-
web.groovymark@gmail.com
- December 2, 2024
Question 21
What is the primary purpose of a penetration test?
a) To improve system performance
b) To assess vulnerabilities in a system or application
c) To train users on security best practices
d) To create backup copies of data
Correct Answer: b) To assess vulnerabilities in a system or application
Explanation: Penetration testing simulates attacks on a system to identify and evaluate vulnerabilities that could be exploited by malicious actors.
Question 22
What does the acronym “SIEM” stand for?
a) Security Information and Event Management
b) System Integration and Event Monitoring
c) Security Integration and Emergency Management
d) System Information and Event Management
Correct Answer: a) Security Information and Event Management
Explanation: SIEM refers to the process of collecting, analyzing, and responding to security-related data from various sources within an organization.
Question 23
Which of the following is a characteristic of ransomware?
a) It is a type of malware that provides unauthorized access
b) It encrypts data and demands a ransom for decryption
c) It slows down network performance
d) It is a type of phishing attack
Correct Answer: b) It encrypts data and demands a ransom for decryption
Explanation: Ransomware is a type of malicious software that encrypts files on a victim's device and demands payment for the decryption key.
Question 24
What is the function of a security information and event management (SIEM) system?
a) To automatically patch software vulnerabilities
b) To store all data in the cloud
c) To collect and analyze security-related data
d) To manage user access controls
Correct Answer: c) To collect and analyze security-related data
Explanation: SIEM systems aggregate and analyze security data from various sources to detect and respond to security incidents.
Question 25
What is “social engineering” in the context of cybersecurity?
a) The use of technology to enhance social interactions
b) Manipulating individuals to gain confidential information
c) Developing social networks for sharing information
d) A type of network attack
Correct Answer: b) Manipulating individuals to gain confidential information
Explanation: Social engineering involves exploiting human psychology to trick individuals into divulging sensitive information.
Question 26
What does “API” stand for?
a) Automated Process Integration
b) Application Programming Interface
c) Advanced Programming Interface
d) Application Performance Index
Correct Answer: b) Application Programming Interface
Explanation: An API is a set of rules and protocols for building and interacting with software applications, allowing different systems to communicate with each other.
Question 27
Which of the following is an advantage of using cloud computing?
a) Limited scalability
b) High upfront capital costs
c) Accessibility from anywhere with internet access
d) Requires on-premises infrastructure
Correct Answer: c) Accessibility from anywhere with internet access
Explanation: Cloud computing enables users to access applications and data from any location with internet connectivity, enhancing flexibility and collaboration.
Question 28
What is the purpose of a security policy?
a) To define a company’s marketing strategy
b) To outline the rules and procedures for securing information
c) To manage employee schedules
d) To track inventory levels
Correct Answer: b) To outline the rules and procedures for securing information
Explanation: A security policy establishes guidelines for protecting an organization's information and assets from threats and vulnerabilities.
Question 29
What does “two-factor authentication” (2FA) provide?
a) A single layer of security
b) Two layers of security for user accounts
c) Unlimited access to systems
d) Enhanced network speed
Correct Answer: b) Two layers of security for user accounts
Explanation: 2FA requires users to provide two different forms of identification before gaining access, adding an extra layer of security beyond just a password.
Question 30
What type of attack involves overwhelming a system with traffic to disrupt service?
a) Phishing
b) Denial of Service (DoS)
c) Man-in-the-Middle
d) SQL Injection
Correct Answer: b) Denial of Service (DoS)
Explanation: A DoS attack aims to make a service unavailable by flooding it with excessive traffic, rendering it unable to respond to legitimate requests.
Question 31
Which of the following best describes “risk assessment”?
a) The process of developing security policies
b) The identification and evaluation of risks
c) The implementation of security controls
d) The monitoring of security incidents
Correct Answer: b) The identification and evaluation of risks
Explanation: Risk assessment involves identifying potential risks to an organization and evaluating their impact and likelihood.
Question 32
What is the primary goal of identity and access management (IAM)?
a) To monitor network traffic
b) To manage user identities and access permissions
c) To detect malware
d) To enforce data encryption
Correct Answer: b) To manage user identities and access permissions
Explanation: IAM focuses on ensuring that the right individuals have appropriate access to technology resources while maintaining security.
Question 33
What does the term “patch management” refer to?
a) The process of monitoring network performance
b) The practice of applying updates to software to fix vulnerabilities
c) The development of security policies
d) The configuration of firewalls
Correct Answer: b) The practice of applying updates to software to fix vulnerabilities
Explanation: Patch management involves regularly updating software to address vulnerabilities and improve functionality.
Question 34
What is the purpose of a digital signature?
a) To speed up transactions
b) To verify the authenticity and integrity of a message or document
c) To encrypt sensitive information
d) To improve system performance
Correct Answer: b) To verify the authenticity and integrity of a message or document
Explanation: Digital signatures provide assurance that a message or document has not been altered and confirm the identity of the sender.
Question 35
What does “data integrity” ensure?
a) Data is easily accessible
b) Data is accurate and consistent over its lifecycle
c) Data is stored in the cloud
d) Data is encrypted during transmission
Correct Answer: b) Data is accurate and consistent over its lifecycle
Explanation: Data integrity ensures that information remains accurate, consistent, and trustworthy throughout its lifecycle.
Question 36
Which of the following is a common method for securing wireless networks?
a) Using a public IP address
b) Disabling encryption
c) Implementing WPA3 encryption
d) Allowing all traffic
Correct Answer: c) Implementing WPA3 encryption
Explanation: WPA3 is the latest Wi-Fi security protocol, providing stronger encryption and protection for wireless networks.
Question 37
What is the purpose of a firewall?
a) To monitor and control incoming and outgoing network traffic
b) To store sensitive data
c) To backup files
d) To enhance user experience
Correct Answer: a) To monitor and control incoming and outgoing network traffic
Explanation: A firewall acts as a barrier between a trusted network and untrusted networks, filtering traffic based on security rules.
Question 38
What is “cloud computing”?
a) A method for storing data locally
b) A technology for distributed computing over the internet
c) A type of malware
d) A hardware configuration
Correct Answer: b) A technology for distributed computing over the internet
Explanation: Cloud computing allows users to access and store data and applications on remote servers accessed via the internet rather than on local machines.
Question 39
What is a “data breach”?
a) A method of data encryption
b) An incident where unauthorized access to sensitive data occurs
c) A type of network monitoring
d) A security policy
Correct Answer: b) An incident where unauthorized access to sensitive data occurs
Explanation: A data breach refers to the unauthorized access and retrieval of sensitive information, often leading to identity theft or financial loss.
Question 40
What is a “keylogger”?
a) A tool used to encrypt data
b) A device or software that records keystrokes
c) A type of malware that accelerates processing
d) A network monitoring tool
Correct Answer: b) A device or software that records keystrokes
Explanation: Keyloggers capture and store the keystrokes of users, potentially allowing attackers to steal sensitive information such as passwords.
