Sample Questions and Answers
What does Network Segmentation help prevent during incident handling?
A) Unauthorized lateral movement within a network
B) Software updates
C) Password guessing
D) Firewall misconfiguration
Answer: A) Unauthorized lateral movement within a network
Explanation: Segmentation limits attacker spread inside the network.
What is data masking?
A) Encrypting data at rest
B) Obscuring sensitive data to protect privacy during testing or analysis
C) Backing up data
D) Removing data
Answer: B) Obscuring sensitive data to protect privacy during testing or analysis
Explanation: Data masking prevents exposure of real data.
What is a buffer overflow attack?
A) An attack where more data is written to a buffer than it can hold, overwriting adjacent memory
B) Network scanning
C) Password cracking
D) SQL injection
Answer: A) An attack where more data is written to a buffer than it can hold, overwriting adjacent memory
Explanation: This can lead to arbitrary code execution or crashes.
Which of the following best describes incident classification?
A) Grouping incidents based on severity, type, and impact to guide response
B) Ignoring minor incidents
C) Encrypting data
D) Deleting logs
Answer: A) Grouping incidents based on severity, type, and impact to guide response
Explanation: Classification helps prioritize handling efforts.
What is the purpose of integrity checking tools in incident handling?
A) To verify that files and systems have not been altered or tampered with
B) To encrypt data
C) To scan emails
D) To update firewalls
Answer: A) To verify that files and systems have not been altered or tampered with
Explanation: Integrity checks help detect unauthorized changes.
What is the best practice for communication during an incident?
A) Centralized, controlled, and documented communication channels
B) Open to everyone
C) No communication
D) Only verbal communication
Answer: A) Centralized, controlled, and documented communication channels
Explanation: Clear communication reduces confusion and misinformation.
What is the function of a security operations center (SOC)?
A) To manage security monitoring, detection, and incident response operations 24/7
B) Backup data
C) Configure firewalls
D) Train employees
Answer: A) To manage security monitoring, detection, and incident response operations 24/7
Explanation: SOCs provide centralized security management.
What is a honeynet?
A) A network of honeypots designed to trap and study attackers
B) A firewall rule set
C) A virus scanner
D) A type of encryption
Answer: A) A network of honeypots designed to trap and study attackers
Explanation: Honeynets provide broader visibility into attacker activity.
What is the primary objective of forensic imaging during an incident response?
A) To create a duplicate of a storage device without altering the original evidence
B) To delete malicious files
C) To speed up network performance
D) To update antivirus definitions
Answer: A) To create a duplicate of a storage device without altering the original evidence
Explanation: Forensic imaging preserves evidence integrity for investigation.
Which step in incident response involves identifying the scope and impact of an incident?
A) Preparation
B) Detection and Analysis
C) Containment
D) Recovery
Answer: B) Detection and Analysis
Explanation: This phase focuses on understanding what happened and its extent.
What does triage refer to in incident response?
A) Prioritizing incidents based on severity and impact
B) Encrypting files
C) Backup procedures
D) Logging user activities
Answer: A) Prioritizing incidents based on severity and impact
Explanation: Triage ensures critical incidents receive immediate attention.
Which of the following is a key benefit of automated incident response tools?
A) Reducing response times and human errors
B) Increasing system downtime
C) Creating more manual tasks
D) Removing firewalls
Answer: A) Reducing response times and human errors
Explanation: Automation helps handle incidents faster and consistently.
What is steganography in cybersecurity?
A) Hiding information within other non-secret data, such as images or audio
B) Encrypting files
C) Deleting data
D) Scanning for malware
Answer: A) Hiding information within other non-secret data, such as images or audio
Explanation: Steganography conceals messages to avoid detection.
What is the role of memory forensics in incident handling?
A) Analyzing volatile data like running processes and network connections from RAM
B) Encrypting files
C) Backup strategy
D) Network scanning
Answer: A) Analyzing volatile data like running processes and network connections from RAM
Explanation: Memory analysis helps identify active malware and attacker behavior.
What is fuzz testing used for in cybersecurity?
A) Identifying vulnerabilities by inputting invalid or random data to test software robustness
B) Backing up data
C) Scanning emails
D) Encrypting files
Answer: A) Identifying vulnerabilities by inputting invalid or random data to test software robustness
Explanation: Fuzzing detects potential software flaws.
What is the primary purpose of an incident response policy?
A) To define roles, responsibilities, and procedures for managing incidents
B) To encrypt data
C) To delete logs
D) To install antivirus software
Answer: A) To define roles, responsibilities, and procedures for managing incidents
Explanation: Clear policies ensure consistent and effective incident handling.
What does chain reaction mean in the context of cybersecurity incidents?
A) When an incident triggers other related security events or failures
B) System reboot
C) Password change
D) Software update
Answer: A) When an incident triggers other related security events or failures
Explanation: Understanding chain reactions helps anticipate cascading effects.
What is a security baseline?
A) A documented set of minimum security configurations and controls for systems
B) A firewall rule
C) User password list
D) Antivirus software
Answer: A) A documented set of minimum security configurations and controls for systems
Explanation: Baselines ensure systems meet organizational security standards.
What is the main goal of data exfiltration detection?
A) To identify unauthorized transfer of sensitive data outside the network
B) To delete data
C) To encrypt files
D) To install updates
Answer: A) To identify unauthorized transfer of sensitive data outside the network
Explanation: Detecting exfiltration prevents data breaches.
What is the function of Network Access Control (NAC)?
A) To enforce security policies by controlling device access to the network
B) To back up data
C) To encrypt files
D) To scan emails
Answer: A) To enforce security policies by controlling device access to the network
Explanation: NAC ensures only compliant devices connect to the network.
Which of the following is an example of a physical security control?
A) Security guards
B) Antivirus software
C) Firewalls
D) User passwords
Answer: A) Security guards
Explanation: Physical controls protect against unauthorized physical access.
What is a Denial of Service (DoS) attack designed to do?
A) Make a system or network resource unavailable to legitimate users
B) Encrypt data
C) Scan ports
D) Phish users
Answer: A) Make a system or network resource unavailable to legitimate users
Explanation: DoS attacks disrupt service availability.
What is a backdoor in cybersecurity?
A) A hidden method to bypass normal authentication and gain access
B) A firewall
C) Antivirus software
D) User training
Answer: A) A hidden method to bypass normal authentication and gain access
Explanation: Backdoors allow unauthorized entry into systems.
What is the role of log correlation in incident detection?
A) Combining data from multiple logs to identify suspicious patterns
B) Deleting logs
C) Encrypting data
D) Updating software
Answer: A) Combining data from multiple logs to identify suspicious patterns
Explanation: Correlation improves detection accuracy.
What is a false positive in incident detection?
A) An alert triggered by legitimate activity mistakenly identified as malicious
B) A confirmed attack
C) An encrypted file
D) A system crash
Answer: A) An alert triggered by legitimate activity mistakenly identified as malicious
Explanation: False positives can waste resources if not managed properly.
Which of the following is a common tool used for packet capture and analysis?
A) Wireshark
B) Nmap
C) Metasploit
D) John the Ripper
Answer: A) Wireshark
Explanation: Wireshark captures and analyzes network traffic.
What is the goal of sandbox evasion techniques used by malware?
A) To detect and avoid running in a controlled analysis environment
B) To encrypt files
C) To scan emails
D) To create backups
Answer: A) To detect and avoid running in a controlled analysis environment
Explanation: Evasion helps malware avoid detection by analysts.
What is the significance of time stamping in incident logs?
A) To record the exact time an event occurred for timeline reconstruction
B) To encrypt data
C) To delete logs
D) To scan for malware
Answer: A) To record the exact time an event occurred for timeline reconstruction
Explanation: Accurate timestamps help correlate events.
What is a pivot table used for in security data analysis?
A) To summarize and analyze large sets of data efficiently
B) To scan emails
C) To encrypt files
D) To delete logs
Answer: A) To summarize and analyze large sets of data efficiently
Explanation: Pivot tables help visualize trends and patterns.
What is the best description of social engineering?
A) Manipulating people into divulging confidential information
B) Writing software code
C) Encrypting data
D) Installing firewalls
Answer: A) Manipulating people into divulging confidential information
Explanation: Social engineering exploits human psychology.
What does NIST 800-61 provide guidance on?
A) Computer security incident handling
B) Software development
C) Network design
D) User training
Answer: A) Computer security incident handling
Explanation: NIST 800-61 is a key incident response framework.
What is the difference between incident response and disaster recovery?
A) Incident response addresses immediate threats; disaster recovery focuses on restoring operations post-incident
B) They are the same
C) Disaster recovery happens before an incident
D) Incident response deletes data
Answer: A) Incident response addresses immediate threats; disaster recovery focuses on restoring operations post-incident
Explanation: Both are essential but cover different phases.
What is the primary purpose of encryption in incident handling?
A) To protect data confidentiality during storage or transmission
B) To delete files
C) To scan for malware
D) To reboot systems
Answer: A) To protect data confidentiality during storage or transmission
Explanation: Encryption prevents unauthorized data access.
What is a phishing attack?
A) An attempt to trick users into revealing sensitive information via fraudulent communications
B) A type of malware
C) A firewall rule
D) Data backup
Answer: A) An attempt to trick users into revealing sensitive information via fraudulent communications
Explanation: Phishing exploits human trust.
What is the purpose of security awareness training in incident prevention?
A) Educate users on security policies and threat recognition to reduce risk
B) Encrypt data
C) Update firewalls
D) Scan emails
Answer: A) Educate users on security policies and threat recognition to reduce risk
Explanation: Informed users help prevent incidents.
What does DLP stand for and what is its function?
A) Data Loss Prevention; it prevents unauthorized data transmission outside the organization
B) Digital License Protocol; software licensing
C) Domain Layer Protection; firewall rule
D) Data Link Protocol; network standard
Answer: A) Data Loss Prevention; it prevents unauthorized data transmission outside the organization
Explanation: DLP protects sensitive data leakage.
Which of the following best describes sandboxing in malware analysis?
A) Executing suspicious code in a controlled, isolated environment to observe behavior
B) Encrypting data
C) Blocking IP addresses
D) Running a backup
Answer: A) Executing suspicious code in a controlled, isolated environment to observe behavior
Explanation: Sandboxing prevents malware from harming production systems.
Reviews
There are no reviews yet.