Security Assessment

Question 1

What is the primary goal of security monitoring?

A. To prevent all system attacks.
B. To ensure accountability and detect incidents.
C. To encrypt data in transit.
D. To create network access policies.

Answer 1

B

Question 2

Which of the following is a feature of monitoring?

A. Data compression.
B. Real-time event analysis.
C. Physical network segmentation.
D. Role-based access control.

Answer 2

B

Question 3

Which tool is commonly used for log analysis in large networks?

A. Wireshark.
B. SIEM systems.
C. Nessus.
D. Hping.

Answer 3

B

Question 4

What is an audit log?

A. A collection of hashed passwords.
B. A log of user activities and system events.
C. A real-time threat mitigation mechanism.
D. A backup of sensitive data.

Answer 4

B

Question 5

What does SIEM stand for?

A. Security Information and Event Monitoring.
B. Secure Information and Endpoint Management.
C. Security Integration and Event Management.
D. Security Information and Event Management.

Answer 5

D

Question 6

Which of the following is NOT a function of a SIEM tool?

A. Real-time alerts.
B. Data encryption.
C. Report generation.
D. Log correlation.

Answer 6

B

Question 7

Which of these is a popular SIEM tool?

A. Splunk.
B. Wireshark.
C. OpenVAS.
D. Hping.

Answer 7

A

Question 8

How does a SIEM enhance threat detection?

A. By encrypting sensitive data.
B. By aggregating and analyzing logs from various sources.
C. By limiting user access to resources.
D. By blocking unauthorized users.

Answer 8

B

Question 9

What is the role of an Intrusion Detection System (IDS)?

A. To block malicious traffic.
B. To detect and alert about potential intrusions.
C. To monitor physical access points.
D. To create password policies.

Answer 9

B

Question 10

Which type of IDS relies on predefined patterns for detection?

A. Behavior-based IDS.
B. Signature-based IDS.
C. Host-based IDS.
D. Anomaly-based IDS.

Answer 10

B

Question 11

Which is a feature of Host-based IDS (HIDS)?

A. Monitors network traffic.
B. Detects unauthorized activities on a single host.
C. Filters packets at the firewall level.
D. Blocks malicious emails.

Answer 11

B

Question 12

What is the main limitation of behavior-based detection?

A. High false-positive rate.
B. Limited detection capability for zero-day attacks.
C. Inability to work in real-time.
D. Requirement for large storage space.

Answer 12

A

Question 13

What is the primary function of a firewall?

A. Encrypt sensitive data.
B. Block unauthorized access to a network.
C. Analyze hashed passwords.
D. Perform penetration tests.

Answer 13

B

Question 14

Which firewall type inspects individual packets for access control?

A. Stateful inspection.
B. Packet filtering.
C. Application gateway.
D. Circuit-level gateway.

Answer 14

B

Question 15

What is a Next-Generation Firewall (NGFW)?

A. A firewall that encrypts data.
B. A firewall with integrated intrusion prevention capabilities.
C. A physical firewall device for home networks.
D. A firewall only used in cloud environments.

Answer 15

B

Question 16

What is the purpose of a DMZ in firewall architecture?

A. To isolate internal resources from public-facing services.
B. To store encryption keys securely.
C. To manage distributed denial-of-service attacks.
D. To monitor login attempts.

Answer 16

A

Question 17

What is the goal of penetration testing?

A. To identify vulnerabilities in a system.
B. To encrypt sensitive data.
C. To prevent social engineering attacks.
D. To monitor network traffic in real-time.

Answer 17

A

Question 18

Which of the following is a penetration testing tool?

A. Metasploit.
B. Nessus.
C. Wireshark.
D. Hping.

Answer 18

A

Question 19

What is the first step in a penetration test?

A. Exploitation.
B. Pre-engagement.
C. Reporting.
D. Vulnerability scanning.

Answer 19

B

Question 20

What framework is commonly used for penetration testing?

A. PTES.
B. PCI DSS.
C. ISO 27001.
D. NIST SP 800-53.

Answer 20

A

Question 21

What is the primary purpose of vulnerability scanning?

A. To identify potential weaknesses in a system.
B. To monitor user activity logs.
C. To encrypt sensitive files.
D. To perform role-based access control.

Answer 21

A

Question 22

Which tool is widely used for network vulnerability scanning?

A. Nessus.
B. HIDS.
C. Metasploit.
D. Wireshark.

Answer 22

A

Question 23

What does OS fingerprinting determine?

A. The type of encryption used.
B. The operating system of a target machine.
C. The user permissions on a system.
D. The presence of malware on a host.

Answer 23

B

Question 24

Which of the following is a key feature of Nmap?

A. Password cracking.
B. Port scanning.
C. Encryption key generation.
D. Social engineering.

Answer 24

B

Question 25

What is a brute force attack?

A. An attack that floods a system with traffic.
B. Trying all possible combinations to guess a password.
C. An attempt to deceive users through phishing.
D. Using precomputed hash tables to crack passwords.

Answer 25

B

Question 26

What is a man-in-the-middle (MITM) attack?

A. Intercepting communication between two parties.
B. Cracking passwords using dictionary files.
C. Exploiting weaknesses in firewalls.
D. Deploying ransomware on a system.

Answer 26

A

Question 27

Which type of attack floods a network with traffic to disrupt its operations?

A. Spoofing.
B. DDoS.
C. Phishing.
D. Replay attack.

Answer 27

B

Question 28

What is spoofing?

A. Gaining unauthorized access by pretending to be someone else.
B. Encrypting traffic to secure communication.
C. Analyzing network packets for vulnerabilities.
D. Sending bulk spam emails to users.

Answer 28

A

Question 29

Which tool is primarily used for network sniffing?

A. Wireshark.
B. Nessus.
C. Metasploit.
D. Hping.

Answer 29

A

Question 30

What is the primary purpose of tcpdump?

A. Password hashing.
B. Capturing network packets.
C. Encrypting sensitive files.
D. Scanning open ports.

Answer 30

B

Question 31

What does ARP spoofing allow an attacker to do?

A. Redirect network traffic to their device.
B. Encrypt intercepted data packets.
C. Bypass a firewall.
D. Crack password hashes.

Answer 31

A

Question 32

Which tool is commonly used for packet injection?

A. Hping.
B. OpenVAS.
C. SIEM.
D. Splunk.

Answer 32

A

Question 33

What is phishing?

A. Sending fraudulent emails to steal user credentials.
B. Using brute force to crack a password.
C. Intercepting encrypted communication.
D. Exploiting vulnerabilities in software.

Answer 33

A

Question 34

Which tool is designed for social engineering attacks?

A. SET.
B. Hping.
C. Nessus.
D. Wireshark.

Answer 34

A

Question 35

What is a common target of social engineering?

A. Human users.
B. Firewalls.
C. Encryption algorithms.
D. Network switches.

Answer 35

A

Question 36

How can organizations defend against phishing?

A. Conducting user awareness training.
B. Encrypting network traffic.
C. Using port scanning tools.
D. Employing brute force defenses.

Answer 36

A

Question 37

What is the purpose of multi-factor authentication?

A. To require two or more forms of verification.
B. To encrypt all sensitive files.
C. To block unauthorized IP addresses.
D. To monitor real-time network traffic.

Answer 37

A

Question 38

Which is a strong password policy?

A. Using a minimum of 8 characters with a mix of types.
B. Limiting passwords to only numeric characters.
C. Allowing simple passwords for faster login.
D. Using the same password for all systems.

Answer 38

A

Question 39

What is the benefit of network segmentation?

A. Isolating critical systems to reduce attack surfaces.
B. Increasing overall bandwidth.
C. Reducing the need for firewalls.
D. Encrypting sensitive files by default.

Answer 39

A

Question 40

How does a VPN enhance security?

A. Encrypts data transmitted over public networks.
B. Prevents phishing attacks.
C. Monitors real-time logs for anomalies.
D. Isolates network traffic for analysis.

Answer 40

A

Question 41

What is a key benefit of using SIEM systems in an organization?

A. Automatic password reset.
B. Encryption of all data files.
C. Centralized log aggregation and analysis.
D. Reducing the need for firewalls.

Answer 41

C

Question 42

Which SIEM feature provides visual representation of security data?

A. Reports and dashboards.
B. Packet filtering.
C. Port scanning.
D. Password hashing.

Answer 42

A

Question 43

What is the role of correlation in SIEM?

A. To encrypt sensitive information.
B. To monitor user login attempts.
C. To generate hashing algorithms.
D. To group related events for deeper analysis.

Answer 43

D

Question 44

What is a primary challenge of SIEM systems?

A. Incompatibility with modern encryption.
B. Lack of network sniffing capabilities.
C. Limited support for user authentication.
D. High false positives due to event aggregation.

Answer 44

D

Question 45

Which detection method identifies anomalies by comparing with normal behavior?

A. Behavior-based detection.
B. Signature-based detection.
C. Knowledge-based detection.
D. Context-aware detection.

Answer 45

A

Question 46

What is the key difference between IDS and IPS?

A. IDS encrypts data; IPS decrypts it.
B. IDS alerts about intrusions; IPS blocks them.
C. IDS detects malware; IPS hashes passwords.
D. IDS monitors packets; IPS generates them.

Answer 46

B

Question 47

Which type of response does an active IDS employ?

A. Blocking or mitigating detected threats.
B. Logging events for later analysis.
C. Alerting administrators only.
D. Encrypting sensitive data.

Answer 47

A

Question 48

What is a passive response in IDS?

A. Automatically blocking unauthorized access.
B. Encrypting traffic on the network.
C. Isolating infected devices.
D. Generating alerts without taking corrective action.

Answer 48

D

Question 49

What is the purpose of the exploitation phase in penetration testing?

A. To encrypt traffic for secure communication.
B. To log events in real-time.
C. To analyze hashed passwords.
D. To exploit discovered vulnerabilities for deeper analysis.

Answer 49

D

Question 50

Which step of penetration testing involves defining rules of engagement?

A. Pre-engagement.
B. Exploitation.
C. Reporting.
D. Post-testing validation.

Answer 50

A

Question 51

What does the reporting phase of penetration testing include?

A. Detailed findings of vulnerabilities and remediation recommendations.
B. Generating encryption keys.
C. Monitoring network activity.
D. Scanning for open ports.

Answer 51

A

Question 52

Which penetration testing tool is used for exploit development?

A. Nessus.
B. Metasploit.
C. OpenVAS.
D. Wireshark.

Answer 52

B

Question 53

What is the purpose of reconnaissance in attack methods?

A. Cracking user passwords.
B. Encrypting data before transmission.
C. Testing system performance.
D. Gathering information about the target.

Answer 53

D

Question 54

What is OSINT used for in attacks?

A. Cracking encrypted files.
B. Performing brute force attacks.
C. Collecting publicly available information.
D. Deploying firewalls for protection.

Answer 54

C

Question 55

What is a common countermeasure for man-in-the-middle attacks?

A. Using secure communication protocols like HTTPS.
B. Implementing role-based access control.
C. Monitoring DNS records.
D. Disabling user accounts.

Answer 55

A

Question 56

Which method prevents DDoS attacks effectively?

A. Brute force detection.
B. Rate limiting and traffic filtering.
C. Packet sniffing with Wireshark.
D. Password complexity policies.

Answer 56

B

Question 57

What is the principle of least privilege in security?

A. Granting users only the access needed for their job.
B. Encrypting all system files by default.
C. Monitoring user login attempts.
D. Isolating infected devices.

Answer 57

A

Question 58

What is a key advantage of using SIEM in security management?

A. Encryption of user passwords.
B. Eliminating the need for firewalls.
C. Storing logs on physical servers.
D. Real-time event analysis and threat detection.

Answer 58

D

Question 59

Which tool is ideal for capturing and analyzing network traffic?

A. Nessus.
B. Metasploit.
C. Wireshark.
D. Splunk.

Answer 59

C

Question 60

How does multi-factor authentication enhance security?

A. By requiring two or more independent verification factors.
B. By replacing password-based systems.
C. By eliminating phishing attacks completely.
D. By encrypting data during storage.

Answer 60

A

Question 61

What is the main function of dashboards in SIEM systems?

A. Encrypting sensitive files.
B. Visualizing security event data.
C. Monitoring only internal traffic.
D. Resetting user passwords.

Answer 61

B

Question 62

Which SIEM capability helps identify trends over time?

A. Log correlation.
B. Historical data analysis.
C. Packet inspection.
D. Data encryption.

Answer 62

B

Question 63

What is a major drawback of implementing SIEM systems?

A. Incompatibility with firewalls.
B. Inefficiency in threat detection.
C. High cost and complexity.
D. Lack of scalability.

Answer 63

C

Question 64

What type of data does a SIEM aggregate?

A. Encrypted user passwords.
B. System files for malware analysis.
C. Phishing email content.
D. Logs from multiple sources like firewalls and IDS.

Answer 64

D

Question 65

What is an example of a network-based IDS?

A. Monitors packets traveling through the network.
B. Analyzes log files on individual hosts.
C. Encrypts sensitive traffic.
D. Resets compromised user passwords.

Answer 65

A

Question 66

Which detection method is most effective for zero-day attacks?

A. Signature-based detection.
B. Log-based detection.
C. Behavior-based detection.
D. Packet filtering.

Answer 66

C

Question 67

What type of response involves isolating compromised devices?

A. Active response.
B. Passive response.
C. Anomaly response.
D. Manual intervention.

Answer 67

A

Question 68

What is the role of an IDS signature?

A. To encrypt network traffic.
B. To reset user credentials.
C. To manage device configurations.
D. To identify known attack patterns.

Answer 68

D

Question 69

Which phase involves collecting information about the target system?

A. Intelligence gathering.
B. Exploitation.
C. Reporting.
D. Post-engagement.

Answer 69

A

Question 70

What is the purpose of the post-engagement phase in penetration testing?

A. Encrypting test results.
B. Resetting compromised
accounts.
C. Validating fixes for identified vulnerabilities.
D. Performing additional attacks.

Answer 70

C

Question 71

Which tool is ideal for discovering open ports during penetration testing?

A. Nmap.
B. Splunk.
C. Wireshark.
D. Nessus.

Answer 71

A

Question 72

What does PTES stand for?

A. Packet Transmission and Encryption System.
B. Password Testing and Encryption Suite.
C. Protected Threat Evaluation System.
D. Penetration Testing Execution Standard.

Answer 72

D

Question 73

Which tool focuses on identifying vulnerabilities in web applications?

A. Nmap.
B. Nikto.
C. Metasploit.
D. Wireshark.

Answer 73

B

Question 74

What is a limitation of vulnerability scanners?

A. Limited detection of encrypted traffic.
B. High rate of false positives.
C. Inability to scan open ports.
D. Lack of compatibility with SIEM.

Answer 74

B

Question 75

Which scanning method identifies live hosts in a network?

A. Port scan.
B. Ping sweep.
C. Packet sniffing.
D. DNS enumeration.

Answer 75

B

Question 76

How often should vulnerability scanning be performed?

A. Once a year.
B. Regularly, to identify new risks.
C. Only after a breach occurs.
D. During penetration testing only.

Answer 76

B

Question 77

What is the benefit of encryption in data security?

A. Ensures confidentiality during storage and transmission.
B. Reduces the risk of phishing attacks.
C. Enhances the speed of system processing.
D. Simplifies user authentication processes.

Answer 77

A

Question 78

What is a critical step in incident response?

A. Encrypting all system files.
B. Deploying phishing defenses.
C. Containing and mitigating the threat.
D. Monitoring DNS traffic.

Answer 78

C

Question 79

Which practice helps mitigate social engineering risks?

A. Encrypting all log files.
B. Using behavior-based IDS.
C. User awareness training.
D. Conducting brute force defenses.

Answer 79

C

Question 80

How does a secure password policy enhance security?

A. By limiting access to network switches.
B. By requiring complex and unique passwords for users.
C. By encrypting passwords with outdated algorithms.
D. By monitoring role-based access logs.

Answer 80

B

Question 81

Which tool is best suited for analyzing log files in real-time?

A. Nmap.
B. Metasploit.
C. OpenVAS.
D. Splunk.

Answer 81

D

Question 82

How does log correlation enhance threat detection?

A. By identifying relationships between disparate events.
B. By encrypting all logged data.
C. By isolating compromised hosts automatically.
D. By simplifying user role management.

Answer 82

A

Question 83

What is a proactive defense against phishing?

A. User training and awareness programs.
B. Implementing packet sniffers like Wireshark.
C. Running periodic vulnerability scans.
D. Using brute force-resistant hashing algorithms.

Answer 83

A

Question 84

What is a common feature of Next-Generation Firewalls (NGFWs)?

A. Automated log aggregation.
B. Integrated intrusion prevention.
C. Real-time password cracking.
D. Port scanning with signature analysis.

Answer 84

B

Question 85

Which tool is commonly used for password brute-forcing during penetration tests?

A. Hydra.
B. Splunk.
C. Nessus.
D. Nikto.

Answer 85

A

Question 86

Which type of reconnaissance uses publicly available information?

A. Active scanning.
B. DNS zone transfers.
C. ARP spoofing.
D. OSINT (Open-Source Intelligence).

Answer 86

D

Question 87

What is the last phase of penetration testing?

A. Reporting findings to stakeholders.
B. Exploiting identified vulnerabilities.
C. Conducting role-based access analysis.
D. Resetting compromised user accounts.

Answer 87

A

Question 88

What is the focus of vulnerability assessment?

A. Encrypting user credentials.
B. Real-time packet interception.
C. Identifying and prioritizing potential weaknesses.
D. Phishing and spamming.

Answer 88

C

Question 89

What is the primary use of Wireshark?

A. Cracking encrypted files.
B. Identifying open ports.
C. Capturing and analyzing network traffic.
D. Monitoring role-based logs.

Answer 89

C

Question 90

Which command in Nmap detects open ports on a host?

A. nmap -p <port-range>
B. nmap --hash-detect
C. nmap -r role-log
D. nmap -t <target></target></port-range>

Answer 90

A

Question 91

Which tool provides packet injection capabilities?

A. Hping.
B. Metasploit.
C. Nessus.
D. Nikto.

Answer 91

A

Question 92

What is the role of ARP spoofing in an attack?

A. Encrypting intercepted packets.
B. Analyzing vulnerability scan logs.
C. Cracking password hashes in real-time.
D. Redirecting traffic to an attacker’s device.

Answer 92

D

Question 93

Which principle ensures that users have minimal access rights?

A. Least Privilege.
B. Multi-Factor Authentication.
C. Behavior-Based Detection.
D. Host Isolation.

Answer 93

A

Question 94

What is a common feature of role-based access control (RBAC)?

A. Encrypting role-specific logs.
B. Scanning for outdated roles.
C. Assigning permissions based on job roles.
D. Automatically assigning passwords.

Answer 94

C

Question 95

How does encryption improve file security?

A. By increasing role-based permissions.
B. By converting sensitive data into unreadable formats.
C. By preventing phishing attacks.
D. By automating user authentication processes.

Answer 95

B

Question 96

What is a key advantage of using VPNs for remote access?

A. Securely encrypting traffic over public networks.
B. Reducing brute force attacks.
C. Monitoring real-time DNS activity.
D. Simplifying penetration testing.

Answer 96

A

Question 97

What is a primary step in incident response?

A. Encrypting incident logs.
B. Scanning for vulnerabilities.
C. Containing the threat to prevent further damage.
D. Deploying penetration testing tools.

Answer 97

C

Question 98

Which technique helps reduce attack surfaces in a network?

A. Brute force defenses.
B. Password hashing.
C. Multi-factor authentication.
D. Network segmentation.

Answer 98

D

Question 99

What is the purpose of implementing password policies?

A. To encrypt user credentials.
B. To enforce strong and unique passwords across systems.
C. To simplify access controls.
D. To restrict VPN access.

Answer 99

B

Question 100

How does user awareness training mitigate threats?

A. By reducing susceptibility to social engineering.
B. By encrypting sensitive data.
C. By detecting open ports.
D. By monitoring role-based access logs.

Answer 100

A