CompTIA Security + Mock Flashcards
Things to study | Tests (1-12)
Physical Security Controls
- Lighting
- Fencing/Bollards/Barricades
- Access control vestibules
- Security guards
Detective Security Controls
- Log monitoring
- Security audits
- Vulnerability scanning
- CCTV
- IDS
Compensating Security Controls
- Backup power systems
- Application sandboxing
- MFA
- Network segmentation
Non-Repudiation
“The term ‘non-repudiation’ describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation provides proof of data origin and integrity, ensuring that a sender cannot later deny having sent a message or taken an action. However, it does not directly ensure data confidentiality—that is the role of encryption.”
2 components within the AAA Functionality
- TACACS+
- RADIUS
Which of the answers listed below refers to a Zero Trust Control Plane security approach that takes into account user identity, device security, network conditions, and other contextual information to enable dynamic access decisions?
Implicit trust, Adaptive identity or Monitoring and logging ?
Adaptive Identity
A security approach that adjusts authentication requirements (like passwords or multi-factor checks) based on risk factors such as user behaviour, location, or device. It provides stronger security for suspicious logins while reducing friction for normal access.
Analogy: Adaptive Identity is like a bouncer who only checks your ID if you act suspicious—otherwise, you walk right in.
A hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates is known as:
PKI, CA or RA ?
PKI (Public Key Infrastructure)
A system that manages digital certificates and public-key encryption to securely exchange data over networks. It verifies identities (like websites or users) and ensures encrypted communication.
Analogy: PKI is like a digital passport office—it issues IDs (certificates) and checks them to confirm who’s trustworthy.
What is the typical use of a public key?
Data decryption, User/device authentication or Data encryption ?
Data Encryption
The process of converting readable data (plaintext) into scrambled code (cipher-text) to protect it from unauthorised access, ensuring only those with the correct key can decrypt and read it.
Analogy: Data encryption is like a secret language only people with the right “decoder ring” (key) can understand the message.
Key Escrow
Key Escrow
A system where encryption keys are securely stored with a trusted third party (like a government or company) to allow authorised recovery of encrypted data if needed, such as for legal investigations.
Analogy: Key escrow is like leaving your house keys with a trusted neighbour—only used in emergencies when you can’t access your home (data) yourself.
EFS
EFS (Encrypting File System)
A Windows feature that provides file-level encryption to protect sensitive data on NTFS drives, allowing only authorised users to access the encrypted files.
Analogy: EFS is like a personal safe built into your desk—only you have the key to open and view its contents, even if someone gains access to your computer.
Which of the following software application tools are specifically designed for implementing encryption algorithms to secure data communication and storage? (Select 2 answers)
VPN, GPG, SSH, IPsec or PGP ?
GPG (GNU Privacy Guard)
A free and open-source encryption tool that uses public-key cryptography to secure emails, files, and digital signatures, ensuring privacy and authenticity. It’s the open-source version of PGP, following the same standards.
Analogy: GPG is like a community-built lockbox—anyone can use it for free, and it works just as well as the brand-name version (PGP).
PGP (Pretty Good Privacy)
A widely-used encryption program for securing emails and files by combining symmetric and asymmetric encryption, along with digital signatures for verification. Originally proprietary, now owned by Symantec.
Analogy: PGP is like the original patented lockbox—it set the standard, but you might pay for extra features.
Which of the answers listed below refers to a deprecated TLS-based method for secure transmission of email messages?
S/MIME, STARTTLS, DKIM or SMTPS ?
SMTPS (Simple Mail Transfer Protocol Secure)
A secure version of SMTP that encrypts email transmissions using SSL/TLS, preventing eavesdropping or tampering during delivery. It ensures emails are sent safely over the internet.
Analogy: SMTPS is like sending a letter in a locked armored truck instead of a clear envelope—no one can peek at it in transit.
Which of the following answers refers to an obsolete protocol used for secure data transfer over the web?
SMTPS, SRTP, SHTTP, S/MIME ?
SHTTP (Secure Hypertext Transfer Protocol)
An older protocol designed to encrypt HTTP web traffic individually for each page or transaction, unlike HTTPS which secures the entire connection. It provided granular security but is now obsolete.
Analogy: SHTTP is like sealing only specific letters in an envelope—while HTTPS wraps the entire package in tamper-proof tape.
Which protocol enables secure, real-time delivery of audio and video over an IP network?
S/MIME, RTP, SIP or SRTP ?
SRTP (Secure Real-time Transport Protocol)
A security extension for RTP (Real-time Transport Protocol) that encrypts voice/video data (e.g., VoIP calls) to prevent eavesdropping, tampering, or replay attacks.
Analogy: SRTP is like a scrambled satellite feed—only authorised receivers (with the right decryption key) can watch the broadcast clearly.
A security protocol designed to improve the security of existing WEP implementations is known as:
WPA2, RC4, CCMP or TKIP ?
TKIP (Temporal Key Integrity Protocol)
A security protocol created to replace WEP encryption in Wi-Fi networks, providing stronger encryption (via dynamic keys) and protection against attacks like packet forgery.
Analogy: TKIP is like a constantly changing lock on your Wi-Fi door—hackers can’t pick it because the key resets every few minutes.
Which of the following answers refer(s) to deprecated/insecure encryption protocols and cryptographic hash functions? (Select all that apply)
DES, AES-256, MD5, ECC, SHA-1, SSL or RC4 ?
- DES (Data Encryption Standard)
- MD5 (Message Digest Algorithm 5)
- SHA1 (Secure Hash Algorithm 1)
- SSL (Secure Sockets Layer)
- RC4 (Rivest Cipher 4)
Symmetric Ciphers
AES (Advanced Encryption Standard)
DES (Data Encryption Standard)
IDEA (International Data Encryption Algorithm)
RC4 (Rivest Cipher 4)
Asymmetric Encryption
DHE (Diffie-Hellman Ephemeral)
ECC (Elliptic Curve Cryptography)
RSA (Rivest-Shamir-Adleman)
Which of the answers listed below refers to a shared secret authentication method used in WPA, WPA2, and EAP?
PSK, 802.1X, SAE or TKIP ?
PSK (Pre-Shared Key)
A symmetric encryption method where a secret key is shared between parties in advance to authenticate and secure communications (e.g., Wi-Fi passwords, VPNs). Simple but lacks forward secrecy.
Analogy: PSK is like a secret club password—everyone uses the same one, and if it leaks, the whole group is compromised.
Which of the answers listed below refers to a solution designed to strengthen the security of session keys?
ECB, PFS, EFS or PFX ?
PFS (Perfect Forward Secrecy)
A security feature that ensures session keys are temporary and not derived from a long-term master key, so even if a server’s private key is compromised, past communications remain secure.
Analogy: PFS is like using self-destructing messages—each conversation has its own unique lock, and throwing away the key afterward means no one can decrypt old chats, even if they hack you later.
Which of the following answers refers to a public-key cryptosystem used for digital signatures, secure key exchange, and encryption?
ECC, RSA, PKI, or DSA ?
RSA (Rivest-Shamir-Adleman)
A widely-used public-key cryptosystem for encryption and digital signatures, relying on the mathematical difficulty of factoring large prime numbers. It’s the backbone of SSL/TLS, SSH, and PGP.
Analogy: RSA is like a heavyweight safe—it’s trusted and durable, but requires more muscle (computing power) to lock/unlock compared to modern alternatives.
Which of the cryptographic algorithms listed below is the least vulnerable to attacks?
AES, DES, RC4, or 3DES ?
AES (Advanced Encryption Standard)
A symmetric encryption algorithm adopted by the U.S. government and used worldwide to secure classified and sensitive data. It operates on fixed block sizes (128 bits) and supports key lengths of 128, 192, or 256 bits.
Analogy: AES is like a bank vault—virtually impenetrable when properly configured, trusted by everyone from corporations to governments.
Which of the answers listed below refers to a deprecated stream cipher used in some legacy applications, such as WEP?
RSA, DES, SSL or RC4 ?
RC4 (Rivest Cipher 4)
A stream cipher once widely used in WEP (Wi-Fi), SSL/TLS, and Microsoft products, now deprecated due to critical vulnerabilities that leak plaintext data.
Analogy: RC4 is like a broken faucet—no matter how you adjust it, secrets drip out.
Which of the following answers refers to an embedded microcontroller used for secure boot, disk encryption, and system integrity verification?
TPM, SoC, UEFI or HSM ?
TPM (Trusted Platform Module)
A dedicated hardware chip (or firmware) that securely stores cryptographic keys, passwords, and certificates to verify system integrity and enable features like disk encryption (BitLocker) or secure boot.
Analogy: TPM is like a vault built into your computer’s motherboard—only it can unlock critical security features, making theft or tampering futile.
Which of the following combines a cryptographic hash function with a secret key to provide a means of verifying both the authenticity and integrity of a message or data?
MD5, DSA, HMAC or DES ?
HMAC (Hash-based Message Authentication Code)
A cryptographic technique that combines a secret key with a hash function (like SHA-256) to verify both data integrity and authenticity—ensuring a message wasn’t altered and came from a trusted source.
Analogy: HMAC is like a wax seal with a hidden signature—if the seal is broken or the signature doesn’t match, you know the message was tampered with.
Which of the answers listed below refers to a non-cryptographic hash function often used for error-checking purposes?
MD5, CRC, SHA or RIPEMD ?
CRC (Cyclic Redundancy Check)
A simple error-detection code used to catch accidental changes in raw data (e.g., file transfers, network packets, storage), but not designed for security against intentional tampering.
Analogy: CRC is like a typo-checker in a text message—it can spot a random error but can’t stop someone maliciously editing the words.
DSA ?
DSA (Digital Signature Algorithm)
A U.S. government standard for digital signatures (FIPS 186-4) that uses modular exponentiation to verify authenticity/integrity of messages. Slower than ECDSA and requires exact hash length matching.
Analogy: DSA is like a notary stamping paper documents—proves who signed it and that it’s unaltered, but slower than modern e-signatures.
- Asymmetric algorithm.
- Provides authentication, integrity, and non-repudiation.
- Specifically designed for creating and verifying digital signatures.
RSA
RSA (Rivest-Shamir-Adleman)
A foundational public-key cryptosystem used for encryption, digital signatures, and key exchange. Relies on the mathematical difficulty of factoring large prime numbers.
Analogy: RSA is like a heavyweight bank vault—extremely secure if built correctly, but slower and bulkier than modern alternatives.
- Asymmetric encryption algorithm.
- A public key used for encryption and a private key used for decryption.
- Used for secure communications, digital signatures, and key exchange
Given the computational limitations of IoT devices, smartcards, and mobile devices, which of the following digital signature algorithms would be the most efficient choice due to its smaller key size and lower processing requirements?
RSA, ECDHE, DSA, ECDSA or ECC ?
ECDSA (Elliptic Curve Digital Signature Algorithm)
A modern digital signature scheme using elliptic curve cryptography (ECC) to provide stronger security with smaller keys than RSA or DSA.
Analogy: ECDSA is like a high-tech wax seal—tiny but impossible to forge, using math magic (elliptic curves) instead of bulky traditional locks.
Which of the following is an example of a key stretching algorithm?
RIPEMD, SHA, HMAC or PBKDF2 ?
PBKDF2 (Password-Based Key Derivation Function 2)
A key-stretching algorithm that strengthens weak passwords by applying a hash function (like SHA-256) thousands of times, adding “salt” to thwart rainbow table attacks.
Analogy: PBKDF2 is like a chef repeatedly folding dough (hashing) with secret spices (salt)—making it harder to reverse-engineer the original recipe (password).
Blockchain technology is an example of:
A. Online payment gateway
B. Centralised database
C. Open public ledger
D. Cloud storage system
Open Public Ledger
A decentralised, transparent record-keeping system (like blockchain) where transactions/data are visible to everyone and verified by consensus, not a central authority.
Analogy: An open public ledger is like a shared Google Doc—everyone can see the edits (transactions), but no single person controls it, and tampering is obvious.
Which digital certificate type allows to secure multiple domain names or subdomains with a single certificate?
A. Extended Validation (EV) certificate
B. Wildcard certificate
C. Subject Alternative Name (SAN) certificate
D. Root signing certificate
Subject Alternative Name (SAN) Certificate
A type of SSL/TLS certificate that secures multiple domain names (e.g., example.com, mail.example.com, *.example.net) under a single certificate by listing them in the SAN field.
Analogy: A SAN certificate is like a master key that opens multiple doors (domains)—instead of carrying separate keys for each lock.
Which of the following terms is used to describe sophisticated and prolonged cyberattacks often carried out by well-funded and organised groups, such as nation-states?
MitM, APT, XSRF or DDoS ?
APT (Advanced Persistent Threat)
A stealthy, long-term cyberattack by highly skilled hackers (often nation-states) targeting specific organizations to steal data or disrupt operations. APTs use custom malware, zero-day exploits, and social engineering to evade detection.
Analogy: An APT is like a spy infiltrating a company—gathering intel for years while hiding in plain sight.
Client-based software threat vectors
- Drive-by download via web browser
- Malicious macro
- USB-based attack
- Infected executable file
- Malicious attachment in email application
Agentless software threat vectors
- Network protocol vulnerability
- Packet sniffing
Exploiting known vulnerability is a common threat vector for:
A. Legacy systems/apps
B. Unsupported systems/apps
C. Newly released systems/apps
D. Systems/apps with zero-day vulnerability
Unsupported systems/apps
A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is called:
WPA, WPS, WEP or WAP ?
WPS (Wi-Fi Protected Setup)
A network security standard designed to simplify Wi-Fi connections for home users, but notoriously vulnerable to brute-force attacks due to flawed design.
Analogy: WPS is like a shortcut button on your router—convenient but so poorly designed that burglars can guess the code in hours.
Wireless technologies that are considered potential threat vectors and should be avoided due to their known vulnerabilities
WPS (Wi-Fi Protected Setup)
A convenience feature for easy Wi-Fi connections (via PIN or button press), but critically flawed—PINs can be brute-forced in hours.
Analogy: WPS is like a weak luggage lock—convenient but easily picked, leaving your network exposed.
WPA (Wi-Fi Protected Access)
The replacement for WEP, introducing TKIP encryption and dynamic keys. Better than WEP but now obsolete due to vulnerabilities.
Analogy: WPA is like upgrading from a screen door to a wooden one—stronger, but still kickable.
WPA2
The long-time security standard (2004–2018) using AES-CCMP encryption. Secure if configured properly, but vulnerable to KRACK attacks (2017).
Analogy: WPA2 is like a solid deadbolt—reliable for years, but pickable with advanced tools.
WEP (Wired Equivalent Privacy)
The original (1997) and catastrophically broken Wi-Fi encryption. Crackable in minutes with tools like Aircrack-ng.
Analogy: WEP is like a padlock with a keyhole on both sides—useless against even amateur hackers.
Protocol | Encryption | Status | Key Flaw |
Common threat vectors that apply to MSPs, vendors, and suppliers in the supply chain
- Propagation of malware
- Social engineering techniques
BEC (Business Email Compromise) Attack
A sophisticated scam where attackers impersonate executives, vendors, or trusted partners to trick employees into wiring money, sharing sensitive data, or changing payment details—costing businesses billions annually.
Analogy: BEC is like a con artist forging a CEO’s signature on a fake invoice—no malware needed, just psychological manipulation.
A BEC attack is an example of:
- Phishing
- Pharming
A type of exploit in which an application overwrites the contents of a memory area it should not have access to is called:
A. DLL injection
B. Buffer overflow
C. Memory leak
D. Privilege escalation
Buffer Overflow Attack
A cyberattack where hackers exploit poorly coded programs by flooding a memory buffer with more data than it can hold, overwriting adjacent memory to crash systems or execute malicious code.
Analogy: A buffer overflow is like pouring a gallon of water into a cup—the excess spills into nearby areas (memory), damaging whatever’s there or triggering unintended actions.
A malfunction in a preprogrammed sequential access to a shared resource is described as:
A. Race condition
B. Concurrency error
C. Multithreading
D. Synchronisation error
Race Condition Attack
A vulnerability where a system’s output depends on the unpredictable timing of events (e.g., two threads/processes accessing shared resources simultaneously), allowing attackers to exploit delays and manipulate outcomes.
Analogy: A race condition is like two people trying to withdraw cash from the same bank account at the same time—the system might let both succeed, overdrawing the account.
Cross-site scripting attack
A. Exploits the trust a user’s web browser has in a website
B. A malicious script is injected into a trusted website
C. User’s browser executes attacker’s script
Bloatware
A. Pre-installed on a device by the device manufacturer or retailer.
B. Generally considered undesirable due to negative impact on system performance.
C. Installed without user consent.
Computer Virus
A. A self-replicating computer program containing malicious segment.
B. Malware that typically requires its host application to be run to make the virus active.
C. Malicious code that typically attaches itself to an application program or other executable component.
Remapping a domain name to a rogue IP address is an example of what kind of exploit?
A. URL hijacking
B. DNS cache poisoning
C. Domain hijacking
D. ARP poisoning
DNS Cache Poisoning (DNS Spoofing)
A cyberattack where hackers corrupt a DNS server’s cache with fake records, redirecting users to malicious sites (e.g., phishing pages) instead of legitimate ones.
Analogy: DNS cache poisoning is like tampering with a phonebook—when you look up a business, you’re given a fake number that sends you to a scammer.
A wireless disassociation attack is a type of:
Deauthentication Attack (Deauth Attack)
A wireless attack that forcibly disconnects devices from a Wi-Fi network by flooding them with fake “deauth” frames, exploiting a design flaw in the 802.11 (Wi-Fi) protocol.
Analogy: A deauth attack is like jamming a walkie-talkie channel with static—legitimate users get kicked off and can’t communicate.
DoS (Denial of Service) Attack
A cyberattack that overwhelms a target system (server, network, or device) with excessive traffic or requests, rendering it unavailable to legitimate users.
Analogy: A DoS attack is like a mob flooding a store’s entrance—real customers can’t get in, and business grinds to a halt.
Characteristic features of a session ID ?
- Enables the server to identify the session and retrieve the corresponding session data.
- A unique identifier assigned by the website to a specific user.
- A piece of data that can be stored in a cookie, or embedded as a URL parameter.
- Stored on the client side (in the user’s browser) and sent to the server with each request.
CSRF/XSRF Attack
- Exploits the trust a website has in the user’s web browser.
- A user is tricked by an attacker into submitting unauthorised web requests.
- Website executes attacker’s requests.
A dot-dot-slash attack is also referred to as:
A. Disassociation attack
B. On-path attack
C. Directory traversal attack
D. Downgrade attack
Directory Traversal Attack (Path Traversal)
A web attack where hackers exploit poor input validation to access files/directories outside the server’s intended root folder (e.g., /etc/passwd, C:\Windows\system.ini).
Analogy: Directory traversal is like tricking a librarian into fetching books from the “staff only” archive—using sneaky path tricks (../).
Hash Collision
Hash Collision Attack
A cryptographic attack where two different inputs produce the same hash output, allowing attackers to forge data, break authentication, or compromise digital signatures.
Analogy: A hash collision is like two different keys opening the same lock—defeating the purpose of unique identifiers.
Which cryptographic attack relies on the concepts of probability theory?
A. Brute-force
B. KPA
C. Dictionary
D. Birthday
Birthday Attack
A cryptographic attack that exploits the birthday paradox to find hash collisions faster than brute force. It reduces the effort needed to create two different inputs with the same hash output (e.g., for forged signatures or malicious files).
Analogy: A birthday attack is like searching a crowded room for two people with the same birthday—it’s surprisingly easier than checking every pair individually.
A type of forensic evidence that can be used to detect unauthorised access attempts or other malicious activities is called:
A. CVE
B. IoC
C. AIS
D. OSINT
IoC (Indicators of Compromise)
Clues or evidence that a system may have been breached, such as unusual network traffic, suspicious files, or abnormal login attempts. These “digital footprints” help detect and investigate cyberattacks.
Analogy: IoCs are like crime scene evidence—strange fingerprints (log entries), broken locks (vulnerabilities), or stolen items (data exfiltration) that signal an intruder was present.
Which of the following provides granular control over user access to specific network segments and resources based on their assigned roles and permissions?
A. EDR
B. IAM
C. AAA
D. IPS
IAM (Identity and Access Management)
A security framework that ensures the right users (people, devices, or applications) have the right access to the right resources at the right time—while keeping unauthorised entities out.
Analogy: IAM is like a high-tech bouncer—it checks IDs (authentication), decides who gets into which rooms (authorisation), and revokes access when the party’s over.
Which of the following acronyms refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?
A. ACL
B. MFA
C. NAC
D. AUP
ACL (Access Control List)
A security mechanism that explicitly defines which users, systems, or processes can access specific resources (files, networks, devices) and what operations they can perform.
Analogy: An ACL is like a bouncer with a detailed checklist—it checks your ID (identity) against strict rules before letting you enter (access).
A rule-based access control mechanism implemented on routers, switches, and firewalls is referred to as:
A. MAC
B. AUP
C. DAC
D. ACL
ACL (Access Control List)
A security mechanism that explicitly defines which users, systems, or processes can access specific resources (files, networks, devices) and what operations they can perform.
Analogy: An ACL is like a bouncer with a detailed checklist—it checks your ID (identity) against strict rules before letting you enter (access).
Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?
A. Fair access policy
B. Implicit deny policy
C. Transitive trust
D. Context-aware authentication
Implicit Deny Policy
A security principle where access to a resource is automatically denied unless explicitly allowed by a rule. It acts as a final “catch-all” to block unauthorized access by default.
Analogy: Implicit deny is like a high-security building—all doors are locked by default, and you only get in if your keycard (permission) is pre-approved.
Which of the following answers does not refer to the concept of system/application isolation?
A. Virtualisation
B. Containerisation
C. Sandboxing
D. Data encryption
Data Encryption
The process of converting plaintext (readable data) into cipher-text (scrambled data) using cryptographic algorithms and keys to protect confidentiality. Only authorised parties with the correct key can decrypt and access the original data.
Analogy: Encryption is like a secret language—only those with the right “decoder ring” (key) can understand the message.
Concept of data isolation?
- DLP (Data Loss Prevention)
A security strategy and tools designed to prevent unauthorised access, leakage, or theft of sensitive data (e.g., PII, financial records, intellectual property) by monitoring, detecting, and blocking risky data transfers.
Analogy: DLP is like a bouncer + security scanner for your data—it checks what’s leaving the club (network) and stops VIPs (sensitive files) from sneaking out.
- EFS (Encrypting File System)
A built-in Windows feature that provides file-level encryption using symmetric (AES) and asymmetric (RSA) cryptography to protect sensitive data on NTFS drives.
Analogy: EFS is like a personal safe inside your office—only you (or authorised users) have the key, even if someone steals the entire cabinet (hard drive).
A type of document outlining the shared responsibilities between a CSP and its customers for securing and managing data and resources is known as: (Select best answer)
A. Service Level Agreement
B. Acceptable Use Policy
C. Cloud Responsibility Matrix
D. Master Service Agreement
Cloud Responsibility Matrix
A framework that defines the division of security and operational responsibilities between a cloud provider (e.g., AWS, Azure, GCP) and the customer, based on the service model used (IaaS, PaaS, SaaS).
Analogy: Renting a car vs. taking a taxi.
Which of the terms listed below refers to a method for managing infrastructure resources through scripts and templates?
IaaS, ML, IaC or SDN ?
IaC (Infrastructure as Code)
A DevOps practice that automates the provisioning and management of infrastructure (servers, networks, cloud resources) using machine-readable definition files (code), rather than manual processes.
Analogy: IaC is like baking with a recipe—instead of manually mixing ingredients each time, you write instructions (code) that a machine follows to consistently recreate the dish (infrastructure).
Which of the following provides isolation from external computer networks?
A. Network segmentation
B. Air gap
C. Hardware firewall
D. Protected cable distribution
Air Gap
A physical or logical isolation technique where a critical system or network is completely disconnected from unsecured environments (e.g., the internet, corporate LAN) to prevent cyberattacks.
Analogy: An air gap is like keeping a priceless painting in a vault with no doors—hackers can’t touch it because there’s no path to reach it.
Which of the following answers refers to software technology designed to simplify network infrastructure management?
SaaS, SDN, VDI or SNMP ?
SDN (Software-Defined Networking)
A networking architecture that separates the control plane (decision-making) from the data plane (packet forwarding), enabling centralised, programmable management of network traffic via software (e.g., OpenFlow).
Analogy: SDN is like a smart traffic control centre—instead of fixed stoplights (traditional routers), a central brain dynamically routes cars (data) based on real-time conditions.
Which of the following answers refers to a solution that allows multiple OSs to work simultaneously on the same hardware?
A. Clustering
B. Hyper-threading
C. Multitasking
D. Virtualisation
Virtualisation
A technology that creates multiple simulated (virtual) environments or resources—such as servers, storage, networks, or operating systems—from a single physical hardware system.
Analogy: Virtualisation is like turning one physical apartment building (server) into multiple virtual apartments (VMs), each with its own isolated utilities and tenants.
Which of the answers listed below refers to a network of interconnected devices equipped with sensors (such as wearable tech or home automation devices) that can interact with each other to perform various tasks and functions?
ICS, PAN, IoT or SoC ?
IoT (Internet of Things)
A network of physical devices (e.g., sensors, cameras, smart appliances) embedded with software and connectivity to collect, exchange, and act on data—often with minimal human intervention.
Analogy: IoT is like giving everyday objects (thermostats, fridges, streetlights) a brain and internet connection—letting them chat, learn, and automate tasks.
Which of the following refers to a broad term that encompasses various control and automation systems used in industrial settings to control and monitor physical processes and machinery?
ICS, PLC, SCADA or HMI ?
ICS (Industrial Control System)
A specialised network of hardware and software designed to monitor and control industrial processes in critical infrastructure (e.g., power plants, water treatment, manufacturing).
Analogy: ICS is the brain of a factory—sensors are its nerves, actuators are its muscles, and SCADA is its command centre.
Which of the answers listed below refers to a specific type of ICS?
SoC, CMS, SCADA or RTOS ?
SCADA (Supervisory Control and Data Acquisition)
A centralised industrial control system (ICS) that monitors and manages critical infrastructure (power grids, water treatment, oil pipelines) by collecting real-time data from field devices (PLCs, RTUs) and enabling remote control.
Analogy: SCADA is like a mission control centre—sensors (eyes/ears) report back, operators make decisions, and commands are sent to actuators (hands) to adjust physical processes.
Embedded Systems
- Often designed to operate in real-time or with low latency.
- Typically equipped with constrained computing resources and storage.
- Designed to perform a single task or a few closely related tasks within a larger system.
- Often integrated with hardware components like sensors and actuators.
Which of the following terms can be used to describe a system designed to aim for minimised downtime and uninterrupted operation?
ICS, HA, RTOS or SoC ?
HA (High Availability)
A system design approach that ensures maximum uptime and continuous operation by eliminating single points of failure, using redundancy, failover mechanisms, and automated recovery.
Analogy: HA is like having a backup generator for your home—if the main power fails, the backup kicks in instantly, so you never notice the outage.
Which of the following answers refer to passive network monitoring techniques? (Select 2 answers)
A. Network tap
B. Trunk port
C. Port mirroring
D. SNMP trap
E. Registered port
Port Mirroring (SPAN - Switched Port Analyser)
A network monitoring technique that copies traffic from one or more source ports (or VLANs) to a designated mirror port for analysis, without disrupting the original data flow.
Analogy: Port mirroring is like a security camera in a store—it duplicates all activity (packets) for review, while the actual shopping (network traffic) continues uninterrupted.
Network TAP (Test Access Point)
A hardware device that passively captures all network traffic (including errors) by physically splitting traffic between two points, ensuring 100% visibility without affecting the original data flow.
Analogy: A network TAP is like a fiber-optic splitter—it silently duplicates every passing car (data packet) for inspection, while the highway (network) keeps running at full speed.
A type of hardened server used as a secure gateway for remote administration of devices placed in a different security zone is called:
A. C2 server
B. Jump server
C. UC server
D. Proxy server
Jump Server (Jump Host/Bastion Host)
A hardened server that acts as a secure gateway to access and manage devices in isolated or high-risk network zones (e.g., production environments, DMZs). All access to critical systems must pass through this controlled checkpoint.
Analogy: A jump server is like a security checkpoint at a high-risk facility—you must pass through guarded gates (the jump host) to reach sensitive areas (internal servers), leaving a verified audit trail.
A computer system or an application that acts as an intermediary between another computer and the Internet is commonly referred to as:
A. Bridge
B. Active hub
C. Server
D. Proxy
Proxy Server
An intermediary server that acts as a gateway between users and the internet, forwarding requests while masking the client’s identity or enforcing security policies.
Analogy: A proxy is like a concierge—you tell it what you want (e.g., a website), and it fetches it for you, hiding your room number (IP address) from outsiders.
In active-passive mode, load balancers distribute network traffic across:
A. All servers
B. Servers marked as active
C. Least utilised servers
D. Servers marked as passive
Servers marked as active
Which of the following EAP methods offers the highest level of security?
A. PEAP
B. EAP-FAST
C. EAP-TLS
D. EAP-TTLS
EAP-TLS (Extensible Authentication Protocol - Transport Layer Security)
A highly secure authentication protocol used in wireless (Wi-Fi) and VPN networks, leveraging X.509 digital certificates for mutual authentication between clients and servers.
Analogy: EAP-TLS is like a high-security ID check—both you (client) and the bouncer (server) present unforgeable government-issued IDs (certificates) before granting access.
Layer 4 Firewall
A network security system that filters traffic based on transport-layer information—source/destination IP addresses, ports, and protocols (TCP/UDP)—without inspecting the actual content of the packets.
Analogy: A Layer 4 firewall is like a stadium security guard who only checks your ticket (IP/port) but doesn’t care what’s in your bag (payload).
A. Filters traffic based on source/destination IP addresses, ports, and protocol types (e.g., TCP/UDP)
B. Offers basic (faster) traffic filtering.
C. Operates at the transport layer of the OSI model.
Layer 7 Firewall (Application Firewall)
A security system that filters and controls network traffic based on application-layer data (HTTP, DNS, FTP, etc.), unlike traditional firewalls that only inspect lower layers (IP/ports). It enforces granular policies by analysing content, user behaviour, and API calls.
Analogy: A Layer 7 firewall is like a bouncer who checks not just your ID (IP/port) but also your social media (application behaviour) before letting you into the club.
A. Offers complex (slower) traffic filtering
B. Adds the ability to inspect the contents of data packets in addition to the header information.
C. Operates at the application layer of the OSI model
Examples of protocols typically used for implementing secure VPN tunnels include: (Select all that apply)
IPsec (Internet Protocol Security)
A suite of protocols for securing IP communications by encrypting and authenticating each packet. Used in VPNs and site-to-site tunnels.
Analogy: IPsec is like an armored truck for your data—everything inside is sealed and verified before delivery.
SRTP (Secure Real-time Transport Protocol)
Encrypts voice/video traffic (e.g., VoIP, WebRTC) to prevent eavesdropping or tampering.
Analogy: SRTP is like a scrambled radio channel—only authorised receivers can decode the stream.
TLS (Transport Layer Security)
Encrypts data in transit (e.g., HTTPS, email, VPNs) using asymmetric + symmetric crypto.
Analogy: TLS is like a sealed envelope—only the recipient can open it.
L2TP (Layer 2 Tunneling Protocol)
A VPN protocol that tunnels traffic between networks but requires IPsec for encryption.
Analogy: L2TP is like a subway tunnel—IPsec adds the bulletproof walls.
Which of the answers listed below refers to a hardware or software solution providing secure remote access to networks and resources?
A. NAC
B. RDP
C. SSH
D. RAS
RAS (Remote Access Service)
A legacy Windows service that enabled dial-up and VPN connections to a network, primarily in older NT/2000 systems. Modern equivalents use DirectAccess or Always On VPN.
Analogy: RAS is like an old phone line for remote workers—functional but outdated, replaced by high-speed internet (modern VPNs).
Which of the following answers refers to a protocol designed to secure data transmitted over WLANs?
A. SCP
B. IPsec
C. SSH
D. WTLS
WTLS (Wireless Transport Layer Security)
A security protocol designed for WAP (Wireless Application Protocol) networks, providing encryption, authentication, and data integrity for mobile devices in pre-4G eras (e.g., early cell phones). Now obsolete, replaced by modern TLS.
Analogy: WTLS is like a rusty bike lock for old flip phones—it worked in its time, but wouldn’t stop today’s thieves.