1) An organization is deploying a system that requires strict control over who can access sensitive data. The system needs to ensure that only authorized users have access to this information while preventing accidental exposure to unauthorized users. Which component of the CIA Triad is most directly addressed by this requirement? a) A) Accountability b) B) Confidentiality c) C) Integriy d) D) Authenticity 2) A financial institution discovers that an attacker altered data within its transaction database, resulting in incorrect account balances. Which type of attack has most likely occurred, and what principle of the CIA Triad was violated? a) A) Denial of Service (DoS); Availability b) B) Interception; Confidentiality c) C) Modification; Integrity d) D) Fabrication; Integrity 3) A company decides to use a public-private key pair for encrypting communications between their servers and clients. Which characteristic of asymmetric cryptography makes it suitable for this purpose? a) A) Uses the same key for encryption and decryption b) B) Uses two different keys for encryption and decryption c) C) Requires a shared secret key d) D) Is faster than symmetric cryptography 4) To protect against a variety of potential threats, an organization implements a security strategy that includes network firewalls, multi-factor authentication, intrusion detection systems, and employee training. This approach is an example of which principle? a) A) Layered security b) B) Continuous monitoring c) C) Defense in Depth d) D) Least Privilege 5) An analyst in an organization has just received a system notification indicating that an adverse event has been detected. The analyst acknowledges the system notification is accurate. What phase of Incidence Response is being described? a) A) Preparation b) B) Containment c) C) Identification d) D) Recovery 6) During a cybersecurity audit, a company identifies several potential vulnerabilities in their network. Which phase of the Risk Management process would involve determining how likely these vulnerabilities are to be exploited and the potential impact of exploitation? a) A) Identification b) B) Mitigation c) C) Assessment d) D) Evaluation 7) A government agency needs to restrict physical access to its server rooms. Which of the following would be the most appropriate control to implement for this purpose? a) A) Firewalls b) B) Antivirus software c) C) Biometric scanners d) D) Encryption algorithms 8) A company's network audit reveals that attackers can move from one system to another once inside the network. Which security measure would best address this vulnerability? a) A) Endpoint encryption b) B) Network segmentation c) C) Installing antivirus software d) D) Configuring multi-factor authentication 9) An employee receives a phishing email and unknowingly provides their login credentials to an attacker. Which security measure could have minimized the risk of this incident? a) A) Strong password policy b) B) Multi-factor authentication c) C) Backup systems d) D) Firewalls 10) A system administrator needs to prevent certain employees from accessing company systems after work hours. Which access control model should the administrator consider? a) A) Role-Based Access Control (RBAC) b) B) Attribute-Based Access Control (ABAC) c) C) Mandatory Access Control (MAC) d) D) Discretionary Access Control (DAC) 11) During an attack, SQL commands are injected into a login form to gain unauthorized access to a database. What is the most effective way to mitigate this type of attack? a) A) Password complexity rules b) B) Input validation c) C) Full disk encryption d) D) Two-factor authentication 12) After a security breach, an organization finds that unpatched software vulnerabilities were exploited. Which part of the Incident Response process should the organization strengthen to prevent this in the future? a) A) Containment b) B) Eradication c) C) Preparation d) D) Recovery 13) An attacker modifies financial records, creating unauthorized transactions. Which aspect of the CIA Triad was compromised, and which security control could have prevented it? a) A) Availability; redundancy in system architecture b) B) Confidentiality; encrypting sensitive records c) C) Integrity; hashing d) D) Availability; regular backups 14) A hospital’s electronic health records are encrypted by ransomware, preventing access to patient data. Which security principle is violated, and what could have mitigated the attack? a) A) Confidentiality; encryption of data at rest b) B) Availability; regular data backups c) C) Integrity; input validation d) D) Utility; secure file sharing 15) A company wants to prevent an employee from completing both approval and execution of sensitive financial transactions. What security principle should they enforce? a) A) Least privilege b) B) Separation of duties c) C) Multi-factor authentication d) D) Role-based access control 16) An employee was tricked into transferring funds to an attacker by clicking a fraudulent email link. Which of the following best describes this type of attack, and what could mitigate its success? a) A) Denial of Service; firewalls b) B) Phishing; employee training c) C) Man-in-the-Middle; VPN d) D) SQL Injection; input validation 17) A financial firm needs to ensure that transaction data has not been altered during processing. Which cryptographic technique should they implement to detect unauthorized changes? a) A) Public key encryption b) B) Hashing c) C) Symmetric encryption d) D) Digital signatures 18) The IT department is redesigning their infrastructure and would like to add the ability to block spam email to their email servers to reduce security incidents. Which of the following would they implement? a) A) Anti-Malware b) B) Firewall c) C) Proxy Server d) D) MFA 19) A small business currently uses a security model where employees are granted access to resources based on the administrator's best judgement of the user's need. What access control model is being used? a) A) Discretionary Access Control (DAC) b) B) Role-Based Access Control (RBAC) c) C) Mandatory Access Control (MAC) d) D) Attribute-Based Access Control (ABAC) 20) An attacker intercepts data sent between a user and a company's website, gaining access to login credentials. Which type of attack is this, and which security control could have prevented it? a) A) Denial of Service; encryption b) B) Man-in-the-Middle; SSL/TLS encryption c) C) Ransomware; backups d) D) Phishing; multi-factor authentication 21) A company is concerned about complying with GDPR and protecting its EU customers' data. In addition to encryption, which of the following measures would help ensure compliance? a) A) Hashing algorithms b) B) Regular security audits c) C) Implementation of access control lists d) D) Use of strong passwords 22) A security analyst notices a spike in traffic to the company's login portal from a single IP address, which causes the system to slow down. Which type of attack is likely occurring, and how could it be mitigated? a) A) Denial of Service (DoS); firewalls b) B) Man-in-the-Middle; SSL/TLS encryption c) C) SQL Injection; input validation d) D) Ransomware; antivirus software 23) A company wants to ensure that if an unauthorized user attempts to access sensitive information, access is denied and an alert is generated. Which type of control would accomplish this? a) A) Preventive control b) B) Detective control c) C) Corrective control d) D) Physical control 24) A breach occurs when an employee uses a personal device infected with malware to access company systems. Which component of Defense in Depth should have been strengthened to prevent this? a) A) Application security b) B) Endpoint security c) C) Network security d) D) Data encryption 25) An attacker sends phishing emails that appear to come from the company's CEO in an attempt to steal login credentials. Which security principle could have reduced the effectiveness of this attack? a) A) Network segmentation b) B) Multi-factor authentication c) C) Firewalls d) D) Role-based access control 26) A company adopts multi-factor authentication (MFA) to protect user accounts. Some employees complain that it slows down their workflow. Which strategy would improve both security and user experience? a) A) Require MFA only for high-risk actions b) B) Remove MFA for certain roles c) C) Implement stronger password policies instead d) D) Eliminate the use of passwords entirely 27) A company encrypts sensitive customer data in its database. However, an audit finds that the decryption key is stored on the same server as the encrypted data. Which security practice should be improved? a) A) Key storage practices b) B) Use of symmetric encryption c) C) Encryption algorithm strength d) D) Frequency of backups 28) A healthcare provider is concerned about unauthorized access to patient records. Which security mechanism would best ensure that only authorized personnel can view the records? a) A) Encryption b) B) Firewalls c) C) Access control lists (ACLs) d) D) Digital signatures 29) A financial institution is worried about attackers modifying data during transactions. What type of cryptography should they implement to ensure the integrity of their data? a) A) Digital signatures b) B) Symmetric encryption c) C) Public key encryption d) D) Hashing 30) A company experiences a breach where sensitive data was stolen from an internal database. The attackers gained access by exploiting an unpatched software vulnerability. What is the best way for the company to prevent similar incidents in the future? a) A) Regular patch management b) B) Role-based access control c) C) Implementing multi-factor authentication d) D) Encryption of all databases 31) An organization wants to ensure that sensitive data is not accessible by unauthorized users even if a device is lost or stolen. Which measure is the most effective for this scenario? a) A) Network firewalls b) B) Full disk encryption c) C) Multi-factor authentication d) D) Role-based access control 32) An attacker floods a company's network with traffic, causing legitimate services to be inaccessible. What type of attack is this, and which defense mechanism would be effective in mitigating it? a) A) Man-in-the-Middle; SSL encryption b) B) Distributed Denial of Service (DDoS); load balancing c) C) Phishing; employee training d) D) SQL Injection; input validation 33) An organization has just discovered a security breach. The have determined that customer data was duplicated and then sold on the dark web. Which component of the Parkerian Hexad is primarily affected? a) A) Integrity b) B) Availability c) C) Possession/Control d) D) Authenticity 34) A security analyst at a financial firm notices that an employee's login credentials were used to access confidential financial reports from an off-site location during non-business hours. The data was viewed but not changed. Which component of the Parkerian Hexad was primarily compromised? a) a) Integrity b) c) Possession c) b) Availability d) d) Confidentiality 35) A multinational corporation is restructuring its IT department and wants to implement an access control system that aligns with job functions across different global offices. The system should automatically adjust permissions when employees change roles. What access control model would be most appropriate for this scenario? a) a) Mandatory Access Control (MAC) b) c) Rule-Based Access Control c) b) Discretionary Access Control (DAC) d) d) Role-Based Access Control (RBAC) 36) During security audit of software development company, it's discovered that the quality assurance team has full access to production databases containing real customer data for testing purposes. Which security principle does this primarily violate? a) a) Least privilege b) b) Defense in depthc c) c) Separation of duties d) d) Need to know 37) A government agency is implementing new secure communication system for sharing classified information. The administrator has chosen system that uses public and private key pair that can be used to encrypt and decrypt data. What type of cryptography did they implement? a) a) Symmetric cryptography b) c) Digital signatures c) b) Hash functions d) d) Asymmetric cryptography 38) A university is reviewing its data protection policies after recent incident where student grades were accidentally made public. The administration wants to ensure compliance with relevant regulations. Which act is most relevant for protecting student educational records in this scenario? a) a) HIPAA b) c) FERPA c) b) SOX d) d) GLBA 39) A cybersecurity team is conducting risk assessment for new cloud-based service. They've identified several potential threats and vulnerabilities. The team now needs to determine the likelihood of these threats exploiting the vulnerabilities. What aspect of risk management are they focusing on? a) a) Risk b) c) Vulnerability c) b) Threat d) d) Impact 40) A healthcare organization is implementing new security strategy to protect patient data. They've decided to use multiple layers of security controls, including physical access controls, encryption, firewalls, and employee training. What approach does this represent? a) a) Principle of least privilege b) c) Zero trust c) b) Separation of duties d) d) Defense in depth 41) An ethical hacking team is hired to test company's security. They are given full access to network diagrams, system specifications, and source code before beginning their assessment. What type of penetration test is this? a) a) Black box b) c) White box c) b) Gray box d) d) Red box 42) A company has experienced several successful phishing attacks in the past year, resulting in data breaches. The CIO wants to implement long-term solution to address this issue. Which of the following would be the most effective approach? a) a) Firewalls b) c) User education and awareness c) b) Encryption d) d) Intrusion Detection Systems 43) A network administrator is configuring new firewall for company's e-commerce platform. The firewall needs to monitor the state of active connections to determine which network packets to allow through. At which layer of the defense layer does this type of firewall primarily operate? a) a) Host layer b) c) Network Perimeter c) b) Application layer d) d) Data layer 44) A government service provider is updating its data protection policies to ensure information security controls that use a risk-based approach. They will implement the framework in the NIST SP-800-53. Which regulatory compliance are they following? a) a) GDPR b) c) HIPAA c) b) FISMA d) d) SOX 45) A bank is implementing new authentication system for its online banking platform. The system requires customers to enter their password and then use physical item that generates a one-time code. Which factor does the physical item represent in this multi-factor authentication setup? a) a) Password b) c) Security token c) b) Fingerprint d) d) PIN 46) A bank is implementing new authentication system for its online banking platform. The system requires customers to enter their password and then use physical item that generates a one-time code. Which factor does the physical item represent in this multi-factor authentication setup? a) a) Password b) c) Security token c) b) Fingerprint d) d) PIN 47) A security admin wants to implement a plan to prevent rogue access points. The admin meticulously documented the legitimate devices on the network infrastructure and will now scan the network regularly for rogue access points. Which tool would they use?. a) a) Honeypot b) c) Kismet c) b) Fuzzer d) d) Wireshark 48) A smart home device manufacturer is conducting a security assessment of their products. They've identified that their devices are using unencrypted protocols for communication between the server and the smart device. What is the primary security concern in this IoT scenario? a) a) Accountability b) c) Confidentiality c) b) Integrity d) d) Authenticity 49) A company is conducting physical security assessment of their data center. They want to implement system that will alert security personnel when unauthorized access is attempted. Which of the following controls is an example of detective control in this context? a) a) Security guards b) c) Biometric locks c) b) Surveillance cameras d) d) Fences 50) A web development team is building new e-commerce platform. They want to implement security measures to prevent attackers from injecting malicious scripts that can be executed in users' browsers. Which security measure is most effective against this type of attack? a) a) Strong passwords b) c) Regular software updates c) b) Input validation d) d) Network segmentation 51) During security audit of financial institution, it's discovered that all employees, regardless of their role, have full access to all customer financial records. Which principle does this primarily violate? a) a) Defense in depth b) c) Need to know c) b) Separation of duties d) d) Least privilege 52) A storage company is implementing new backup strategy for customer data. They want to ensure that the backed-up data hasn't been tampered with during storage or transfer. Which of the following best addresses this aspect of the CIA triad? a) a) Encryption of backup data b) c) Regular testing of backups c) b) Off-site storage of backups d) d) Hash verification of backup files 53) An organization is implementing new intrusion detection system for their network. They want system that can identify new, previously unseen types of attacks based on deviations from normal baseline network behavior. Which type of IDS should they implement? a) a) Anomaly-based IDS b) c) Heuristic-based IDS c) b) Signature-based IDS d) d) Behavior-based IDS 54) A software company releases critical security patch for their widely-used operating system. Many users fail to apply the patch, leading to widespread exploit. Which security best practice was likely violated by the users? a) a) Principle of least privilege b) c) Separation of duties c) b) Defense in depth d) d) Operating system hardening 55) An IT administrator is hardening Linux server that will host critical application. The server is exposed to the internet. Which of the following actions would be most effective in reducing the attack surface? a) a) Implementing strong password policies b) c) Disabling unnecessary services and ports c) b) Enabling full-disk encryption d) d) Installing antivirus software 56) A large corporation is implementing BYOD policy for their employees. They're concerned about the security of corporate data on personal devices. Which of the following is key consideration for mobile device security in this context? a) a) Physical access controls b) c) Network segmentation c) b) Mobile Device Management (MDM) d) d) Server hardening 57) During a risk assessment, an organization identifies potential threat that could cause catastrophic damage to some systems, but it is discovered that they do not deploy any systems at risk from this specific threat. Which statement is True? a) a) The risk assessment is complete b) c) A vulnerability was not identified c) b) The threat is high priority and high impact d) d) Mitigation is necessary due to its severity 58) A security analyst is reviewing the results of vulnerability scan on critical web server. The scan has identified multiple issues including outdated software, misconfigured access controls, weak encryption protocols, and several unpatched critical vulnerabilities. Which of these findings should be addressed first? a) a) Outdated software versions b) c) Misconfigured access controls c) b) Weak encryption protocols d) d) Unpatched critical vulnerabilities 59) An attacker is using a bot net to bombard a web server with data packets with the goal of overloading its processing capacity. Which type of attack is this? a) Interruption b) Fabrication c) Interception d) Buffer Overflow 60) Using the variant of the Caesar Cipher learned in Chapter 5, decrypt the following message: "tbbq yhpx ba gur rkzn" a) fast move to the goal b) drop down on the line c) good luck on the exam d) cool jump in the pool

D430 Fundamentals of InfoSec Quiz #1

प्रिंट
एम्बेड

लीडरबोर्ड

दृश्य शैली

विकल्प

टेम्पलेट स्विच करें

ऑटो-सेव पुनःस्थापित करें: ?