1-50 Security plus questions Flashcards
A company is considering implementing a BYOD policy. What is the most significant security risk to consider?
Possible data leakage
A security analyst observes a huge amount of ICMP echo reply (ping) traffic coming from multiple sources to a
single destination within the network. What type of attack is most likely occurring?
Smurf attack
Which protocol is vulnerable to sniffing attacks because it transmits usernames and passwords in cleartext?
B. FTP
A company has a policy that requires all mobile devices to be encrypted. What is the primary purpose of this
policy?
To prevent data loss if a device is physically lost or stolen
A cybersecurity analyst is reviewing a series of failed login attempts on the company’s user portal. The attempts
appear to be using common usernames and passwords. Which type of attack is most likely being attempted?
Brute force attack
Which of the following symmetric encryption algorithms is considered to be the most secure?
AES
What does a rootkit primarily target?
Operating system
A cybersecurity analyst has discovered that an attacker has been moving laterally within the network. What is
the BEST next step?
Contain the compromise
Which of the following is considered an example of a technical control?
Firewall
A company has implemented a system to centralize the management of user credentials. What is this system
known as?
Identity and Access Management (IAM)
What is the primary purpose of a Web Application Firewall (WAF)?
Protect against SQL injection and XSS attacks
What is the main difference between a worm and a virus?
A virus requires user action to spread, while a worm can spread by itself
Which of the following is a type of public key infrastructure (PKI) attack where the attacker redirects the user to
a malicious website that appears to be legitimate?
Pharming attack
A system administrator finds a file on a user’s desktop that appears to contain a list of passwords for various
company systems. What type of attack has likely occurred?
Credential harvesting
A company has implemented a system that uses a single secure private key to encrypt and decrypt messages.
What type of encryption system is this?
Symmetric encryption
A security analyst is examining logs and notices a large number of HTTP GET and POST requests from an IP
address that doesn’t belong to the company. What type of attack is likely occurring?
SQL injection
A DDoS attack is overwhelming the company’s website. Which of the following would be the most effective way
to mitigate this attack?
Implement rate limiting
What is the primary purpose of a VLAN?
To separate network traffic
Which of the following is a risk associated with cloud computing?
Vendor lock-in
An employee receives an email that appears to be from the CEO asking for sensitive company information. What
type of attack is this an example of?
Whaling
Which form of authentication is based on something the user has?
Security token
Which of the following is the most critical step in responding to a security incident?
Documenting the incident
Which of the following is NOT a characteristic of a zero-day vulnerability?
It is easy to detect
Which technology is used to separate a physical server into multiple virtual servers?
Hypervisor
Which of the following is a security advantage of using a virtual private network (VPN)?
It encrypts data in transit
A security analyst has detected an anomaly in network traffic. Which tool would be best suited to further
investigate this issue?
Which type of malware requires a host program to spread?
Trojan
What is the main benefit of a stateful firewall over a stateless firewall?
It can filter traffic based on the state of the connection
A company is considering outsourcing its email services to a cloud provider. What type of cloud service model is
it considering?
Software as a Service (SaaS)
Which type of security testing involves the tester having full knowledge of the system being tested?
White box testing
A company has implemented a policy that requires all employees to use a smart card and a PIN to access the
corporate network. What type of authentication method is this?
Multifactor authentication
Which of the following is a characteristic of a rainbow table attack?
It uses precomputed hashes to crack passwords
What is the primary purpose of a security incident response plan?
To define the steps to take in response to a security incident
What is the primary purpose of a Certificate Authority (CA) in a Public Key Infrastructure (PKI)?
To issue digital certificates
A security analyst is investigating a potential security incident and notices a large amount of data being
transferred from a company server to an unknown IP address. What type of threat is most likely being
encountered?
Data exfiltration
Which of the following is a characteristic of a full backup?
It backs up all data and marks each file as being backed up
A company is developing a new web application and wants to ensure it is secure. Which of the following would
be the BEST approach?
Conduct a penetration test
A company has suffered a data breach and the investigation revealed that an insider was responsible. What type
of threat does this represent?
Insider threat
Which of the following is a security disadvantage of using peer-to-peer (P2P) networks?
They can be used to distribute malware
Which of the following is a critical step in the patch management process?
Test patches before deployment
Which of the following is an example of a physical security control?
A security analyst is conducting a penetration test and has gained access to a system. The analyst now wants to
ensure they maintain access to the system, even if the system is rebooted. What technique should the analyst
use?
Implementing a backdoor
Which of the following is a benefit of using a Host-based Intrusion Detection System (HIDS) over a Networkbased
Intrusion Detection System (NIDS)?
It can detect attacks that a NIDS cannot, such as attacks that occur within encrypted traffic
A company is planning to implement a system that will require users to provide two forms of identification from
different categories (something they know, something they have, something they are). What type of
authentication is this?
Multifactor authentication
Which of the following is the most secure method for securely disposing of SSD drives?
Physical destruction
A security analyst has detected a number of failed login attempts on a server from a single IP address. What type
of attack is most likely being attempted?
Brute force attack
A user reports that their computer has been running slowly and they have been receiving pop-up ads while
browsing the internet. What type of malware is most likely causing these symptoms?
Adware
Which of the following is an advantage of using a Security Information and Event Management (SIEM) system?
It provides real-time analysis of security alerts
A company uses a secure protocol for transferring files between systems. This protocol also allows for
management and manipulation of directories on the remote system. What protocol is the company using?
SFTP
What are the key concepts of the CIA triad in cybersecurity?
Non-repudiation
Integrity
Availability
