-
web.groovymark@gmail.com
- December 2, 2024
Question 21
What is “data exfiltration”?
a) The secure transfer of data to a backup
b) The unauthorized transfer of data from a system
c) The process of data encryption
d) A method of network performance improvement
Correct Answer: b) The unauthorized transfer of data from a system
Explanation: Data exfiltration involves transferring sensitive data from a secure environment to an unauthorized location.
Question 22
What is a common goal of cybersecurity training?
a) To improve software development skills
b) To raise awareness of security risks and best practices
c) To manage user accounts
d) To enhance system performance
Correct Answer: b) To raise awareness of security risks and best practices
Explanation: Cybersecurity training educates employees about potential threats and effective strategies for safeguarding organizational assets.
Question 23
What does “zero-day vulnerability” mean?
a) A vulnerability that is well-known and patched
b) A previously unknown vulnerability that is exploited before a fix is available
c) A vulnerability that occurs on the first day of a software release
d) A method of data backup
Correct Answer: b) A previously unknown vulnerability that is exploited before a fix is available
Explanation: Zero-day vulnerabilities are critical security flaws that have not yet been addressed by software developers, making them highly exploitable.
Question 24
What is the primary function of a security audit?
a) To monitor network traffic
b) To evaluate an organization’s security policies and procedures
c) To develop software applications
d) To back up data
Correct Answer: b) To evaluate an organization's security policies and procedures
Explanation: Security audits assess compliance with security standards and identify areas for improvement in an organization's security posture.
Question 25
What does “ransomware” do?
a) Encrypts data and demands payment for decryption
b) Monitors network traffic
c) Backs up data to the cloud
d) Protects against malware
Correct Answer: a) Encrypts data and demands payment for decryption
Explanation: Ransomware is a type of malware that restricts access to data until a ransom is paid to the attacker.
Question 26
What is an “incident response plan”?
a) A method for monitoring network performance
b) A strategy for addressing and managing security incidents
c) A process for data backup
d) A method for software development
Correct Answer: b) A strategy for addressing and managing security incidents
Explanation: An incident response plan outlines procedures for identifying, managing, and recovering from security incidents to minimize their impact.
Question 27
What is “DNS spoofing”?
a) A technique for monitoring network traffic
b) Manipulating DNS responses to redirect traffic to malicious sites
c) A method of data encryption
d) A process for securing servers
Correct Answer: b) Manipulating DNS responses to redirect traffic to malicious sites
Explanation: DNS spoofing tricks users into visiting malicious websites by falsifying DNS records.
Question 28
What is “two-factor authentication” (2FA)?
a) A single password for all accounts
b) A security process requiring two separate forms of identification
c) A method of encrypting data
d) A way to improve network speed
Correct Answer: b) A security process requiring two separate forms of identification
Explanation: 2FA enhances security by requiring users to provide two different types of identification before accessing their accounts.
Question 29
What is a “brute-force attack”?
a) A method of encrypting data
b) An attack that attempts all possible combinations to guess a password
c) A process for data backup
d) A technique for monitoring network traffic
Correct Answer: b) An attack that attempts all possible combinations to guess a password
Explanation: Brute-force attacks systematically try every possible password combination until the correct one is found.
Question 30
What is “SQL injection”?
a) A type of firewall
b) An attack that allows attackers to execute arbitrary SQL code on a database
c) A method of encrypting data
d) A process for backing up databases
Correct Answer: b) An attack that allows attackers to execute arbitrary SQL code on a database
Explanation: SQL injection vulnerabilities occur when an application does not properly sanitize user input, allowing attackers to manipulate database queries.
Question 31
What does “data integrity” mean?
a) The encryption of data
b) The accuracy and consistency of stored data
c) The speed of data retrieval
d) The accessibility of data
Correct Answer: b) The accuracy and consistency of stored data
Explanation: Data integrity ensures that information is accurate, reliable, and has not been tampered with during storage or transmission.
Question 32
What is a “threat vector”?
a) A type of firewall
b) The method or pathway used by an attacker to exploit a vulnerability
c) A software development technique
d) A process for data backup
Correct Answer: b) The method or pathway used by an attacker to exploit a vulnerability
Explanation: A threat vector is the approach an attacker uses to gain unauthorized access to systems or data.
Question 33
What is “encryption at rest”?
a) Encrypting data while it is being transmitted
b) Protecting data stored on a device or server
c) A method of managing user accounts
d) Monitoring network traffic
Correct Answer: b) Protecting data stored on a device or server
Explanation: Encryption at rest secures stored data from unauthorized access while it is not being actively used or transmitted.
Question 34
What is “security awareness training”?
a) Training for IT staff only
b) An education program to inform employees about security risks and best practices
c) A method of developing software applications
d) A process for data backup
Correct Answer: b) An education program to inform employees about security risks and best practices
Explanation: Security awareness training helps employees recognize potential threats and understand their role in maintaining security.
Question 35
What does “vulnerability management” entail?
a) Developing software applications
b) The process of identifying, assessing, and mitigating security weaknesses
c) A method of monitoring network traffic
d) A technique for data backup
Correct Answer: b) The process of identifying, assessing, and mitigating security weaknesses
Explanation: Vulnerability management aims to minimize security risks by addressing weaknesses in systems and applications.
Question 36
What is the purpose of a “security baseline”?
a) To monitor network performance
b) To establish a minimum level of security controls for systems
c) To develop software applications
d) To manage user accounts
Correct Answer: b) To establish a minimum level of security controls for systems
Explanation: A security baseline defines the expected security posture of systems, helping organizations maintain consistent security practices.
Question 37
What is “data masking”?
a) A technique for encrypting data
b) The process of obfuscating sensitive data to protect it from unauthorized access
c) A method for data backup
d) A type of software application
Correct Answer: b) The process of obfuscating sensitive data to protect it from unauthorized access
Explanation: Data masking protects sensitive information by replacing it with fictional data while maintaining its format.
Question 38
What is a “risk assessment”?
a) A process to analyze potential threats and vulnerabilities
b) A method of data encryption
c) A way to monitor network performance
d) A process for data backup
Correct Answer: a) A process to analyze potential threats and vulnerabilities
Explanation: Risk assessments evaluate the likelihood and impact of potential security threats, enabling organizations to prioritize security measures.
Question 39
What does “patch management” involve?
a) A method for monitoring network traffic
b) The process of regularly updating software to fix vulnerabilities
c) A technique for data encryption
d) A way to manage user accounts
Correct Answer: b) The process of regularly updating software to fix vulnerabilities
Explanation: Patch management ensures that software is kept up to date to address known security flaws and vulnerabilities.
Question 40
What is a “security token”?
a) A device that stores data
b) A physical or digital object that proves a user’s identity
c) A method for managing software licenses
d) A process for data backup
Correct Answer: b) A physical or digital object that proves a user's identity
Explanation: Security tokens provide authentication and authorization for users accessing secure systems or services.
