1. Which of the following is not one of the three security goals of the CIA triad? a. Confidentiality b. Integrity c. Availability d. Agility

Answer: d. Agility

2. What is the primary goal of a security policy? a. To define the organization’s security requirements and objectives b. To ensure that all employees follow the same set of rules c. To prevent any unauthorized access to the organization’s systems and data d. To identify and respond to security incidents in a timely manner

Answer: a. To define the organization’s security requirements and objectives

3. Which of the following is a characteristic of symmetric-key cryptography? a. It uses different keys for encryption and decryption b. It is based on the difficulty of factoring large prime numbers c. It is faster than asymmetric-key cryptography d. It is more secure than asymmetric-key cryptography

Answer: c. It is faster than asymmetric-key cryptography

4. What is the primary goal of a vulnerability scan? a. To identify weaknesses in an organization’s systems and networks b. To prevent malware from infecting the organization’s systems c. To monitor the organization’s systems and networks for security incidents d. To ensure compliance with security regulations and policies

Answer: a. To identify weaknesses in an organization’s systems and networks

5. Which of the following is an example of a technical control? a. Security awareness training for employees b. Security policies and procedures c. Physical access controls to a data center d. Background checks for new employees

Answer: c. Physical access controls to a data center

6. Which of the following is not one of the stages of the incident response process? a. Identification b. Containment c. Eradication d. Disclosure

Answer: d. Disclosure Explanation: The incident response process typically consists of four stages: Identification, Containment, Eradication, and Recovery. Disclosure is not a stage of the incident response process, but it is a critical aspect of incident management.

7. Which of the following is an example of a network-based intrusion detection system (NIDS)? a. Host-based firewall b. Snort c. Anti-virus software d. Security information and event management (SIEM) system

Answer: b. Snort Explanation: Snort is an example of a NIDS, which monitors network traffic for signs of suspicious activity or potential security threats. Host-based firewalls, anti-virus software, and SIEM systems are examples of other types of security controls.

8. What is the purpose of a disaster recovery plan? a. To prevent disasters from occurring b. To ensure that critical business processes can be restored in the event of a disaster c. To respond to security incidents in a timely manner d. To assess the risks associated with different business processes

Answer: b. To ensure that critical business processes can be restored in the event of a disaster Explanation: A disaster recovery plan is a set of procedures and policies designed to enable an organization to resume critical business functions following a disaster or disruption. The primary goal of a disaster recovery plan is to ensure that the organization can quickly recover from a disaster and resume its operations as soon as possible.

9. Which of the following is not a type of access control? a. Mandatory access control (MAC) b. Discretionary access control (DAC) c. Role-based access control (RBAC) d. Identity-based access control (IBAC)

Answer: d. Identity-based access control (IBAC) Explanation: Identity-based access control (IBAC) is not a commonly recognized type of access control. The three main types of access control are mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC).

10. Which of the following is a characteristic of a buffer overflow attack? a. It exploits vulnerabilities in software code to execute arbitrary code b. It is a form of social engineering that targets individuals c. It intercepts network traffic to steal sensitive data d. It floods a system or network with traffic to cause a denial-of-service (DoS) attack

Answer: a. It exploits vulnerabilities in software code to execute arbitrary code Explanation: A buffer overflow attack is a type of software vulnerability that allows an attacker to overwrite memory locations with arbitrary code, potentially allowing the attacker to execute malicious code and gain control of the affected system. Buffer overflow attacks are typically executed through the exploitation of software bugs or vulnerabilities.

11. Which of the following is a characteristic of a hash function? a. It is a one-way function b. It uses a private key for encryption c. It requires both parties to have the same key d. It is used to encrypt data in motion

Answer: a. It is a one-way function Explanation: A hash function is a mathematical function that takes an input (or “message”) and produces a fixed-size output (or “hash”). It is designed to be a one-way function, meaning that it is easy to compute the hash value from the input message, but difficult (if not impossible) to compute the input message from the hash value.

12. Which of the following is a characteristic of a denial-of-service (DoS) attack? a. It is a form of social engineering b. It is a type of malware that encrypts data c. It floods a system or network with traffic to cause disruption d. It exploits vulnerabilities in software code to execute arbitrary code

Answer: c. It floods a system or network with traffic to cause disruption Explanation: A denial-of-service (DoS) attack is a type of cyber attack that floods a system or network with traffic in order to cause it to become overwhelmed and unavailable to users. This can be accomplished through a variety of means, including sending a large number of requests to a server or network, or by exploiting vulnerabilities in software or systems.

13. Which of the following is a key principle of secure software development? a. Input validation b. Open source code c. Least privilege d. Social engineering

Answer: a. Input validation Explanation: Input validation is a key principle of secure software development, as it helps to prevent attacks such as buffer overflows and SQL injection attacks. By ensuring that all user input is properly validated and sanitized, software developers can prevent malicious actors from exploiting vulnerabilities in the application.

14. Which of the following is an example of a physical security control? a. Firewalls b. Intrusion detection systems c. Biometric authentication systems d. Access control lists

Answer: c. Biometric authentication systems Explanation: Biometric authentication systems are a type of physical security control that uses physical or behavioral characteristics, such as fingerprints or voice patterns, to identify and authenticate users. Other examples of physical security controls include CCTV cameras, locks, and access control systems.

15. Which of the following is a characteristic of a phishing attack? a. It is a type of malware that encrypts data b. It exploits vulnerabilities in software code to execute arbitrary code c. It uses social engineering techniques to trick users into divulging sensitive information d. It floods a system or network with traffic to cause disruption

Answer: c. It uses social engineering techniques to trick users into divulging sensitive information Explanation: Phishing attacks are a type of social engineering attack that typically involve the use of fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information or clicking on malicious links. These attacks are designed to take advantage of human psychology and trust, rather than exploiting technical vulnerabilities in software or systems.

16. Which of the following is an example of a type of malware? a. DNS spoofing b. MAC filtering c. IPsec d. Trojan horse

Answer: d. Trojan horse Explanation: A Trojan horse is a type of malware that disguises itself as legitimate software in order to trick users into installing it on their devices. Once installed, the Trojan horse can be used to steal data, monitor activity, or carry out other malicious actions.

17. Which of the following is an example of a technical vulnerability? a. Weak passwords b. Social engineering attacks c. Insufficient user training d. Unpatched software

Answer: d. Unpatched software Explanation: Unpatched software is an example of a technical vulnerability, as it represents a weakness in a software system that can be exploited by attackers. Other examples of technical vulnerabilities include buffer overflows, SQL injection, and cross-site scripting (XSS) attacks.

18. Which of the following is a characteristic of a virtual private network (VPN)? a. It provides a secure connection between two network segments b. It uses biometric authentication to verify user identity c. It is used to encrypt data at rest d. It uses public key infrastructure (PKI) for encryption

Answer: a. It provides a secure connection between two network segments Explanation: A virtual private network (VPN) is a type of network that provides a secure, encrypted connection between two network segments over a public network such as the Internet. VPNs are commonly used to enable remote access to corporate networks, as well as to secure communication between different network segments.

19. Which of the following is an example of a security incident? a. An employee violating company policy b. A system outage caused by a hardware failure c. A user accidentally deleting important files d. A hacker stealing customer data

Answer: d. A hacker stealing customer data Explanation: A security incident is any event that represents a potential security threat to an organization’s systems or data. Examples of security incidents can include data breaches, system compromises, and unauthorized access or use of systems or data.

20. Which of the following is a characteristic of a public key infrastructure (PKI)? a. It uses the same key for both encryption and decryption b. It requires both parties to have the same key c. It uses a private key for encryption and a public key for decryption d. It is used to encrypt data in motion

Answer: c. It uses a private key for encryption and a public key for decryption Explanation: A public key infrastructure (PKI) is a system of technologies, policies, and procedures that enable the secure exchange of digital certificates and public keys. PKI is typically used to facilitate secure communication over the Internet, and uses a private key for encryption and a public key for decryption.

21. Which of the following is an example of a security control that falls under the category of administrative controls? a. Firewall b. Antivirus software c. Security awareness training d. Intrusion detection system

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

22. What is the primary goal of a risk assessment? a. To eliminate all risk from an organization’s systems and processes b. To identify and prioritize risks to an organization’s systems and processes c. To remediate all identified risks in an organization’s systems and processes d. To ensure that all employees are aware of the risks to an organization’s systems and processes

Answer: b. To identify and prioritize risks to an organization’s systems and processes Explanation: A risk assessment is a process of identifying and evaluating potential risks and threats to an organization’s systems and processes. The primary goal of a risk assessment is to identify and prioritize risks so that appropriate controls can be put in place to mitigate or manage those risks.

23. Which of the following is an example of a security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Intrusion detection systems d. Patch management

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to physically protect an organization’s systems and assets. Examples of physical controls include access control systems, CCTV cameras, and biometric authentication systems.

24. Which of the following is a characteristic of a symmetric encryption algorithm? a. It uses different keys for encryption and decryption b. It is based on the difficulty of factoring large prime numbers c. It is slower than asymmetric encryption algorithms d. It is less secure than asymmetric encryption algorithms

Answer: d. It is less secure than asymmetric encryption algorithms Explanation: Symmetric encryption algorithms use the same key for both encryption and decryption, which can make them vulnerable to attacks such as key interception or brute-force attacks. Asymmetric encryption algorithms, on the other hand, use different keys for encryption and decryption, which makes them more secure.

25. Which of the following is an example of a security control that falls under the category of technical controls? a. Security awareness training b. Incident response planning c. Encryption d. Background checks for employees

Answer: c. Encryption Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and encryption.

26. Which of the following is an example of a type of attack that can be prevented by using a strong password policy? a. Social engineering b. Denial-of-service (DoS) c. SQL injection d. Brute-force attack

Answer: d. Brute-force attack Explanation: A brute-force attack is a type of attack that involves trying every possible combination of characters in order to guess a password. A strong password policy can help to prevent brute-force attacks by requiring users to choose passwords that are complex and difficult to guess.

27. Which of the following is a characteristic of an asymmetric encryption algorithm? a. It uses the same key for both encryption and decryption b. It is based on the difficulty of factoring large prime numbers c. It is faster than symmetric encryption algorithms d. It is less secure than symmetric encryption algorithms

Answer: b. It is based on the difficulty of factoring large prime numbers Explanation: Asymmetric encryption algorithms use different keys for encryption and decryption, and are based on complex mathematical problems such as factoring large prime numbers. These algorithms are generally considered to be more secure than symmetric encryption algorithms.

28. Which of the following is an example of a type of vulnerability scanning tool? a. Wireshark b. Nessus c. Snort d. Metasploit

Answer: b. Nessus Explanation: Nessus is a popular vulnerability scanning tool that is used to identify vulnerabilities in an organization’s systems and networks. Other examples of vulnerability scanning tools include Qualys, OpenVAS, and Retina.

29. Which of the following is an example of a security control that falls under the category of operational controls? a. Firewalls b. Encryption c. Security incident response plans d. Access control systems

Answer: c. Security incident response plans Explanation: Operational controls are a type of security control that includes policies and procedures designed to manage risk and ensure compliance. Examples of operational controls include security incident response plans, change management policies, and backup and recovery procedures.

30. Which of the following is a characteristic of a virtual machine (VM)? a. It is a physical computer system that runs multiple operating systems b. It is a software implementation of a physical computer that can run applications within a separate environment c. It is a network protocol used for secure communication over the Internet d. It is a type of encryption algorithm used to protect data in motion

Answer: b. It is a software implementation of a physical computer that can run applications within a separate environment Explanation: A virtual machine (VM) is a software implementation of a physical computer that can run applications within a separate environment. VMs are commonly used to enable multiple operating systems or applications to run on a single physical host, and can provide benefits such as improved efficiency, increased flexibility, and easier management.

31. Which of the following is a characteristic of a vulnerability? a. It is a weakness in a system or process that can be exploited by attackers b. It is a type of malware that disguises itself as legitimate software c. It is a physical security control used to protect an organization’s assets d. It is a type of attack that involves flooding a network with traffic

Answer: a. It is a weakness in a system or process that can be exploited by attackers Explanation: A vulnerability is a weakness in a system or process that can be exploited by attackers to compromise the security of an organization’s systems or data. Vulnerabilities can be caused by a variety of factors, including software flaws, misconfigurations, and user errors.

32. Which of the following is an example of a type of social engineering attack? a. SQL injection b. Buffer overflow c. Phishing d. Denial-of-service (DoS)

Answer: c. Phishing Explanation: Phishing is a type of social engineering attack that typically involves the use of fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information or clicking on malicious links. Other examples of social engineering attacks include pretexting, baiting, and quid pro quo.

33. Which of the following is an example of a type of access control? a. Encryption b. Passwords c. Firewalls d. Intrusion detection systems

Answer: b. Passwords Explanation: Access control is a type of security control that is used to manage access to an organization’s systems and data. Examples of access control mechanisms include passwords, biometric authentication, access control lists (ACLs), and role-based access control (RBAC).

34. Which of the following is a characteristic of a distributed denial-of-service (DDoS) attack? a. It is a type of attack that involves flooding a network with traffic b. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information c. It involves stealing data from an organization’s systems or networks d. It targets a specific individual or organization

Answer: a. It is a type of attack that involves flooding a network with traffic Explanation: A distributed denial-of-service (DDoS) attack is a type of cyber attack that involves flooding a network or website with traffic in order to disrupt its normal operation. DDoS attacks are typically carried out by a large number of compromised devices, such as computers or IoT devices, that are coordinated to send traffic to a target.

35. Which of the following is a characteristic of a firewall? a. It is a type of encryption algorithm used to protect data in motion b. It is a physical security control used to protect an organization’s assets c. It is a network security device that monitors and filters incoming and outgoing traffic d. It is a type of access control mechanism used to manage user access to systems and data

Answer: c. It is a network security device that monitors and filters incoming and outgoing traffic Explanation: A firewall is a network security device that is used to monitor and filter incoming and outgoing traffic based on a set of rules and policies. Firewalls can be used to block traffic from known malicious IP addresses or to prevent unauthorized access to an organization’s systems and data.

36. Which of the following is an example of a type of authentication factor? a. Access control lists (ACLs) b. Encryption keys c. Biometric data d. Security policies

Answer: c. Biometric data Explanation: An authentication factor is a piece of information or data that is used to verify the identity of a user. Examples of authentication factors include passwords, smart cards, and biometric data such as fingerprints or facial recognition.

37. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

38. Which of the following is a characteristic of a denial-of-service (DoS) attack? a. It involves stealing data from an organization’s systems or networks b. It is a type of attack that involves flooding a network with traffic c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information d. It targets a specific individual or organization

Answer: b. It is a type of attack that involves flooding a network with traffic Explanation: A denial-of-service (DoS) attack is a type of cyber attack that involves flooding a network or website with traffic in order to disrupt its normal operation. DoS attacks are typically carried out by a single attacker using one or a few devices.

39. Which of the following is an example of a type of encryption algorithm? a. RSA b. ACL c. DDoS d. RBAC

Answer: a. RSA Explanation: RSA is a commonly used encryption algorithm that is based on the difficulty of factoring large prime numbers. Other examples of encryption algorithms include AES, Blowfish, and DES.

40. Which of the following is a characteristic of a security incident response plan? a. It is used to manage access to an organization’s systems and data b. It is a type of encryption algorithm used to protect data in motion c. It is a set of procedures and guidelines for responding to security incidents d. It is a physical security control used to protect an organization’s assets

Answer: c. It is a set of procedures and guidelines for responding to security incidents Explanation: A security incident response plan is a set of procedures and guidelines for responding to security incidents. These plans typically include procedures for identifying and containing incidents, analyzing and mitigating the effects of incidents, and reporting incidents to relevant parties.

41. Which of the following is an example of a type of access control list (ACL)? a. Role-based access control (RBAC) b. Rule-based access control (RBAC) c. Discretionary access control (DAC) d. Mandatory access control (MAC)

Answer: c. Discretionary access control (DAC) Explanation: Discretionary access control (DAC) is a type of access control mechanism that allows users to control access to their own resources. Access control lists (ACLs) are a common implementation of DAC, and are used to define which users or groups have access to specific files, directories, or other resources.

42. Which of the following is an example of a type of malware? a. Firewall b. IDS c. Virus d. Router

Answer: c. Virus Explanation: A virus is a type of malware that is designed to infect and spread to other systems or devices. Viruses can be spread through email attachments, malicious websites, or other means, and can cause a variety of problems such as data loss, system crashes, and identity theft.

43. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

44. Which of the following is a characteristic of a virtual private network (VPN)? a. It is a type of encryption algorithm used to protect data in motion b. It is a physical security control used to protect an organization’s assets c. It is a network protocol used for secure communication over the Internet d. It is a type of access control mechanism used to manage user access to systems and data

Answer: c. It is a network protocol used for secure communication over the Internet Explanation: A virtual private network (VPN) is a network protocol that is used to create a secure and private connection between two devices over the Internet. VPNs use encryption and other security mechanisms to protect data in transit and provide users with secure remote access to an organization’s systems and data.

45. Which of the following is an example of a type of vulnerability scanning tool? a. Wireshark b. Nessus c. Snort d. Metasploit

Answer: b. Nessus Explanation: Nessus is a popular vulnerability scanning tool that is used to identify vulnerabilities in an organization’s systems and networks. Other examples of vulnerability scanning tools include Qualys, OpenVAS, and Retina.

46. Which of the following is an example of a type of network security control? a. Intrusion detection system (IDS) b. Disk encryption c. Firewall d. Antivirus software

Answer: a. Intrusion detection system (IDS) Explanation: An intrusion detection system (IDS) is a network security control that monitors network traffic for signs of suspicious activity or attacks. IDS can be deployed in various configurations, including network-based IDS (NIDS) and host-based IDS (HIDS).

47. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Access control lists (ACLs) b. Biometric authentication c. Security policies and procedures d. Video surveillance

Answer: d. Video surveillance Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

48. Which of the following is an example of a type of authentication mechanism? a. Firewall b. VPN c. Password d. IDS

Answer: c. Password Explanation: Passwords are a common type of authentication mechanism that require users to provide a secret code or phrase to verify their identity. Other examples of authentication mechanisms include biometric authentication, smart cards, and one-time passwords (OTP).

49. Which of the following is an example of a type of network security protocol? a. SSL b. PGP c. SSH d. AES

Answer: a. SSL Explanation: Secure Sockets Layer (SSL) is a network security protocol that is used to provide secure communication between clients and servers over the Internet. SSL is commonly used to protect sensitive information such as credit card numbers, login credentials, and personal information.

50. Which of the following is a characteristic of a security incident? a. It is a weakness in a system or process that can be exploited by attackers b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It is a specific event that results in an actual or potential compromise of an organization’s systems or data d. It is a set of procedures and guidelines for responding to security incidents

Answer: c. It is a specific event that results in an actual or potential compromise of an organization’s systems or data Explanation: A security incident is a specific event that results in an actual or potential compromise of an organization’s systems or data. Security incidents can include unauthorized access, theft of data, denial-of-service (DoS) attacks, and other types of security breaches.

51. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

52. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

53. Which of the following is a characteristic of a phishing attack? a. It involves flooding a network with traffic b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information d. It targets a specific individual or organization

Answer: c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information Explanation: Phishing is a type of social engineering attack that typically involves the use of fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information or clicking on malicious links. Other examples of social engineering attacks include pretexting, baiting, and quid pro quo.

54. Which of the following is an example of a type of firewall? a. Packet-filtering firewall b. Host-based firewall c. Intrusion detection system (IDS) d. Antivirus software

Answer: a. Packet-filtering firewall Explanation: A packet-filtering firewall is a type of firewall that examines individual packets of data as they pass through the firewall, and either allows or blocks the packets based on a set of rules and policies. Other types of firewalls include application-level gateways (ALGs) and stateful inspection firewalls.

55. Which of the following is an example of a type of encryption? a. IPsec b. SSL c. AES d. PGP

Answer: c. AES Explanation: Advanced Encryption Standard (AES) is a widely used encryption algorithm that is used to protect data at rest and in transit. Other examples of encryption algorithms include RSA, Blowfish, and DES.

56. Which of the following is an example of a type of network security control? a. Intrusion prevention system (IPS) b. Disk encryption c. Firewall d. Antivirus software

Answer: a. Intrusion prevention system (IPS) Explanation: An intrusion prevention system (IPS) is a type of network security control that monitors network traffic for signs of suspicious activity or attacks and can take automated actions to prevent or mitigate the attack. IPS can be deployed in various configurations, including network-based IPS (NIPS) and host-based IPS (HIPS).

57. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

58. Which of the following is a characteristic of a man-in-the-middle (MitM) attack? a. It involves stealing data from an organization’s systems or networks b. It is a type of attack that involves flooding a network with traffic c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information d. It intercepts communications between two parties to steal information or carry out other malicious activity

Answer: d. It intercepts communications between two parties to steal information or carry out other malicious activity Explanation: A man-in-the-middle (MitM) attack is a type of cyber attack in which an attacker intercepts communications between two parties in order to steal information or carry out other malicious activity. MitM attacks can be carried out using various techniques, including ARP spoofing, DNS spoofing, and SSL stripping.

59. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

60. Which of the following is a characteristic of a botnet? a. It is a type of attack that involves stealing data from an organization’s systems or networks b. It is a network of compromised devices that can be used to carry out attacks or steal information c. It involves flooding a network with traffic d. It is a type of encryption algorithm used to protect data in motion

Answer: b. It is a network of compromised devices that can be used to carry out attacks or steal information Explanation: A botnet is a network of compromised devices that are controlled by a single attacker and can be used to carry out attacks or steal information. Botnets are typically used to carry out distributed denial-of-service (DDoS) attacks, spread malware, or carry out other types of cyber attacks.

61. Which of the following is an example of a type of access control mechanism? a. Virtual private network (VPN) b. Firewall c. Biometric authentication d. Antivirus software

Answer: c. Biometric authentication Explanation: Biometric authentication is a type of access control mechanism that uses unique physical or behavioral characteristics to verify a user’s identity. Biometric authentication can include fingerprint scanning, facial recognition, or iris scanning.

62. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

63. Which of the following is a characteristic of a denial-of-service (DoS) attack? a. It intercepts communications between two parties to steal information or carry out other malicious activity b. It involves stealing data from an organization’s systems or networks c. It floods a network or system with traffic to cause a disruption or outage d. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information

Answer: c. It floods a network or system with traffic to cause a disruption or outage Explanation: A denial-of-service (DoS) attack is a type of cyber attack that floods a network or system with traffic in order to cause a disruption or outage. DoS attacks can be carried out using various techniques, including distributed denial-of-service (DDoS) attacks and application-layer attacks.

64. Which of the following is an example of a type of security incident response team? a. Network security team b. Incident management team c. Physical security team d. IT support team

Answer: b. Incident management team Explanation: An incident management team is a group of individuals responsible for responding to security incidents and managing the incident response process. The incident management team may include representatives from various departments, including IT, legal, HR, and public relations.

65. Which of the following is an example of a type of access control model? a. Role-based access control (RBAC) b. Intrusion detection system (IDS) c. Discretionary access control (DAC) d. Firewall

Answer: a. Role-based access control (RBAC) Explanation: Role-based access control (RBAC) is an access control model that uses a user’s role within an organization to determine their level of access to systems and data. RBAC is a common implementation of access control in enterprise environments and can help to streamline access management and reduce the risk of unauthorized access.

66. Which of the following is a characteristic of a ransomware attack? a. It intercepts communications between two parties to steal information or carry out other malicious activity b. It involves stealing data from an organization’s systems or networks c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information d. It encrypts a victim’s data and demands payment for its release

Answer: d. It encrypts a victim’s data and demands payment for its release Explanation: Ransomware is a type of malware that encrypts a victim’s data and demands payment in exchange for the decryption key. Ransomware attacks can be carried out using various techniques, including phishing emails, malicious websites, and social engineering tactics.

67. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

68. Which of the following is a characteristic of a SQL injection attack? a. It involves flooding a network with traffic b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information d. It exploits vulnerabilities in web applications to steal data or carry out other malicious activity

Answer: d. It exploits vulnerabilities in web applications to steal data or carry out other malicious activity Explanation: A SQL injection attack is a type of cyber attack that exploits vulnerabilities in web applications to steal data or carry out other malicious activity. SQL injection attacks can be used to bypass authentication controls, access sensitive data, or modify or delete data stored in a database.

69. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

70. Which of the following is a characteristic of a distributed denial-of-service (DDoS) attack? a. It involves flooding a network with traffic b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It intercepts communications between two parties to steal information or carry out other malicious activity d. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information

Answer: a. It involves flooding a network with traffic Explanation: A distributed denial-of-service (DDoS) attack is a type of cyber attack that involves flooding a network or system with traffic from multiple sources in order to cause a disruption or outage. DDoS attacks can be carried out using botnets, which are networks of compromised devices controlled by a single attacker.

71. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

72. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

73. Which of the following is a characteristic of a spear-phishing attack? a. It involves flooding a network with traffic b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information d. It targets a specific individual or organization using personalized information

Answer: d. It targets a specific individual or organization using personalized information Explanation: Spear-phishing is a type of social engineering attack that targets a specific individual or organization using personalized information to trick them into divulging sensitive information or clicking on a malicious link. Spear-phishing attacks can be more difficult to detect than generic phishing attacks because they are tailored to a specific individual or organization.

74. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

75. Which of the following is an example of a type of access control model? a. Role-based access control (RBAC) b. Intrusion detection system (IDS) c. Discretionary access control (DAC) d. Firewall

Answer: a. Role-based access control (RBAC) Explanation: Role-based access control (RBAC) is an access control model that uses a user’s role within an organization to determine their level of access to systems and data. RBAC is a common implementation of access control in enterprise environments and can help to streamline access management and reduce the risk of unauthorized access.

76. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

77. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

78. Which of the following is a characteristic of a social engineering attack? a. It involves flooding a network with traffic b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It uses psychological manipulation to trick individuals into divulging sensitive information or taking a particular action d. It targets specific individuals or organizations using personalized information

Answer: c. It uses psychological manipulation to trick individuals into divulging sensitive information or taking a particular action Explanation: Social engineering is a type of cyber attack that uses psychological manipulation to trick individuals into divulging sensitive information or taking a particular action. Social engineering attacks can take various forms, including phishing, pretexting, and baiting.

79. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

80. Which of the following is a characteristic of a buffer overflow attack? a. It intercepts communications between two parties to steal information or carry out other malicious activity b. It involves flooding a network with traffic c. It exploits a vulnerability in a program or system to execute malicious code or gain unauthorized access d. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information

Answer: c. It exploits a vulnerability in a program or system to execute malicious code or gain unauthorized access Explanation: A buffer overflow attack is a type of cyber attack that exploits a vulnerability in a program or system to execute malicious code or gain unauthorized access. Buffer overflow attacks can be used to bypass authentication controls, elevate privileges, or carry out other types of malicious activity.

81. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

82. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

83. Which of the following is a characteristic of a man-in-the-middle (MitM) attack? a. It involves flooding a network with traffic b. It intercepts communications between two parties to steal information or carry out other malicious activity c. It uses psychological manipulation to trick individuals into divulging sensitive information or taking a particular action d. It targets specific individuals or organizations using personalized information

Answer: b. It intercepts communications between two parties to steal information or carry out other malicious activity Explanation: A man-in-the-middle (MitM) attack is a type of cyber attack that involves an attacker intercepting communications between two parties in order to steal information or carry out other malicious activity. MitM attacks can be carried out using various techniques, including session hijacking and DNS spoofing.

84. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

85. Which of the following is a characteristic of a distributed attack? a. It involves flooding a network with traffic b. It intercepts communications between two parties to steal information or carry out other malicious activity c. It uses psychological manipulation to trick individuals into divulging sensitive information or taking a particular action d. It targets multiple systems or networks simultaneously using multiple sources

Answer: d. It targets multiple systems or networks simultaneously using multiple sources Explanation: A distributed attack is a type of cyber attack that involves targeting multiple systems or networks simultaneously using multiple sources. Distributed attacks can be carried out using various techniques, including distributed denial-of-service (DDoS) attacks and botnets.

86. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

87. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

88. Which of the following is a characteristic of a phishing attack? a. It involves flooding a network with traffic b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information d. It intercepts communications between two parties to steal information or carry out other malicious activity

Answer: c. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information Explanation: Phishing is a type of social engineering attack that uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information or clicking on a malicious link. Phishing attacks can be used to steal credentials, spread malware, or carry out other types of malicious activity.

89. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

90. Which of the following is a characteristic of a rootkit? a. It involves flooding a network with traffic b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It intercepts communications between two parties to steal information or carry out other malicious activity d. It is a type of malware that is designed to hide its presence on a system or network

Answer: d. It is a type of malware that is designed to hide its presence on a system or network Explanation: A rootkit is a type of malware that is designed to hide its presence on a system or network in order to avoid detection and maintain access. Rootkits can be used to carry out various types of malicious activity, including stealing data and carrying out remote control of a system or network.

91. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

92. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

93. Which of the following is a characteristic of a ransomware attack? a. It involves flooding a network with traffic b. It intercepts communications between two parties to steal information or carry out other malicious activity c. It uses psychological manipulation to trick individuals into divulging sensitive information or taking a particular action d. It encrypts an organization’s data and demands payment in exchange for the decryption key

Answer: d. It encrypts an organization’s data and demands payment in exchange for the decryption key Explanation: Ransomware is a type of malware that encrypts an organization’s data and demands payment in exchange for the decryption key. Ransomware attacks can be carried out using various techniques, including phishing emails and exploit kits.

94. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

95. Which of the following is a characteristic of a denial-of-service (DoS) attack? a. It involves flooding a network with traffic b. It intercepts communications between two parties to steal information or carry out other malicious activity c. It uses psychological manipulation to trick individuals into divulging sensitive information or taking a particular action d. It is a type of attack that involves stealing data from an organization’s systems or networks

Answer: a. It involves flooding a network with traffic Explanation: A denial-of-service (DoS) attack is a type of cyber attack that involves flooding a network or system with traffic in order to overwhelm it and cause it to stop functioning. DoS attacks can be carried out using various techniques, including ping floods and distributed DoS attacks (DDoS).

96. Which of the following is an example of a type of security control that falls under the category of technical controls? a. Security policies and procedures b. Access control systems c. Security awareness training d. Background checks for employees

Answer: b. Access control systems Explanation: Technical controls are a type of security control that includes measures to protect an organization’s systems and data through the use of technology. Examples of technical controls include firewalls, intrusion detection systems, and access control systems.

97. Which of the following is an example of a type of security control that falls under the category of administrative controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: c. Security awareness training Explanation: Administrative controls are a type of security control that includes policies, procedures, and guidelines designed to manage risk and ensure compliance. Examples of administrative controls include security awareness training, access control policies, and incident response plans.

98. Which of the following is a characteristic of a SQL injection attack? a. It involves flooding a network with traffic b. It intercepts communications between two parties to steal information or carry out other malicious activity c. It exploits a vulnerability in a web application’s database to execute malicious code or gain unauthorized access d. It uses fraudulent emails, text messages, or phone calls to trick users into divulging sensitive information

Answer: c. It exploits a vulnerability in a web application’s database to execute malicious code or gain unauthorized access Explanation: A SQL injection attack is a type of cyber attack that exploits a vulnerability in a web application’s database to execute malicious code or gain unauthorized access. SQL injection attacks can be used to steal data, modify data, or carry out other types of malicious activity.

99. Which of the following is an example of a type of security control that falls under the category of physical controls? a. Encryption b. Access control systems c. Security awareness training d. Intrusion detection systems

Answer: b. Access control systems Explanation: Physical controls are a type of security control that includes measures to protect an organization’s physical assets, facilities, and personnel. Examples of physical controls include access control systems, video surveillance, and environmental controls.

100. Which of the following is a characteristic of a Trojan horse? a. It involves flooding a network with traffic b. It is a type of attack that involves stealing data from an organization’s systems or networks c. It intercepts communications between two parties to steal information or carry out other malicious activity d. It is a type of malware that disguises itself as legitimate software in order to carry out malicious activity

Answer: d. It is a type of malware that disguises itself as legitimate software in order to carry out malicious activity Explanation: A Trojan horse is a type of malware that disguises itself as legitimate software in order to carry out malicious activity. Trojan horses can be used to steal data, modify data, or carry out other types of malicious activity.