-
web.groovymark@gmail.com
- December 4, 2024
Question 01
Which of the following attacks is used to trick users into providing confidential information by impersonating a trusted entity?
A. Brute-force attack
B. Phishing
C. SQL injection
D. Denial of Service (DoS)
Correct Answer: B. Phishing
Explanation: Phishing attacks impersonate a trusted entity, tricking users into providing confidential information, such as passwords. Other attacks, such as brute-force, SQL injection, and DoS, use different techniques.
Question 02
Which of the following ensures that encrypted data can be decrypted only by the intended recipient?
A. Integrity
B. Confidentiality
C. Availability
D. Non-repudiation
Correct Answer: B. Confidentiality
Explanation: Confidentiality ensures that only authorized parties can access and decrypt sensitive data. Integrity ensures data accuracy, availability ensures timely access, and non-repudiation confirms action authenticity.
Question 03
Which of the following protocols is primarily used for encrypting web traffic?
A. FTP
B. HTTPS
C. IMAP
D. Telnet
Correct Answer: B. HTTPS
Explanation: HTTPS encrypts web traffic using SSL/TLS, providing secure communication over the internet. FTP, IMAP, and Telnet are not used for securing web traffic.
Question 04
Which of the following types of malware is designed to block access to a system or data until a ransom is paid?
A. Worm
B. Virus
C. Trojan
D. Ransomware
Correct Answer: D. Ransomware
Explanation: Ransomware locks users out of their systems or data until a ransom is paid. Worms, viruses, and trojans behave differently, typically aiming to spread or disguise malicious activity.
Question 05
Which of the following is a method used to improve system performance and redundancy by distributing tasks across multiple servers?
A. VPN
B. Load balancing
C. Firewalls
D. MAC filtering
Correct Answer: B. Load balancing
Explanation: Load balancing distributes tasks across multiple servers to improve performance and redundancy. VPNs, firewalls, and MAC filtering serve different purposes in security and network management.
Question 06
Which of the following best describes the process of testing a system or network for vulnerabilities by simulating an attack?
A. Penetration testing
B. Tokenization
C. VPN setup
D. MAC filtering
Correct Answer: A. Penetration testing
Explanation: Penetration testing involves simulating an attack to identify vulnerabilities in systems or networks. Tokenization, VPN setup, and MAC filtering are different techniques in security management.
Question 07
Which of the following terms refers to the process of managing updates, patches, and configuration changes in an organized manner?
A. Incident response
B. Patch management
C. Change management
D. Penetration testing
Correct Answer: C. Change management
Explanation: Change management refers to the organized process of managing updates, patches, and configuration changes. Patch management focuses on applying software updates, while incident response handles security breaches.
Question 08
Which of the following types of encryption uses two keys: one for encryption and one for decryption?
A. Symmetric encryption
B. Asymmetric encryption
C. Hashing
D. Tokenization
Correct Answer: B. Asymmetric encryption
Explanation: Asymmetric encryption uses a pair of keys—public for encryption and private for decryption. Symmetric encryption uses the same key for both encryption and decryption, while hashing and tokenization serve different purposes.
Question 09
Which of the following refers to an attack where data is intercepted between two parties during communication?
A. Man-in-the-middle attack
B. Brute-force attack
C. SQL injection
D. Phishing
Correct Answer: A. Man-in-the-middle attack
Explanation: In a man-in-the-middle attack, the attacker intercepts and possibly alters communication between two parties without their knowledge. Brute-force attacks, SQL injection, and phishing involve different attack methods.
Question 10
Which of the following is used to determine whether a user has the appropriate permissions to access a system or resource?
A. Authentication
B. Authorization
C. Confidentiality
D. Non-repudiation
Correct Answer: B. Authorization
Explanation: Authorization ensures that users have the appropriate permissions to access a system or resource. Authentication verifies the user's identity, confidentiality protects data, and non-repudiation ensures action authenticity.
Question 11
What type of attack occurs when an attacker floods a server with traffic, preventing legitimate users from accessing services?
A. Brute-force attack
B. Denial of Service (DoS)
C. Man-in-the-middle attack
D. Phishing
Correct Answer: B. Denial of Service (DoS)
Explanation: A DoS attack floods a server with traffic, causing service disruptions for legitimate users. Brute-force, man-in-the-middle, and phishing are different attack techniques.
Question 12
Which of the following methods is used to verify the integrity of a message or file?
A. Hashing
B. Encryption
C. Tokenization
D. VPN
Correct Answer: A. Hashing
Explanation: Hashing generates a unique value for a message or file, which can be used to verify its integrity. Encryption, tokenization, and VPNs offer different protections and services.
Question 13
Which of the following ensures that data is accessible when needed by authorized users?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: C. Availability
Explanation: Availability ensures that data and systems are accessible to authorized users when needed. Confidentiality protects data from unauthorized access, integrity maintains data accuracy, and non-repudiation confirms action authenticity.
Question 14
Which of the following refers to the practice of limiting the attack surface of a system by disabling unnecessary services and features?
A. Patch management
B. Change management
C. System hardening
D. Penetration testing
Correct Answer: C. System hardening
Explanation: System hardening involves disabling unnecessary services and features to reduce the attack surface of a system. Patch management and change management serve different purposes in system administration.
Question 15
Which of the following is the process of converting data into a format that cannot be easily read by unauthorized users?
A. Encryption
B. Tokenization
C. Hashing
D. Salting
Correct Answer: A. Encryption
Explanation: Encryption converts data into an unreadable format, ensuring only authorized users can decrypt it. Tokenization, hashing, and salting offer different security functions.
Question 16
Which of the following refers to an attempt by an attacker to guess a password by systematically trying every possible combination?
A. SQL injection
B. Brute-force attack
C. Man-in-the-middle attack
D. Phishing
Correct Answer: B. Brute-force attack
Explanation: A brute-force attack involves systematically trying every possible password combination to gain access. SQL injection, man-in-the-middle, and phishing are different types of attacks.
Question 17
Which of the following provides a digital certificate to verify the identity of the sender of a message?
A. VPN
B. Firewall
C. Public Key Infrastructure (PKI)
D. Tokenization
Correct Answer: C. Public Key Infrastructure (PKI)
Explanation: PKI provides a framework for digital certificates to verify the identity of the sender, ensuring the authenticity of communication. VPNs, firewalls, and tokenization serve different purposes.
Question 18
What type of malware is specifically designed to provide unauthorized access to a system by creating a backdoor?
A. Virus
B. Worm
C. Trojan
D. Ransomware
Correct Answer: C. Trojan
Explanation: A trojan is malware that disguises itself as legitimate software and creates a backdoor for unauthorized access. Viruses, worms, and ransomware have different behaviors.
Question 19
Which of the following refers to a method of verifying user identity by using more than one authentication factor?
A. Single sign-on
B. Role-based access control
C. Two-factor authentication
D. MAC filtering
Correct Answer: C. Two-factor authentication
Explanation: Two-factor authentication (2FA) involves using more than one authentication factor, such as a password and a fingerprint, to verify a user's identity. Single sign-on, role-based access control, and MAC filtering are different techniques.
Question 20
Which of the following describes the process of converting data into a fixed-length string of characters that represents the data?
A. Hashing
B. Encryption
C. Tokenization
D. Salting
Correct Answer: A. Hashing
Explanation: Hashing converts data into a fixed-length string of characters, which is used to verify the integrity of data. Encryption, tokenization, and salting provide different types of security.
