Sample Questions and Answers
1. Which of the following best describes the principle of least privilege?
A) Users should have access to all systems for efficiency
B) Users are given the minimum access necessary to perform their job
C) Only administrators can use sensitive systems
D) Privileges should be increased over time
Answer: B
Explanation:
The principle of least privilege ensures that users and systems are granted only the permissions they need to complete their assigned tasks—nothing more. This reduces the risk of internal threats and limits the damage caused by compromised accounts. It’s a fundamental concept in cybersecurity, helping to minimize attack surfaces and enforce access controls.
2. A hacker captures encrypted traffic using a packet sniffer. Which type of attack is this?
A) Phishing
B) Man-in-the-middle
C) Eavesdropping
D) Brute force
Answer: C
Explanation:
Eavesdropping, also known as sniffing or snooping, involves intercepting and capturing network traffic, often passively. If the data is encrypted, the attacker may store it for later decryption attempts. This method is commonly used for reconnaissance and is a passive form of cyber attack, making it difficult to detect.
3. Which cryptographic concept ensures that data has not been altered?
A) Confidentiality
B) Authentication
C) Integrity
D) Availability
Answer: C
Explanation:
Integrity ensures that data remains unchanged during transit or storage. Cryptographic hash functions, such as SHA-256, are commonly used to verify integrity by generating a fixed-size hash value. If even one bit of the original data changes, the hash value also changes, signaling potential tampering or corruption.
4. What is the main purpose of a digital signature?
A) Encrypt data for confidentiality
B) Speed up data transmission
C) Verify sender authenticity and data integrity
D) Prevent denial-of-service attacks
Answer: C
Explanation:
Digital signatures are used to confirm the authenticity of the sender and ensure that the message hasn’t been altered. By applying a private key to generate the signature and verifying it with the sender’s public key, the recipient can trust the source and the content. This is crucial for secure communications and digital document validation.
5. Which of the following is an example of multifactor authentication (MFA)?
A) Username and password
B) Password and PIN
C) Smart card and fingerprint
D) Security question and password
Answer: C
Explanation:
Multifactor authentication requires two or more different types of verification: something you know (password), something you have (smart card), or something you are (biometric like fingerprint). Option C combines two different factors, making it more secure than combinations of the same type.
6. What is the primary function of a firewall?
A) Encrypt data
B) Authenticate users
C) Block unauthorized access
D) Detect malware
Answer: C
Explanation:
Firewalls are network security devices that monitor incoming and outgoing traffic based on predefined security rules. Their main purpose is to establish a barrier between trusted internal networks and untrusted external networks, such as the internet, thereby preventing unauthorized access.
7. Which attack involves injecting malicious code into a trusted website?
A) SQL injection
B) Cross-site scripting (XSS)
C) Phishing
D) DNS spoofing
Answer: B
Explanation:
Cross-site scripting (XSS) occurs when attackers inject malicious scripts into content from otherwise trusted websites. These scripts run in the user’s browser, potentially stealing cookies, session tokens, or redirecting users to malicious websites. XSS exploits weaknesses in web applications that fail to validate user inputs.
8. What type of malware disguises itself as legitimate software?
A) Worm
B) Trojan
C) Rootkit
D) Ransomware
Answer: B
Explanation:
A Trojan, or Trojan horse, appears to be useful or legitimate software but actually performs malicious actions once installed. Unlike worms or viruses, Trojans don’t replicate but rely on users to download and run them. They often create backdoors or install spyware on the system.
9. Which type of attack floods a system with traffic to make it unavailable?
A) Phishing
B) SQL injection
C) Denial of Service (DoS)
D) Privilege escalation
Answer: C
Explanation:
A Denial of Service (DoS) attack overwhelms a system, server, or network with excessive traffic, exhausting resources and making it unavailable to legitimate users. Distributed DoS (DDoS) attacks use multiple systems to increase the volume of the attack and complicate defense efforts.
10. What is the purpose of a VPN?
A) Detect malware
B) Encrypt internet traffic and mask IP addresses
C) Provide public IP addresses
D) Manage user passwords
Answer: B
Explanation:
A Virtual Private Network (VPN) establishes a secure, encrypted tunnel between the user and the destination network. It protects data from eavesdropping, especially over public Wi-Fi, and hides the user’s IP address. VPNs are critical for secure remote work and privacy.
11. Which security control is primarily designed to identify and respond to incidents after they occur?
A) Preventive
B) Detective
C) Compensating
D) Deterrent
Answer: B
Explanation:
Detective controls are implemented to identify and detect security breaches after they have occurred. These include intrusion detection systems (IDS), audit logs, and security cameras. Unlike preventive controls, which try to stop incidents, detective controls help in analyzing what happened and may assist in responding to and containing the impact.
12. Which protocol is commonly used to securely access remote servers via command line?
A) FTP
B) Telnet
C) SSH
D) SNMP
Answer: C
Explanation:
Secure Shell (SSH) is a cryptographic network protocol used to securely access and manage devices remotely. Unlike Telnet, which transmits data in plaintext, SSH encrypts the session, protecting login credentials and commands from eavesdropping or interception. SSH is widely used by administrators to manage Linux servers.
13. Which type of attack manipulates a database query to gain unauthorized access?
A) Brute-force
B) DNS poisoning
C) SQL injection
D) Phishing
Answer: C
Explanation:
SQL injection occurs when attackers insert or manipulate SQL commands in user inputs to exploit vulnerabilities in applications. If input validation is lacking, attackers can execute arbitrary SQL commands, potentially gaining full access to databases, modifying data, or exfiltrating sensitive information. Input sanitization is key to prevention.
14. Which of the following is a symmetric encryption algorithm?
A) RSA
B) ECC
C) AES
D) DSA
Answer: C
Explanation:
Advanced Encryption Standard (AES) is a symmetric key algorithm widely used for securing data due to its speed and strength. Both the sender and recipient use the same key for encryption and decryption. AES is trusted for applications ranging from file encryption to network security (e.g., VPNs).
15. What is the main difference between IDS and IPS?
A) IDS encrypts data; IPS does not
B) IDS blocks traffic; IPS only monitors
C) IDS detects threats; IPS detects and blocks
D) IDS is hardware-based; IPS is software-based
Answer: C
Explanation:
Intrusion Detection Systems (IDS) monitor network or system activities for malicious actions and generate alerts. Intrusion Prevention Systems (IPS) not only detect suspicious behavior but can also automatically block or reject malicious traffic. IPS is often placed inline, allowing it to actively prevent attacks in real time.
16. Which method ensures data is recoverable after hardware failure?
A) Load balancing
B) RAID
C) VPN
D) NAT
Answer: B
Explanation:
RAID (Redundant Array of Independent Disks) provides data redundancy and performance improvement by combining multiple physical disks into one logical unit. Depending on the configuration (e.g., RAID 1, 5, or 10), it can protect against data loss due to disk failure, making it essential in enterprise storage systems.
17. What is a logic bomb?
A) Malware that spreads through USB drives
B) A self-replicating program
C) Code triggered by a specific condition
D) Script used for penetration testing
Answer: C
Explanation:
A logic bomb is malicious code that remains dormant until a certain condition is met—such as a specific date or an action by the user. Once triggered, it can delete files, corrupt data, or disable systems. Because it hides within legitimate software, it’s hard to detect before activation.
18. Which type of social engineering attack tricks users into clicking malicious links via messaging apps?
A) Whaling
B) Smishing
C) Spear phishing
D) Vishing
Answer: B
Explanation:
Smishing is a form of phishing that uses SMS or messaging apps to lure users into clicking malicious links or revealing sensitive information. The attacker typically sends urgent or enticing messages that appear to come from legitimate sources, prompting users to act quickly without verifying the message’s authenticity.
19. Which wireless encryption standard is considered the most secure today?
A) WEP
B) WPA
C) WPA2
D) WPA3
Answer: D
Explanation:
WPA3 is the most current and secure wireless encryption standard, offering stronger protections against password guessing and better data security, especially on public networks. It replaces WPA2 and includes features like forward secrecy and individualized data encryption, making it much harder for attackers to intercept traffic.
20. What is the purpose of a security baseline?
A) To define legal security requirements
B) To serve as a benchmark for system configurations
C) To set up firewalls
D) To test incident response
Answer: B
Explanation:
A security baseline establishes a standard set of security configurations and practices that must be met to ensure a system’s integrity and protection. It acts as a benchmark for compliance and risk management. Regular audits compare current system settings against this baseline to detect drift and vulnerabilities.
21. What is the role of a Certificate Authority (CA)?
A) To encrypt messages
B) To sign and issue digital certificates
C) To validate passwords
D) To store encryption keys
Answer: B
Explanation:
A Certificate Authority (CA) is a trusted organization that issues and manages digital certificates used in Public Key Infrastructure (PKI). The CA verifies the identity of certificate requesters and digitally signs certificates to ensure authenticity, enabling secure communication, especially in HTTPS transactions and email encryption.
22. What is a zero-day vulnerability?
A) A known bug not yet patched
B) A vulnerability that has not been publicly disclosed
C) A scheduled software update
D) A virus signature in antivirus databases
Answer: B
Explanation:
A zero-day vulnerability is a previously unknown flaw in software that has not yet been patched or disclosed publicly. Hackers can exploit it before vendors develop or release a fix, making it highly dangerous. Zero-day exploits are difficult to detect and defend against without behavior-based detection.
23. Which of the following BEST defines risk?
A) The likelihood of malware infection
B) The impact of a threat multiplied by its likelihood
C) The number of firewalls used
D) The value of company assets
Answer: B
Explanation:
Risk in cybersecurity is generally defined as the product of the likelihood of a threat exploiting a vulnerability and the potential impact it would cause. This formula helps organizations prioritize mitigation strategies based on how much damage could occur and how probable the event is.
24. Which access control model uses labels like “Confidential” and “Top Secret”?
A) Discretionary Access Control (DAC)
B) Role-Based Access Control (RBAC)
C) Mandatory Access Control (MAC)
D) Attribute-Based Access Control (ABAC)
Answer: C
Explanation:
Mandatory Access Control (MAC) assigns labels to users and objects and strictly enforces access based on these labels. Access decisions are made by the system, not the user or owner, making MAC suitable for military or government environments where security classifications like “Confidential” or “Top Secret” are used.
25. What does the term “hardening” refer to in cybersecurity?
A) Encrypting user data
B) Updating antivirus software
C) Reducing vulnerabilities in a system
D) Installing firewalls
Answer: C
Explanation:
System hardening involves securing a system by reducing its attack surface. This includes removing unnecessary services, closing unused ports, applying security patches, and configuring system settings securely. By minimizing potential entry points, hardening protects systems from exploitation.
26. What is an example of a deterrent security control?
A) Surveillance camera
B) Intrusion prevention system
C) Antivirus software
D) Data backup
Answer: A
Explanation:
A deterrent control discourages potential attackers from attempting to compromise a system. Surveillance cameras act as a psychological deterrent—knowing they’re being watched, malicious actors may decide not to proceed with their attack. They don’t prevent or detect, but they can influence behavior.
27. What is the PRIMARY goal of incident response?
A) Punish the attacker
B) Restore operations and limit damage
C) Notify the media
D) Replace infected hardware
Answer: B
Explanation:
The primary goal of incident response is to manage and mitigate the damage caused by security incidents, restore affected systems quickly, and prevent recurrence. A strong incident response plan enables organizations to detect, contain, eradicate, and recover from breaches while preserving evidence for investigation.
28. What is the most effective way to reduce phishing attacks in an organization?
A) Purchase antivirus software
B) Install a new firewall
C) Conduct regular user awareness training
D) Change domain names
Answer: C
Explanation:
Phishing primarily exploits human error, making user awareness training the most effective mitigation technique. Educating employees on recognizing suspicious emails, links, and tactics used by attackers can significantly reduce successful phishing attempts and reinforce a culture of security.
29. Which cloud model offers the most control to the customer?
A) SaaS
B) IaaS
C) PaaS
D) DRaaS
Answer: B
Explanation:
Infrastructure as a Service (IaaS) provides users with virtualized computing resources like servers, storage, and networking. The customer manages operating systems, applications, and data, offering greater flexibility and control than SaaS or PaaS models. Examples include Amazon EC2 and Microsoft Azure VMs.
30. Which standard governs payment card security worldwide?
A) FISMA
B) HIPAA
C) PCI DSS
D) ISO 27001
Answer: C
Explanation:
The Payment Card Industry Data Security Standard (PCI DSS) sets the global framework for securing credit and debit card transactions. Organizations that store, process, or transmit cardholder data must comply with these standards to protect sensitive financial data and prevent fraud.
Reviews
There are no reviews yet.