CH.1 MASTERING SECURITY BASICS

Question 1

Which of the following controls BEST describes an administrative approach that involves assessing the ability to reduce risk and documenting policies?

a) Technical
b) Managerial
c) Operational
d) Physical

Answer 1

Answer: b) Managerial
Explanation: Managerial controls are administrative in nature, focusing on policies and assessments to manage risk. The correct answer is managerial, as this type of control includes things like risk assessments and policies, which are clearly administrative functions documented in an organization’s written policies.

Question 2

A company installs video cameras throughout their office building. The main purpose of the cameras is to provide footage in case of unauthorized access. Which control type does this BEST describe?

a) Preventive
b) Detective
c) Compensating
d) Directive

Answer 2

Answer: b) Detective
Explanation: Video surveillance is primarily a detective control because it records events after they occur, allowing incidents to be identified after the fact. It does not prevent the incident but helps detect it.

Question 2

What principle of the CIA Triad ensures that data remains accurate and unaltered?

a) Confidentiality
b) Integrity
c) Availability
d) Scalability

Answer 2

Answer: b) Integrity
Explanation: Integrity refers to maintaining the accuracy and consistency of data over its lifecycle, ensuring it is not altered through unauthorized actions or errors. This is distinct from confidentiality, which prevents unauthorized access, and availability, which ensures access to resources when needed.

Question 3

John needs to access a secured database. He is required to prove his identity using his password and then gain access to only the specific files he needs. Which access control principles are being used here?

a) Identification and Authorization
b) Authentication and Least Privilege
c) Authorization and Integrity
d) Confidentiality and Availability

Answer 3

**Answer: **
b) Authentication: John must prove his identity using a password. This is the process of verifying that he is who he claims to be.
Least Privilege: John gains access only to the specific files he needs, which means he’s only given the minimum access required for his role. This principle minimizes the risk by restricting access to only the resources necessary for the task.

a) Identification is the process of claiming an identity, such as entering a username.
Authorization determines what resources a user can access after they are authenticated.
In this scenario, John uses a password, which is part of the authentication process, not just identification. The access to specific files relates to least privilege, not authorization alone, which makes this answer incorrect.

c) Authorization is the process of granting or denying specific permissions to access resources after the user is authenticated.
Integrity ensures that data has not been altered or tampered with.

d) Confidentiality ensures that sensitive information is accessible only to authorized individuals.
Availability means that resources are available when needed.

Question 4

Which of the following methods enhances system availability by automatically adding resources during high demand periods?

a) Fault Tolerance
b) Vertical Scaling
c) Scalability
d) Elasticity

Answer 4

Answer: d) Elasticity
Explanation: Elasticity refers to the dynamic adjustment of resources, adding or removing resources as required during changes in demand. Scalability, while related, involves manually adding resources, whereas elasticity automates this process.

Question 5

A security team identifies a potential threat involving employees mistakenly opening phishing emails. They decide to provide specialized training to help employees recognize these emails. Which type of control is this?

a) Preventive
b) Detective
c) Corrective
d) Compensating

Answer 5

Answer: a) Preventive
Explanation: Training is a preventive control aimed at stopping incidents (such as falling for phishing emails) before they occur. It helps reduce the risk of a successful phishing attack by increasing awareness among employees.

Question 6

Which of the following controls aims to detect an incident after it has occurred by analyzing recorded data?

a) Preventive Control
b) Corrective Control
c) Detective Control
d) Deterrent Control

Answer 6

Answer: c) Detective Control
Explanation: Detective controls are used to identify incidents after they have occurred. Log monitoring falls under this category as it involves reviewing logs for signs of suspicious activities to determine if a security incident has taken place.

Question 7

A new employee hasn’t received their smart card yet for authentication. As a temporary measure, the company decides to use Time-based One-Time Password (TOTP) for this employee. What type of control is this?

a) Corrective
b) Compensating
c) Preventive
d) Directive

Answer 7

Answer: b) Compensating
Explanation: A compensating control is used when the primary control is not feasible. In this case, TOTP is a compensating control, serving as an alternative while the employee waits for their smart card.

Question 8

An organization implements SIEM tools to collect and analyze security alerts in real-time across its network. Which control type does this implementation primarily represent?

a) Technical Control
b) Physical Control
c) Operational Control
d) Directive Control

Answer 8

Answer: a) Technical Control
Explanation: SIEM (Security Information and Event Management) tools are technical controls that use technology to monitor network activity and manage security threats. This type of control is implemented automatically by systems rather than manually by individuals.

Question 9

Which of the following describes a weakness that can be exploited by a threat to result in a security incident?

a) Threat
b) Vulnerability
c) Control
d) Exploit

Answer 9

Answer: b) Vulnerability
Explanation: A vulnerability is a weakness in hardware, software, or configuration that can be exploited by a threat. Understanding vulnerabilities is key to assessing risk and implementing effective security controls to mitigate them.

Question 10

Which of the following BEST describes a physical control that also serves as a preventive measure?

a) Risk Assessment
b) Locked Door
c) Encryption
d) SIEM Dashboard

Answer 10

Answer: b) Locked Door
Explanation: A locked door is a physical control that serves as a preventive measure by restricting unauthorized physical access to an area. It prevents unauthorized personnel from entering a secure location.

Question 11

Which of the following is an example of a technical control that helps to maintain the confidentiality of data?

a) Least Privilege
b) Awareness Training
c) Access Control Vestibule
d) Security Policy

Answer 11

Answer: a) Least Privilege
Explanation: Least privilege is a technical control that ensures users have only the permissions they need to perform their job. It helps maintain data confidentiality by reducing unnecessary access.

b) Awareness Training is an operational control that reduces human errors by training personnel.
c) Access Control Vestibule is a physical control that prevents unauthorized access.
d) Security Policy is a managerial control that defines an organization’s security strategy.

Question 12

Your organization has recently hardened a critical server by disabling unnecessary services and applying strict security configurations. Which type of control BEST describes this action?

A. Detective
B. Compensating
C. Preventative
D. Directive

Answer 12

Answer: c) Preventive
Explanation: Hardening is a preventive control that reduces the likelihood of successful attacks by configuring systems securely.

a) Detective controls identify incidents after they occur, such as logging and monitoring.
b) Compensating controls are alternative measures when the primary control is not feasible.
d) Directive controls provide instructions, such as policies and procedures.

Question 13

A security administrator is analyzing potential risks and determining the likelihood of them occurring in order to decide on appropriate security measures. What type of control is this?

a) Operational
b) Managerial
c) Physical
d) Technical

Answer 13

Answer: b) Managerial
Explanation: Managerial controls include risk assessments that help an organization understand and mitigate risks.

a) Operational controls focus on the day-to-day operations, such as user training and configuration management.
c) Physical controls prevent physical access to systems, such as fences and locks.
d) Technical controls use technology, like firewalls or antivirus software.

Question 14

Which of the following BEST ensures data is available during high demand periods?

a) Encryption
b) Hashing
c) Vertical Scaling
d) Patching

Answer 14

Answer: c) Vertical Scaling
Explanation: Vertical scaling increases the capacity of a system by adding more resources, such as memory or processing power, which helps ensure availability.

a) Encryption protects confidentiality, not availability.
b) Hashing ensures data integrity, confirming that it hasn’t been altered.
d) Patching helps ensure availability but mainly addresses vulnerabilities rather than capacity.

Question 15

Which data source BEST helps in understanding the sequence of events leading up to a security incident?

a) Packet Capture
b) Firewall Log
c) SIEM System
d) Operating System Log

Answer 15

Answer: c) SIEM System
Explanation: SIEM systems collect logs from multiple sources and provide a correlated analysis, making it easier to understand sequences of events.

a) Packet Capture helps analyze network traffic but lacks the full context across multiple devices.
b) Firewall Log only records network traffic filtered by the firewall.
d) Operating System Log provides system-specific information, not an overall view.

Question 16

Which of the following is a physical control that also serves as a deterrent?

a) CCTV Cameras
b) Encryption
c) Network Firewall
d) Risk Assessment

Answer 16

Answer: a) CCTV Cameras
Explanation: CCTV cameras are a physical control that also acts as a deterrent by making potential attackers aware that their actions are being recorded.

b) Encryption is a technical control ensuring confidentiality.
c) Network Firewall is a technical control that filters network traffic.
d) Risk Assessment is a managerial control that helps analyze risk.

Question 17

An organization adds a load balancer to its network to distribute traffic across multiple servers. Which principle is the organization trying to achieve?

a) Confidentiality
b) Integrity
c) Availability
d) Elasticity

Answer 17

Answer: c) Availability
Explanation: Adding a load balancer enhances availability by ensuring services remain operational even during high demand or server failure.

a) Confidentiality relates to preventing unauthorized data access.
b) Integrity ensures data isn’t modified.
d) Elasticity involves adding or removing resources automatically

Question 18

Which of the following BEST describes a control that provides instructions on handling security incidents?

a) Compensating
b) Directive
c) Corrective
d) Detective

Answer 18

Answer: b) Directive
Explanation: Directive controls provide instructions, such as policies or guidelines, on how to handle security situations.

a) Compensating controls are alternatives when primary controls aren’t feasible.
c) Corrective controls help restore systems after incidents occur.
d) Detective controls identify incidents after they happen.

Question 19

A server administrator uses a hashing algorithm to confirm that a file sent from one system to another has not been modified. What security principle is being addressed?

a) Confidentiality
b) Integrity
c) Availability
d) Authentication

Answer 19

Answer: b) Integrity
Explanation: Hashing helps ensure data integrity by verifying that the content has not changed during transmission.

a) Confidentiality protects data from unauthorized access.
c) Availability ensures systems are operational.
d) Authentication proves the identity of a user or device.

Question 20

Which of the following is an example of a technical preventive control?

a) Hardening Systems
b) Awareness Training
c) Incident Handling Procedures
d) Bollards

Answer 20

Answer: a) Hardening Systems
Explanation: Hardening systems is a preventive technical control that involves securing systems against potential threats.

b) Awareness Training is an operational control aimed at reducing human error.
c) Incident Handling Procedures are corrective controls, as they deal with incidents after they happen.
d) Bollards are physical preventive controls that protect physical locations.

Question 21

A company uses a Time-based One-Time Password (TOTP) because smart cards are not immediately available for new employees. What type of control is TOTP in this context?

a) Preventive
b) Corrective
c) Compensating
d) Detective

Answer 21

Answer: c) Compensating
Explanation: TOTP is a compensating control, providing authentication until smart cards become available.

a) Preventive controls are meant to prevent incidents initially.
b) Corrective controls mitigate damage after an incident.
d) Detective controls identify incidents.

Question 22

Which of the following is NOT a component of a SIEM system?

a) Log Aggregation
b) Correlation Engine
c) Packet Captures
d) Automated Triggers

Answer 22

Answer: c) Packet Captures
Explanation: SIEM systems do not perform packet captures; they aggregate and analyze log data from different sources.

a) Log Aggregation is a key SIEM capability, combining data from multiple logs.
b) Correlation Engine analyzes the data for patterns.
d) Automated Triggers help in taking action based on the findings.

Question 23

Your organization wants to prevent unauthorized access to sensitive areas of the building using automated technology. Which of the following controls should be implemented?

a) Managerial
b) Technical
c) Physical
d) Operational

Answer 23

c) Physical
Explanation: Physical controls include automated security measures such as biometric scanners or locks.

a) Managerial: Focuses on administrative functions like policies.
b) Technical: Uses technology like firewalls and encryption.
d) Operational: Focuses on processes and activities like training.

Question 24

Which process is designed to evaluate an organization’s systems and identify weaknesses that could potentially be exploited by threats?

a) Preventive
b) Detective
c) Vulnerability Assessment
d) Risk Assessment

Answer 24

c) Vulnerability Assessment
Explanation: Vulnerability assessments identify weaknesses that can be mitigated to reduce risk.

a) Preventive: Tries to stop incidents before they occur.
b) Detective: Identifies incidents after they happen.
d) Risk Assessment: Evaluates risks and their potential impacts.

Question 25

An organization needs to ensure that if one server fails, the service will continue without interruption. Which of the following concepts BEST addresses this need?

a) Fault Tolerance
b) Scalability
c) Integrity
d) Confidentiality

Answer 25

a) Fault Tolerance
Explanation: Fault tolerance allows a system to continue operating in the event of a component failure.

b) Scalability: Involves increasing resources to handle growth.
c) Integrity: Protects data from unauthorized changes.
d) Confidentiality: Protects data from unauthorized access.

Question 26

During a forensic investigation, you want to verify that the files on a computer have not been altered since the last review. Which of the following would you use?

a) Encryption
b) Hashing
c) SIEM Analysis
d) Availability Testing

Answer 26

b) Hashing
Explanation: Hashing ensures data integrity by verifying that the content hasn’t been altered.

a) Encryption: Protects data confidentiality.
c) SIEM Analysis: Collects and analyzes security-related data.
d) Availability Testing: Ensures systems are operational.

Question 27

Which control type BEST describes using security guards to verify identity before granting access to a building?

a) Physical Preventive
b) Operational Compensating
c) Detective Directive
d) Managerial Preventive

Answer 27

a) Physical Preventive
Explanation: Security guards are a physical preventive control, as they prevent unauthorized physical access.

b) Operational Compensating: Compensating controls are alternatives to primary controls.
c) Detective Directive: Detective identifies incidents after occurrence.
d) Managerial Preventive: Involves administrative functions.

Question 28

What is the main difference between vertical scaling and elasticity?

a) Vertical scaling uses cloud resources; elasticity doesn’t.
b) Vertical scaling is manual, while elasticity is automatic.
c) Vertical scaling provides redundancy; elasticity does not.
d) Vertical scaling is related to bandwidth; elasticity is for storage.

Answer 28

b) Vertical scaling is manual, while elasticity is automatic.
Explanation: Vertical scaling involves manually adding resources, while elasticity automates this process based on demand.

a) Both scaling and elasticity can use cloud resources.
c) Redundancy is related to availability, not scaling type.
d) Both bandwidth and storage can benefit from either approach.

Question 29

Which control type is MOST appropriate when an organization needs an alternative measure due to the unavailability of a primary control?

a) Corrective
b) Compensating
c) Directive
d) Preventive

Answer 29

b) Compensating
Explanation: Compensating controls provide alternative measures when the primary control is not feasible.

a) Corrective: Deals with incidents after occurrence.
c) Directive: Provides guidance on responding to security events.
d) Preventive: Prevents incidents before they happen.

Question 30

An administrator sets up monitoring on all systems and configures it to alert security personnel when anomalies occur. What type of control is this?

a) Preventive
b) Compensating
c) Detective
d) Directive

Answer 30

c) Detective
Explanation: Monitoring and alerting are detective controls aimed at identifying incidents.

a) Preventive: Stops incidents from occurring.
b) Compensating: Provides alternative measures.
d) Directive: Provides guidance on handling situations.

Question 31

What is the BEST way to maintain confidentiality during data transmission across a public network?

a) Hashing
b) Encryption
c) Redundancy
d) Monitoring

Answer 31

b) Encryption
Explanation: Encryption ensures confidentiality by scrambling data, making it unreadable to unauthorized users.

a) Hashing: Ensures integrity, not confidentiality.
c) Redundancy: Improves availability.
d) Monitoring: Detects incidents, not confidentiality.

Question 32

Which of the following controls would MOST effectively reduce the risk of phishing attacks?

a) Encryption
b) Awareness Training
c) SIEM Tools
d) Physical Security Guards

Answer 32

b) Awareness Training
Explanation: Training is an operational control that helps reduce phishing risks by educating users.

a) Encryption: Protects confidentiality.
c) SIEM Tools: Aggregate and analyze log data.
d) Physical Security Guards: Control physical access.

Question 33

What security concept refers to ensuring that data and systems are accessible by authorized users whenever needed?
a) Confidentiality
b) Integrity
c) Availability
d) Authentication

Answer 33

c) Availability
Explanation: Availability ensures that data and systems are accessible when needed.
a) Confidentiality: Protects information from unauthorized access.
b) Integrity: Ensures data accuracy and consistency.
d) Authentication: Verifies user identities.

Question 34

Which of the following BEST describes a scenario where a user is given the lowest permissions necessary to complete their work?
a) Risk Mitigation
b) Least Privilege
c) Access Control Vestibule
d) Segmentation

Answer 34

b) Least Privilege
Explanation: Least privilege ensures users have only the permissions they need to perform their duties, limiting risk.
a) Risk Mitigation: Involves reducing risks.
c) Access Control Vestibule: Physical control.
d) Segmentation: Divides a network to limit access.

Question 35

When an organization uses a warning sign to prevent unauthorized access, what control type does this represent?
a) Preventive
b) Detective
c) Deterrent
d) Directive

Answer 35

c) Deterrent
Explanation: Warning signs serve as deterrent controls, discouraging unauthorized actions.
a) Preventive: Tries to stop incidents.
b) Detective: Identifies incidents after they happen.
d) Directive: Provides instructions.

Question 36

What is the primary purpose of a corrective control?
a) Prevent security incidents before they occur
b) Detect security incidents as they happen
c) Restore systems after an incident
d) Discourage potential attackers

Answer 36

c) Restore systems after an incident
Explanation: Corrective controls restore normal operations and address the impact of an incident.
a) Prevent: Preventive controls aim to stop incidents.
b) Detect: Detective controls identify incidents.
d) Discourage: Deterrent controls discourage attackers.

Question 37

An organization has implemented a firewall to restrict incoming and outgoing traffic. Which control types BEST describe this firewall?
a) Technical and Preventive
b) Physical and Detective
c) Managerial and Corrective
d) Operational and Compensating

Answer 37

a) Technical and Preventive
Explanation: Firewalls are technical controls, and their purpose is to prevent unauthorized network traffic.
b) Physical: Firewalls are not physical controls.
c) Managerial: Firewalls are not administrative.
d) Operational: Firewalls are automated, not operational.

Question 38

Which type of control BEST fits the description of a control designed to guide employees on how to handle specific security incidents?
a) Preventive
b) Directive
c) Detective
d) Corrective

Answer 38

b) Directive
Explanation: Directive controls instruct people on how to handle security incidents, such as policies and procedures.
a) Preventive: Aims to stop incidents before they occur.
c) Detective: Detects incidents after occurrence.
d) Corrective: Helps recover after an incident.

Question 39

Which of the following controls is used to reduce the risk of data loss during a power failure?
a) Least Privilege
b) Hashing
c) UPS (Uninterruptible Power Supply)
d) Training

Answer 39

c) UPS (Uninterruptible Power Supply)
Explanation: A UPS ensures that key systems continue operating during a power failure.
a) Least Privilege: Reduces access, not related to power failures.
b) Hashing: Ensures integrity.
d) Training: Helps reduce human errors.

Question 40

A company is concerned that an attacker might gain access to sensitive network traffic. Which of the following would BEST ensure confidentiality?
a) VPN
b) RAID
c) SIEM System
d) Patching

Answer 40

a) VPN
Explanation: A VPN provides encrypted communication, ensuring confidentiality of data over public networks.
b) RAID: Provides redundancy, enhancing availability.
c) SIEM System: Centralizes log collection and analysis.
d) Patching: Fixes vulnerabilities.

Question 41

What is the main goal of implementing the principle of least privilege?
a) Increase availability of resources
b) Prevent data modification
c) Reduce the attack surface
d) Ensure resource scalability

Answer 41

c) Reduce the attack surface
Explanation: The principle of least privilege limits permissions to reduce the potential impact of an attack.
a) Increase Availability: Not directly related to least privilege.
b) Prevent Data Modification: Integrity is about data modification.
d) Ensure Resource Scalability: Scalability is unrelated to permissions.

Question 42

Which of the following is an example of a detective control used to identify unauthorized physical access?
a) Firewall Logs
b) Video Surveillance (CCTV)
c) User Training
d) Data Encryption

Answer 42

b) Video Surveillance (CCTV)
Explanation: CCTV is a detective control that helps identify unauthorized physical access by recording footage.
a) Firewall Logs: Detect unauthorized network access.
c) User Training: Prevents incidents through education.
d) Data Encryption: Ensures confidentiality.

Question 43

A security team is investigating a breach where an attacker gained access to an internal network by exploiting weak authentication mechanisms. The organization decides to implement multi-factor authentication (MFA) and conduct mandatory security awareness training. Which combination of control types BEST describes these actions?

a) Technical and Compensating
b) Preventive and Detective
c) Preventive and Operational
d) Technical and Directive

Answer 43

c) Preventive and Operational
Explanation: Implementing multi-factor authentication (MFA) is a preventive control, while conducting mandatory security awareness training is an operational control aimed at ensuring ongoing security measures are in place.

a) Technical and Compensating: MFA is technical, but awareness training is not compensating—it’s operational.
b) Preventive and Detective: Awareness training and MFA are preventive, but there’s no detective control here.
d) Technical and Directive: MFA is technical, but training is not directive.

Question 44

An organization uses a failover cluster to keep its critical services running even when a primary server fails. Which two security principles does this BEST address?

a) Availability and Fault Tolerance
b) Scalability and Redundancy
c) Integrity and Resiliency
d) Confidentiality and Redundancy

Answer 44

a) Availability and Fault Tolerance
Explanation: A failover cluster ensures availability by keeping services running even if one server fails, and it also provides fault tolerance by including redundant systems.

b) Scalability and Redundancy: Redundancy is correct, but scalability is unrelated to failover.
c) Integrity and Resiliency: Resiliency fits, but integrity doesn’t apply here.
d) Confidentiality and Redundancy: Confidentiality is not addressed in this context.

Question 45

You are managing an enterprise network that needs to scale as the workload grows while maintaining a high level of availability. Which combination of concepts should you focus on implementing?

a) Horizontal Scaling and Resiliency
b) Vertical Scaling and Confidentiality
c) Load Balancing and Integrity
d) Elasticity and Fault Tolerance

Answer 45

a) Horizontal Scaling and Resiliency
Explanation: Horizontal scaling involves adding more systems to handle growing workloads, while resiliency helps systems recover from faults. Both focus on availability and scalability.

b) Vertical Scaling and Confidentiality: Vertical scaling only adds resources to existing systems, and confidentiality doesn’t address workload growth.
c) Load Balancing and Integrity: Load balancing helps with availability, not integrity.
d) Elasticity and Fault Tolerance: Elasticity is dynamic scaling, and fault tolerance handles failures but isn’t specific to growth.

Question 46

An employee receives an email warning them of unusual activity in their bank account and is asked to click a link to verify their information. The organization has implemented user training, incident detection systems, and has a policy against clicking suspicious links. Which of these controls is MOST likely to prevent a phishing attack from succeeding?

a) Detective Control - Incident Detection Systems
b) Preventive Control - User Awareness Training
c) Directive Control - Anti-Phishing Policy
d) Compensating Control - Network Segmentation

Answer 46

b) Preventive Control - User Awareness Training
Explanation: User awareness training is a preventive control that helps users identify phishing attempts before they occur, reducing their success rate.

a) Detective Control: Incident detection systems identify incidents after they happen.
c) Directive Control: Policies guide user behavior, but do not prevent incidents on their own.
d) Compensating Control: Network segmentation reduces impact but doesn’t prevent phishing.

Question 47

Which of the following BEST exemplifies a layered security approach (defense-in-depth) that an organization can use to protect against unauthorized physical and logical access?

a) Firewalls, Intrusion Prevention Systems (IPS), and Data Encryption
b) Security Guards, Biometric Readers, and CCTV Cameras
c) Network Firewalls, Antivirus Software, and Access Control Lists (ACLs)
d) Biometric Readers, Network Firewalls, and Security Awareness Training

Answer 47

d) Biometric Readers, Network Firewalls, and Security Awareness Training
Explanation: A layered security approach (defense-in-depth) involves combining multiple control types, including physical (biometric readers), technical (firewalls), and operational (user training).

a) Firewalls, IPS, Data Encryption: This focuses only on logical controls, lacking physical and operational layers.
b) Security Guards, Biometric Readers, CCTV: These are all physical controls.
c) Network Firewalls, Antivirus Software, ACLs: These are all technical controls.

Question 48

During a risk assessment, you discover that your organization is susceptible to social engineering attacks. To address this risk, you implement user awareness training and assign personnel to monitor for suspicious activity. What combination of control types BEST represents your actions?

a) Preventive and Detective
b) Corrective and Compensating
c) Operational and Technical
d) Physical and Directive

Answer 48

a) Preventive and Detective
Explanation: User awareness training is a preventive control, and assigning personnel to monitor for suspicious activity is a detective control.

b) Corrective and Compensating: Corrective deals with post-incident actions, and compensating substitutes a primary control.
c) Operational and Technical: Training is operational, but monitoring personnel is not a technical control.
d) Physical and Directive: No physical control is involved here.

Question 49

After a recent data breach, a company decides to implement database encryption, role-based access control (RBAC), and vulnerability scans on a regular basis. Which combination of concepts are they addressing?

a) Confidentiality, Integrity, and Availability
b) Scalability, Fault Tolerance, and Resiliency
c) Confidentiality, Least Privilege, and Detecting Vulnerabilities
d) Data Loss Prevention, Corrective Action, and Resource Allocation

Answer 49

c) Confidentiality, Least Privilege, and Detecting Vulnerabilities
Explanation: Database encryption ensures confidentiality, role-based access control (RBAC) applies least privilege, and vulnerability scans address detecting vulnerabilities.

a) Confidentiality, Integrity, Availability: The controls listed don’t directly address availability.
b) Scalability, Fault Tolerance, Resiliency: These are unrelated to the specific measures taken.
d) Data Loss Prevention, Corrective Action, Resource Allocation: The given measures don’t fit these categories.

Question 50

An IT administrator wants to ensure that if a disk fails, the system continues to operate without data loss. Which solution provides the MOST appropriate answer?

a) RAID 5 Array
b) Load Balancer
c) Data Encryption
d) Incident Response Plan

Answer 50

a) RAID 5 Array
Explanation: RAID 5 provides redundancy and can continue operating with one failed disk, ensuring data is not lost.

b) Load Balancer: Distributes traffic but doesn’t provide redundancy for disk failures.
c) Data Encryption: Protects data confidentiality, not availability.
d) Incident Response Plan: Addresses recovery after incidents but not continuous operation.

Question 51

A security engineer deploys an Intrusion Detection System (IDS) that monitors network traffic and alerts administrators in case of potential threats. The engineer also configures it to block certain IP addresses automatically if an attack is detected. Which combination of control types BEST describes this IDS?

a) Preventive and Detective
b) Corrective and Detective
c) Technical and Compensating
d) Directive and Preventive

Answer 51

a) Preventive and Detective
Explanation: The IDS that alerts administrators is detective, while the feature to block IP addresses is preventive.

b) Corrective and Detective: No corrective action is taking place here.
c) Technical and Compensating: IDS is technical, but there’s no compensating control.
d) Directive and Preventive: IDS doesn’t provide instructions, which is characteristic of directive controls.

Question 52

An organization has a strict policy that requires all employees to use encryption for sensitive files stored on the company’s cloud servers. Despite this, employees repeatedly forget to encrypt the files before uploading them. To ensure compliance, which control types would BEST address this issue?

a) Operational Control - Awareness Training and Reminders
b) Compensating Control - Automated Cloud Encryption Service
c) Corrective Control - Encrypting Files After Breach Detection
d) Technical Control - Incident Detection and Alerting

Answer 52

b) Compensating Control - Automated Cloud Encryption Service
Explanation: An automated cloud encryption service would be a compensating control to ensure files are encrypted even if employees forget, providing similar protection to the original policy.

a) Operational Control: Awareness training might help but doesn’t ensure compliance directly.
c) Corrective Control: Encrypting files after they’ve already been uploaded doesn’t fit as preventive.
d) Technical Control: Incident detection doesn’t solve the root problem of unencrypted files.

Question 53

Which of the following BEST describes the concept of risk in information security?

a) A weakness that could be exploited by a threat.
b) A circumstance that has the potential to negatively impact confidentiality, integrity, or availability.
c) The likelihood of a threat exploiting a vulnerability and causing loss.
d) A preventive control used to stop threats from occurring.

Answer 53

Answer: c) The likelihood of a threat exploiting a vulnerability and causing loss.
Explanation: Risk is the possibility that a threat will successfully exploit a vulnerability, leading to a negative impact on an organization.

a) A weakness that could be exploited by a threat: This defines a vulnerability.
b) A circumstance that has the potential to negatively impact confidentiality, integrity, or availability: This defines a threat.
d) A preventive control used to stop threats from occurring: This describes a preventive control, not risk.

Question 54

Which of the following BEST defines a vulnerability in the context of cybersecurity?

a) A flaw that can be exploited by a threat to cause damage.
b) The likelihood of a negative outcome.
c) A preventive measure against unauthorized access.
d) The ability of a system to recover from failures.

Answer 54

Answer: a) A flaw that can be exploited by a threat to cause damage.
Explanation: A vulnerability is a weakness in hardware, software, configuration, or processes that can be exploited by a threat to cause harm.

b) The likelihood of a negative outcome: This describes risk, which is the probability of a threat exploiting a vulnerability.
c) A preventive measure against unauthorized access: This is a preventive control.
d) The ability of a system to recover from failures: This describes resiliency.

Question 55

What is the main goal of scalability in system design?

a) To dynamically add and remove resources based on demand.
b) To increase a system’s capacity to handle greater demand.
c) To verify the integrity of data across distributed systems.
d) To replicate data across multiple servers to prevent data loss.

Answer 55

Answer: b) To increase a system’s capacity to handle greater demand.
Explanation: Scalability is the ability to expand the capacity of a system to handle an increased workload, either by adding more resources (vertical scaling) or adding more servers (horizontal scaling).

a) To dynamically add and remove resources based on demand: This describes elasticity, not scalability.
c) To verify the integrity of data across distributed systems: This is related to integrity, not scalability.
d) To replicate data across multiple servers to prevent data loss: This describes redundancy, which contributes to availability.

Question 56

Which of the following BEST defines risk mitigation?

a) The process of eliminating all threats.
b) Reducing the chances of a threat exploiting a vulnerability or minimizing its impact.
c) The act of identifying vulnerabilities in a system.
d) Implementing deterrent controls to prevent attacks.

Answer 56

Answer: b) Reducing the chances of a threat exploiting a vulnerability or minimizing its impact.
Explanation: Risk mitigation involves taking measures to reduce the probability of a threat exploiting a vulnerability, or reducing the potential impact if it does happen.

a) The process of eliminating all threats: Complete elimination of threats is often impractical; risk mitigation aims to reduce, not eliminate, risk.
c) The act of identifying vulnerabilities in a system: This describes vulnerability assessment, not mitigation.
d) Implementing deterrent controls to prevent attacks: This is one method of mitigating risk, but it doesn’t fully define risk mitigation

Question 57

Which of the following BEST defines an operational control?

a) A control that uses technology to reduce vulnerabilities.
b) A control implemented by staff to ensure daily activities align with security policies.
c) A physical measure used to prevent unauthorized access.
d) An administrative control documented in written policies.

Answer 57

Answer: b) A control implemented by staff to ensure daily activities align with security policies.
Explanation: Operational controls are implemented by personnel to ensure that day-to-day activities comply with the organization’s security policy.

a) A control that uses technology to reduce vulnerabilities: This describes a technical control.
c) A physical measure used to prevent unauthorized access: This defines a physical control.
d) An administrative control documented in written policies: This is a managerial control.

Question 58

Which of the following BEST describes the concept of resiliency in information security?

a) The ability of a system to automatically add resources based on demand.
b) The ability to maintain operations and recover quickly after a failure.
c) The process of limiting user permissions based on their role.
d) The act of encrypting data to prevent unauthorized access.

Answer 58

Answer: b) The ability to maintain operations and recover quickly after a failure.
Explanation: Resiliency is the ability of a system to recover quickly from failures, ensuring minimal disruption to operations.

a) The ability of a system to automatically add resources based on demand: This describes elasticity.
c) The process of limiting user permissions based on their role: This defines least privilege or role-based access control.
d) The act of encrypting data to prevent unauthorized access: This relates to confidentiality.

Question 59

What is the main purpose of a managerial control?

a) To provide physical protection against unauthorized access.
b) To use technology to reduce vulnerabilities.
c) To use administrative actions to reduce risk and ensure policy compliance.
d) To detect and respond to ongoing security incidents.

Answer 59

Answer: c) To use administrative actions to reduce risk and ensure policy compliance.
Explanation: Managerial controls are administrative in nature and involve documenting policies, performing risk assessments, and planning activities to manage risk effectively.

a) To provide physical protection against unauthorized access: This describes a physical control.
b) To use technology to reduce vulnerabilities: This is the function of a technical control.
d) To detect and respond to ongoing security incidents: This is the purpose of detective or corrective controls.

Question 60

What does the principle of non-repudiation ensure in cybersecurity?

a) The confidentiality of data during transmission.
b) The authenticity and integrity of data, so actions cannot be denied.
c) The availability of data when needed.
d) The encryption of sensitive information.

Answer 60

Answer: b) The authenticity and integrity of data, so actions cannot be denied.
Explanation: Non-repudiation ensures that individuals cannot deny their actions, often achieved through digital signatures and logging to verify authenticity and integrity.

a) The confidentiality of data during transmission: This relates to confidentiality.
c) The availability of data when needed: This is the definition of availability.
d) The encryption of sensitive information: This helps achieve confidentiality, not non-repudiation.

Question 61

Which of the following BEST describes the concept of risk assessment?

a) Evaluating the likelihood of threats exploiting vulnerabilities and the impact of these threats.
b) Creating a policy to guide users on how to handle specific situations.
c) Detecting vulnerabilities in a system through scanning.
d) Applying patches to address known software flaws.

Answer 61

Answer: a) Evaluating the likelihood of threats exploiting vulnerabilities and the impact of these threats.
Explanation: Risk assessment is a process used to identify vulnerabilities, evaluate the likelihood of exploitation by threats, and assess the impact if those threats are successful.

b) Creating a policy to guide users on how to handle specific situations: This is a directive control.
c) Detecting vulnerabilities in a system through scanning: This is a vulnerability assessment.
d) Applying patches to address known software flaws: This is a corrective or preventive control.

Question 61

Which of the following BEST defines authentication?

a) The process of verifying that a user or device has permission to access a resource.
b) The process of ensuring data remains unchanged and accurate.
c) The process of verifying the identity of a user or device.
d) The act of assigning privileges to specific resources.

Answer 61

Answer: c) The process of verifying the identity of a user or device.
Explanation: Authentication is the process of confirming the identity of a user or system, often using credentials like passwords, biometrics, or tokens.

a) The process of verifying that a user or device has permission to access a resource: This is authorization.
b) The process of ensuring data remains unchanged and accurate: This describes integrity.
d) The act of assigning privileges to specific resources: This is related to authorization.

Question 62

Which of the following BEST defines the concept of authorization?

a) The process of verifying the identity of a user or system.
b) The process of determining the access level or permissions granted to a user.
c) The act of encrypting data to prevent unauthorized access.
d) The act of assigning roles to employees.

Answer 62

Answer: b) The process of determining the access level or permissions granted to a user.
Explanation: Authorization determines what a user or system can access after successful authentication, specifying permissions and access levels.

a) The process of verifying the identity of a user or system: This describes authentication.
c) The act of encrypting data to prevent unauthorized access: This relates to confidentiality.
d) The act of assigning roles to employees: This is related to role-based access control but doesn’t define authorization.

Question 63

Which of the following BEST defines a threat in the context of cybersecurity?

a) A weakness that can be exploited by attackers.
b) A potential danger that can exploit a vulnerability to cause harm.
c) A control designed to reduce the likelihood of an incident.
d) A measure to prevent unauthorized access.

Answer 63

Answer: b) A potential danger that can exploit a vulnerability to cause harm.
Explanation: A threat is a circumstance or event that has the potential to exploit a vulnerability, leading to a negative impact.

a) A weakness that can be exploited by attackers: This describes a vulnerability.
c) A control designed to reduce the likelihood of an incident: This defines a preventive control.
d) A measure to prevent unauthorized access: This relates to access controls, not a threat.

Question 64

Which of the following BEST describes the principle of defense-in-depth?

a) Limiting access to data based on user roles and responsibilities.
b) Using multiple layers of security to protect systems and data.
c) Detecting threats after they have already compromised a system.
d) Ensuring systems are available during failures.

Answer 64

Answer: b) Using multiple layers of security to protect systems and data.
Explanation: Defense-in-depth is a security strategy that employs multiple layers of defense to protect against threats, such as combining physical, technical, and administrative controls.

a) Limiting access to data based on user roles and responsibilities: This is the principle of least privilege.
c) Detecting threats after they have already compromised a system: This describes a detective control.
d) Ensuring systems are available during failures: This is related to availability or resiliency.

Question 65

Which of the following BEST defines accountability in information security?

a) The process of ensuring data is always available.
b) The process of identifying users and assigning them permissions.
c) The ability to trace actions to a specific user or system entity.
d) The act of preventing unauthorized modification of data.

Answer 65

Answer: c) The ability to trace actions to a specific user or system entity.
Explanation: Accountability ensures that actions performed within a system can be traced to a particular user or entity, often achieved through logging and auditing.

a) The process of ensuring data is always available: This relates to availability.
b) The process of identifying users and assigning them permissions: This combines authentication and authorization.
d) The act of preventing unauthorized modification of data: This refers to integrity.

Question 66

Which of the following BEST describes vulnerability management?

a) Identifying, assessing, and mitigating weaknesses in a system.
b) Monitoring system activity for suspicious behavior.
c) Encrypting data to protect it from unauthorized access.
d) Implementing security awareness training.

Answer 66

Answer: a) Identifying, assessing, and mitigating weaknesses in a system.
Explanation: Vulnerability management is a process that involves identifying vulnerabilities, assessing their impact, and implementing measures to mitigate or eliminate them.

b) Monitoring system activity for suspicious behavior: This is related to detective controls.
c) Encrypting data to protect it from unauthorized access: This is a measure related to confidentiality.
d) Implementing security awareness training: This is an operational control aimed at reducing human-related vulnerabilities.

Question 67

Which of the following BEST defines multi-factor authentication (MFA)?

a) The use of multiple accounts to access sensitive systems.
b) The combination of two or more authentication factors to verify a user’s identity.
c) The process of encrypting sensitive information using different keys.
d) The use of backup systems to provide additional security.

Answer 67

Answer: b) The combination of two or more authentication factors to verify a user’s identity.
Explanation: Multi-factor authentication (MFA) involves using multiple factors (such as something you know, something you have, and something you are) to verify a user’s identity, enhancing security.

a) The use of multiple accounts to access sensitive systems: This is unrelated to authentication factors.
c) The process of encrypting sensitive information using different keys: This describes encryption, not authentication.
d) The use of backup systems to provide additional security: This relates to redundancy or availability, not authentication.

Question 68

In sequential order, which three of the following are used to ensure that access to confidential information is limited to authorized users?

A. Identification
B. Encryption
C. Authentication
D. Authorization
E. Integrity
F. Availability

Answer 68

Correct Answers: A. Identification, C. Authentication, D. Authorization

Identification: The process of claiming a user identity (e.g., entering a username), which is the initial step in controlling access to information.
Authentication: Verifies or proves the user’s claimed identity (e.g., through passwords or biometrics) to prevent unauthorized users from accessing confidential data.
Authorization: Determines what resources an authenticated user can access, thus ensuring that only authorized individuals can access specific confidential information.
Other Options:

B. Encryption: This is a security measure to protect data in transit or at rest, but it is not part of the access control steps for limiting user access.
E. Integrity: Refers to ensuring that data is not altered in an unauthorized manner, which is a different aspect of information security.
F. Availability: Refers to ensuring that data is available when needed, but it does not involve controlling who has access to confidential information.

Question 69

_____ ensures that data is only viewable by authorized users. The best way to protect the confidentiality of data is by _____ it. _____ help protect confidentiality by restricting access

Answer 69

Confidentiality ensures that data is only viewable by authorized users. The best way to protect the confidentiality of data is by encrypting it. Access controls help protect confidentiality by restricting access

Question 70

Which of the following statements accurately defines integrity in the context of information security?

A. Ensuring that data is accessible only to authorized users
B. Ensuring that data is available when needed
C. Verifying that data has not been modified, either intentionally or unintentionally
D. Encrypting data to protect confidentiality

Answer 70

Correct Answer: C. Verifying that data has not been modified, either intentionally or unintentionally

Integrity means ensuring that data remains unchanged and unaltered unless done through an authorized action.
Other Options:

A. Ensuring that data is accessible only to authorized users: This refers to confidentiality.
B. Ensuring that data is available when needed: This refers to availability.
D. Encrypting data to protect confidentiality: This is about maintaining confidentiality, not integrity.

Question 71

Which of the following algorithms is commonly used to calculate a hash for verifying data integrity?

A. AES
B. SHA
C. RSA
D. TLS

Answer 71

Correct Answer: B. SHA

SHA (Secure Hash Algorithm) is a hashing algorithm commonly used to verify data integrity by generating a hash that can be compared to detect changes.
Other Options:

A. AES: AES (Advanced Encryption Standard) is used for encryption, not hashing.
C. RSA: RSA is used for asymmetric encryption.
D. TLS: TLS (Transport Layer Security) is a protocol used to secure communications over a network, not for hashing.

Question 72

Which of the following methods can help increase the availability of a web service by ensuring there is no single point of failure?

A. Implementing RAID-0 for data storage
B. Configuring load balancing across multiple servers
C. Encrypting data with AES to ensure data confidentiality
D. Adding Network Address Translation (NAT) to the network

Answer 72

Correct Answer: B. Configuring load balancing across multiple servers

Load balancing distributes the workload across multiple servers, thereby ensuring that the service remains available even if one server fails. This prevents a single point of failure, which increases the availability of the web service.

A. Implementing RAID-0 for data storage: RAID-0 is a striping-only configuration that does not provide redundancy, meaning data loss can occur if a disk fails. RAID-0 does not enhance availability through fault tolerance.
C. Encrypting data with AES to ensure data confidentiality: Encryption provides confidentiality and does not directly improve availability.
D. Adding Network Address Translation (NAT) to the network: NAT is used for IP address translation, not for improving system availability.

Question 73

Which of the following best describes how elasticity can improve the availability of a system?

A. Manually adding additional servers during periods of high demand
B. Automatically scaling resources up or down based on current demand
C. Providing a backup power source in case of a power failure
D. Encrypting data at rest to protect it from unauthorized access

Answer 73

Correct Answer: B. Automatically scaling resources up or down based on current demand

Elasticity allows the system to automatically add or remove resources as needed. This ensures that resources are available when demand increases, which helps maintain availability and prevents the system from becoming overwhelmed during peak usage.
Other Options:

A. Manually adding additional servers during periods of high demand: This is scalability, not elasticity. Scalability involves manually adding resources.
C. Providing a backup power source in case of a power failure: This is a redundancy method to maintain power but does not specifically describe elasticity.
D. Encrypting data at rest to protect it from unauthorized access: Encryption relates to confidentiality, not availability or elasticity.

Question 74

A company wants to ensure that its systems can continue functioning even if an entire server fails. Which of the following methods should the company implement?

A. RAID-0 disk configuration
B. Failover clustering
C. Vertical scaling
D. Patching outdated software

Answer 74

Correct Answer: B. Failover clustering

Failover clustering involves using redundant servers so that if one server fails, the service automatically switches over to a standby server, maintaining availability and preventing downtime.
Other Options:

A. RAID-0 disk configuration: RAID-0 does not provide redundancy; instead, it stripes data across disks, making the system more vulnerable to data loss if a single disk fails.
C. Vertical scaling: Vertical scaling involves adding more resources (e.g., RAM or CPU) to a server, but it does not provide redundancy if a server fails.
D. Patching outdated software: While patching helps prevent software bugs that can affect availability, it does not provide redundancy to maintain functionality in case of server failure.

Question 75

What is the primary goal of redundancy and fault tolerance when designing systems for high availability?

A. Ensuring systems are always encrypted to prevent data breaches
B. Preventing single points of failure that can disrupt services
C. Scaling services up manually to accommodate increased demand
D. Reducing the total cost of ownership (TCO)

Answer 75

Correct Answer: B. Preventing single points of failure that can disrupt services

The primary purpose of redundancy and fault tolerance is to ensure that no single point of failure (SPOF) can take down a service, thereby improving availability. If one component fails, redundant components ensure that the service continues without interruption.
Other Options:

A. Ensuring systems are always encrypted to prevent data breaches: This is related to confidentiality, not availability.
C. Scaling services up manually to accommodate increased demand: This describes scalability, specifically vertical or horizontal scaling, not redundancy or fault tolerance.
D. Reducing the total cost of ownership (TCO): High availability and redundancy generally increase TCO due to added components and complexity.

Question 76

Which of the following RAID configurations provides fault tolerance and allows a system to continue operating even if a disk fails?

A. RAID-0
B. RAID-1
C. RAID-5
D. RAID-10
E. All of the above
F. B, C, and D

Answer 76

Correct Answer: F. B, C, and D

RAID-1 (Mirroring): Data is copied identically to two or more disks. If one disk fails, the data is still accessible from the other mirrored disk, providing fault tolerance.
RAID-5 (Striping with Parity): Data and parity information are striped across multiple disks, allowing the system to rebuild data if one disk fails. This configuration provides fault tolerance while optimizing storage efficiency.
RAID-10 (Striping with Mirroring): Combines RAID-1 (mirroring) and RAID-0 (striping), providing both redundancy and performance. If a disk fails, the mirrored disk still has the data, allowing the system to continue functioning.
Other Options:

A. RAID-0: This configuration uses striping only, which means data is split across multiple disks, but there is no parity or mirroring. If a disk fails, data is lost. RAID-0 does not provide fault tolerance.

Question 77

Which RAID configuration copies data identically to two or more disks, ensuring data is still accessible even if one disk fails due to fault tolerance?

A. RAID-0
B. RAID-1
C. RAID-5
D. RAID-10

Answer 77

B. RAID-1 (Mirroring)

RAID-1 duplicates data across two or more disks. If one disk fails, the mirrored copy allows the system to continue operating, providing fault tolerance.

Question 78

Which RAID configuration stripes data and parity information across multiple disks, allowing the system to rebuild data if one disk fails, thus providing fault tolerance?

A. RAID-0
B. RAID-1
C. RAID-5
D. RAID-10

Answer 78

C. RAID-5 (Striping with Parity)

RAID-5 uses striping with parity, distributing data and parity across multiple disks. If one disk fails, the parity allows the data to be reconstructed, maintaining availability and fault tolerance.

Question 79

Which RAID configuration combines RAID striping and RAID mirroring, providing both fault tolerance and performance?

A. RAID-0
B. RAID-1
C. RAID-5
D. RAID-10

Answer 79

D. RAID-10 (Striping with Mirroring)

RAID-10 merges the benefits of RAID-0 (striping) and RAID-1(mirroring), offering both increased performance through striping and fault tolerance through mirroring.

Question 80

A system requires an employee to enter a unique username and password before accessing any company resources. What security principle is being used?

a) Integrity
b) Authentication
c) Least Privilege
d) Authorization

Answer 80

Answer: b) Authentication
Explanation: The use of a username and password is about verifying the user’s identity, which is the definition of authentication.

Question 81

Jane has access to the company’s financial software but can only view financial reports relevant to her department, not the entire database. What security principle is being enforced?

a) Authentication
b) Least Privilege
c) Confidentiality
d) Availability

Answer 81

Answer: b) Least Privilege
Explanation: Jane’s access is restricted to only the resources she needs to do her job, which is an example of the least privilege principle.

Question 82

Before accessing sensitive project files, Michael must enter his fingerprint and a one-time code sent to his phone. Which security principle is being applied?

a) Least Privilege
b) Authentication
c) Availability
d) Authorization

Answer 82

Answer: b) Authentication
Explanation: Using a fingerprint and a one-time code is about verifying Michael’s identity, which is authentication.

Question 83

A user in the HR department can access employee records but cannot access any financial records. Which principle best explains why the user’s access is restricted in this way?

a) Authentication
b) Least Privilege
c) Confidentiality
d) Integrity

Answer 83

Answer: b) Least Privilege
Explanation: The user is given access only to the resources they need for their role, which aligns with the principle of least privilege.