-
web.groovymark@gmail.com
- December 4, 2024
Question 01
Which of the following is the primary purpose of using a sandbox in cybersecurity?
A. To encrypt data in transit
B. To isolate and test potentially malicious software
C. To manage access control
D. To authenticate users
Correct Answer: B. To isolate and test potentially malicious software
Explanation: A sandbox is used to safely run and analyze potentially malicious software in an isolated environment without risking the host system. It does not encrypt data, manage access control, or authenticate users.
Question 02
Which of the following best describes an attack where an attacker sends out mass emails disguised as legitimate companies in an attempt to steal personal information?
A. Phishing
B. Man-in-the-middle
C. SQL injection
D. Smurf attack
Correct Answer: A. Phishing
Explanation: Phishing involves sending mass emails that appear to be from legitimate sources in an attempt to steal sensitive information like passwords or credit card numbers. Other options are different types of attacks.
Question 03
Which of the following is used to hide malicious intent by embedding the code within legitimate-looking data, such as in images or videos?
A. Steganography
B. Encryption
C. SQL injection
D. Cross-site scripting
Correct Answer: A. Steganography
Explanation: Steganography is the practice of hiding data, such as malicious code, within files like images, videos, or text. It differs from encryption and various other attack methods like SQL injection and cross-site scripting.
Question 04
Which security control limits user access based on their roles and responsibilities within an organization?
A. Discretionary access control
B. Mandatory access control
C. Role-based access control
D. Attribute-based access control
Correct Answer: C. Role-based access control
Explanation: Role-based access control (RBAC) restricts system access to authorized users based on their job roles. Other forms of access control have different mechanisms for determining access permissions.
Question 05
What is the primary purpose of implementing encryption for data at rest?
A. To authenticate users
B. To ensure data integrity
C. To prevent unauthorized access to stored data
D. To monitor network traffic
Correct Answer: C. To prevent unauthorized access to stored data
Explanation: Encryption for data at rest ensures that sensitive information is protected from unauthorized access even if the storage device is compromised. It does not authenticate users, ensure data integrity, or monitor network traffic.
Question 06
Which of the following refers to a form of attack that compromises a legitimate website to serve malicious content to users visiting the site?
A. Watering hole attack
B. SQL injection
C. Brute-force attack
D. Cross-site scripting
Correct Answer: A. Watering hole attack
Explanation: A watering hole attack involves compromising a legitimate website to deliver malicious content to visitors. This differs from SQL injection, brute-force attacks, and cross-site scripting.
Question 07
Which of the following types of attacks aims to gain access to network devices by overwhelming them with more traffic than they can handle?
A. Phishing
B. Man-in-the-middle
C. Denial of Service (DoS)
D. Smurf attack
Correct Answer: C. Denial of Service (DoS)
Explanation: A Denial of Service (DoS) attack aims to overwhelm a target system with traffic, rendering it unable to process legitimate requests. Phishing, man-in-the-middle, and smurf attacks are different in nature.
Question 08
What type of attack involves the exploitation of a software vulnerability that hasn’t yet been discovered or patched by the developer?
A. Zero-day
B. Man-in-the-middle
C. Brute-force
D. Cross-site scripting
Correct Answer: A. Zero-day
Explanation: A zero-day attack exploits a vulnerability that is unknown to the developer and has no existing patch. Other types of attacks target known vulnerabilities or use different attack strategies.
Question 09
Which of the following is used to detect and prevent malware on endpoints?
A. VPN
B. Firewall
C. Antivirus software
D. Intrusion Prevention System
Correct Answer: C. Antivirus software
Explanation: Antivirus software is designed to detect, prevent, and remove malware from endpoints. Firewalls, VPNs, and Intrusion Prevention Systems serve different functions.
Question 10
Which of the following ensures that data remains unchanged during transmission and prevents unauthorized modifications?
A. Confidentiality
B. Integrity
C. Availability
D. Encryption
Correct Answer: B. Integrity
Explanation: Integrity ensures that data remains unchanged during transmission and prevents unauthorized modifications. Confidentiality and availability are different aspects of information security, and encryption is a tool used to ensure confidentiality and integrity.
Question 11
Which of the following is used to authenticate users by requiring both a password and a one-time PIN?
A. Single sign-on
B. Role-based access control
C. Two-factor authentication
D. Tokenization
Correct Answer: C. Two-factor authentication
Explanation: Two-factor authentication (2FA) requires users to provide two different authentication factors, such as a password and a one-time PIN, to verify their identity. Other options use different mechanisms for security and authentication.
Question 12
An attacker manages to inject malicious scripts into a web application, allowing it to execute in the user’s browser. This is an example of which of the following attacks?
A. Cross-site scripting
B. SQL injection
C. Phishing
D. Denial of Service
Correct Answer: A. Cross-site scripting
Explanation: Cross-site scripting (XSS) involves injecting malicious scripts into a trusted website, which then execute in the user's browser. Other types of attacks, like SQL injection, have different targets and methods.
Question 13
Which of the following refers to the concept of ensuring that only authorized users have access to sensitive data?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: A. Confidentiality
Explanation: Confidentiality ensures that sensitive information is only accessible to authorized individuals. Integrity focuses on ensuring data is accurate, availability ensures data is accessible when needed, and non-repudiation prevents users from denying actions.
Question 14
Which type of attack involves intercepting and potentially modifying communications between two parties without their knowledge?
A. Phishing
B. Man-in-the-middle
C. Cross-site scripting
D. Brute-force
Correct Answer: B. Man-in-the-middle
Explanation: A man-in-the-middle attack involves intercepting and possibly altering communication between two parties without their knowledge. Other types of attacks target different aspects of communication and systems.
Question 15
Which of the following is the process of converting plain text into unreadable code to protect sensitive information?
A. Decryption
B. Tokenization
C. Encryption
D. Hashing
Correct Answer: C. Encryption
Explanation: Encryption is the process of converting plain text into unreadable code to protect sensitive information. Decryption is the reverse process, while hashing and tokenization serve different purposes.
Question 16
Which of the following protocols is used to ensure secure communication over a wireless network by encrypting data?
A. WEP
B. WPA2
C. HTTP
D. FTP
Correct Answer: B. WPA2
Explanation: WPA2 is a security protocol used to encrypt data and ensure secure communication over wireless networks. WEP, HTTP, and FTP are older or insecure options
Question 17
An organization wants to prevent unauthorized devices from connecting to its internal network. Which of the following should be implemented?
A. MAC filtering
B. IDS
C. VPN
D. Tokenization
Correct Answer: A. MAC filtering
Explanation: MAC filtering allows an organization to control which devices are allowed to connect to the network by filtering based on their MAC addresses. IDS, VPN, and tokenization serve different purposes.
Question 18
Which of the following best describes an attack where an attacker sends out malicious emails that appear to be from a legitimate source to steal sensitive information?
A. Phishing
B. Brute-force
C. Denial of Service
D. Man-in-the-middle
Correct Answer: A. Phishing
Explanation: Phishing involves sending malicious emails that appear legitimate to trick users into revealing sensitive information. The other options describe different types of attacks.
Question 19
Which of the following is used to ensure that sensitive data remains secure even if a system is physically compromised?
A. Data encryption
B. Role-based access control
C. MAC filtering
D. VPN
Correct Answer: A. Data encryption
Explanation: Data encryption ensures that sensitive information remains secure even if the system is compromised by converting the data into unreadable code. Other options focus on controlling access rather than protecting the data itself.
Question 20
Which of the following refers to the ability to verify that a user or system has performed an action, and that the user cannot deny performing it?
A. Integrity
B. Non-repudiation
C. Confidentiality
D. Availability
Correct Answer: B. Non-repudiation
Explanation: Non-repudiation ensures that actions performed by a user or system can be verified and that they cannot deny performing the action. The other terms describe different security concepts.
