Cybersecurity Threats and Tools

Questions and Answers

Which of the following is NOT a type of malware?

• Trojan Horse
• Virus
• Firewall (correct)
• Worm

What does a DoS attack aim to achieve?

• Stealing sensitive information from a system.
• Modifying data on a system without authorization.
• Gaining unauthorized access to a system.
• Making a system unavailable to legitimate users. (correct)

Which access control model grants permissions based on the user's role within an organization?

• RBAC (Role-Based Access Control) (correct)
• DAC (Discretionary Access Control)
• MAC (Mandatory Access Control)
• ABAC (Attribute-Based Access Control)

Which encryption method uses a single key for both encryption and decryption?

Symmetric encryption (C)

What is the primary purpose of a SIEM (Security Information and Event Management) system?

Detecting and responding to security incidents. (D)

Which security framework provides a comprehensive set of guidelines for information security management?

ISO 27001 (C)

What is the primary function of a VPN (Virtual Private Network)?

Providing secure remote access to a network. (B)

Which of the following is NOT a common step in the incident response process?

Optimization (D)

Which form of malware is designed to replicate itself by inserting copies into other programs?

Viruses (B)

What type of attack seeks to make systems unavailable by overwhelming them?

Distributed Denial of Service (A)

Which security tool is primarily used to monitor and control network traffic?

Firewall (C)

Which social engineering tactic involves using a pretext to manipulate someone into divulging confidential information?

Pretexting (B)

What is the primary purpose of vulnerability assessment?

To identify potential weaknesses in security (D)

Which model is recognized as a framework to guide organizations in managing sensitive information?

ISO/IEC 27001 (A)

What is a common characteristic of a Man-in-the-Middle attack?

Intercepting communications between two parties (A)

Which of the following is a key concept in secure network design?

Defense-in-Depth (C)

Which technology helps analyze security data from multiple sources in real-time?

Security Information and Event Management (B)

What type of malware is disguised as legitimate software?

Trojan (C)

What is primarily required for Two-Factor Authentication (2FA) to be effective?

Two form factors of authentication (B)

Which of the following best illustrates an example of Mandatory Access Control (MAC)?

Access enforced by a system administrator on a need-to-know basis (A)

Which cryptographic protocol is primarily used to secure web communications?

SSL/TLS (B)

What is the main role of digital certificates in Public Key Infrastructure (PKI)?

To verify the authenticity of users and devices (A)

Which of the following concepts focuses on the user account lifecycle management?

Identity Management (C)

What is the purpose of compliance regulations like GDPR and HIPAA?

To protect data privacy and establish security guidelines (C)

Which step in the incident response process typically follows the detection and analysis phase?

Containment (B)

What characterizes Role-Based Access Control (RBAC)?

Permissions are tied to defined user roles within the organization (A)

What is the primary focus of business continuity and disaster recovery planning?

Ensuring operations can continue and recover following disruptions (D)

Which of the following best describes the concept of Single Sign-On (SSO)?

A system that enables access to several applications with a single set of credentials (D)