- web.groovymark@gmail.com
- December 2, 2024
Question 01
What is the primary purpose of a firewall?
a) To physically secure a server room
b) To monitor and control incoming and outgoing network traffic
c) To encrypt data in transit
d) To back up data
Correct Answer: b) To monitor and control incoming and outgoing network traffic
Explanation: Firewalls act as a barrier between trusted and untrusted networks, filtering traffic based on predetermined security rules.
Question 02
What does “two-factor authentication” (2FA) provide?
a) Increased password length
b) An additional layer of security requiring two forms of verification
c) A method for encrypting emails
d) A firewall rule
Correct Answer: b) An additional layer of security requiring two forms of verification
Explanation: 2FA enhances security by requiring users to provide two different types of information for authentication.
Question 03
What is a “phishing attack”?
a) A method to secure sensitive data
b) An attempt to acquire sensitive information by masquerading as a trustworthy entity
c) A type of firewall
d) A form of data encryption
Correct Answer: b) An attempt to acquire sensitive information by masquerading as a trustworthy entity
Explanation: Phishing attacks often occur through emails or fake websites, tricking users into providing personal information.
Question 04
What is the role of a “data loss prevention” (DLP) solution?
a) To encrypt data in transit
b) To prevent sensitive data from being lost, misused, or accessed by unauthorized users
c) To back up data
d) To monitor network performance
Correct Answer: b) To prevent sensitive data from being lost, misused, or accessed by unauthorized users
Explanation: DLP solutions help organizations identify and protect sensitive information, ensuring compliance with regulations.
Question 05
What does “encryption” do?
a) Increases the size of files
b) Converts data into a coded format to prevent unauthorized access
c) Backups data to a remote server
d) Secures physical access to servers
Correct Answer: b) Converts data into a coded format to prevent unauthorized access
Explanation: Encryption ensures that even if data is intercepted, it cannot be read without the proper decryption key.
Question 06
What is the purpose of a VPN (Virtual Private Network)?
a) To speed up internet access
b) To create a secure connection over the internet
c) To store data in the cloud
d) To prevent phishing attacks
Correct Answer: b) To create a secure connection over the internet
Explanation: VPNs encrypt internet traffic and create a private network from a public internet connection.
Question 07
What is “malware”?
a) Software designed to enhance computer performance
b) Malicious software intended to harm or exploit devices
c) A type of firewall
d) Data backup software
Correct Answer: b) Malicious software intended to harm or exploit devices
Explanation: Malware includes viruses, worms, Trojans, ransomware, and spyware, among others.
Question 08
What does “penetration testing” involve?
a) Regularly updating software
b) Assessing a system’s security by simulating attacks
c) Monitoring network traffic
d) Backing up data
Correct Answer: b) Assessing a system's security by simulating attacks
Explanation: Penetration testing helps identify vulnerabilities in systems before malicious actors can exploit them.
Question 09
What is the “principle of least privilege”?
a) Granting all users maximum access
b) Providing users with only the access necessary to perform their job functions
c) Limiting physical access to server rooms
d) Ensuring all data is encrypted
Correct Answer: b) Providing users with only the access necessary to perform their job functions
Explanation: This principle minimizes security risks by reducing the number of users with access to sensitive data.
Question 10
What is “social engineering”?
a) A method of encrypting data
b) Psychological manipulation of people to perform actions or divulge confidential information
c) A type of malware
d) A network segmentation technique
Correct Answer: b) Psychological manipulation of people to perform actions or divulge confidential information
Explanation: Social engineering exploits human psychology rather than technical vulnerabilities.
Question 11
What does “incident response” refer to?
a) Backing up data
b) The process of handling and managing security breaches or attacks
c) Updating software
d) Monitoring network traffic
Correct Answer: b) The process of handling and managing security breaches or attacks
Explanation: Incident response involves preparation, detection, analysis, containment, eradication, recovery, and post-incident review.
Question 12
What is “zero trust” security?
a) A network security model that assumes no user or device is trustworthy by default
b) A type of data backup method
c) A firewall configuration
d) A social engineering tactic
Correct Answer: a) A network security model that assumes no user or device is trustworthy by default
Explanation: Zero trust requires verification from everyone trying to access resources within the network.
Question 13
What is the purpose of “endpoint security”?
a) To protect servers
b) To secure endpoints such as laptops, desktops, and mobile devices from threats
c) To monitor network traffic
d) To manage user accounts
Correct Answer: b) To secure endpoints such as laptops, desktops, and mobile devices from threats
Explanation: Endpoint security ensures that all devices connected to a network are protected against security threats
Question 14
What is “vulnerability scanning”?
a) A method for backing up data
b) The process of identifying and assessing security weaknesses in systems
c) A type of malware
d) A user authentication method
Correct Answer: b) The process of identifying and assessing security weaknesses in systems
Explanation: Vulnerability scanning helps organizations discover vulnerabilities before they can be exploited by attackers.
Question 15
What does “strong password policy” refer to?
a) A set of guidelines for creating complex passwords
b) A type of data encryption
c) A network security measure
d) A process for managing user accounts
Correct Answer: a) A set of guidelines for creating complex passwords
Explanation: A strong password policy encourages users to create passwords that are difficult to guess or crack.
Question 16
What is “ransomware”?
a) A type of antivirus software
b) Malicious software that encrypts files and demands payment for decryption
c) A data backup solution
d) A network monitoring tool
Correct Answer: b) Malicious software that encrypts files and demands payment for decryption
Explanation: Ransomware attacks can lead to significant data loss and financial costs for organizations.
Question 17
What does “security audit” mean?
a) The process of encrypting data
b) A systematic evaluation of an organization’s security policies, controls, and practices
c) A type of malware
d) A method of data backup
Correct Answer: b) A systematic evaluation of an organization's security policies, controls, and practices
Explanation: Security audits help identify areas for improvement and ensure compliance with regulations.
Question 18
What is “data breach notification”?
a) A method of encrypting data
b) The process of informing individuals about unauthorized access to their personal information
c) A data backup solution
d) A network security measure
Correct Answer: b) The process of informing individuals about unauthorized access to their personal information
Explanation: Notification is often required by law to inform affected parties of a data breach.
Question 19
What is “web application firewall” (WAF)?
a) A type of antivirus software
b) A security solution that monitors and filters HTTP traffic to and from web applications
c) A data backup solution
d) A network monitoring tool
Correct Answer: b) A security solution that monitors and filters HTTP traffic to and from web applications
Explanation: WAFs protect web applications from common attacks such as SQL injection and cross-site scripting.
Question 20
What is “network monitoring”?
a) The process of backing up data
b) The continuous observation of network traffic for unusual activity
c) A type of malware
d) A method of user authentication
Correct Answer: b) The continuous observation of network traffic for unusual activity
Explanation: Network monitoring helps detect security incidents and performance issues.