Sample Questions and Answers
What is the primary purpose of business continuity planning (BCP)?
A) To reduce hardware cost
B) To create marketing plans
C) To maintain operations during disruptions
D) To protect intellectual property
Answer: C
Explanation: BCP ensures that essential functions can continue during and after a disruption.
What is the concept of data sovereignty?
A) Encrypting all stored data
B) Ensuring data complies with local regulations
C) Transferring data internationally
D) Storing data in multiple countries
Answer: B
Explanation: Data sovereignty refers to laws governing data based on the country where it is stored.
Which layer of the OSI model is responsible for reliable data delivery?
A) Network
B) Session
C) Transport
D) Data Link
Answer: C
Explanation: The Transport layer ensures reliable, end-to-end communication through protocols like TCP.
What is the main risk of shadow IT?
A) Improved innovation
B) Lower costs
C) Unmanaged and unsecure systems
D) Centralized control
Answer: C
Explanation: Shadow IT involves using unauthorized devices or services, which can lead to unmonitored security risks.
Which biometric authentication method is generally considered least intrusive?
A) Retina scan
B) Fingerprint
C) Facial recognition
D) Hand geometry
Answer: C
Explanation: Facial recognition is often perceived as less intrusive and is widely adopted in consumer devices.
What type of control is encryption?
A) Administrative
B) Detective
C) Physical
D) Technical (Logical)
Answer: D
Explanation: Encryption is a technical control that protects data confidentiality.
What is the function of a proxy server?
A) Manage DNS lookups
B) Encrypt all data
C) Act as an intermediary for requests between clients and servers
D) Block viruses
Answer: C
Explanation: A proxy server forwards requests and can filter content, improve performance, and enhance privacy.
What is an SLA?
A) Security Listing Agreement
B) Security License Agreement
C) Service Level Agreement
D) Secure Log Assessment
Answer: C
Explanation: An SLA defines the expected level of service between a provider and a customer, including uptime and support.
What does “defense in depth” refer to?
A) Using one strong firewall
B) Combining administrative, technical, and physical security controls
C) Encrypting all data
D) Reducing network latency
Answer: B
Explanation: Defense in depth uses multiple layers of defense to protect assets even if one control fails.
Which of the following is most effective at mitigating phishing?
A) Antivirus software
B) Email encryption
C) User awareness training
D) Firewalls
Answer: C
Explanation: Since phishing targets people, educating users is key to preventing such attacks.
Which standard is focused on payment card industry data protection?
A) ISO/IEC 27001
B) PCI DSS
C) HIPAA
D) NIST SP 800-53
Answer: B
Explanation: PCI DSS outlines security requirements for organizations handling credit card information.
What is steganography?
A) Encryption using images
B) Hiding data within other data
C) Signing data with a key
D) Scrambling files
Answer: B
Explanation: Steganography hides data within other data, such as embedding text in an image file.
Which term refers to testing a system by simulating an attack?
A) Regression testing
B) Penetration testing
C) Load testing
D) Usability testing
Answer: B
Explanation: Penetration testing mimics real attacks to identify security weaknesses.
What does the term “non-repudiation” refer to?
A) Reversibility of encryption
B) Ability to reject data
C) Assurance that someone cannot deny an action
D) Allowing anonymous access
Answer: C
Explanation: Non-repudiation ensures that someone cannot deny having performed an action, often via digital signatures.
Reviews
There are no reviews yet.