question: 1
Which of the following is the primary purpose of access control mechanisms?
A. To ensure data redundancy
B. To prevent hardware failure
C. To restrict unauthorized users from accessing systems and data
D. To ensure data is encrypted during transmission

correct answer: C
explanation: Access control mechanisms are designed to ensure that only authorized users have access to specific data and systems.

---

question: 2
Which type of malware is specifically designed to provide remote access to an attacker without the user’s knowledge?
A. Virus
B. Trojan horse
C. Backdoor
D. Worm

correct answer: C
explanation: Backdoors are used to bypass normal authentication and provide remote control of the compromised system.

---

question: 3
Which of the following is an example of a technical control?
A. Security awareness training
B. Access control lists (ACLs)
C. Background checks
D. Physical locks

correct answer: B
explanation: ACLs are technical mechanisms that enforce access permissions within software or hardware systems.

---

question: 4
Which cryptographic concept ensures that data cannot be altered undetectably?
A. Confidentiality
B. Availability
C. Non-repudiation
D. Integrity

correct answer: D
explanation: Integrity ensures data has not been altered or tampered with; typically validated using hashes.

---

question: 5
What is the first step in a risk management process?
A. Risk assessment
B. Risk mitigation
C. Risk monitoring
D. Risk response

correct answer: A
explanation: Risk assessment identifies and evaluates risks as the foundation for the rest of the risk management process.

---

question: 6
Which of the following best describes least privilege?
A. Giving users access to all systems
B. Granting users minimal access rights required to perform their job
C. Allowing users to bypass security for convenience
D. Giving temporary access without tracking

correct answer: B
explanation: The principle of least privilege limits user access to only the permissions necessary for their responsibilities.

---

question: 7
Which protocol is used to securely transfer files over the Internet?
A. FTP
B. HTTP
C. SFTP
D. Telnet

correct answer: C
explanation: SFTP (SSH File Transfer Protocol) provides secure file transfer capabilities over an encrypted SSH connection.

---

question: 8
A system administrator notices unusual outbound traffic. Which security tool can help identify this anomaly?
A. Patch manager
B. Firewall
C. Intrusion Detection System (IDS)
D. Data Loss Prevention (DLP)

correct answer: C
explanation: An IDS can detect suspicious network behavior such as unusual outbound traffic that may indicate a compromise.

---

question: 9
What is the best method to ensure data availability in the event of a disaster?
A. Encrypt all data
B. Implement strict access controls
C. Use a backup and recovery plan
D. Perform penetration testing

correct answer: C
explanation: Data availability is maintained by having reliable and tested backup and recovery processes in place.

---

question: 10
Which of the following activities is part of incident response?
A. Assigning user permissions
B. Updating documentation
C. Containing and eradicating threats
D. Installing a firewall

correct answer: C
explanation: Containment and eradication of threats are core parts of the incident response process to limit damage and remove malicious elements.

question: 11
Which of the following best describes the purpose of change management in IT operations?
A. To ensure network uptime
B. To detect malware
C. To control and document modifications to systems
D. To reduce the size of log files

correct answer: C
explanation: Change management ensures all changes are recorded, tested, approved, and implemented systematically to avoid disruptions.

---

question: 12
A user accidentally deletes a critical file. What type of control would help recover the lost data?
A. Detective control
B. Preventive control
C. Compensating control
D. Corrective control

correct answer: D
explanation: Corrective controls (e.g., backups) help restore systems or data after an incident occurs.

---

question: 13
Which of the following is the most secure authentication method?
A. Username and password
B. Smart card only
C. Biometric only
D. Smart card + PIN + fingerprint

correct answer: D
explanation: Multifactor authentication (MFA) combining something you have (smart card), something you know (PIN), and something you are (biometric) is the most secure.

---

question: 14
What is the primary purpose of system hardening?
A. To increase system performance
B. To reduce the attack surface
C. To make the system user-friendly
D. To enable remote access

correct answer: B
explanation: System hardening involves removing unnecessary services, patching vulnerabilities, and reducing potential entry points for attackers.

---

question: 15
Which of the following is a form of logical access control?
A. Security guard
B. Security badge
C. Biometric scanner
D. File permissions

correct answer: D
explanation: Logical controls are software-based, such as file permissions, passwords, and access control lists.

---

question: 16
Which process identifies, evaluates, and prioritizes potential threats to an organization’s operations?
A. Business Impact Analysis (BIA)
B. Security audit
C. Change control
D. Penetration testing

correct answer: A
explanation: A BIA assesses the impact of business interruptions and helps prioritize recovery plans and security controls.

---

question: 17
Which of the following ensures that a message was sent by the claimed sender and was not modified?
A. Encryption
B. Digital signature
C. VPN
D. SSL

correct answer: B
explanation: Digital signatures verify message origin (authentication) and integrity.

---

question: 18
Which of the following is a type of attack where the attacker intercepts and possibly alters communication between two parties?
A. Denial of Service
B. Man-in-the-middle
C. Brute force
D. Phishing

correct answer: B
explanation: A man-in-the-middle (MITM) attack involves interception and potential modification of communication between two endpoints.

---

question: 19
In security, what does CIA stand for?
A. Control, Integrity, Access
B. Confidentiality, Integrity, Availability
C. Compliance, Information, Audit
D. Cybersecurity, Identity, Authorization

correct answer: B
explanation: CIA stands for Confidentiality, Integrity, and Availability – the core principles of information security.

---

question: 20
What is the main purpose of a Security Information and Event Management (SIEM) system?
A. Encrypt sensitive data
B. Provide secure email services
C. Aggregate and analyze security events in real-time
D. Manage firewall rules

correct answer: C
explanation: SIEM systems centralize, correlate, and analyze security logs and alerts for faster threat detection and response.

question: 21
Which principle is BEST described as giving users only the permissions they need to perform their job functions?
A. Need-to-know
B. Role-based access control
C. Least privilege
D. Separation of duties

correct answer: C
explanation: The principle of least privilege ensures users are granted the minimum access necessary to perform their duties.

---

question: 22
Which of the following ensures data is not modified during transmission?
A. Availability
B. Non-repudiation
C. Integrity
D. Confidentiality

correct answer: C
explanation: Integrity ensures the accuracy and consistency of data throughout its lifecycle.

---

question: 23
Which access control model uses labels and classifications such as “Top Secret” or “Confidential”?
A. Discretionary Access Control (DAC)
B. Mandatory Access Control (MAC)
C. Role-Based Access Control (RBAC)
D. Rule-Based Access Control

correct answer: B
explanation: MAC is based on predefined labels and classification levels and is often used in military or government systems.

---

question: 24
What cryptographic tool is used to provide both authentication and integrity for a message?
A. Symmetric encryption
B. Asymmetric encryption
C. Digital signature
D. Secure hash algorithm

correct answer: C
explanation: A digital signature verifies the sender’s identity and ensures the message has not been altered.

---

question: 25
Which security concept is most relevant when designing redundant systems to maintain uptime?
A. Confidentiality
B. Availability
C. Integrity
D. Authentication

correct answer: B
explanation: Availability ensures that systems and data are accessible when needed, often supported by redundancy and failover mechanisms.

---

question: 26
Which of the following is a preventive control?
A. Security incident logging
B. Intrusion Detection System (IDS)
C. User training
D. Firewall rules blocking unauthorized access

correct answer: D
explanation: Preventive controls aim to stop security incidents before they happen; firewall rules are a classic example.

---

question: 27
What should an organization implement to ensure continuous logging and alerting of security events?
A. Backup strategy
B. VPN concentrator
C. SIEM system
D. DMZ architecture

correct answer: C
explanation: A Security Information and Event Management (SIEM) system centralizes, monitors, and analyzes log data in real time.

---

question: 28
Which policy is enforced to avoid one person having complete control over a critical task or function?
A. Mandatory vacation
B. Least privilege
C. Separation of duties
D. Need-to-know

correct answer: C
explanation: Separation of duties reduces risk by dividing responsibilities among multiple personnel.

---

question: 29
What is the most secure method of authenticating a remote user?
A. Passwords
B. Smart card
C. Multifactor authentication
D. Username with CAPTCHA

correct answer: C
explanation: Multifactor authentication (MFA) provides the strongest security by combining two or more authentication factors.

---

question: 30
Which type of malware can replicate itself and spread without user interaction?
A. Trojan
B. Spyware
C. Worm
D. Ransomware

correct answer: C
explanation: A worm is self-replicating malware that spreads automatically, often through networks.

question: 31
Which of the following BEST describes a Security Baseline?
A. The minimum level of security that all systems must meet
B. A set of encrypted files stored in a secure server
C. An internal security audit result
D. A policy that changes frequently

correct answer: A
explanation: A security baseline is the minimum security configuration required for systems to comply with organizational or regulatory policies.

---

question: 32
Which type of backup captures all files changed since the last full backup, regardless of any other backups?
A. Incremental
B. Differential
C. Snapshot
D. Real-time

correct answer: B
explanation: A differential backup includes all changes made since the last full backup.

---

question: 33
What is the primary risk of using shared accounts for administrative access?
A. System performance issues
B. Lack of user accountability
C. Password complexity enforcement
D. Increased network traffic

correct answer: B
explanation: Shared accounts make it difficult to attribute actions to a specific user, compromising accountability and auditing.

---

question: 34
Which of the following controls would BEST prevent tailgating into a secure facility?
A. ID badge policy
B. CCTV monitoring
C. Mantrap
D. Visitor logbook

correct answer: C
explanation: A mantrap is a physical security feature that allows only one person at a time into a secure area, effectively preventing tailgating.

---

question: 35
Which protocol is typically used to provide secure remote administration of a system?
A. FTP
B. Telnet
C. SSH
D. SNMP

correct answer: C
explanation: SSH (Secure Shell) encrypts sessions and is the standard protocol for secure remote access.

---

question: 36
Which of the following is a key characteristic of a zero-day vulnerability?
A. It affects only legacy systems
B. It is known to users but not attackers
C. There is no available patch
D. It is only exploitable through physical access

correct answer: C
explanation: A zero-day vulnerability is one for which no patch or fix currently exists, making it especially dangerous.

---

question: 37
Which of the following is the BEST defense against phishing attacks?
A. Antivirus software
B. Strong password policy
C. User awareness training
D. Email encryption

correct answer: C
explanation: User training helps users identify and avoid phishing emails, which is often the first and most effective layer of defense.

---

question: 38
Which type of test simulates an attacker who has some knowledge of the target environment?
A. Black-box testing
B. White-box testing
C. Gray-box testing
D. Fuzz testing

correct answer: C
explanation: Gray-box testing is performed with partial knowledge of the systems, representing a realistic attack scenario.

---

question: 39
Which type of malware is designed to pretend to be legitimate software while performing malicious actions in the background?
A. Worm
B. Trojan horse
C. Adware
D. Rootkit

correct answer: B
explanation: A Trojan horse disguises itself as a useful program but includes hidden malicious functions.

---

question: 40
A data retention policy should be based on which of the following factors?
A. File system type
B. Number of users in the organization
C. Legal, regulatory, and business requirements
D. Server location

correct answer: C
explanation: Retention policies must align with legal, regulatory, and business obligations for data storage and deletion.

question: 41
Which of the following is the BEST way to ensure the effectiveness of a firewall?
A. Use NAT
B. Enable SNMP logging
C. Perform regular rule reviews and log analysis
D. Set the default policy to “Allow All”

correct answer: C
explanation: Reviewing rules and logs helps identify misconfigurations, unused rules, and possible security gaps in the firewall.

---

question: 42
Which data classification level typically applies to data whose unauthorized disclosure would cause serious damage to national security?
A. Public
B. Confidential
C. Secret
D. Top Secret

correct answer: D
explanation: Top Secret is the highest classification, used for data that would cause grave damage if disclosed.

---

question: 43
What is the main purpose of a Business Continuity Plan (BCP)?
A. To detect network attacks
B. To ensure data classification
C. To ensure continued operations during/after a disruption
D. To log user access

correct answer: C
explanation: A BCP ensures essential business functions continue despite major disruptions.

---

question: 44
Which of the following is the MOST effective method to mitigate SQL injection vulnerabilities?
A. User education
B. Using parameterized queries
C. Encrypting the database
D. Using firewalls

correct answer: B
explanation: Parameterized queries (also called prepared statements) prevent attackers from injecting malicious SQL code.

---

question: 45
Which type of social engineering attack uses phone calls to deceive a target?
A. Smishing
B. Phishing
C. Vishing
D. Spear phishing

correct answer: C
explanation: Vishing (voice phishing) uses phone calls to trick users into revealing sensitive information.

---

question: 46
Which cloud service model gives the customer the most control over operating systems and applications?
A. SaaS
B. IaaS
C. PaaS
D. DaaS

correct answer: B
explanation: Infrastructure as a Service (IaaS) provides the most control, allowing customers to manage OS, apps, and configurations.

---

question: 47
Which of the following is a primary goal of patch management?
A. Decrease system load
B. Improve network speed
C. Remediate known vulnerabilities
D. Archive old data

correct answer: C
explanation: Patch management ensures that known vulnerabilities are fixed before attackers can exploit them.

---

question: 48
Which method is BEST for ensuring the confidentiality of data during transmission?
A. Compression
B. Hashing
C. Encryption
D. Redundancy

correct answer: C
explanation: Encryption secures data from unauthorized access during transmission.

---

question: 49
Which of the following BEST supports the principle of accountability in an IT environment?
A. Disabling logs
B. Password expiration
C. Detailed audit trails
D. Shared administrator accounts

correct answer: C
explanation: Audit trails track user actions and system events, helping enforce accountability and traceability.

---

question: 50
Which type of test assesses the reliability of a disaster recovery plan by simulating an actual disaster?
A. Tabletop exercise
B. Checklist review
C. Parallel test
D. Full interruption test

correct answer: D
explanation: A full interruption test completely simulates a disaster by halting normal operations and relying entirely on backup systems.

question: 51
What is the primary goal of an incident response plan?
A. Prevent incidents from occurring
B. Identify system vulnerabilities
C. Restore normal operations as quickly as possible
D. Perform root cause analysis

correct answer: C
explanation: The main goal of an incident response plan is to quickly contain and recover from security incidents, minimizing damage and downtime.

---

question: 52
Which of the following BEST represents a logical access control?
A. Fence
B. Password
C. Security guard
D. Lock and key

correct answer: B
explanation: A password is a logical access control, as it restricts digital access based on credentials.

---

question: 53
Which process ensures that only authorized changes are made to systems and infrastructure?
A. Asset management
B. Configuration management
C. Change management
D. Access control

correct answer: C
explanation: Change management ensures all changes are approved, documented, and properly implemented to reduce risk.

---

question: 54
What type of access control is based on job roles within an organization?
A. DAC – Discretionary Access Control
B. RBAC – Role-Based Access Control
C. MAC – Mandatory Access Control
D. Rule-Based Access Control

correct answer: B
explanation: RBAC assigns permissions based on roles, aligning access with business functions.

---

question: 55
Which of the following is the BEST control to detect unauthorized file changes?
A. File integrity monitoring
B. Full disk encryption
C. Role-based access
D. Data masking

correct answer: A
explanation: File integrity monitoring tools detect unauthorized or unexpected modifications to critical files.

---

question: 56
Which of the following physical security controls helps protect against vehicle-based threats?
A. Biometrics
B. Bollards
C. Security cameras
D. Motion detectors

correct answer: B
explanation: Bollards are physical barriers placed around buildings or entrances to prevent vehicle intrusion.

---

question: 57
In the context of security, what is residual risk?
A. The probability that a threat will occur
B. The risk remaining after controls are implemented
C. The cost of mitigating a risk
D. The known threat source

correct answer: B
explanation: Residual risk is the risk that remains after security measures and controls are applied.

---

question: 58
Which of the following is a benefit of token-based authentication?
A. It requires no hardware
B. It changes the password automatically
C. It offers one-time use and dynamic passwords
D. It eliminates the need for firewalls

correct answer: C
explanation: Token-based authentication provides dynamic one-time passwords, improving security by reducing password reuse.

---

question: 59
Which type of malware is specifically designed to hide its presence on a system?
A. Adware
B. Spyware
C. Rootkit
D. Logic bomb

correct answer: C
explanation: A rootkit hides its existence and enables continued privileged access to a system without detection.

---

question: 60
Which policy component outlines the penalties for violating security rules?
A. Acceptable Use Policy
B. Privacy Policy
C. Sanctions Policy
D. Access Control Policy

correct answer: C
explanation: A sanctions policy defines disciplinary measures for employees who violate organizational security policies.

question: 61
What is the purpose of data masking in an IT environment?
A. To encrypt sensitive data during transmission
B. To obscure sensitive data for testing or development
C. To improve data integrity
D. To prevent unauthorized physical access to data

correct answer: B
explanation: Data masking replaces sensitive data with anonymized values in non-production environments, such as testing and development.

---

question: 62
Which type of attack is designed to overwhelm a system with traffic in order to cause service disruption?
A. Man-in-the-middle attack
B. Denial of Service (DoS)
C. SQL injection
D. Cross-Site Scripting (XSS)

correct answer: B
explanation: A Denial of Service (DoS) attack aims to disrupt services by overwhelming the target with excessive traffic.

---

question: 63
Which type of authentication requires two or more methods, such as a password and a fingerprint?
A. Single Sign-On (SSO)
B. Multifactor authentication (MFA)
C. Biometric authentication
D. CAPTCHA

correct answer: B
explanation: Multifactor authentication (MFA) combines two or more authentication factors, such as something you know (password) and something you are (fingerprint).

---

question: 64
What is the main purpose of implementing disaster recovery testing?
A. To reduce overall IT costs
B. To improve the efficiency of the recovery process
C. To ensure compliance with security regulations
D. To ensure the protection of physical assets

correct answer: B
explanation: Disaster recovery testing ensures the organization can restore its operations as quickly as possible after a disaster.

---

question: 65
Which of the following is an example of strong encryption?
A. AES-256
B. MD5
C. DES
D. Base64 encoding

correct answer: A
explanation: AES-256 is a widely used and strong encryption standard with a 256-bit key, providing high security.

---

question: 66
What type of risk management strategy aims to eliminate the risk entirely?
A. Risk avoidance
B. Risk transfer
C. Risk mitigation
D. Risk acceptance

correct answer: A
explanation: Risk avoidance involves changing plans or actions to completely eliminate a potential risk.

---

question: 67
Which process ensures that sensitive information is correctly classified for appropriate protection levels?
A. Risk assessment
B. Data classification
C. Data retention
D. Encryption

correct answer: B
explanation: Data classification involves categorizing data based on its sensitivity to determine appropriate protection mechanisms.

---

question: 68
Which type of control is implemented to detect unauthorized access or breaches after they occur?
A. Preventive control
B. Corrective control
C. Detective control
D. Compensating control

correct answer: C
explanation: Detective controls identify and alert on security breaches after they happen, allowing for a timely response.

---

question: 69
Which security framework is commonly used to assess and improve an organization’s overall cybersecurity posture?
A. PCI-DSS
B. NIST Cybersecurity Framework
C. HIPAA
D. COBIT

correct answer: B
explanation: The NIST Cybersecurity Framework provides guidelines for improving an organization’s overall cybersecurity and risk management practices.

---

question: 70
What does the CIA Triad in security stand for?
A. Confidentiality, Integrity, Authentication
B. Confidentiality, Integrity, Availability
C. Confidentiality, Identity, Access
D. Control, Integrity, Availability

correct answer: B
explanation: The CIA Triad represents the core principles of information security: Confidentiality, Integrity, and Availability.

question: 71
What is the main purpose of encryption at rest?
A. To secure data during transmission
B. To prevent unauthorized access to stored data
C. To improve system performance
D. To ensure data is available during disaster recovery

correct answer: B
explanation: Encryption at rest protects stored data from unauthorized access or breaches when it is not being actively used.

---

question: 72
Which of the following is an example of a logical security control?
A. Locked doors
B. Alarm systems
C. Passwords
D. Security guards

correct answer: C
explanation: Passwords are a logical security control, as they restrict access to systems and data through authentication.

---

question: 73
Which cloud deployment model provides the greatest level of control to the user?
A. Public cloud
B. Private cloud
C. Hybrid cloud
D. Community cloud

correct answer: B
explanation: In a private cloud, the organization has full control over the infrastructure, policies, and configurations, providing maximum customization and security.

---

question: 74
Which of the following is an example of physical security?
A. Multi-factor authentication
B. Smartcards for access control
C. Data encryption
D. Antivirus software

correct answer: B
explanation: Smartcards are a form of physical security, used to authenticate users and control access to physical locations.

---

question: 75
Which security principle requires that users only be given the minimum necessary access to perform their job functions?
A. Least Privilege
B. Separation of Duties
C. Accountability
D. Data Integrity

correct answer: A
explanation: The Least Privilege principle ensures users have only the access necessary to perform their tasks, reducing the potential for unauthorized actions.

---

question: 76
Which of the following is a benefit of implementing single sign-on (SSO) in an organization?
A. Reduced password fatigue
B. Increased number of passwords to manage
C. Increased risk of password sharing
D. Improved system performance

correct answer: A
explanation: Single sign-on (SSO) reduces the number of times a user must enter credentials, helping prevent password fatigue and improving user experience.

---

question: 77
Which of the following is a security vulnerability associated with default system configurations?
A. Inadequate backup schedules
B. Weak passwords or open ports
C. Overuse of encryption
D. Lack of network redundancy

correct answer: B
explanation: Default system configurations often include weak passwords or open ports, which can create vulnerabilities that attackers can exploit.

---

question: 78
What type of attack involves an attacker intercepting communications between two parties and possibly modifying them?
A. Man-in-the-middle attack
B. Phishing
C. Cross-site scripting
D. Buffer overflow

correct answer: A
explanation: In a man-in-the-middle attack, the attacker intercepts and may alter communications between two parties without their knowledge.

---

question: 79
Which data destruction method ensures that data cannot be recovered from a hard drive or storage media?
A. Formatting the drive
B. Using degaussing
C. Moving data to tape backup
D. Encrypting the drive

correct answer: B
explanation: Degaussing uses a strong magnetic field to disrupt the data stored on a drive, making it irretrievable.

---

question: 80
Which of the following BEST describes a data breach?
A. A natural disaster causing data loss
B. An accidental deletion of sensitive data
C. Unauthorized access to sensitive data
D. A system failure causing downtime

correct answer: C
explanation: A data breach occurs when sensitive data is accessed or disclosed without authorization.