Test 1

Question 1

In the TCP/IP model, packets are the Protocol Data Units (PDUs) of which layer?

Answer 1

Internetworks

Question 2

a secure computer system architecture for enforcing the separation of duties and the integrity of high-value transactions?

Answer 2

Clark-Wilson model

Question 3

As the IT Security Manager of a large financial institution, Aamir is working on implementing a new security system to protect against cyber attacks. He has the option of choosing between four different solutions. Which of the following options would be the most effective in preventing cyber-attacks?

Answer 3

Employing a full-time, dedicated cybersecurity team

Question 4

We are in a court where the evidence must be “the majority of the proof.” Which type of law does that relate to?

Answer 4

Civil law

Question 5

As the Chief Information Security Officer, you are responsible for conducting regular risk assessments to identify potential vulnerabilities in the company’s systems. What is a quantitative measure used in risk assessments to determine the potential impact of a security breach on an organization’s assets?

Answer 5

Asset Value (AV)

Question 6

When we are building a new server, if we want fault tolerance, which of these would we NOT use?

Answer 6

Single disks
(Fault tolerance is a system’s ability to continue operating normally even if it experiences failures or malfunctions)

Question 7

In order to ensure the safety of ThorTeaches.com’s sensitive data, it is crucial to identify any potential vulnerabilities or threats in the system. Which of the following is a method of identifying potential vulnerabilities and threats in a system?

Answer 7

Security audit

Question 8

What is the MOST important factor when implementing a security strategy for a new network?

Answer 8

Regular security audits

Question 9

What is the main difference between access control and identity and access management?

Answer 9

Access control is a subset of identity and access management, while identity and access management is a broader concept.

Question 10

What can we use digital signatures to provide?

Answer 10

Confidentiality, Integrity, Authentication

Question 11

What is the MOST important factor to consider when conducting digital forensics?

Answer 11

The integrity of the evidence

Question 12

As an IT Security professional, you are expected to perform due care. What does this mean?

Answer 12

You are expected to take reasonable steps to protect your organization’s data and assets from unauthorized access or harm.

Question 13

When assessing the accuracy of security control, which of the following indicators is the PRIMARY consideration?

Answer 13

The LOWEST number of false negatives

Question 14

What is the MOST common type of storage media used in WORM (Write Once, Read Many) systems?

Answer 14

Optical disc

Question 15

What type of authentication is used when a user’s password is hashed and compared to the stored hash value?

Answer 15

Single-factor authentication

Question 16

What is the process of identifying and analyzing the weaknesses of a system?

Answer 16

Threat modeling

Question 17

When would we deploy honeypots?

Answer 17

To collect information about potential attackers.

Question 18

Which of the following is the LOWEST layer of the OSI (Open Systems Interconnection) reference model?

Answer 18

Physical layer

Question 19

Which of the following is the HIGHEST layer in the TCP/IP model?

Answer 19

Application

Question 20

Your team has been tasked with evaluating the company’s current cybersecurity measures and identifying areas for improvement. What is the primary factor that determines the value of an asset in terms of its impact on an organization’s cyber security?

Answer 20

The asset’s potential to cause harm to the organization

Question 21

definition of MAO (Maximum Acceptable Outage)

Answer 21

The longest period of time that a system or service can be offline without causing significant damage to the organization.

Question 22

How do Identity and Access Management (IAM) and Encryption of Data at Rest (EDR) differ in terms of cloud security?

Answer 22

IAM ensures that only authorized users have access to data, while EDR ensures that data is encrypted when stored on cloud servers.

Question 23

Which of the following methods is the FIRST and LOWEST cost option for data destruction?

Answer 23

Overwriting

Question 24

What is Mandatory Access Control (MAC) based on?

Answer 24

Sensitivity labels

Question 25

What protocol is used to resolve the IP address to a physical address in a LAN (Local Area Network)?

Answer 25

ARP

Question 26

In a new implementation, we have chosen to use a Redundant Array of Independent Disks (RAID) 0 on a server; what does it tell us about the disk configuration?

Answer 26

The server has multiple disks, but no data redundancy

Question 27

Which of the following is the MOST effective way to prevent hash collision attacks in a cryptographic system?

Answer 27

Using a longer hash value

Question 28

When implementing a new security policy, what should be done FIRST?

Answer 28

Train employees on the new policy

Question 29

What is the term used to describe the process of granting permission for a system to operate within an organization’s network?

Answer 29

Accreditation

Question 30

What is the main difference between a positive list and a negative list in cyber security?

Answer 30

A positive list only allows certain IP addresses, while a negative list blocks them.

Question 31

What is the main difference between a vulnerability and a threat?

Answer 31

A vulnerability is a weakness in a system, while a threat is a potential consequence of that weakness.

Question 32

Which of the following is the BEST approach for managing code in a repository?

Answer 32

Implementing strict access controls and regularly updating the code

Question 33

Which of the following is NOT a factor that should be considered when developing a data retention policy?

Answer 33

The amount of storage space available on the company’s servers

Question 34

the MOST important factor to consider when implementing a records retention security policy?

Answer 34

The type of information being stored

Question 35

What is the primary function of a VPN (Virtual Private Network)?

Answer 35

To encrypt data in transit