-
web.groovymark@gmail.com
- December 2, 2024
Question 01
What is a vulnerability assessment?
a) A test of a system’s performance
b) An evaluation of security weaknesses in a system
c) A method of data encryption
d) A process for data backup
Correct Answer: b) An evaluation of security weaknesses in a system
Explanation: A vulnerability assessment identifies and evaluates security weaknesses in a system to improve its security posture.
Question 02
What does “encryption” do?
a) Increases the size of files
b) Protects data by converting it into an unreadable format
c) Reduces data transfer speed
d) Deletes sensitive information
Correct Answer: b) Protects data by converting it into an unreadable format
Explanation: Encryption secures data by transforming it into a format that cannot be easily read without the appropriate decryption key.
Question 03
What is a Denial of Service (DoS) attack?
a) An attempt to steal data from a network
b) A method of encrypting data
c) An attack aimed at making a service unavailable
d) A technique for improving network speed
Correct Answer: c) An attack aimed at making a service unavailable
Explanation: A DoS attack overwhelms a system's resources, rendering it unable to respond to legitimate requests.
Question 04
What does the principle of least privilege entail?
a) Granting users maximum access to all resources
b) Restricting user access to only what is necessary
c) Allowing users to share credentials
d) Keeping all data public
Correct Answer: b) Restricting user access to only what is necessary
Explanation: The principle of least privilege ensures that users have only the access they need to perform their job functions, reducing the risk of unauthorized access.
Question 05
What is phishing?
a) A method of network monitoring
b) A type of cyber attack that attempts to trick users into providing sensitive information
c) A technique for data encryption
d) A process for securing servers
Correct Answer: b) A type of cyber attack that attempts to trick users into providing sensitive information
Explanation: Phishing involves deceptive emails or websites designed to lure individuals into disclosing personal or financial information.
Question 06
What is multi-factor authentication (MFA)?
a) Using multiple passwords for a single account
b) A security measure that requires two or more verification methods
c) A method of data encryption
d) A technique for backing up data
Correct Answer: b) A security measure that requires two or more verification methods
Explanation: MFA enhances security by requiring users to provide additional verification factors beyond just a password.
Question 07
What is a firewall?
a) A device that stores backup data
b) A system designed to prevent unauthorized access to or from a network
c) A type of data encryption
d) A method of managing user accounts
Correct Answer: b) A system designed to prevent unauthorized access to or from a network
Explanation: A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Question 08
What does “malware” stand for?
a) Malicious software
b) Multi-layered software
c) Managed web application
d) Mobile application
Correct Answer: a) Malicious software
Explanation: Malware refers to any software designed to harm or exploit any programmable device or network.
Question 09
What is a security incident?
a) An event that does not affect system operations
b) Any unauthorized access or breach of security
c) A regular software update
d) A scheduled maintenance task
Correct Answer: b) Any unauthorized access or breach of security
Explanation: A security incident is an event that indicates a potential breach or compromise of security protocols.
Question 10
What is the role of a security operations center (SOC)?
a) To develop software applications
b) To monitor, detect, and respond to security incidents
c) To manage user accounts
d) To oversee system performance
Correct Answer: b) To monitor, detect, and respond to security incidents
Explanation: A SOC is responsible for continuous monitoring and analysis of security events to protect an organization's information systems.
Question 11
What does “endpoint security” refer to?
a) Protecting data at the server level
b) Securing devices that connect to the network
c) Enhancing network speed
d) Storing data in the cloud
Correct Answer: b) Securing devices that connect to the network
Explanation: Endpoint security focuses on protecting devices such as laptops, smartphones, and tablets from potential threats.
Question 12
What is the purpose of a digital certificate?
a) To encrypt data
b) To verify the identity of a user, device, or server
c) To increase network speed
d) To manage software licenses
Correct Answer: b) To verify the identity of a user, device, or server
Explanation: Digital certificates authenticate the identity of entities in online transactions, ensuring secure communication.
Question 13
What is a data breach?
a) An authorized access to data
b) An incident where sensitive data is accessed without authorization
c) A process of data backup
d) A method of encrypting information
Correct Answer: b) An incident where sensitive data is accessed without authorization
Explanation: A data breach occurs when confidential information is disclosed to unauthorized individuals, leading to potential harm.
Question 14
What does “two-step verification” involve?
a) Using two passwords for one account
b) A process that adds an additional layer of security beyond the password
c) Encrypting data with two keys
d) Monitoring network traffic twice
Correct Answer: b) A process that adds an additional layer of security beyond the password
Explanation: Two-step verification requires users to provide two forms of identification before gaining access to an account.
Question 15
What is a common type of attack used to exploit web applications?
a) Malware
b) SQL injection
c) Firewall
d) Encryption
Correct Answer: b) SQL injection
Explanation: SQL injection attacks target databases by injecting malicious SQL code into input fields to manipulate or access sensitive data.
Question 16
What is a security policy?
a) A document outlining acceptable security practices
b) A type of encryption
c) A method for managing user accounts
d) A process for data backup
Correct Answer: a) A document outlining acceptable security practices
Explanation: A security policy defines how an organization protects its physical and information technology assets.
Question 17
What is the primary function of a password?
a) To monitor network traffic
b) To protect access to accounts and systems
c) To encrypt sensitive information
d) To back up data
Correct Answer: b) To protect access to accounts and systems
Explanation: Passwords serve as a first line of defense against unauthorized access to accounts and sensitive information.
Question 18
What does “penetration testing” involve?
a) Monitoring network traffic
b) Simulating attacks to identify vulnerabilities in systems
c) Developing software applications
d) Backing up data
Correct Answer: b) Simulating attacks to identify vulnerabilities in systems
Explanation: Penetration testing assesses the security of systems by attempting to exploit vulnerabilities, allowing organizations to improve their defenses.
Question 19
What is an access control list (ACL)?
a) A list of users with administrative rights
b) A set of rules that determine who can access specific resources
c) A method of data encryption
d) A type of software application
Correct Answer: d) Layer 7
Explanation: Azure Application Gateway operates at Layer 7 to handle HTTP/S traffic.
Question 20
What does “social engineering” refer to?
a) A technical method of securing systems
b) Manipulating individuals into revealing confidential information
c) A method for software development
d) A way to analyze network performance
Correct Answer: b) Manipulating individuals into revealing confidential information
Explanation: Social engineering exploits human psychology to trick individuals into disclosing sensitive information or performing actions that compromise security.
