2
Explanation: In an incident reporting procedure, a CSIRT
(Computer Security Incident Response Team) is typically designated
to coordinate the response and recovery efforts. A CSIRT is a team
of experts responsible for the protection against and management of
cybersecurity incidents.
Q: To ensure that personal apps do not access
company data on a BYOD device, organizations
implement _______ solutions.
Option 1: VPN
Option 2: MDM
Option 3: IDS
Option 4: DNS
Correct Response: 2
Explanation: To ensure that personal apps do not access company
data on a BYOD (Bring Your Own Device) device, organizations
implement MDM (Mobile Device Management) solutions. MDM
allows organizations to control and secure mobile devices used by
their employees.
Q: When employees fail to report security
incidents due to fear of reprisal, it's often a sign
of a weak _______ culture.
Option 1: Compliance
Option 2: Security
Option 3: Organizational
Option 4: Ethical
Correct Response: 3
Explanation: When employees fail to report security incidents due
to fear of reprisal, it's often a sign of a weak organizational culture.
A strong security culture encourages employees to report incidents
without fear of negative consequences and emphasizes the
importance of security.
Q: An employee loses their personal
smartphone, which they also use for work-
related tasks. They immediately report the loss
to the IT department, which then remotely
wipes the device. This action is most likely in
accordance with which organizational policy?
Option 1: BYOD Policy
Option 2: Data Retention Policy
Option 3: Mobile Device Management (MDM) Policy
Option 4: Privacy Policy
Correct Response: 3
Explanation: This action is most likely in accordance with the
Mobile Device Management (MDM) Policy. MDM policies often
include provisions for remote device wiping to protect sensitive
company data when a device is lost or stolen. It allows IT
departments to remotely erase company data and applications from
the device to prevent data breaches.
Q: Jane, an IT manager, receives an email
detailing a potential security incident. However,
the email does not contain enough specifics to
act upon. To improve the quality and
consistency of incident reports, Jane might
consider implementing what?
Option 1: Security Awareness Training
Option 2: Incident Response Plan
Option 3: Security Incident Reporting Guidelines
Option 4: Regular Software Updates
Correct Response: 3
Explanation: Jane should consider implementing Security Incident
Reporting Guidelines. These guidelines provide a structured format
for reporting security incidents, including the specific details and
information required. They help ensure that incident reports
contain enough information for the IT team to act upon effectively.
Q: After adopting a new BYOD policy, a
company notices an increase in security
incidents related to mobile devices. What might
be an effective measure to decrease these
incidents while still allowing BYOD?
Option 1: Ban BYOD entirely
Option 2: Implement Mobile Device Management (MDM) solutions
Option 3: Increase the number of personal devices allowed
Option 4: Decrease the security awareness training
Correct Response: 2
Explanation: Implementing Mobile Device Management (MDM)
solutions can be an effective measure to decrease security incidents
related to mobile devices while still allowing BYOD. MDM solutions
provide better control and security for company data on personal
devices, allowing for features like remote wipe, device encryption,
and app management to mitigate risks.