Security Practice Questions – Oct 2023

The questions provided below are not sourced from any question bank. They are designed to assess your knowledge across various domains in cybersecurity. While these questions can be utilized as practice for a range of certifications, including but not limited to Security+, CISSP, and CISM, it’s important to note that they are generic. The format of questions and answers for a specific exam might differ from the format presented here.

Practice 1

Cryptography & PKI:
Which of the following is an asymmetric encryption algorithm?
a) DES
c) RC4
d) RSA

RSA is an asymmetric encryption algorithm, meaning it uses a pair of keys (public and private) for encryption and decryption.

  • DES, AES, and RC4 are symmetric encryption algorithms, which use a single key for both encryption and decryption.
Network Security:
Which of the following devices specifically analyzes traffic for malicious content and can block specific content based on policy?
a) Router
b) Switch
c) IDS
d) IPS

IPS (Intrusion Prevention System) analyzes traffic in real-time and takes action based on policies, such as blocking malicious content.

  • Routers direct traffic based on IP addresses.
  • Switches direct traffic based on MAC addresses.
  • IDS (Intrusion Detection System) only detects and alerts about potential threats but doesn’t take automatic actions like blocking.
Threats & Vulnerabilities:
A security administrator receives an alert from a system. Upon investigation, it is determined that there is no actual threat. What type of alert is this?
a) True negative
b) True positive
c) False negative
d) False positive

A false positive is an alert that incorrectly indicates the presence of a threat.

  • A true positive is a correct identification of a threat.
  • A true negative is a correct identification that there’s no threat.
  • A false negative means the system failed to detect an actual threat.
Risk Management:
Which process is primarily concerned with identifying vulnerabilities and threats and assessing their potential impact?
a) Risk acceptance
b) Risk mitigation
c) Risk transference
d) Risk assessment
  1. Risk assessment is the process of identifying vulnerabilities and threats and assessing their potential impact to an organization.
    • Risk acceptance is acknowledging the risk and deciding to proceed.
    • Risk mitigation is reducing the impact or likelihood of the risk.
    • Risk transference is shifting the risk to a third party (e.g., insurance).
  2. A fingerprint scanner falls under “Something you are” because it reads a physical
Identity & Access Management:
Which authentication factor category does a fingerprint scanner belong to?
a) Something you know
b) Something you have
c) Something you are
d) Somewhere you are

A fingerprint scanner falls under “Something you are” because it reads a physical characteristic of the user.

  • “Something you know” would be a password or PIN.
  • “Something you have” would be a smart card or token.
  • “Somewhere you are” would refer to a location-based factor like geofencing.
Security Architecture & Design:
Which of the following concepts ensures that data is not altered or tampered with during transit?
a) Availability
b) Integrity
c) Confidentiality
d) Authentication

Integrity ensures that data remains unchanged during storage or transmission, preventing unauthorized tampering.

  • Availability ensures that data/services are available when needed.
  • Confidentiality ensures that data remains hidden from unauthorized users.
  • Authentication verifies the identity of a user or system.
Security Operations:
Which of the following best describes a honeypot?
a) A system used to distract attackers from critical systems
b) A patch applied to a software vulnerability
c) A secure area of a network where sensitive data is stored
d) A tool for encrypting data in transit

A honeypot is designed to attract and divert attackers from the main systems, acting as a decoy.

  • A patch fixes software vulnerabilities.
  • A secure area of a network is not necessarily a honeypot.
  • A tool for encrypting data in transit refers to solutions like VPNs or SSL/TLS, not honeypots.
Physical Security:
Tailgating is a concern for which of the following security controls?
a) Logical access controls
b) Firewalls
c) IDS systems
d) Physical access controls

Tailgating is when an unauthorized person follows an authorized person into a secure area, so it concerns physical access controls.

  • Logical access controls deal with digital access, like passwords.
  • Firewalls and IDS systems are network security devices.
Application Security:
During which phase of the Software Development Life Cycle (SDLC) is security testing primarily performed?
a) Requirements phase
b) Design phase
c) Implementation phase
d) Verification phase

During the Verification phase of the SDLC, security testing primarily occurs to ensure the software is secure before deployment.

  • The Requirements phase involves gathering requirements, not testing.
  • The Design phase is about designing the solution.
  • The Implementation phase involves coding the software.
Incident Response:
Which of the following best describes the primary purpose of a Computer Security Incident Response Team (CSIRT)?
a) To develop and maintain an organization’s security policy
b) To conduct routine security audits
c) To respond to and manage security incidents
d) To implement security infrastructure

A CSIRT’s primary purpose is to respond to and manage security incidents when they occur.

  • Developing/maintaining an organization’s security policy or conducting routine audits is not the primary focus of CSIRT.
  • Implementing security infrastructure is more related to IT or security engineering teams.

Practice 2

What is the primary purpose of using HTTPS over HTTP?
a) Faster data transmission
b) Improved website layout
c) Data integrity and confidentiality
d) Higher availability

Answer: c) Data integrity and confidentiality
HTTPS ensures data integrity and confidentiality through SSL/TLS encryption.
HTTP offers no encryption, thus exposing data to potential eavesdropping.
Faster data transmission and improved website layout are not functions of HTTPS.
Availability refers to system uptime, not data security.

Which type of attack involves intercepting communication between two parties without their knowledge?
a) Phishing
b) DDoS
c) MITM (Man in the Middle)
d) Brute Force

Answer: c) MITM (Man in the Middle)
MITM attacks involve an attacker secretly intercepting and possibly altering the communication between two parties.
Phishing is a type of scam targeting users to gain personal information.
DDoS attacks flood services with traffic, causing unavailability.
Brute Force attacks attempt multiple password combinations to gain unauthorized access.

Which protocol operates at the transport layer and offers connection-oriented communication?
b) UDP
c) TCP
d) ARP

Answer: c) TCP
TCP provides connection-oriented communication and operates at the transport layer.
ICMP is used for error reporting and diagnostics.
UDP offers connectionless communication.
ARP is used for IP to MAC resolution.

Which cryptographic method uses the same key to encrypt and decrypt data?
a) Asymmetric
b) Symmetric
c) Hash function
d) Digital signature

Answer: b) Symmetric
Symmetric encryption uses the same key for both encryption and decryption.
Asymmetric encryption uses a pair of keys: one for encryption and one for decryption.
Hash functions generate a fixed-size string of bytes, typically a digest.
Digital signatures provide authentication, integrity, and non-repudiation.

What is the primary goal of a Business Continuity Plan (BCP)?
a) Detect cyber attacks
b) Maintain business operations during incidents
c) Recover lost data
d) Test network vulnerabilities

Answer: b) Maintain business operations during incidents
The BCP focuses on ensuring business operations continue during and after incidents.
Detecting cyber attacks is more associated with IDS/IPS systems.
Recovering lost data is a focus of a Disaster Recovery Plan (DRP).
Testing network vulnerabilities is part of penetration testing.

What technology can best ensure data at rest encryption on a hard drive?
a) Firewall
b) WAF (Web Application Firewall)
c) Full Disk Encryption (FDE)
d) Proxy

Answer: c) Full Disk Encryption (FDE)
FDE ensures that all data on a hard drive is encrypted.
Firewalls and Proxies are designed to manage and monitor network traffic.
WAF protects web applications from targeted attacks.

Which of the following terms best describes a vulnerability in software that is unknown to its creator?
a) Zero-day
b) Open source
c) Backdoor
d) Logic bomb

Answer: a) Zero-day
Zero-day refers to a software vulnerability that is unknown to those who should be interested in mitigating the vulnerability.
Open source refers to software with publicly accessible source code.
A backdoor provides an alternative way of accessing a system.
A logic bomb is malicious code that executes in response to certain conditions.

What type of access control is based on job roles within an organization?
a) MAC (Mandatory Access Control)
b) DAC (Discretionary Access Control)
c) RBAC (Role-Based Access Control)
d) Rule-Based Access Control

Answer: c) RBAC (Role-Based Access Control)
RBAC assigns permissions based on roles within an organization.
MAC labels data and grants access based on those labels.
DAC allows users to grant permissions on their own data.
Rule-Based Access Control provides access based on a set of predefined security rules.

Which malware type disguises itself as legitimate software to deceive users?
a) Worm
b) Trojan
c) Virus
d) Ransomware

Answer: b) Trojan
Trojans present themselves as legitimate software but hide malicious functionalities.
Worms replicate themselves to spread across networks.
Viruses attach to files and require user intervention to spread.
Ransomware encrypts user data and demands payment for decryption.

Which of the following is a common method for securely erasing data from a storage device so that it cannot be easily recovered?
a) Defragmentation
b) Formatting
c) Zeroization
d) Compression

Answer: c) Zeroization
Zeroization involves overwriting storage sectors with zeros, rendering the original data virtually irrecoverable.
Defragmentation rearranges fragmented data to make a drive operate more efficiently.
Formatting prepares a storage device for use and may not securely erase all data.
Compression reduces the size of files but does not erase them.

Practice 3

1. What concept involves splitting data into pieces and distributing it across multiple locations?
a) De-identification
b) Data Masking
c) Sharding
d) Tokenization

Answer: c) Sharding
Sharding involves splitting data and distributing it to enhance performance and manageability.
De-identification involves anonymizing data to protect privacy.
Data Masking obfuscates specific data within a database.
Tokenization replaces sensitive elements with non-sensitive equivalents.

2. Which of the following protocols provides secure file transfer capabilities?
a) FTP

Answer: b) SFTP
SFTP provides secure file transfer capabilities using secure shell (SSH).
FTP is a standard network protocol for file transfer but is not secure.
HTTP is used for transmitting hypertext requests and is also not secure.
SNMP is used for managing devices on IP networks.

3. Which security concept ensures that modifications to data are not made without detection?
a) Authentication
b) Integrity
c) Availability
d) Confidentiality

Answer: b) Integrity
Integrity ensures that data remains unchanged from its source during storage or transmission.
Authentication confirms an entity’s identity.
Availability ensures that resources are accessible when needed.
Confidentiality prevents unauthorized access to data.

4. Which technology ensures the confidentiality of data in transit over unsecured networks, such as the internet?
a) VPN
c) Firewall
d) Antivirus

Answer: a) VPN
VPN (Virtual Private Network) ensures confidentiality and secure data transmission over unsecured networks.
NIDS (Network Intrusion Detection System) monitors network traffic for suspicious activity.
Firewalls protect networks by controlling internet traffic.
Antivirus software protects against malicious software.

5. What type of security testing involves analyzing code without executing it?
a) Static Testing
b) Dynamic Testing
c) Stress Testing
d) Penetration Testing

Answer: a) Static Testing
Static Testing involves analyzing code without executing it, focusing on code, design, and documentation.
Dynamic Testing involves analyzing code by executing it.
Stress Testing tests system performance under unfavorable conditions.
Penetration Testing assesses a system’s ability to withstand attacks.

6. Which protocol uses port 443 by default?
c) FTP
d) SSH

Answer: b) HTTPS
HTTPS uses port 443 by default and ensures secure, encrypted communication over the web.
HTTP uses port 80 and is unsecured.
FTP (File Transfer Protocol) uses ports 20 and 21.
SSH (Secure Shell) uses port 22.

7. Which regulatory legislation concerns the protection of personal data for EU citizens?
d) SOX

Answer: b) GDPR
GDPR (General Data Protection Regulation) protects the personal data of EU citizens and applies to organizations handling such data.
HIPAA (Health Insurance Portability and Accountability Act) relates to healthcare information in the USA.
FISMA (Federal Information Security Management Act) applies to US federal agencies.
SOX (Sarbanes-Oxley Act) concerns financial information for publicly traded companies in the USA.

8. Which principle of information security requires that no single individual should have complete control over a process or system?
a) Principle of Least Privilege
b) Separation of Duties
c) Defense in Depth
d) Open Design

Answer: b) Separation of Duties
Separation of Duties involves distributing tasks and privileges among multiple people, which reduces the risk of a single point of failure or misuse.
The Principle of Least Privilege entails granting only the minimum levels of access — or permissions — needed to accomplish tasks.
Defense in Depth implements multiple layers of security controls.
Open Design assumes the system’s security does not depend on its architecture being secret.

9. Which of the following best describes a cryptographic salt?
a) A password
b) Random data appended to passwords before hashing
c) An encryption algorithm
d) A secret key used for symmetric encryption

Answer: b) Random data appended to passwords before hashing
A cryptographic salt is random data that is combined with a password before the resulting data is subjected to a cryptographic hash function. This method helps defend against dictionary attacks and pre-computed rainbow table attacks by creating unique hashes, even if users have identical passwords.
A password is a secret word or string of characters used for user authentication.
An encryption algorithm is a method used to transform readable data into unreadable data.
A secret key used for symmetric encryption does not describe a cryptographic salt.

10. Which of the following is a feature of Public Key Infrastructure (PKI)?
a) Key exchange
b) Hash function
c) Digital certificates
d) Antivirus scanning

Answer: c) Digital certificates
PKI (Public Key Infrastructure) involves the use of digital certificates to establish a hierarchy of trust, facilitating the secure exchange of keys and providing a framework that manages digital keys and certificates.
Key exchange refers to the process of exchanging cryptographic keys between entities, which can be part of the PKI but is not a feature per se.
A hash function is a cryptographic function but not a PKI feature.
Antivirus scanning is unrelated to PKI and pertains to malware detection and prevention.

Practice 4

1. In which type of attack does the attacker disguise themselves as a trusted entity to deceive victims?
a) Replay Attack
b) Phishing Attack
c) Brute Force Attack
d) Salting

Answer: b) Phishing Attack
Phishing attacks involve attackers disguising themselves as trusted entities, often through email or other communication forms, to deceive victims into revealing sensitive information.
Replay attacks involve capturing and resending data.
Brute force attacks involve trying multiple combinations to gain access.
Salting is a cryptographic technique, not an attack.

2. What best describes the primary purpose of an Intrusion Detection System (IDS)?
a) Preventing malicious traffic from entering a network
b) Detecting and alerting about potential intrusions
c) Encrypting data in transit
d) Auditing and logging all network traffic

Answer: b) Detecting and alerting about potential intrusions
An IDS monitors networks for malicious activities or policy violations and produces reports to a management station.
Preventing malicious traffic from entering a network: More the role of a firewall or an IPS (Intrusion Prevention System).
Encrypting data in transit: Encryption’s job, not the function of IDS.
Auditing and logging all network traffic: While IDS may log events, its primary purpose isn’t to log all network traffic.

3. Which type of firewall filters traffic based on the state of the connection?
a) Packet-Filtering Firewall
b) Proxy Firewall
c) Stateful Firewall
d) Application Firewall

Answer: c) Stateful Firewall
Stateful firewalls maintain a table of active connections and make decisions based on the context of the traffic.
Packet-Filtering Firewall: Filters packets primarily based on source/destination IP, ports, and protocol, not on state.
Proxy Firewall: Acts as an intermediary, not necessarily considering the state of the connection.
Application Firewall: Focuses on specific application traffic but not necessarily on the state of the connection.

4. What does the principle of non-repudiation ensure in cybersecurity?
a) That data remains confidential
b) That users cannot deny the authenticity of their actions
c) That data is available when needed
d) That users can be authenticated

Answer: b) That users cannot deny the authenticity of their actions
Non-repudiation ensures that a party cannot deny an action they performed, typically ensuring the authenticity of data origin and integrity.
That data remains confidential: This is the principle of confidentiality.
That data is available when needed: This describes availability.
That users can be authenticated: Refers to authentication, not non-repudiation.

5. Which technology obscures an internal IP address by mapping it to a public IP address for outbound traffic?
a) DMZ
b) NAT
c) MAC Address Filtering
d) VPN

Answer: b) NAT
Network Address Translation (NAT) allows a device to present itself under a different IP, often used to hide internal IP structures.
DMZ: A perimeter network exposed to the public, but doesn’t map internal to public IPs.
MAC Address Filtering: Operates at the data link layer, based on hardware addresses, not IP addresses.
VPN: While it can mask an IP address, it doesn’t specifically map internal to public IPs in the way NAT does.

6. What type of security assessment is performed without prior knowledge of the infrastructure being tested?
a) White box testing
b) Black box testing
c) Grey box testing
d) Static testing

Answer: b) Black box testing
In black box testing, the tester does not have prior knowledge of the infrastructure, mimicking an external attack.
White box testing: The tester has full knowledge of the system being tested.
Grey box testing: The tester has partial knowledge of the system.
Static testing: A form of testing where code is not executed; more relevant to software development.

7. What is the main purpose of a digital signature?
a) Encrypt data
b) Verify the integrity and authenticity of data
c) Store private keys
d) Facilitate key exchange

Answer: b) Verify the integrity and authenticity of data
Digital signatures ensure the data’s integrity and verify the authenticity of the data source.
Encrypt data: This is the role of encryption, not signatures.
Store private keys: Key storage is not the purpose of a digital signature.
Facilitate key exchange: This is related to secure key exchange mechanisms, not digital signatures.

8. Which cybersecurity practice divides a network into multiple segments to manage and control access?
a) Load Balancing
b) Network Address Translation
c) Network Segmentation
d) Intrusion Detection

Answer: c) Network Segmentation
Network Segmentation involves dividing a network into smaller parts to increase security and performance.
Load Balancing: Distributes network traffic across servers but doesn’t segment the network.
Network Address Translation: Converts private IPs to public IPs for external communications, but doesn’t inherently segment a network.
Intrusion Detection: Monitors for potential threats; doesn’t segment a network.

9. Which of the following refers to a security concept where multiple layers of security controls are placed throughout an information technology system?
a) Defense in Depth
b) Principle of Least Privilege
c) Single Point of Failure
d) Risk Diversification

Answer: a) Defense in Depth
Defense in Depth: This strategy employs multiple layers of security controls to protect resources and data. If one layer is bypassed or fails, the next layer should stop the threat.
Principle of Least Privilege: This ensures that users have only the permissions essential to perform their roles. It’s not about layered security, but about minimizing permissions.
Single Point of Failure: Refers to any component (system, part, etc.) that can cause the entire system to fail if it itself fails. It’s about system reliability, not layered security.
Risk Diversification: This isn’t a standard term in IT security. Diversification generally refers to spreading out investments to reduce risk in the finance world.

10. Which of the following best describes a Zero-Day vulnerability?
a) A flaw for which a patch is readily available at discovery
b) A vulnerability known to the public for more than thirty days
c) A vulnerability that has been exploited before its public disclosure
d) An issue that affects systems running for more than 24 hours continuously

Answer: c) A vulnerability that has been exploited before its public disclosure
A flaw for which a patch is readily available at discovery: This is not a Zero-Day; if a patch is available immediately, then it’s known and addressed by vendors before becoming public.
A vulnerability known to the public for more than thirty days: This doesn’t define a Zero-Day; the term refers to the lack of available fixes, not the duration the vulnerability has been public.
A vulnerability that has been exploited before its public disclosure: This is the essence of a Zero-Day. It’s a vulnerability that attackers exploit before there’s an official fix or even before its wide public acknowledgment.
An issue that affects systems running for more than 24 hours continuously: This is unrelated to the term “Zero-Day” in cybersecurity.

Scroll to Top