Security Assessment Flashcards
What is the primary goal of security monitoring?
A. To prevent all system attacks.
B. To ensure accountability and detect incidents.
C. To encrypt data in transit.
D. To create network access policies.
B
Which of the following is a feature of monitoring?
A. Data compression.
B. Real-time event analysis.
C. Physical network segmentation.
D. Role-based access control.
B
Which tool is commonly used for log analysis in large networks?
A. Wireshark.
B. SIEM systems.
C. Nessus.
D. Hping.
B
What is an audit log?
A. A collection of hashed passwords.
B. A log of user activities and system events.
C. A real-time threat mitigation mechanism.
D. A backup of sensitive data.
B
What does SIEM stand for?
A. Security Information and Event Monitoring.
B. Secure Information and Endpoint Management.
C. Security Integration and Event Management.
D. Security Information and Event Management.
D
Which of the following is NOT a function of a SIEM tool?
A. Real-time alerts.
B. Data encryption.
C. Report generation.
D. Log correlation.
B
Which of these is a popular SIEM tool?
A. Splunk.
B. Wireshark.
C. OpenVAS.
D. Hping.
A
How does a SIEM enhance threat detection?
A. By encrypting sensitive data.
B. By aggregating and analyzing logs from various sources.
C. By limiting user access to resources.
D. By blocking unauthorized users.
B
What is the role of an Intrusion Detection System (IDS)?
A. To block malicious traffic.
B. To detect and alert about potential intrusions.
C. To monitor physical access points.
D. To create password policies.
B
Which type of IDS relies on predefined patterns for detection?
A. Behavior-based IDS.
B. Signature-based IDS.
C. Host-based IDS.
D. Anomaly-based IDS.
B
Which is a feature of Host-based IDS (HIDS)?
A. Monitors network traffic.
B. Detects unauthorized activities on a single host.
C. Filters packets at the firewall level.
D. Blocks malicious emails.
B
What is the main limitation of behavior-based detection?
A. High false-positive rate.
B. Limited detection capability for zero-day attacks.
C. Inability to work in real-time.
D. Requirement for large storage space.
A
What is the primary function of a firewall?
A. Encrypt sensitive data.
B. Block unauthorized access to a network.
C. Analyze hashed passwords.
D. Perform penetration tests.
B
Which firewall type inspects individual packets for access control?
A. Stateful inspection.
B. Packet filtering.
C. Application gateway.
D. Circuit-level gateway.
B
What is a Next-Generation Firewall (NGFW)?
A. A firewall that encrypts data.
B. A firewall with integrated intrusion prevention capabilities.
C. A physical firewall device for home networks.
D. A firewall only used in cloud environments.
B
What is the purpose of a DMZ in firewall architecture?
A. To isolate internal resources from public-facing services.
B. To store encryption keys securely.
C. To manage distributed denial-of-service attacks.
D. To monitor login attempts.
A
What is the goal of penetration testing?
A. To identify vulnerabilities in a system.
B. To encrypt sensitive data.
C. To prevent social engineering attacks.
D. To monitor network traffic in real-time.
A
Which of the following is a penetration testing tool?
A. Metasploit.
B. Nessus.
C. Wireshark.
D. Hping.
A
What is the first step in a penetration test?
A. Exploitation.
B. Pre-engagement.
C. Reporting.
D. Vulnerability scanning.
B
What framework is commonly used for penetration testing?
A. PTES.
B. PCI DSS.
C. ISO 27001.
D. NIST SP 800-53.
A
What is the primary purpose of vulnerability scanning?
A. To identify potential weaknesses in a system.
B. To monitor user activity logs.
C. To encrypt sensitive files.
D. To perform role-based access control.
A
Which tool is widely used for network vulnerability scanning?
A. Nessus.
B. HIDS.
C. Metasploit.
D. Wireshark.
A
What does OS fingerprinting determine?
A. The type of encryption used.
B. The operating system of a target machine.
C. The user permissions on a system.
D. The presence of malware on a host.
B
Which of the following is a key feature of Nmap?
A. Password cracking.
B. Port scanning.
C. Encryption key generation.
D. Social engineering.
B
What is a brute force attack?
A. An attack that floods a system with traffic.
B. Trying all possible combinations to guess a password.
C. An attempt to deceive users through phishing.
D. Using precomputed hash tables to crack passwords.
B
What is a man-in-the-middle (MITM) attack?
A. Intercepting communication between two parties.
B. Cracking passwords using dictionary files.
C. Exploiting weaknesses in firewalls.
D. Deploying ransomware on a system.
A
Which type of attack floods a network with traffic to disrupt its operations?
A. Spoofing.
B. DDoS.
C. Phishing.
D. Replay attack.
B
What is spoofing?
A. Gaining unauthorized access by pretending to be someone else.
B. Encrypting traffic to secure communication.
C. Analyzing network packets for vulnerabilities.
D. Sending bulk spam emails to users.
A
Which tool is primarily used for network sniffing?
A. Wireshark.
B. Nessus.
C. Metasploit.
D. Hping.
A
What is the primary purpose of tcpdump?
A. Password hashing.
B. Capturing network packets.
C. Encrypting sensitive files.
D. Scanning open ports.
B
What does ARP spoofing allow an attacker to do?
A. Redirect network traffic to their device.
B. Encrypt intercepted data packets.
C. Bypass a firewall.
D. Crack password hashes.
A
Which tool is commonly used for packet injection?
A. Hping.
B. OpenVAS.
C. SIEM.
D. Splunk.
A
What is phishing?
A. Sending fraudulent emails to steal user credentials.
B. Using brute force to crack a password.
C. Intercepting encrypted communication.
D. Exploiting vulnerabilities in software.
A
Which tool is designed for social engineering attacks?
A. SET.
B. Hping.
C. Nessus.
D. Wireshark.
A
What is a common target of social engineering?
A. Human users.
B. Firewalls.
C. Encryption algorithms.
D. Network switches.
A
How can organizations defend against phishing?
A. Conducting user awareness training.
B. Encrypting network traffic.
C. Using port scanning tools.
D. Employing brute force defenses.
A
What is the purpose of multi-factor authentication?
A. To require two or more forms of verification.
B. To encrypt all sensitive files.
C. To block unauthorized IP addresses.
D. To monitor real-time network traffic.
A
Which is a strong password policy?
A. Using a minimum of 8 characters with a mix of types.
B. Limiting passwords to only numeric characters.
C. Allowing simple passwords for faster login.
D. Using the same password for all systems.
A
What is the benefit of network segmentation?
A. Isolating critical systems to reduce attack surfaces.
B. Increasing overall bandwidth.
C. Reducing the need for firewalls.
D. Encrypting sensitive files by default.
A
How does a VPN enhance security?
A. Encrypts data transmitted over public networks.
B. Prevents phishing attacks.
C. Monitors real-time logs for anomalies.
D. Isolates network traffic for analysis.
A
What is a key benefit of using SIEM systems in an organization?
A. Automatic password reset.
B. Encryption of all data files.
C. Centralized log aggregation and analysis.
D. Reducing the need for firewalls.
C
Which SIEM feature provides visual representation of security data?
A. Reports and dashboards.
B. Packet filtering.
C. Port scanning.
D. Password hashing.
A
What is the role of correlation in SIEM?
A. To encrypt sensitive information.
B. To monitor user login attempts.
C. To generate hashing algorithms.
D. To group related events for deeper analysis.
D
What is a primary challenge of SIEM systems?
A. Incompatibility with modern encryption.
B. Lack of network sniffing capabilities.
C. Limited support for user authentication.
D. High false positives due to event aggregation.
D
Which detection method identifies anomalies by comparing with normal behavior?
A. Behavior-based detection.
B. Signature-based detection.
C. Knowledge-based detection.
D. Context-aware detection.
A
What is the key difference between IDS and IPS?
A. IDS encrypts data; IPS decrypts it.
B. IDS alerts about intrusions; IPS blocks them.
C. IDS detects malware; IPS hashes passwords.
D. IDS monitors packets; IPS generates them.
B
Which type of response does an active IDS employ?
A. Blocking or mitigating detected threats.
B. Logging events for later analysis.
C. Alerting administrators only.
D. Encrypting sensitive data.
A
What is a passive response in IDS?
A. Automatically blocking unauthorized access.
B. Encrypting traffic on the network.
C. Isolating infected devices.
D. Generating alerts without taking corrective action.
D
What is the purpose of the exploitation phase in penetration testing?
A. To encrypt traffic for secure communication.
B. To log events in real-time.
C. To analyze hashed passwords.
D. To exploit discovered vulnerabilities for deeper analysis.
D
Which step of penetration testing involves defining rules of engagement?
A. Pre-engagement.
B. Exploitation.
C. Reporting.
D. Post-testing validation.
A
What does the reporting phase of penetration testing include?
A. Detailed findings of vulnerabilities and remediation recommendations.
B. Generating encryption keys.
C. Monitoring network activity.
D. Scanning for open ports.
A
Which penetration testing tool is used for exploit development?
A. Nessus.
B. Metasploit.
C. OpenVAS.
D. Wireshark.
B
What is the purpose of reconnaissance in attack methods?
A. Cracking user passwords.
B. Encrypting data before transmission.
C. Testing system performance.
D. Gathering information about the target.
D
What is OSINT used for in attacks?
A. Cracking encrypted files.
B. Performing brute force attacks.
C. Collecting publicly available information.
D. Deploying firewalls for protection.
C
What is a common countermeasure for man-in-the-middle attacks?
A. Using secure communication protocols like HTTPS.
B. Implementing role-based access control.
C. Monitoring DNS records.
D. Disabling user accounts.
A
Which method prevents DDoS attacks effectively?
A. Brute force detection.
B. Rate limiting and traffic filtering.
C. Packet sniffing with Wireshark.
D. Password complexity policies.
B
What is the principle of least privilege in security?
A. Granting users only the access needed for their job.
B. Encrypting all system files by default.
C. Monitoring user login attempts.
D. Isolating infected devices.
A
What is a key advantage of using SIEM in security management?
A. Encryption of user passwords.
B. Eliminating the need for firewalls.
C. Storing logs on physical servers.
D. Real-time event analysis and threat detection.
D
Which tool is ideal for capturing and analyzing network traffic?
A. Nessus.
B. Metasploit.
C. Wireshark.
D. Splunk.
C
How does multi-factor authentication enhance security?
A. By requiring two or more independent verification factors.
B. By replacing password-based systems.
C. By eliminating phishing attacks completely.
D. By encrypting data during storage.
A
What is the main function of dashboards in SIEM systems?
A. Encrypting sensitive files.
B. Visualizing security event data.
C. Monitoring only internal traffic.
D. Resetting user passwords.
B
Which SIEM capability helps identify trends over time?
A. Log correlation.
B. Historical data analysis.
C. Packet inspection.
D. Data encryption.
B
What is a major drawback of implementing SIEM systems?
A. Incompatibility with firewalls.
B. Inefficiency in threat detection.
C. High cost and complexity.
D. Lack of scalability.
C
What type of data does a SIEM aggregate?
A. Encrypted user passwords.
B. System files for malware analysis.
C. Phishing email content.
D. Logs from multiple sources like firewalls and IDS.
D
What is an example of a network-based IDS?
A. Monitors packets traveling through the network.
B. Analyzes log files on individual hosts.
C. Encrypts sensitive traffic.
D. Resets compromised user passwords.
A
Which detection method is most effective for zero-day attacks?
A. Signature-based detection.
B. Log-based detection.
C. Behavior-based detection.
D. Packet filtering.
C
What type of response involves isolating compromised devices?
A. Active response.
B. Passive response.
C. Anomaly response.
D. Manual intervention.
A
What is the role of an IDS signature?
A. To encrypt network traffic.
B. To reset user credentials.
C. To manage device configurations.
D. To identify known attack patterns.
D
Which phase involves collecting information about the target system?
A. Intelligence gathering.
B. Exploitation.
C. Reporting.
D. Post-engagement.
A
What is the purpose of the post-engagement phase in penetration testing?
A. Encrypting test results.
B. Resetting compromised
accounts.
C. Validating fixes for identified vulnerabilities.
D. Performing additional attacks.
C
Which tool is ideal for discovering open ports during penetration testing?
A. Nmap.
B. Splunk.
C. Wireshark.
D. Nessus.
A
What does PTES stand for?
A. Packet Transmission and Encryption System.
B. Password Testing and Encryption Suite.
C. Protected Threat Evaluation System.
D. Penetration Testing Execution Standard.
D
Which tool focuses on identifying vulnerabilities in web applications?
A. Nmap.
B. Nikto.
C. Metasploit.
D. Wireshark.
B
What is a limitation of vulnerability scanners?
A. Limited detection of encrypted traffic.
B. High rate of false positives.
C. Inability to scan open ports.
D. Lack of compatibility with SIEM.
B
Which scanning method identifies live hosts in a network?
A. Port scan.
B. Ping sweep.
C. Packet sniffing.
D. DNS enumeration.
B
How often should vulnerability scanning be performed?
A. Once a year.
B. Regularly, to identify new risks.
C. Only after a breach occurs.
D. During penetration testing only.
B
What is the benefit of encryption in data security?
A. Ensures confidentiality during storage and transmission.
B. Reduces the risk of phishing attacks.
C. Enhances the speed of system processing.
D. Simplifies user authentication processes.
A
What is a critical step in incident response?
A. Encrypting all system files.
B. Deploying phishing defenses.
C. Containing and mitigating the threat.
D. Monitoring DNS traffic.
C
Which practice helps mitigate social engineering risks?
A. Encrypting all log files.
B. Using behavior-based IDS.
C. User awareness training.
D. Conducting brute force defenses.
C
How does a secure password policy enhance security?
A. By limiting access to network switches.
B. By requiring complex and unique passwords for users.
C. By encrypting passwords with outdated algorithms.
D. By monitoring role-based access logs.
B
Which tool is best suited for analyzing log files in real-time?
A. Nmap.
B. Metasploit.
C. OpenVAS.
D. Splunk.
D
How does log correlation enhance threat detection?
A. By identifying relationships between disparate events.
B. By encrypting all logged data.
C. By isolating compromised hosts automatically.
D. By simplifying user role management.
A
What is a proactive defense against phishing?
A. User training and awareness programs.
B. Implementing packet sniffers like Wireshark.
C. Running periodic vulnerability scans.
D. Using brute force-resistant hashing algorithms.
A
What is a common feature of Next-Generation Firewalls (NGFWs)?
A. Automated log aggregation.
B. Integrated intrusion prevention.
C. Real-time password cracking.
D. Port scanning with signature analysis.
B
Which tool is commonly used for password brute-forcing during penetration tests?
A. Hydra.
B. Splunk.
C. Nessus.
D. Nikto.
A
Which type of reconnaissance uses publicly available information?
A. Active scanning.
B. DNS zone transfers.
C. ARP spoofing.
D. OSINT (Open-Source Intelligence).
D
What is the last phase of penetration testing?
A. Reporting findings to stakeholders.
B. Exploiting identified vulnerabilities.
C. Conducting role-based access analysis.
D. Resetting compromised user accounts.
A
What is the focus of vulnerability assessment?
A. Encrypting user credentials.
B. Real-time packet interception.
C. Identifying and prioritizing potential weaknesses.
D. Phishing and spamming.
C
What is the primary use of Wireshark?
A. Cracking encrypted files.
B. Identifying open ports.
C. Capturing and analyzing network traffic.
D. Monitoring role-based logs.
C
Which command in Nmap detects open ports on a host?
A. nmap -p <port-range>
B. nmap --hash-detect
C. nmap -r role-log
D. nmap -t <target></target></port-range>
A
Which tool provides packet injection capabilities?
A. Hping.
B. Metasploit.
C. Nessus.
D. Nikto.
A
What is the role of ARP spoofing in an attack?
A. Encrypting intercepted packets.
B. Analyzing vulnerability scan logs.
C. Cracking password hashes in real-time.
D. Redirecting traffic to an attacker’s device.
D
Which principle ensures that users have minimal access rights?
A. Least Privilege.
B. Multi-Factor Authentication.
C. Behavior-Based Detection.
D. Host Isolation.
A
What is a common feature of role-based access control (RBAC)?
A. Encrypting role-specific logs.
B. Scanning for outdated roles.
C. Assigning permissions based on job roles.
D. Automatically assigning passwords.
C
How does encryption improve file security?
A. By increasing role-based permissions.
B. By converting sensitive data into unreadable formats.
C. By preventing phishing attacks.
D. By automating user authentication processes.
B
What is a key advantage of using VPNs for remote access?
A. Securely encrypting traffic over public networks.
B. Reducing brute force attacks.
C. Monitoring real-time DNS activity.
D. Simplifying penetration testing.
A
What is a primary step in incident response?
A. Encrypting incident logs.
B. Scanning for vulnerabilities.
C. Containing the threat to prevent further damage.
D. Deploying penetration testing tools.
C
Which technique helps reduce attack surfaces in a network?
A. Brute force defenses.
B. Password hashing.
C. Multi-factor authentication.
D. Network segmentation.
D
What is the purpose of implementing password policies?
A. To encrypt user credentials.
B. To enforce strong and unique passwords across systems.
C. To simplify access controls.
D. To restrict VPN access.
B
How does user awareness training mitigate threats?
A. By reducing susceptibility to social engineering.
B. By encrypting sensitive data.
C. By detecting open ports.
D. By monitoring role-based access logs.
A
