Cybersecurity Quiz

Questions and Answers

What cybersecurity term best describes an employee unknowingly clicking on a phishing email link, leading to a data breach?

Risk

Threat actor

Vulnerability (correct)

Threat

What concept is crucial in assessing the potential impact of a critical vulnerability in a payment processing system?

Threat vector

Risk (correct)

Vulnerability

Threat

What is the primary motivation for a threat actor demanding payment to prevent the release of sensitive customer data?

Fraud

Blackmail

Extortion (correct)

Political motivation

What cryptographic concept does Alice utilize when she encrypts a message to securely send to Bob?

Ciphertext

Which type of cipher involves replacing individual characters or blocks in the plaintext with different ciphertext?

Substitution cipher

Which term describes the potential for loss or damage when a system is exposed to a threat?

Risk

What method can be employed to assess the effectiveness of current security measures?

Penetration testing

What does the term 'threat actor' primarily refer to?

A party capable of causing harm

Why is controlling data flow between network segments important in secure architecture design?

To prevent unauthorized access and data breaches

What is the purpose of VLAN segmentation in a network infrastructure?

To improve network performance by reducing broadcast domains

Which networking device is required for a VoIP handset to communicate with a workstation located in a different VLAN?

Router

How do VLANs influence the overall security of a network?

By isolating sensitive data traffic from regular traffic

What could be a potential disadvantage of VLAN segmentation?

Increased network latency due to routing overhead

Which of the following is NOT a benefit of implementing VLANs?

Guaranteed quality of service for all traffic types

What is a primary function of a router in a VLAN environment?

To connect multiple VLANs for communication

Which scenario best illustrates a drawback of not using VLANs?

All workstations can access sensitive information regardless of necessity

Why is it important for Alice and Bob to meet in person to agree on a cipher and secret key value?

To agree on a secret key without interception

Which authentication design principle emphasizes that the method should not hinder user workflows?

Availability

What is the first step in setting up biometric authentication?

Acquiring the biometric sample from the target

Which advantage of fingerprint recognition is commonly recognized in security discussions?

It is non-intrusive and relatively simple to use

In the context of cryptographic algorithms, what is a primary concern when using asymmetric encryption?

Key management complexity

What factor is most significant when evaluating the usability of an authentication system?

User satisfaction and experience

Which of the following is a major disadvantage of using biometric authentication?

It cannot be easily revoked

Which of the following is NOT a type of hybrid cipher?

Vigenère cipher

What feature of WPA3 enhances the security of Wi-Fi networks in open environments?

Simultaneous Authentication of Equals (SAE)

Which configuration mode should a company choose for their access points to support both WPA2 and WPA3 devices?

WPA3-Personal Transition mode

Why is 2nd Wave Corp implementing baseline configurations for its devices?

To establish a standard set of guidelines for configuring devices securely

What is the reason for Manhize Corp to regularly update its baseline configurations?

To maintain the security and mitigate emerging threats

Which of the following is a primary security feature offered by WPA3?

Improved password security with SAE

What does the Enhanced Open feature in WPA3 specifically address?

Protection against eavesdropping on open networks

Why is using default credentials for devices considered a security risk?

They are universally recognized by attackers

What is a common reason for businesses to migrate from WPA2 to WPA3?

To implement better security measures

Why is it important for Manhize Corp to test patches before deployment?

To identify potential issues or conflicts arising from the patch

What protocol should be used to securely transmit sensitive user information over the network?

HTTPS

What is a significant consideration when using secure communication protocols?

Effective management of cryptographic keys is crucial for secure protocol

What is a potential drawback of endpoint hardening?

It could inadvertently restrict user access

What is the main goal of testing patches before deployment?

To validate the stability and security of the patch

Which of the following statements about secure protocols is correct?

They often rely on complex security measures

Which option best describes a consequence of not testing patches before deployment?

Potential services disruption or system instability

What is a critical advantage of using HTTPS over HTTP?

It encrypts data during transmission

What action is most effective in addressing the vulnerabilities of the BIND server software?

Perform regular updates and apply the latest security patches.

What is a critical reason for archiving historical log and network traffic data in a SIEM?

To meet compliance requirements and enable retrospective incident investigation.

In what way does XCCDF enhance vulnerability scanning processes?

By developing and auditing best practice configuration checklists.

How could enabling DNS Security Extensions (DNSSEC) benefit a DNS server?

By providing cryptographic authentication to prevent spoofing.

Which of the following is NOT a benefit of performing regular patching on the BIND server?

It eliminates all potential vulnerabilities.

Which measure helps strengthen DNS server security against unauthorized modifications?

Enforcing strong authentication mechanisms for DNS record changes.

What is a potential impact of not archiving historical log data in a SIEM system?

Reduced incident response capabilities.

What is a primary goal of implementing strict access controls on a DNS server?

To prevent unauthorized DNS footprinting and manipulation.

Study Notes

Module: Systems Development 2B

• Exam revision for Summative Assessment 1 (SA1)
• Multiple choice questions (50 examples) are provided

Question 1

• Sarah needs to implement an access control system for sensitive company data.
• Only authorized employees should access the data.
• The correct security control is authentication.

Question 2

• John, the CISO, needs to conduct a gap analysis to identify differences between the implemented cybersecurity framework and the company's security systems.
• The purpose of the gap analysis is to evaluate the effectiveness of the company's existing security controls.

Question 3

• Emily, the compliance officer, needs to prioritize investments based on the gap analysis to achieve the target cybersecurity capabilities.
• Prioritizing investments allows the organization to achieve regulatory compliance and improve cybersecurity capabilities.

Question 4

• An employee clicking on a phishing link leading to a data breach is considered a vulnerability.
• The term that best describes this employee's action is vulnerability.

Question 5

• A critical vulnerability in a company's payment processing system could lead to financial loss.
• Risk is crucial in assessing the potential impact of this vulnerability.

Question 6

• A threat actor demands payment to prevent the release of sensitive customer data.
• The primary motivation is extortion.

Question 7

• Alice wants to securely send a message to Bob over an insecure channel.
• The cryptographic concept Alice utilizes is encryption using ciphertext.

Question 8

• A cipher that involves replacing characters or blocks in plaintext with different ciphertext is a substitution cipher.

Question 9

• Alice and Bob meet in person to agree on a cipher and a secret key.
• Meeting in person is important for ensuring authentication and agreeing on a secret key without interception.

Question 10

• The security team is evaluating authentication methods for usability.
• The authentication design principle is availability.

Question 11

• Biometric authentication is being considered for access control.
• The first step is acquiring the biometric sample from the target.

Question 12

• The security team is discussing fingerprint recognition.
• An advantage of fingerprint recognition is it is non-intrusive and relatively simple to use.

Question 13

• Controlling data flow between network segments is important for secure architecture.
• This is important for preventing unauthorized access and data breaches.

Question 14

• Cheerleaders Pvt. Ltd. segmented workstations and VoIP handsets using VLANs.
• VLAN segmentation improves network performance by reducing broadcast domains.

Question 15

• In Cheerleaders Pvt. Ltd's network, a VoIP handset needs to communicate with a workstation computer.
• A router is the required device for communication between these devices.

Question 16

• Security implications of single-tenant and multi-tenant cloud architectures are discussed.
• Single-tenant architectures offer better performance and control, but are more expensive. Multi-tenant architectures are cost-effective but can have unauthorized access risks.

Question 17

• 2nd Wave Pvt. Ltd. plans to implement a hybrid cloud environment.
• The primary security concern is integration issues related to managing multiple cloud environments.

Question 18

• A startup company needs to improve performance and reliability of its online platform by distributing content across servers.
• The best technology for this is Content Delivery Networks (CDNs).

Question 19

• A large organization is updating its asset management process.
• Asset ownership assignment involves designating individuals or teams responsible for specific assets.

Question 20

• An organization is concerned about ransomware attacks compromising their backup infrastructure.
• Implementing air-gapped backups physically disconnected from the network is a key strategy in this scenario.

Question 21

• An organization needs to maintain data availability and integrity across multiple locations and systems.
• Replication creates and maintains exact copies of data on different storage systems.

Question 22

• What is the main characteristic of an end-of-life (EOL) system?
• It is outdated and no longer supported by the manufacturer or vendor.

Question 23

• What is a common characteristic of legacy systems?
• They often remain in use despite being outdated.

Question 24

• Sarah, an employee, wants to install a productivity app on her company-issued Android device. She decided to sideload the app from a third-party website.
• This action exposes her and the organization to increased risk of data breaches and non-compliance.

Question 25

• A server administrator is tasked with securing the organization's servers to improve server security.
• Prioritize applying software security patches and updates regularly.

Question 26

• A small business wants to enhance Wi-Fi security with WPA3.
• Simultaneous Authentication of Equals (SAE) provides improved security, especially in open environments.

Question 27

• A company deploying a new Wi-Fi network wants compatibility with WPA2 and WPA3 devices.
• The configuration mode is WPA3-Personal Transition mode.

Question 28

• 2nd Wave Corp is planning to implement baseline configurations for security on devices.
• The main reason for this is to establish standard guidelines for securely configuring devices.

Question 29

• Manhize Corp needs to regularly update baseline configurations for security.
• The crucial reason is to minimize the impact of security threats and vulnerabilities.

Question 30

• Manhize Corp tests patches before deployment.
• This is crucial for identifying potential issues or conflicts arising from the patch.

Question 31

• Tom, a network administrator, needs to transmit sensitive user information securely.
• The prioritized protocol is HTTPS.

Question 32

• Olivia, a security consultant, is advising on secure communication protocols.
• A key consideration is that effective management of cryptographic keys is crucial for secure protocols.

Question 33

• Manhize Corporation uses an internal DNS server.
• Performing regular patching and updates to the BIND server software (ISC) is vital for mitigating potential risks.

Question 34

• Archiving historical log and network traffic data is important for a SIEM.
• This enables retrospective incident investigation and meeting compliance requirements.

Question 35

• Extensible Configuration Checklist Description Format (XCCDF) contributes to vulnerability scanning.
• This is through developing and auditing best practice configuration checklists.

Question 36

• The purpose of Open Vulnerability and Assessment Language (OVAL) in Security Content Automation Protocol (SCAP) is:
• To describe system security state and query vulnerability reports.

Question 37

• A user downloads a free software application with malicious code hidden.
• This describes a Trojan.

Question 38

• A user experiences unusual web browser behavior, including pop-up ads and changed bookmarks.
• The likely malware is Adware.

Question 39

• An individual installs a seemingly harmless software app from an untrusted source.
• The app is most likely classified as Spyware.

Question 40

• A company experiences increased malware infections due to unauthorized software downloads.
• Implementing an Acceptable Use Policy (AUP) is the most effective policy.

Question 41

• A corporation has experienced a data breach.
• Implementing Information Security Policies is the most relevant policy.

Question 42

• An organization's help desk receives many support requests via email.
• Guidelines should include recommending specific language and tone in email responses.

Question 43

• A company implements security controls to mitigate risks.
• They should primarily focus on residual risk before implementing mitigation measures.

Question 44

• An organization aims to reduce risk factors to a manageable level.
• The overall status of risk management is called risk posture.

Question 45

• An organization purchases cybersecurity insurance.
• This utilizes the risk transference strategy.

Question 46

• A company has a unique manufacturing process giving it a competitive edge.
• This represents trade secret data.

Question 47

• An organization develops a new military-grade encryption technology.
• The appropriate data classification is Critical (top secret).

Question 48

• A company uses cloud services globally.
• They should store and process data in data centers within the defined legal boundaries to comply with data sovereignty requirements.

Question 49

• An organization fails to meet its contractual cybersecurity measures.
• A potential consequence is termination of the contract.

Question 50

• An IT manager has extensive privileges.
• Implementing a Privilege/Credential Management Policy addresses the potential misuse of these privileges.

Description

Test your knowledge on key cybersecurity concepts and terminology. This quiz covers topics such as phishing, cryptography, and threat assessment. Perfect for students or professionals seeking to reinforce their understanding of cybersecurity fundamentals.