Which of the following is the primary goal of network security? Flashcards by Sara Queiroz

Which of the following is the primary goal of network security?

a) Increase network speed
b) Reduce network complexity
c) Protect data, devices, and users from threats
d) Improve hardware performance

c) Protect data, devices, and users from threats

How well did you know this?

Not at all

Perfectly

What does the CIA triad stand for in cybersecurity?
a) Confidentiality, Integrity, Availability
b) Cybersecurity, Intelligence, Authentication
c) Compliance, Integrity, Access
d) Control, Identification, Authorization

a) Confidentiality, Integrity, Availability

How well did you know this?

Not at all

Perfectly

Which of the following is an example of social engineering?
a) Brute-force attack
b) Phishing email
c) SQL injection
d) DDoS attack

b) Phishing email

How well did you know this?

Not at all

Perfectly

Which security model enforces the principle of “least privilege”?
a) Bell-LaPadula Model
b) Biba Model
c) Role-Based Access Control (RBAC)
d) Open Systems Interconnection (OSI) Model

c) Role-Based Access Control (RBAC)

How well did you know this?

Not at all

Perfectly

Which of the following is NOT an example of malware?
a) Trojan horse
b) Rootkit
c) Firewall
d) Ransomware

c) Firewall

How well did you know this?

Not at all

Perfectly

Defense in Depth (DiD) is a cybersecurity strategy that employs multiple layers of security controls to protect information and networks.

How well did you know this?

Not at all

Perfectly

What is a firewall, and how does it contribute to network security?

a) A firewall is a physical barrier that prevents unauthorized personnel from entering a server room.

b) A firewall is a security device that monitors and controls network traffic based on predefined rules to prevent unauthorized access and cyber threats.

c) A firewall is a type of antivirus software designed to detect and remove malware from individual devices.

d) A firewall is a tool used to increase internet speed by filtering out unnecessary data packets.

b) A firewall is a security device that monitors and controls network traffic based on predefined rules to prevent unauthorized access and cyber threats.

How well did you know this?

Not at all

Perfectly

Which of the following are types of firewalls?
a) Packet Filtering Firewall and Stateful Inspection Firewall
b) DNS Firewall and Proxy Firewall
c) VPN Firewall and Encryption Firewall
d) Trojan Firewall and Malware Firewall

a) Packet Filtering Firewall and Stateful Inspection Firewall

How well did you know this?

Not at all

Perfectly

How does Multi-Factor Authentication (MFA) enhance security?
a) It requires multiple methods of verification, reducing the risk of unauthorized access.
b) It replaces passwords with a single security question.
c) It encrypts all network traffic automatically.
d) It prevents phishing attacks by blocking all external communications.

a) It requires multiple methods of verification, reducing the risk of unauthorized access.

How well did you know this?

Not at all

Perfectly

What are the three common factors used in Multi-Factor Authentication (MFA)?
a) Username, Password, and IP Address
b) Something You Know, Something You Have, and Something You Are
c) Fingerprint, Facial Recognition, and CAPTCHA
d) Email, SMS Code, and Security Question

b) Something You Know, Something You Have, and Something You Are

How well did you know this?

Not at all

Perfectly

What is the primary difference between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?
a) IDS blocks malicious traffic, while IPS only detects and logs threats.
b) IDS detects and alerts on suspicious activities, while IPS actively blocks and mitigates threats.
c) IDS replaces firewalls, while IPS replaces antivirus software.
d) IDS and IPS perform the same function but use different algorithms.

b) IDS detects and alerts on suspicious activities, while IPS actively blocks and mitigates threats.

How well did you know this?

Not at all

Perfectly

Which network security protocol is primarily used to encrypt web traffic over the internet?
a) HTTP
b) FTP
c) TLS/SSL
d) Telnet

c) TLS/SSL

How well did you know this?

Not at all

Perfectly

What is the primary purpose of the IPsec (Internet Protocol Security) protocol?

a) To encrypt email communications
b) To establish secure VPN connections by encrypting IP packets
c) To prevent SQL injection attacks
d) To filter network traffic based on domain names

b) To establish secure VPN connections by encrypting IP packets

How well did you know this?

Not at all

Perfectly

Which protocol is used for securely accessing network devices remotely?

a) Telnet
b) SSH
c) HTTP
d) SNMP

b) SSH

How well did you know this?

Not at all

Perfectly

What does WPA2 (Wi-Fi Protected Access 2) use to secure wireless networks?

a) AES encryption
b) WEP encryption
c) MD5 hashing
d) DES encryption

a) AES encryption

How well did you know this?

Not at all

Perfectly

Which protocol is commonly used for secure email transmission?

a) SMTP over TLS
b) HTTP
c) FTP
d) SNMP

a) SMTP over TLS

How well did you know this?

Not at all

Perfectly

Which of the following network security protocols is used for authentication and authorization in wireless networks and VPNs?

a) RADIUS
b) FTP
c) Telnet
d) ICMP

a) RADIUS

How well did you know this?

Not at all

Perfectly

What is the main function of the HTTPS protocol?

a) To encrypt and secure web traffic between a browser and a server
b) To establish VPN tunnels for secure communication
c) To secure file transfers over a network
d) To detect and prevent network intrusions

a) To encrypt and secure web traffic between a browser and a server

How well did you know this?

Not at all

Perfectly

Which of the following protocols provides encryption for emails at the application layer?

a) IMAP
b) PGP (Pretty Good Privacy)
c) DHCP
d) SNMP

b) PGP (Pretty Good Privacy)

How well did you know this?

Not at all

Perfectly

What is the primary role of the Kerberos authentication protocol?

a) To provide secure file transfers
b) To encrypt network packets at the transport layer
c) To authenticate users and services securely using tickets
d) To establish secure wireless connections

c) To authenticate users and services securely using tickets

How well did you know this?

Not at all

Perfectly

Which protocol is used to securely transfer files between a client and a server?

a) FTP
b) TFTP
c) SFTP
d) POP3

c) SFTP

How well did you know this?

Not at all

Perfectly

What is the primary purpose of access control in network security?

a) To improve network speed
b) To prevent unauthorized access to systems and data
c) To block all users from accessing resources
d) To allow unrestricted access to all users

b) To prevent unauthorized access to systems and data

How well did you know this?

Not at all

Perfectly

Which of the following best describes the Principle of Least Privilege (PoLP)?

a) Users should have full administrative access at all times
b) Users should only have the minimum permissions necessary to perform their tasks
c) All employees should share the same login credentials
d) Users should have unrestricted access to enhance productivity

b) Users should only have the minimum permissions necessary to perform their tasks

How well did you know this?

Not at all

Perfectly

What are the three main components of access control?

a) Authentication, Authorization, and Accounting (AAA)
b) Encryption, Hashing, and Firewalls
c) Backup, Recovery, and Logging
d) Identification, Notification, and Execution

a) Authentication, Authorization, and Accounting (AAA)

How well did you know this?

Not at all

Perfectly

Which of the following access control models is based on predefined roles assigned to users? a) Discretionary Access Control (DAC) b) Role-Based Access Control (RBAC) c) Mandatory Access Control (MAC) d) Attribute-Based Access Control (ABAC)

b) Role-Based Access Control (RBAC)

In which access control model does the system enforce access policies based on security labels (e.g., Top Secret, Confidential)? a) Role-Based Access Control (RBAC) b) Mandatory Access Control (MAC) c) Discretionary Access Control (DAC) d) Time-Based Access Control (TBAC)

b) Mandatory Access Control (MAC)

Which access control method allows the owner of a resource to determine who can access it? a) Mandatory Access Control (MAC) b) Discretionary Access Control (DAC) c) Role-Based Access Control (RBAC) d) Risk-Based Access Control

b) Discretionary Access Control (DAC)

Which access control model uses rules and attributes to determine access permissions dynamically? a) Role-Based Access Control (RBAC) b) Discretionary Access Control (DAC) c) Attribute-Based Access Control (ABAC) d) Identity-Based Access Control (IBAC)

c) Attribute-Based Access Control (ABAC)

What is an access control list (ACL)? a) A list of all users in an organization b) A security policy document outlining access levels c) A set of rules that determine which users or systems can access specific resources d) A log of all login attempts

c) A set of rules that determine which users or systems can access specific resources

In biometric authentication, which of the following is an example of "something you are"? a) Password b) Security token c) Fingerprint d) PIN code

c) Fingerprint

In which access control model does the system owner have full control over permissions and can grant or restrict access at their discretion? a) Mandatory Access Control (MAC) b) Role-Based Access Control (RBAC) c) Discretionary Access Control (DAC) d) Attribute-Based Access Control (ABAC)

c) Discretionary Access Control (DAC)

What is a key characteristic of Mandatory Access Control (MAC)? a) Users can set permissions for the resources they own b) Access is granted based on predefined security labels and clearance levels c) Permissions are assigned dynamically based on real-time risk factors d) Access is controlled by roles assigned to users

b) Access is granted based on predefined security labels and clearance levels

Which access control model uses attributes such as location, time, and device type to determine access permissions? a) Discretionary Access Control (DAC) b) Role-Based Access Control (RBAC) c) Attribute-Based Access Control (ABAC) d) Mandatory Access Control (MAC)

c) Attribute-Based Access Control (ABAC)

Which of the following statements is true about Discretionary Access Control (DAC)? a) Access permissions are controlled by a central authority based on security labels b) The resource owner decides who gets access and what level of access they have c) Access is determined based on user attributes such as department and location d) It is primarily used in government and military environments

b) The resource owner decides who gets access and what level of access they have

What is a major drawback of Discretionary Access Control (DAC)? a) It lacks flexibility in assigning permissions b) It can lead to security vulnerabilities if resource owners grant excessive permissions c) It does not allow users to modify permissions d) It is only used in small organizations

b) It can lead to security vulnerabilities if resource owners grant excessive permissions

Which of the following regulatory frameworks is designed to protect the privacy of personal health information (PHI) in the United States? a) GDPR (General Data Protection Regulation) b) HIPAA (Health Insurance Portability and Accountability Act) c) SOX (Sarbanes-Oxley Act) d) FISMA (Federal Information Security Management Act)

b) HIPAA (Health Insurance Portability and Accountability Act)

What is the primary objective of the General Data Protection Regulation (GDPR)? a) To enforce cybersecurity requirements for federal agencies b) To protect personal data and privacy of individuals in the European Union (EU) c) To regulate financial reporting and prevent fraud in corporations d) To establish international cybersecurity standards

b) To protect personal data and privacy of individuals in the European Union (EU)

Which of the following laws requires publicly traded companies in the U.S. to implement internal controls to ensure the accuracy of financial reporting? a) GDPR b) SOX (Sarbanes-Oxley Act) c) HIPAA d) PCI DSS

b) SOX (Sarbanes-Oxley Act)

The Federal Information Security Modernization Act (FISMA) applies to which type of organizations? a) Healthcare providers and insurance companies b) Financial institutions and credit card companies c) U.S. federal government agencies and their contractors d) Private corporations operating in multiple countries

c) U.S. federal government agencies and their contractors

Which regulatory framework is specifically designed to secure payment card transactions and protect cardholder data? a) HIPAA b) PCI DSS (Payment Card Industry Data Security Standard) c) GDPR d) SOX

b) PCI DSS (Payment Card Industry Data Security Standard)

What is the main goal of the NIST Cybersecurity Framework (CSF)? a) To regulate financial reporting and prevent fraud b) To provide a voluntary framework for improving cybersecurity risk management c) To enforce mandatory encryption of all data d) To establish international laws for cybercrime

b) To provide a voluntary framework for improving cybersecurity risk management

Which U.S. law grants government agencies the authority to conduct electronic surveillance for national security purposes? a) GDPR b) FISMA c) The PATRIOT Act d) SOX

c) The PATRIOT Act

Which law requires organizations to notify affected individuals in the event of a data breach involving personally identifiable information (PII)? a) SOX b) GDPR c) The Computer Fraud and Abuse Act (CFAA) d) FISMA

b) GDPR

Which law is specifically focused on protecting children’s online privacy in the U.S.? a) HIPAA b) COPPA (Children’s Online Privacy Protection Act) c) PCI DSS d) SOX

b) COPPA (Children’s Online Privacy Protection Act)

The Data Protection Act (DPA) is primarily designed to protect personal data in which country? a) United States b) Germany c) United Kingdom d) France

c) United Kingdom

Which regulation mandates that companies in the EU must obtain explicit consent from individuals before processing their personal data? a) FISMA b) HIPAA c) GDPR d) SOX

c) GDPR

Which law requires organizations to implement safeguards to protect the privacy and confidentiality of financial information? a) GLBA (Gramm-Leach-Bliley Act) b) FISMA c) PCI DSS d) SOX

a) GLBA (Gramm-Leach-Bliley Act)

What is the main focus of the Sarbanes-Oxley Act (SOX) in terms of network security? a) Ensuring secure communication channels for military networks b) Improving the accuracy of financial reporting and internal controls for publicly traded companies c) Mandating encryption for sensitive healthcare data d) Establishing a universal standard for data breaches

b) Improving the accuracy of financial reporting and internal controls for publicly traded companies

What does the Electronic Communications Privacy Act (ECPA) protect? a) Financial transaction data b) Privacy of electronic communications and stored data c) Personal health information in digital format d) Child online privacy

b) Privacy of electronic communications and stored data

Which regulatory framework requires organizations to assess the risks associated with their information security and implement appropriate controls? a) NIST Cybersecurity Framework b) HIPAA c) PCI DSS d) SOX

a) NIST Cybersecurity Framework

Which regulation mandates that all organizations handle healthcare data in a secure manner and implement strict access controls? a) HIPAA b) SOX c) FISMA d) PCI DSS

a) HIPAA

Which act gives the U.S. government the authority to impose penalties on businesses that fail to protect consumer data adequately? a) GDPR b) The Federal Trade Commission Act (FTC Act) c) FISMA d) PCI DSS

b) The Federal Trade Commission Act (FTC Act)

What is a key requirement of the Payment Card Industry Data Security Standard (PCI DSS)? a) All payment data must be encrypted both at rest and in transit b) Health information must be stored for a minimum of 5 years c) Companies must provide public access to their security policies d) All companies must implement Multi-Factor Authentication for customers

a) All payment data must be encrypted both at rest and in transit

Which of the following is NOT a requirement of PCI DSS? a) Encrypting sensitive cardholder data stored on systems b) Implementing strong access control measures c) Storing full card numbers and PINs indefinitely for auditing purposes d) Regularly testing security systems and processes

c) Storing full card numbers and PINs indefinitely for auditing purposes

How many security goals does PCI DSS define? a) 3 b) 5 c) 10 d) 12

b) 5

What is the minimum level of encryption required for cardholder data transmitted over open, public networks under PCI DSS? a) SSL/TLS encryption b) AES encryption c) RSA encryption d) DES encryption

a) SSL/TLS encryption

Under PCI DSS, which of the following is required to be done regularly to ensure the protection of cardholder data? a) Change encryption keys every 10 years b) Perform vulnerability scans and penetration tests at least annually c) Provide access to cardholder data for all employees d) Store unencrypted cardholder data for up to 12 months

b) Perform vulnerability scans and penetration tests at least annually

Who is responsible for ensuring that PCI DSS compliance is met within an organization? a) The Payment Card Industry (PCI) b) The Chief Information Officer (CIO) c) The organization’s IT department and its third-party vendors d) The cardholder

c) The organization’s IT department and its third-party vendors

According to PCI DSS, how should credit card numbers be stored? a) In an encrypted form with access control restrictions b) In plain text for easy access c) Stored only for one month d) On publicly accessible systems for easier auditing

a) In an encrypted form with access control restrictions

Which of the following is one of the 12 requirements of PCI DSS? a) Encrypting all customer data b) Implementing a firewall to protect cardholder data c) Allowing any user to access sensitive data for troubleshooting d) Storing passwords in a reversible encryption format

b) Implementing a firewall to protect cardholder data

What is the maximum length of time PCI DSS allows for storing full cardholder data? a) Indefinitely, with proper encryption b) 6 months c) 1 year d) PCI DSS prohibits storing full cardholder data after authorization

d) PCI DSS prohibits storing full cardholder data after authorization

Which of the following is an essential component of a security policy? a) A list of all network devices b) A process for responding to security incidents and breaches c) An inventory of all employees' personal devices d) Detailed employee performance reviews

b) A process for responding to security incidents and breaches

A "Bring Your Own Device" (BYOD) security policy is designed to: a) Regulate the use of mobile devices for personal activities b) Define security measures for the use of employees' personal devices on the corporate network c) Ensure only company-issued devices are used in the workplace d) Monitor employee email for sensitive information

b) Define security measures for the use of employees' personal devices on the corporate network

What is the main difference between a security policy and a security procedure? a) Security policies outline high-level goals, while procedures specify the exact steps to achieve those goals b) Security procedures focus on long-term objectives, while policies cover short-term goals c) Policies provide technical specifications, while procedures provide administrative rules d) There is no difference between a policy and a procedure

a) Security policies outline high-level goals, while procedures specify the exact steps to achieve those goals

Which of the following security policies would help ensure that sensitive data is protected during transmission over the internet? a) Password management policy b) Data encryption policy c) Acceptable use policy d) Incident response policy

b) Data encryption policy

Which of the following is the most appropriate action if an employee violates a security policy? a) Ignore the violation if the employee is performing well b) Give a verbal warning and continue monitoring the situation c) Implement disciplinary actions, up to and including termination, as defined in the policy d) Do nothing and assume the violation won't affect security

c) Implement disciplinary actions, up to and including termination, as defined in the policy

Which type of policy focuses on how employees should handle sensitive information? a) Acceptable Use Policy b) Data Protection Policy c) Bring Your Own Device (BYOD) Policy d) Remote Work Policy

b) Data Protection Policy

What is the role of the Acceptable Use Policy (AUP) in an organization? a) To outline the organization's goals for financial profitability b) To define the acceptable and unacceptable uses of company-owned resources, such as networks and devices c) To provide guidelines for the creation of security policies d) To establish procedures for responding to security breaches

b) To define the acceptable and unacceptable uses of company-owned resources, such as networks and devices

Which of the following security policies is critical for organizations that handle payment card data? a) Encryption Policy b) PCI DSS (Payment Card Industry Data Security Standard) Policy c) Anti-virus Policy d) Social Media Usage Policy

b) PCI DSS (Payment Card Industry Data Security Standard) Policy

Which of the following is typically included in the Introduction section of a security policy? a) The organization's mission and financial goals b) The objectives of the security policy and its scope c) A detailed list of network devices and their configurations d) A technical description of the firewall settings

b) The objectives of the security policy and its scope

The Access Control section of a security policy typically outlines: a) The physical security measures for buildings b) The acceptable use of company devices c) Who is authorized to access specific resources and data within the organization d) The frequency of software updates

c) Who is authorized to access specific resources and data within the organization

Which of the following should be included in the Data Protection section of a security policy? a) Rules for the use of personal mobile devices b) Guidelines for handling, storing, and transmitting sensitive data securely c) Information on how to perform software vulnerability assessments d) A list of company-approved vendors

b) Guidelines for handling, storing, and transmitting sensitive data securely

A security policy's Incident Response section should describe: a) The technical controls for firewall configuration b) The procedures for reporting and responding to security incidents and breaches c) Employee behavior and dress code during a security breach d) The specific software used to monitor network traffic

b) The procedures for reporting and responding to security incidents and breaches

Which section of a security policy defines the roles and responsibilities of employees in maintaining security? a) Incident Response b) Access Control c) Security Awareness and Training d) Data Protection

c) Security Awareness and Training

The Remote Access section of a security policy typically specifies: a) How employees should access sensitive data while working remotely b) The type of hardware and software used for remote access c) The rules for accessing company resources while on business trips d) The social media platforms allowed for use while working remotely

a) How employees should access sensitive data while working remotely

The Monitoring and Logging section of a security policy should include: a) How to set up automatic backups for user data b) Rules for monitoring user activity and recording security logs for analysis c) Instructions for physical building security d) Specifications for firewalls and antivirus software

b) Rules for monitoring user activity and recording security logs for analysis

Which of the following would be part of the Compliance section of a security policy? a) The procedures for securing mobile devices b) The regulatory requirements the organization must comply with, such as GDPR, HIPAA, or PCI DSS c) Instructions on installing patches and updates d) Definitions of technical terminology used in the policy

b) The regulatory requirements the organization must comply with, such as GDPR, HIPAA, or PCI DSS

What is included in the Risk Assessment section of a security policy? a) A list of cybersecurity tools used by the organization b) A process for identifying, evaluating, and managing risks to the organization’s information systems c) A detailed description of network traffic patterns d) Procedures for enforcing employee behavioral norms

b) A process for identifying, evaluating, and managing risks to the organization’s information systems

Which policy focuses on how to respond to and manage security incidents or breaches? a) Incident Response Policy b) Data Protection Policy c) Security Awareness Policy d) Acceptable Use Policy

a) Incident Response Policy

The Network Security Policy typically includes: a) Guidelines for encrypting communications between employees b) Procedures for securing physical access to the organization’s offices c) Rules for configuring firewalls, intrusion detection/prevention systems, and other network security controls d) Regulations about employee dress code during security audits

c) Rules for configuring firewalls, intrusion detection/prevention systems, and other network security controls

Which type of security policy ensures that employees are aware of security best practices and the importance of security measures? a) Security Awareness Policy b) Data Backup Policy c) Patch Management Policy d) Business Continuity Policy

a) Security Awareness Policy

Which of the following policies is designed to define the organization's approach to protecting employee privacy? a) Privacy Policy b) Encryption Policy c) Incident Response Policy d) Access Control Policy

a) Privacy Policy

What is the purpose of a Security Perimeter in physical security? a) To enforce encryption for all data at rest b) To define the boundaries within which an organization’s physical security controls are implemented c) To monitor employee activity inside the building d) To limit access to only high-level management staff

b) To define the boundaries within which an organization’s physical security controls are implemented

Which of the following is an example of preventive physical security control? a) Surveillance cameras that record all events in and around the building b) Security guards who monitor and restrict unauthorized access to the premises c) Fire alarms that notify employees of a fire emergency d) An alarm system that triggers after an intrusion has occurred

b) Security guards who monitor and restrict unauthorized access to the premises

What type of physical security control is a mantrap? a) A surveillance system used to detect unauthorized physical access b) A type of electronic access control system used to restrict access to specific rooms c) A small room with two sets of interlocking doors that prevents unauthorized access d) A physical lock that secures network cables in a server room

c) A small room with two sets of interlocking doors that prevents unauthorized access

Which of the following is a physical security measure that prevents unauthorized access to critical IT infrastructure like server rooms? a) Firewalls and intrusion detection systems (IDS) b) Biometric access systems or keycard readers c) Regular data backups and storage encryption d) Anti-malware software

b) Biometric access systems or keycard readers

Which of the following is an example of a post-event physical security control? a) Locking doors to prevent unauthorized entry b) Using security cameras to monitor areas and record events after a security breach has occurred c) Installing an access control system to restrict entry to sensitive areas d) Encrypting all company files

b) Using security cameras to monitor areas and record events after a security breach has occurred

Lock-and-key systems in physical security are an example of: a) Preventive controls b) Detective controls c) Corrective controls d) Recovery controls

a) Preventive controls

Which of the following physical security attack vectors involves attackers gaining unauthorized access to a secure facility by exploiting weak or neglected access points? a) Tailgating b) Shoulder surfing c) Dumpster diving d) Social engineering

a) Tailgating

Shoulder surfing as a physical security attack vector refers to: a) The act of searching through a dumpster for discarded sensitive documents b) Observing a person's computer or phone screen without their knowledge to steal sensitive information c) Using surveillance cameras to monitor the activity of employees d) Gaining physical access to a locked building through a backdoor

b) Observing a person's computer or phone screen without their knowledge to steal sensitive information

Physical device theft in the context of physical security attack vectors refers to: a) When an attacker steals a physical device, such as a laptop or USB drive, that contains sensitive information b) A situation where employees intentionally steal company equipment for personal use c) Using malicious software to gain access to physical devices remotely d) Gaining unauthorized access to a locked facility using social engineering

a) When an attacker steals a physical device, such as a laptop or USB drive, that contains sensitive information

Improperly disposed sensitive materials, such as old hard drives or documents, can lead to a physical security attack vector. Which of the following is an example of this? a) An attacker uses a disposed hard drive, which wasn't wiped clean of sensitive data, to extract confidential information b) An employee accidentally leaves a password list on their desk c) A cybercriminal gains access to a password-protected file on an unsecured server d) An employee’s mobile device is infected by malware from an untrusted network

a) An attacker uses a disposed hard drive, which wasn't wiped clean of sensitive data, to extract confidential information

Lock-picking is a physical security attack vector that involves: a) Physically breaking into a facility using brute-force methods b) Using tools to manipulate and bypass locking mechanisms, gaining unauthorized access to restricted areas c) Pretending to be an authorized employee and tricking security staff into granting access d) Monitoring employee actions to discover weak passwords or access points

b) Using tools to manipulate and bypass locking mechanisms, gaining unauthorized access to restricted areas

Which of the following attack vectors involves manipulating employees to obtain physical access to secure areas or sensitive information? a) Phishing b) Tailgating c) Social engineering d) Brute-force attacks

c) Social engineering

An attacker uses RFID skimming as a physical security attack vector by: a) Eavesdropping on wireless signals from access badges or credit cards to steal personal information b) Physically stealing a device from a secure area to gain access to sensitive data c) Manipulating employees into revealing sensitive data through social engineering d) Using brute-force methods to bypass physical locks

a) Eavesdropping on wireless signals from access badges or credit cards to steal personal information

A network defense team is deploying a honeypot to monitor and gather intelligence on attackers attempting to exploit vulnerabilities in a corporate network. The honeypot is designed to look like a legitimate system, mimicking the production network environment, but with intentional weaknesses for attackers to exploit. Question: Which of the following describes the primary purpose of the honeypot in this scenario? a) To provide a backup system in case of a cyberattack or data breach b) To act as a decoy system designed to lure attackers and gather intelligence on their techniques, tactics, and procedures c) To secure sensitive data by enforcing access control policies d) To perform regular vulnerability scans and patch systems automatically

b) To act as a decoy system designed to lure attackers and gather intelligence on their techniques, tactics, and procedures

An organization is setting up a honeynet, which consists of several interconnected honeypots placed throughout different segments of their network. Each honeypot is configured to simulate a vulnerable system, giving attackers an opportunity to interact with different types of decoy systems. What is the key difference between a honeypot and a honeynet in this scenario? a) A honeynet is a network of systems set up to simulate an organization’s network environment, while a honeypot is a single isolated system b) A honeypot is used to trick attackers into thinking they are attacking a legitimate system, whereas a honeynet is a system that tracks only attackers’ movements c) A honeypot actively defends against attacks, while a honeynet passively collects attack information d) A honeynet is designed to attract only advanced persistent threats (APTs), while a honeypot targets low-level attackers

a) A honeynet is a network of systems set up to simulate an organization’s network environment, while a honeypot is a single isolated system

After deploying a high-interaction honeypot in a network, a security team is analyzing the data from the interactions between attackers and the honeypot. The team notes that the honeypot is running a full operating system and simulates real services and applications, allowing attackers to engage with it more deeply. What is a major risk associated with using this type of high-interaction honeypot in a production environment? a) High-interaction honeypots require significant computing power, making them resource-intensive and difficult to manage b) If compromised, a high-interaction honeypot can be used by attackers as a stepping stone to launch further attacks on the production systems c) They are ineffective at attracting advanced threats due to their simplistic nature d) High-interaction honeypots are likely to generate false positives and disrupt security monitoring systems

b) If compromised, a high-interaction honeypot can be used by attackers as a stepping stone to launch further attacks on the production systems

A company has deployed a low-interaction honeypot to monitor network traffic. The honeypot only emulates a basic service, such as a web server, and does not allow extensive interaction with the attacker. The system is intended to quickly identify scanning attempts or automated attacks. What is a disadvantage of using this low-interaction honeypot compared to a high-interaction honeypot? a) Low-interaction honeypots are more prone to being easily detected by advanced attackers b) Low-interaction honeypots require much more computational power and resources c) They provide less valuable data because they only simulate a limited set of services, making it easier for attackers to recognize them as fake d) Low-interaction honeypots are only useful for gathering intelligence on malware, not attacker tactics

c) They provide less valuable data because they only simulate a limited set of services, making it easier for attackers to recognize them as fake