- web.groovymark@gmail.com
- December 3, 2024
Question 41
Which of the following best describes the role of encryption in cybersecurity?
A. To block unauthorized access
B. To verify user identity
C. To protect data confidentiality
D. To monitor network traffic
Correct Answer: C. To protect data confidentiality
Explanation: Encryption ensures data confidentiality by converting data into an unreadable format that can only be deciphered by authorized parties. It does not block access, verify identity, or monitor traffic.
Question 42
An attacker is attempting to intercept and modify data being transmitted between two parties. This is an example of which of the following attacks?
A. Phishing
B. SQL injection
C. Man-in-the-middle attack
D. Brute-force attack
Correct Answer: C. Man-in-the-middle attack
Explanation: A man-in-the-middle (MitM) attack involves intercepting and potentially altering communication between two parties. Phishing, SQL injection, and brute-force attacks use different methods.
Question 43
Which of the following security measures should be implemented to ensure that an attacker cannot reuse a stolen password hash to gain access to a system?
A. Salting
B. Encryption
C. Two-factor authentication
D. Firewalls
Correct Answer: A. Salting
Explanation: Salting adds random data to a password before it is hashed, preventing attackers from reusing stolen password hashes to access systems.
Question 44
A company wants to ensure that users accessing the internal network are using secure, encrypted connections. Which of the following should be used?
A. VPN
B. IDS
C. MAC filtering
D. Firewalls
Correct Answer: A. VPN
Explanation: A VPN (Virtual Private Network) provides secure, encrypted connections to the internal network, ensuring that data is protected. IDS, MAC filtering, and firewalls serve different purposes.
Question 45
Which of the following best describes the purpose of a digital signature?
A. To encrypt sensitive data
B. To verify the integrity of data and ensure non-repudiation
C. To monitor for suspicious traffic
D. To manage access control lists
Correct Answer: B. To verify the integrity of data and ensure non-repudiation
Explanation: A digital signature verifies the integrity of data and ensures non-repudiation, meaning the sender cannot deny sending the data. It does not encrypt data, monitor traffic, or manage access control lists.
Question 46
Which of the following best describes the function of an Intrusion Detection System (IDS)?
A. To block unauthorized access
B. To monitor for suspicious activity
C. To encrypt network traffic
D. To authenticate users
Correct Answer: B. To monitor for suspicious activity
Explanation: An IDS monitors network traffic for suspicious activity or potential security breaches. It does not block access, encrypt traffic, or authenticate users.
Question 47
An attacker is attempting to exploit a known vulnerability in software to gain access to a system. This is an example of which of the following?
A. SQL injection
B. Exploit
C. Phishing
D. Cross-site scripting
Correct Answer: B. Exploit
Explanation: An exploit takes advantage of a software vulnerability to gain unauthorized access to a system. SQL injection, phishing, and cross-site scripting are specific types of attacks.
Question 48
Which of the following is the best way to ensure that sensitive data on a lost or stolen laptop remains protected from unauthorized access?
A. Antivirus software
B. Full disk encryption
C. Firewalls
D. VPN
Correct Answer: B. Full disk encryption
Explanation: Full disk encryption ensures that data on a lost or stolen laptop is encrypted and cannot be accessed by unauthorized individuals. Antivirus, firewalls, and VPNs do not provide this level of protection.
Question 49
Which of the following attacks involves sending unsolicited, often malicious, messages over SMS?
A. Spam
B. Phishing
C. SMiShing
D. Spoofing
Correct Answer: C. SMiShing
Explanation: SMiShing is a type of phishing attack that uses SMS messages to deceive users into revealing sensitive information. Spam, phishing, and spoofing are different types of attacks.
Question 50
Which of the following terms refers to the practice of using a single authentication process to access multiple systems without needing to log in again?
A. Role-based access control
B. Single sign-on
C. Two-factor authentication
D. MAC filtering
Correct Answer: B. Single sign-on
Explanation: Single sign-on (SSO) allows users to authenticate once and gain access to multiple systems without needing to log in again. Role-based access control, two-factor authentication, and MAC filtering are unrelated security measures.