Question #1
Which of the following best describes data security?
- A . Measures to protect data from unauthorized access.
- B . The process of ensuring data is stored in physical locations only.
- C . Backup and recovery techniques for cloud data.
- D . Procedures to duplicate data across multiple locations.
Correct Answer: A
A
Explanation:
Data security encompasses practices, policies, and technologies aimed at protecting data from unauthorized access, breaches, and theft.
A
Explanation:
Data security encompasses practices, policies, and technologies aimed at protecting data from unauthorized access, breaches, and theft.
Question #2
Which is NOT a core element of security?
- A . Confidentiality
- B . Data auditing
- C . Integrity
- D . Availability
Correct Answer: B
B
Explanation:
Core elements of security include confidentiality, integrity, and availability (CIA triad). Auditing supports security but is not a core element.
B
Explanation:
Core elements of security include confidentiality, integrity, and availability (CIA triad). Auditing supports security but is not a core element.
Question #3
What does the CIA triad aim to achieve?
- A . Regulatory compliance
- B . Comprehensive data security
- C . Data processing efficiency
- D . Encryption protocols
Correct Answer: B
B
Explanation:
The CIA triad―confidentiality, integrity, and availability―forms the foundation of a comprehensive approach to protecting information assets.
B
Explanation:
The CIA triad―confidentiality, integrity, and availability―forms the foundation of a comprehensive approach to protecting information assets.
Question #4
Data breaches primarily threaten which aspect of the CIA triad?
- A . Integrity
- B . Confidentiality
- C . Availability
- D . All of the above
Correct Answer: B
B
Explanation:
Data breaches most directly threaten confidentiality by exposing sensitive information to unauthorized parties.
B
Explanation:
Data breaches most directly threaten confidentiality by exposing sensitive information to unauthorized parties.
Question #5
Which of the following can compromise data integrity? (Choose two)
- A . Unauthorized modifications
- B . Man-in-the-middle attacks
- C . User authentication failures
- D . Distributed denial-of-service attacks
Correct Answer: A, B
A, B
Explanation:
Unauthorized modifications and interception during transmission (e.g., man-in-the-middle attacks) jeopardize data integrity.
A, B
Explanation:
Unauthorized modifications and interception during transmission (e.g., man-in-the-middle attacks) jeopardize data integrity.
Question #6
What is the first step in establishing a secure computing environment?
- A . Regular software updates
- B . Identifying and classifying assets
- C . Encrypting all data
- D . Installing a firewall
Correct Answer: B
B
Explanation:
Identifying and classifying assets helps organizations understand what needs protection and prioritize
security measures effectively.
B
Explanation:
Identifying and classifying assets helps organizations understand what needs protection and prioritize
security measures effectively.
Question #7
Which type of security loss occurs due to a ransomware attack?
- A . Loss of availability
- B . Loss of confidentiality
- C . Loss of integrity
- D . Regulatory penalties
Correct Answer: A
A
Explanation:
Ransomware attacks primarily affect availability by restricting access to systems and data until a ransom is paid.
A
Explanation:
Ransomware attacks primarily affect availability by restricting access to systems and data until a ransom is paid.
Question #8
An insider threat can compromise which elements of the CIA triad?
- A . Confidentiality only
- B . Integrity and availability only
- C . Confidentiality, integrity, and availability
- D . None of the above
Correct Answer: C
C
Explanation:
Insider threats can affect all elements of the CIA triad by stealing, altering, or disrupting access to information.
C
Explanation:
Insider threats can affect all elements of the CIA triad by stealing, altering, or disrupting access to information.
Question #9
What is the primary risk of unencrypted sensitive data?
- A . Increased storage costs
- B . Loss of data availability
- C . Exposure during unauthorized access
- D . Longer processing times
Correct Answer: C
C
Explanation:
Unencrypted sensitive data is vulnerable to exposure during unauthorized access, compromising confidentiality.
C
Explanation:
Unencrypted sensitive data is vulnerable to exposure during unauthorized access, compromising confidentiality.
Question #10
Which of the following are potential losses due to security attacks? (Choose two)
- A . Financial loss
- B . Reduced system performance
- C . Increased regulatory oversight
- D . Damage to reputation
Correct Answer: A, D
A, D
Explanation:
Financial loss and damage to reputation are common outcomes of security breaches, affecting organizations severely.
A, D
Explanation:
Financial loss and damage to reputation are common outcomes of security breaches, affecting organizations severely.
Question #11
What is an example of a loss of integrity?
- A . Inaccessible systems due to a DDoS attack
- B . Tampered financial transaction records
- C . Exposure of encrypted data
- D . Unauthorized file downloads
Correct Answer: B
B
Explanation:
A loss of integrity occurs when information is altered without authorization, as in the case of tampered transaction records.
B
Explanation:
A loss of integrity occurs when information is altered without authorization, as in the case of tampered transaction records.
Question #12
Which attack is an example of compromising availability?
- A . Phishing
- B . Denial-of-service
- C . Malware installation
- D . Credential theft
Correct Answer: B
B
Explanation:
Denial-of-service attacks compromise availability by overwhelming a system, making it inaccessible to authorized users.
B
Explanation:
Denial-of-service attacks compromise availability by overwhelming a system, making it inaccessible to authorized users.
Question #13
What is the goal of a security policy?
- A . To enforce organizational structure
- B . To outline measures for protecting assets
- C . To identify potential attackers
- D . To ensure software usability
Correct Answer: B
B
Explanation:
A security policy defines the rules and measures necessary to protect an organization’s information assets and mitigate risks.
B
Explanation:
A security policy defines the rules and measures necessary to protect an organization’s information assets and mitigate risks.
Question #14
Which of the following is a characteristic of effective data encryption?
- A . Publicly available encryption keys
- B . Limited application to sensitive data
- C . Protection against unauthorized access during transmission
- D . Reduced performance of network systems
Correct Answer: C
C
Explanation:
Effective encryption ensures data is protected during transmission, maintaining confidentiality and preventing interception.
C
Explanation:
Effective encryption ensures data is protected during transmission, maintaining confidentiality and preventing interception.
Question #15
Why is regular security training important?
- A . To avoid compliance penalties
- B . To keep employees informed about evolving threats
- C . To reduce encryption overhead
- D . To maintain software licensing requirements
Correct Answer: B
B
Explanation:
Regular training helps employees recognize and respond to evolving cybersecurity threats, improving overall security posture.
B
Explanation:
Regular training helps employees recognize and respond to evolving cybersecurity threats, improving overall security posture.
Question #16
Which component is essential for mitigating phishing attacks?
- A . Spam filters
- B . Advanced encryption methods
- C . Physical security measures
- D . Hardware-based firewalls
Correct Answer: A
A
Explanation:
Spam filters reduce the likelihood of phishing emails reaching users, thereby lowering the risk of compromise.
A
Explanation:
Spam filters reduce the likelihood of phishing emails reaching users, thereby lowering the risk of compromise.
Question #17
What is the primary purpose of access control?
- A . Securing physical server locations
- B . Ensuring users can view all organizational data
- C . Limiting data access based on roles or permissions
- D . Backing up sensitive information
Correct Answer: C
C
Explanation:
Access control mechanisms limit access to data and resources, ensuring users only access what their roles permit.
C
Explanation:
Access control mechanisms limit access to data and resources, ensuring users only access what their roles permit.
Question #18
An organization’s online store becomes unavailable due to a cyberattack.
What loss does this represent?
- A . Loss of integrity
- B . Loss of availability
- C . Loss of confidentiality
- D . Financial gain
Correct Answer: B
B
Explanation:
When an online store becomes unavailable, it is a loss of availability, affecting business operations and potentially causing financial losses.
B
Explanation:
When an online store becomes unavailable, it is a loss of availability, affecting business operations and potentially causing financial losses.
Question #19
Which of the following best reduces the risk of unauthorized data access?
- A . Implementing strong password policies
- B . Regularly updating hardware devices
- C . Limiting network bandwidth
- D . Performing frequent hardware audits
Correct Answer: A
A
Explanation:
Strong password policies protect against unauthorized access by ensuring only authorized users can access sensitive systems.
A
Explanation:
Strong password policies protect against unauthorized access by ensuring only authorized users can access sensitive systems.
Question #20
Which two security measures address both confidentiality and integrity?
- A . Access control and encryption
- B . Multi-factor authentication and redundancy
- C . Firewall implementation and monitoring
- D . Backups and disaster recovery plans
Correct Answer: A
A
Explanation:
Access control limits who can access data, while encryption ensures data remains confidential and unaltered during transmission.
A
Explanation:
Access control limits who can access data, while encryption ensures data remains confidential and unaltered during transmission.
Question #21
Which of the following is a primary objective of data classification?
- A . Enhance system performance
- B . Reduce storage requirements
- C . Prioritize security measures based on data sensitivity
- D . Enable universal data sharing across departments
Correct Answer: C
C
Explanation:
Data classification organizes information by sensitivity, helping to apply appropriate security controls and prioritize protection efforts.
C
Explanation:
Data classification organizes information by sensitivity, helping to apply appropriate security controls and prioritize protection efforts.
Question #22
What is a potential impact of a successful social engineering attack?
- A . Unauthorized data access
- B . Network hardware failure
- C . System performance optimization
- D . Improved compliance policies
Correct Answer: A
A
Explanation:
Social engineering attacks trick individuals into revealing sensitive information, leading to unauthorized data access and breaches.
A
Explanation:
Social engineering attacks trick individuals into revealing sensitive information, leading to unauthorized data access and breaches.
Question #23
Which type of data is typically most at risk during transit?
- A . Encrypted data
- B . Redundant backup files
- C . Unencrypted sensitive data
- D . Archived files
Correct Answer: C
C
Explanation:
Unencrypted data in transit is vulnerable to interception, potentially compromising confidentiality and security.
C
Explanation:
Unencrypted data in transit is vulnerable to interception, potentially compromising confidentiality and security.
Question #24
Which of these is an example of a technical control in data security?
- A . Security policies
- B . User awareness training
- C . Firewalls
- D . Incident response planning
Correct Answer: C
C
Explanation:
Technical controls like firewalls provide automated protection against threats, complementing procedural and administrative controls.
C
Explanation:
Technical controls like firewalls provide automated protection against threats, complementing procedural and administrative controls.
Question #25
What is the primary purpose of multi-factor authentication (MFA)?
- A . To reduce password reset requests
- B . To enhance user convenience
- C . To strengthen access security by requiring multiple verification methods
- D . To eliminate the need for strong passwords
Correct Answer: C
C
Explanation:
MFA adds layers of authentication, making it more difficult for attackers to gain unauthorized access, even if one factor is compromised.
C
Explanation:
MFA adds layers of authentication, making it more difficult for attackers to gain unauthorized access, even if one factor is compromised.
Question #26
Which are the key advantages of encryption? (Choose two)
- A . Protects data integrity
- B . Simplifies compliance requirements
- C . Ensures data confidentiality
- D . Reduces the need for backups
Correct Answer: A, C
A, C
Explanation:
Encryption protects data integrity by preventing unauthorized modifications and ensures confidentiality by restricting access to authorized parties.
A, C
Explanation:
Encryption protects data integrity by preventing unauthorized modifications and ensures confidentiality by restricting access to authorized parties.
Question #27
Which of the following can result in data availability loss?
- A . Unauthorized data encryption by attackers
- B . Accidental deletion of critical files
- C . Prolonged hardware failure
- D . All of the above
Correct Answer: D
D
Explanation:
Data availability can be compromised by encryption attacks (e.g., ransomware), accidental deletions, or extended hardware failures.
D
Explanation:
Data availability can be compromised by encryption attacks (e.g., ransomware), accidental deletions, or extended hardware failures.
Question #28
What is the most effective way to prevent brute-force attacks on passwords?
- A . Use firewalls to block traffic
- B . Require strong password policies and lockout mechanisms
- C . Encrypt all password files
- D . Implement biometric authentication
Correct Answer: B
B
Explanation:
Strong password policies and account lockout mechanisms reduce the likelihood of brute-force attacks succeeding.
B
Explanation:
Strong password policies and account lockout mechanisms reduce the likelihood of brute-force attacks succeeding.
Question #29
What kind of attack involves overwhelming a server with traffic to make it unavailable?
- A . Phishing attack
- B . Denial-of-service attack
- C . Malware injection
- D . Social engineering attack
Correct Answer: B
B
Explanation:
Denial-of-service attacks flood servers with excessive traffic, disrupting services and making systems inaccessible to legitimate users.
B
Explanation:
Denial-of-service attacks flood servers with excessive traffic, disrupting services and making systems inaccessible to legitimate users.
Question #30
What is the role of a firewall in data security?
- A . Encrypt sensitive information
- B . Monitor and control incoming and outgoing network traffic
- C . Authenticate users before granting system access
- D . Prevent physical access to servers
Correct Answer: B
B
Explanation:
Firewalls act as a barrier between trusted and untrusted networks, filtering traffic based on security policies to prevent unauthorized access.
B
Explanation:
Firewalls act as a barrier between trusted and untrusted networks, filtering traffic based on security policies to prevent unauthorized access.
Question #31
What is the best way to minimize insider threats?
- A . Monitor network traffic continuously
- B . Restrict employee access to only necessary data
- C . Implement network segmentation
- D . Encrypt all communications
Correct Answer: B
B
Explanation:
Limiting data access to only what employees need for their roles reduces the potential for insider threats.
B
Explanation:
Limiting data access to only what employees need for their roles reduces the potential for insider threats.
Question #32
Which two are common causes of data breaches?
- A . Poor password management
- B . Hardware malfunctions
- C . Social engineering attacks
- D . Lack of data backups
Correct Answer: A, C
A, C
Explanation:
Weak passwords and social engineering attacks are major contributors to data breaches, often leading to unauthorized access.
A, C
Explanation:
Weak passwords and social engineering attacks are major contributors to data breaches, often leading to unauthorized access.
Question #33
Which of the following best describes a zero-day vulnerability?
- A . A known security flaw with no existing patches
- B . A flaw exploited after a patch is released
- C . An outdated security protocol
- D . A misconfigured firewall setting
Correct Answer: A
A
Explanation:
A zero-day vulnerability refers to a security flaw discovered by attackers before the vendor can issue a patch, leaving systems exposed.
A
Explanation:
A zero-day vulnerability refers to a security flaw discovered by attackers before the vendor can issue a patch, leaving systems exposed.
Question #34
What is a key benefit of using network segmentation?
- A . Improved system performance
- B . Reduced impact of breaches on critical systems
- C . Faster data backups
- D . Enhanced physical security
Correct Answer: B
B
Explanation:
Network segmentation limits the spread of attacks by isolating critical systems, reducing the overall impact of breaches.
B
Explanation:
Network segmentation limits the spread of attacks by isolating critical systems, reducing the overall impact of breaches.
Question #35
What is the primary objective of a vulnerability assessment?
- A . Identify and prioritize system vulnerabilities
- B . Replace outdated software
- C . Implement disaster recovery plans
- D . Encrypt sensitive data
Correct Answer: A
A
Explanation:
Vulnerability assessments identify and prioritize risks in a system, enabling proactive security measures to address potential threats.
A
Explanation:
Vulnerability assessments identify and prioritize risks in a system, enabling proactive security measures to address potential threats.
Question #36
Which are potential impacts of a loss of confidentiality? (Choose two)
- A . Identity theft
- B . Data corruption
- C . Financial losses
- D . Service unavailability
Correct Answer: A, C
A, C
Explanation:
A confidentiality breach can lead to identity theft and financial losses, affecting individuals and organizations significantly.
A, C
Explanation:
A confidentiality breach can lead to identity theft and financial losses, affecting individuals and organizations significantly.
Question #37
Which type of malware encrypts files and demands payment for access?
- A . Spyware
- B . Ransomware
- C . Worms
- D . Adware
Correct Answer: B
B
Explanation:
Ransomware encrypts files, restricting access to them until a ransom is paid, targeting availability and causing significant disruptions.
B
Explanation:
Ransomware encrypts files, restricting access to them until a ransom is paid, targeting availability and causing significant disruptions.
Question #38
Why is regular patch management critical?
- A . To ensure hardware longevity
- B . To reduce downtime during updates
- C . To fix known vulnerabilities and prevent exploits
- D . To simplify system configurations
Correct Answer: C
C
Explanation:
Regular patch management addresses known vulnerabilities, reducing the risk of attacks that exploit outdated software.
C
Explanation:
Regular patch management addresses known vulnerabilities, reducing the risk of attacks that exploit outdated software.
Question #39
What is the best practice for securing sensitive data stored in the cloud?
- A . Storing it in unstructured formats
- B . Using strong encryption methods
- C . Avoiding access control mechanisms
- D . Reducing the number of backups
Correct Answer: B
B
Explanation:
Encrypting sensitive data in the cloud ensures that even if unauthorized access occurs, the data remains unreadable without the decryption keys.
B
Explanation:
Encrypting sensitive data in the cloud ensures that even if unauthorized access occurs, the data remains unreadable without the decryption keys.
Question #40
Which two measures can enhance both data integrity and availability?
- A . Regular data backups and hash verification
- B . Firewalls and intrusion detection systems
- C . Biometric authentication and monitoring
- D . Security awareness training and disaster recovery plans
Correct Answer: A, D
A, D
Explanation:
Data backups and hash verification protect integrity, while disaster recovery ensures availability during incidents.
A, D
Explanation:
Data backups and hash verification protect integrity, while disaster recovery ensures availability during incidents.
Question #41
Which of the following defines data security?
- A . A method of ensuring physical protection of data.
- B . Measures to safeguard data from unauthorized access or corruption.
- C . Techniques for data duplication and storage.
- D . Ensuring all systems are interconnected.
Correct Answer: B
B
Explanation:
Data security involves protecting data from unauthorized access, breaches, or corruption using policies, procedures, and tools.
B
Explanation:
Data security involves protecting data from unauthorized access, breaches, or corruption using policies, procedures, and tools.
Question #42
Which are the main components of the CIA triad in security?
- A . Authentication, Integrity, Availability
- B . Confidentiality, Integrity, Availability
- C . Confidentiality, Accessibility, Authentication
- D . Authorization, Authentication, Access
Correct Answer: B
B
Explanation:
The CIA triad ensures information security through confidentiality (privacy), integrity (accuracy), and availability (accessibility).
B
Explanation:
The CIA triad ensures information security through confidentiality (privacy), integrity (accuracy), and availability (accessibility).
Question #43
What is the primary goal of confidentiality in the CIA triad?
- A . To restrict unauthorized access to sensitive data.
- B . To ensure all data is backed up.
- C . To protect systems from malware.
- D . To provide 24/7 access to systems.
Correct Answer: A
A
Explanation:
Confidentiality ensures only authorized individuals can access sensitive information, preventing leaks and breaches.
A
Explanation:
Confidentiality ensures only authorized individuals can access sensitive information, preventing leaks and breaches.
Question #44
A distributed denial-of-service (DDoS) attack primarily affects which aspect of security?
- A . Integrity
- B . Confidentiality
- C . Availability
- D . Authentication
Correct Answer: C
C
Explanation:
DDoS attacks overload systems, making services unavailable to legitimate users, directly impacting availability.
C
Explanation:
DDoS attacks overload systems, making services unavailable to legitimate users, directly impacting availability.
Question #45
Which of the following are considered potential losses due to security attacks? (Choose two)
- A . Financial losses
- B . Improved system performance
- C . Loss of customer trust
- D . Reduction in data redundancy
Correct Answer: A, C
A, C
Explanation:
Security attacks can lead to financial losses and damage customer trust, affecting organizational reputation and operations.
A, C
Explanation:
Security attacks can lead to financial losses and damage customer trust, affecting organizational reputation and operations.
Question #46
What is a key purpose of encryption in data security?
- A . To make data readily accessible.
- B . To ensure data is transmitted securely.
- C . To reduce the need for firewalls.
- D . To optimize system performance.
Correct Answer: B
B
Explanation:
Encryption protects data during transmission by converting it into unreadable formats, ensuring secure communication.
B
Explanation:
Encryption protects data during transmission by converting it into unreadable formats, ensuring secure communication.
Question #47
An employee accidentally deletes critical files.
What type of loss does this represent?
- A . Loss of confidentiality
- B . Loss of availability
- C . Loss of integrity
- D . Regulatory non-compliance
Correct Answer: C
C
Explanation:
When files are altered or deleted without intent, it constitutes a loss of data integrity, affecting its reliability.
C
Explanation:
When files are altered or deleted without intent, it constitutes a loss of data integrity, affecting its reliability.
Question #48
What is the role of authentication in data security?
- A . To protect against phishing attacks.
- B . To verify the identity of users accessing a system.
- C . To enable encryption of sensitive data.
- D . To prevent hardware malfunctions.
Correct Answer: B
B
Explanation:
Authentication verifies users’ identities, ensuring only authorized individuals can access data and resources.
B
Explanation:
Authentication verifies users’ identities, ensuring only authorized individuals can access data and resources.
Question #49
Which of the following ensures data availability?
- A . Frequent data backups and redundancy measures
- B . Strong passwords and encryption methods
- C . Firewalls and intrusion detection systems
- D . Regular software updates
Correct Answer: A
A
Explanation:
Backups and redundancy ensure data availability by providing alternative ways to access data during system failures.
A
Explanation:
Backups and redundancy ensure data availability by providing alternative ways to access data during system failures.
Question #50
Which two actions can protect the integrity of data?
- A . Implementing strong access controls
- B . Performing regular data backups
- C . Encrypting data during transmission
- D . Using hashing techniques for data validation
Correct Answer: A, D
A, D
Explanation:
Access controls and hashing prevent unauthorized alterations and verify data accuracy, protecting its integrity.
A, D
Explanation:
Access controls and hashing prevent unauthorized alterations and verify data accuracy, protecting its integrity.
Question #51
Which term refers to an unauthorized entity gaining access to sensitive data?
- A . Data breach
- B . Data masking
- C . Data redundancy
- D . Data audit
Correct Answer: A
A
Explanation:
A data breach occurs when unauthorized individuals access sensitive information, violating confidentiality.
A
Explanation:
A data breach occurs when unauthorized individuals access sensitive information, violating confidentiality.
Question #52
Which element of security prevents unauthorized data modification?
- A . Availability
- B . Confidentiality
- C . Integrity
- D . Scalability
Correct Answer: C
C
Explanation:
Integrity ensures that data remains unchanged and accurate, preventing unauthorized alterations or corruption.
C
Explanation:
Integrity ensures that data remains unchanged and accurate, preventing unauthorized alterations or corruption.
Question #53
A ransomware attack primarily affects which security element?
- A . Confidentiality
- B . Availability
- C . Integrity
- D . Scalability
Correct Answer: B
B
Explanation:
Ransomware encrypts data and systems, preventing access until a ransom is paid, compromising availability.
B
Explanation:
Ransomware encrypts data and systems, preventing access until a ransom is paid, compromising availability.
Question #54
What is the first step in a robust data security strategy?
- A . Encrypting all sensitive files
- B . Identifying and classifying sensitive data
- C . Deploying a firewall
- D . Implementing multi-factor authentication
Correct Answer: B
B
Explanation:
Identifying and classifying data helps prioritize protection for sensitive information and allocate resources effectively.
B
Explanation:
Identifying and classifying data helps prioritize protection for sensitive information and allocate resources effectively.
Question #55
Which two practices enhance confidentiality in data security?
- A . Encryption and access controls
- B . Firewalls and disaster recovery plans
- C . Data redundancy and hashing
- D . Incident response plans and backups
Correct Answer: A
A
Explanation:
Encryption protects data privacy, while access controls restrict data access to authorized personnel, enhancing confidentiality.
A
Explanation:
Encryption protects data privacy, while access controls restrict data access to authorized personnel, enhancing confidentiality.
Question #56
What is the key benefit of multi-factor authentication (MFA)?
- A . Simplifies password management
- B . Enhances system performance
- C . Increases security by requiring multiple credentials
- D . Eliminates the need for strong passwords
Correct Answer: C
C
Explanation:
MFA strengthens access security by requiring multiple forms of verification, making unauthorized access more difficult.
C
Explanation:
MFA strengthens access security by requiring multiple forms of verification, making unauthorized access more difficult.
Question #57
Which of the following are potential impacts of a phishing attack? (Choose two)
- A . Unauthorized data access
- B . System hardware damage
- C . Credential theft
- D . Improved network speed
Correct Answer: A, C
A, C
Explanation:
Phishing attacks can lead to unauthorized access by tricking users into sharing credentials or sensitive data.
A, C
Explanation:
Phishing attacks can lead to unauthorized access by tricking users into sharing credentials or sensitive data.
Question #58
What is the purpose of access control in security?
- A . To secure physical servers
- B . To restrict unauthorized access to data and systems
- C . To create user accounts
- D . To prevent phishing emails
Correct Answer: B
B
Explanation:
Access control mechanisms ensure only authorized users can access specific data and systems, protecting confidentiality.
B
Explanation:
Access control mechanisms ensure only authorized users can access specific data and systems, protecting confidentiality.
Question #59
Which type of attack often leads to identity theft?
- A . Phishing
- B . Man-in-the-middle
- C . Denial-of-service
- D . Malware
Correct Answer: A
A
Explanation:
Phishing attacks trick users into revealing sensitive information, such as personal or financial data, leading to identity theft.
A
Explanation:
Phishing attacks trick users into revealing sensitive information, such as personal or financial data, leading to identity theft.
Question #60
What is a potential consequence of unpatched software vulnerabilities?
- A . Reduced encryption strength
- B . Unauthorized system access by attackers
- C . Improved system speed
- D . Increased network redundancy
Correct Answer: B
B
Explanation:
Unpatched software vulnerabilities are exploited by attackers to gain unauthorized access to systems and data.
B
Explanation:
Unpatched software vulnerabilities are exploited by attackers to gain unauthorized access to systems and data.
Question #61
What is the purpose of data masking in data security?
- A . Encrypt data during transmission.
- B . Obscure sensitive data for non-production environments.
- C . Improve data availability in redundant systems.
- D . Facilitate faster data recovery.
Correct Answer: B
B
Explanation:
Data masking hides sensitive data by replacing it with fictitious values for use in testing or non-production environments.
B
Explanation:
Data masking hides sensitive data by replacing it with fictitious values for use in testing or non-production environments.
Question #62
Which attack method is specifically designed to compromise the availability of a system?
- A . Phishing
- B . Denial-of-service (DoS)
- C . Man-in-the-middle
- D . Ransomware
Correct Answer: B
B
Explanation:
A DoS attack overwhelms system resources, making services unavailable to legitimate users and affecting availability.
B
Explanation:
A DoS attack overwhelms system resources, making services unavailable to legitimate users and affecting availability.
Question #63
What is a key element of ensuring data integrity?
- A . Implementing strict access controls
- B . Using hashing algorithms for data validation
- C . Encrypting data during transmission
- D . Restricting physical access to servers
Correct Answer: B
B
Explanation:
Hashing algorithms verify data integrity by detecting unauthorized alterations, ensuring data remains accurate and unmodified.
B
Explanation:
Hashing algorithms verify data integrity by detecting unauthorized alterations, ensuring data remains accurate and unmodified.
Question #64
Which two measures help maintain the availability of data during an attack?
- A . Data redundancy and failover systems
- B . Strong passwords and encryption
- C . Multi-factor authentication and hashing
- D . Firewalls and intrusion detection systems
Correct Answer: A
A
Explanation:
Redundancy and failover systems ensure continuous access to data even during system failures or attacks.
A
Explanation:
Redundancy and failover systems ensure continuous access to data even during system failures or attacks.
Question #65
Which of the following best describes a man-in-the-middle attack?
- A . Exploiting software vulnerabilities to gain access.
- B . Intercepting and altering communications between two parties.
- C . Overloading systems with traffic to deny service.
- D . Distributing malware to gain system control.
Correct Answer: B
B
Explanation:
A man-in-the-middle attack intercepts and manipulates communications between two entities without their knowledge.
B
Explanation:
A man-in-the-middle attack intercepts and manipulates communications between two entities without their knowledge.
Question #66
What is the main purpose of disaster recovery plans in data security?
- A . Prevent phishing attacks.
- B . Ensure rapid recovery after a security incident.
- C . Enhance system performance.
- D . Monitor and log system activity.
Correct Answer: B
B
Explanation:
Disaster recovery plans outline procedures for restoring systems and data quickly after incidents, ensuring availability.
B
Explanation:
Disaster recovery plans outline procedures for restoring systems and data quickly after incidents, ensuring availability.
Question #67
Which two factors contribute to the loss of confidentiality in a system?
- A . Weak password policies
- B . Data encryption during transmission
- C . Lack of access controls
- D . Hashing techniques for validation
Correct Answer: A, C
A, C
Explanation:
Weak passwords and insufficient access controls expose systems to unauthorized access, compromising confidentiality.
A, C
Explanation:
Weak passwords and insufficient access controls expose systems to unauthorized access, compromising confidentiality.
Question #68
What is the key characteristic of ransomware attacks?
- A . Encrypting data to restrict access until a ransom is paid.
- B . Infecting systems with malicious spyware.
- C . Overloading systems with fake traffic.
- D . Intercepting communication between devices.
Correct Answer: A
A
Explanation:
Ransomware encrypts files, denying users access to their data until a ransom is paid, targeting data availability.
A
Explanation:
Ransomware encrypts files, denying users access to their data until a ransom is paid, targeting data availability.
Question #69
What is the role of intrusion detection systems (IDS) in security?
- A . Prevent unauthorized access.
- B . Detect and alert administrators of potential breaches.
- C . Encrypt sensitive communications.
- D . Enhance physical security measures.
Correct Answer: B
B
Explanation:
IDS monitors network traffic and system activity to identify and alert administrators of potential security breaches.
B
Explanation:
IDS monitors network traffic and system activity to identify and alert administrators of potential security breaches.
Question #70
Which security measure best prevents phishing attacks?
- A . Regular employee awareness training
- B . Strong encryption algorithms
- C . Redundant backups of sensitive data
- D . Biometric access controls
Correct Answer: A
A
Explanation:
Employee awareness training helps users identify and avoid phishing attempts, reducing the risk of compromised credentials.
A
Explanation:
Employee awareness training helps users identify and avoid phishing attempts, reducing the risk of compromised credentials.
Question #71
Which of the following contributes to a loss of data availability?
- A . Unauthorized encryption by ransomware
- B . Weak password policies
- C . Secure data backups
- D . Strong access control mechanisms
Correct Answer: A
A
Explanation:
Ransomware attacks encrypt data, rendering it inaccessible until the ransom is paid, thereby impacting availability.
A
Explanation:
Ransomware attacks encrypt data, rendering it inaccessible until the ransom is paid, thereby impacting availability.
Question #72
What is a primary function of encryption in data security?
- A . Improve system performance.
- B . Prevent unauthorized access to data.
- C . Enable seamless data sharing.
- D . Reduce storage requirements.
Correct Answer: B
B
Explanation:
Encryption converts data into unreadable formats, ensuring that only authorized users with decryption keys can access it.
B
Explanation:
Encryption converts data into unreadable formats, ensuring that only authorized users with decryption keys can access it.
Question #73
Which are common potential losses from a data breach? (Choose two)
- A . Financial penalties
- B . Enhanced system performance
- C . Loss of customer trust
- D . Increased data redundancy
Correct Answer: A, C
A, C
Explanation:
Data breaches often lead to regulatory fines and loss of trust, severely impacting financial and reputational aspects.
A, C
Explanation:
Data breaches often lead to regulatory fines and loss of trust, severely impacting financial and reputational aspects.
Question #74
What is the primary advantage of implementing access controls?
- A . To speed up system processes.
- B . To restrict unauthorized access to sensitive information.
- C . To simplify data encryption.
- D . To reduce the need for system audits.
Correct Answer: B
B
Explanation:
Access controls ensure only authorized individuals can access sensitive information, maintaining confidentiality and integrity.
B
Explanation:
Access controls ensure only authorized individuals can access sensitive information, maintaining confidentiality and integrity.
Question #75
Which of the following best describes a zero-day attack?
- A . Exploiting a known vulnerability without a patch.
- B . Attacking systems after a vulnerability is patched.
- C . Using outdated software for malicious purposes.
- D . Monitoring network traffic for suspicious activity.
Correct Answer: A
A
Explanation:
Zero-day attacks exploit software vulnerabilities that are unknown to vendors, leaving systems defenseless until a patch is released.
A
Explanation:
Zero-day attacks exploit software vulnerabilities that are unknown to vendors, leaving systems defenseless until a patch is released.
Question #76
What is a key characteristic of hashing in security?
- A . Converts data into unreadable encrypted formats.
- B . Verifies data integrity by detecting unauthorized changes.
- C . Ensures uninterrupted access to sensitive information.
- D . Enhances data redundancy for recovery purposes.
Correct Answer: B
B
Explanation:
Hashing generates unique values based on data input, allowing verification of data integrity by identifying unauthorized changes.
B
Explanation:
Hashing generates unique values based on data input, allowing verification of data integrity by identifying unauthorized changes.
Question #77
Which of the following reduces the impact of insider threats?
- A . Encrypting data at rest.
- B . Implementing role-based access controls.
- C . Using redundant storage systems.
- D . Regularly updating antivirus software.
Correct Answer: B
B
Explanation:
Role-based access controls limit access to data based on job functions, minimizing opportunities for insider threats.
B
Explanation:
Role-based access controls limit access to data based on job functions, minimizing opportunities for insider threats.
Question #78
What is the most effective way to mitigate risks associated with unpatched vulnerabilities?
- A . Encrypting sensitive data.
- B . Implementing a regular patch management process.
- C . Conducting monthly data audits.
- D . Limiting network bandwidth.
Correct Answer: B
B
Explanation:
Regularly applying patches addresses known vulnerabilities, reducing the risk of exploitation by attackers.
B
Explanation:
Regularly applying patches addresses known vulnerabilities, reducing the risk of exploitation by attackers.
Question #79
Which security measure protects data in transit?
- A . Firewalls
- B . Encryption protocols
- C . Multi-factor authentication
- D . Data backups
Correct Answer: B
B
Explanation:
Encryption protocols safeguard data during transmission, preventing unauthorized access and maintaining confidentiality.
B
Explanation:
Encryption protocols safeguard data during transmission, preventing unauthorized access and maintaining confidentiality.
Question #80
Which two actions enhance both confidentiality and availability?
- A . Data encryption and failover systems
- B . Role-based access controls and redundant backups
- C . Regular data audits and physical security
- D . Disaster recovery plans and hashing techniques
Correct Answer: A, B
A, B
Explanation:
Encryption ensures confidentiality, while failover systems and backups maintain data availability during disruptions.
A, B
Explanation:
Encryption ensures confidentiality, while failover systems and backups maintain data availability during disruptions.
Question #81
Which of the following is the primary characteristic of malware?
- A . Software designed to enhance system performance.
- B . Software intended to disrupt, damage, or gain unauthorized access.
- C . Software that prevents unauthorized access.
- D . Software that only affects outdated operating systems.
Correct Answer: B
B
Explanation:
Malware is malicious software specifically designed to damage, disrupt, or gain unauthorized access to systems.
B
Explanation:
Malware is malicious software specifically designed to damage, disrupt, or gain unauthorized access to systems.
Question #82
Which type of malware encrypts user data and demands payment for its release?
- A . Spyware
- B . Ransomware
- C . Worms
- D . Adware
Correct Answer: B
B
Explanation:
Ransomware encrypts files and demands payment to restore access, targeting availability and causing disruptions.
B
Explanation:
Ransomware encrypts files and demands payment to restore access, targeting availability and causing disruptions.
Question #83
Which type of malware records user activities without their consent?
- A . Trojans
- B . Adware
- C . Spyware
- D . Worms
Correct Answer: C
C
Explanation:
Spyware collects and transmits user data, such as keystrokes and browsing activities, without the user’s knowledge.
C
Explanation:
Spyware collects and transmits user data, such as keystrokes and browsing activities, without the user’s knowledge.
Question #84
What is the main purpose of antivirus software?
- A . To enhance system performance.
- B . To prevent and remove malware infections.
- C . To encrypt sensitive data.
- D . To reduce the need for system backups.
Correct Answer: B
B
Explanation:
Antivirus software detects, prevents, and removes malware to protect systems from unauthorized threats.
B
Explanation:
Antivirus software detects, prevents, and removes malware to protect systems from unauthorized threats.
Question #85
Which of the following is a characteristic of worms?
- A . Requires user intervention to spread.
- B . Replicates itself to spread across networks.
- C . Disguises itself as legitimate software.
- D . Steals personal information via phishing.
Correct Answer: B
B
Explanation:
Worms are self-replicating malware that spreads across networks without requiring user action, exploiting vulnerabilities.
B
Explanation:
Worms are self-replicating malware that spreads across networks without requiring user action, exploiting vulnerabilities.
Question #86
What is a Trojan horse in the context of malware?
- A . A type of malware that spreads without user interaction.
- B . Malware disguised as legitimate software.
- C . A malicious program that targets network hardware.
- D . A virus embedded in hardware devices.
Correct Answer: B
B
Explanation:
Trojan horses appear as legitimate applications but execute malicious activities when run.
B
Explanation:
Trojan horses appear as legitimate applications but execute malicious activities when run.
Question #87
Which two features are commonly found in antivirus software?
- A . Real-time scanning and scheduled scans
- B . Data encryption and physical security
- C . Intrusion detection and firewall settings
- D . Multi-factor authentication and password management
Correct Answer: A
A
Explanation:
Antivirus software often includes real-time scanning to detect threats as they occur and scheduled scans for regular system checks.
A
Explanation:
Antivirus software often includes real-time scanning to detect threats as they occur and scheduled scans for regular system checks.
Question #88
What should be done after installing antivirus software?
- A . Disconnect the system from the internet.
- B . Update the software and run a full system scan.
- C . Disable real-time scanning to improve performance.
- D . Perform a factory reset on the system.
Correct Answer: B
B
Explanation:
Updating antivirus software ensures it recognizes the latest threats, and running a full system scan identifies existing malware.
B
Explanation:
Updating antivirus software ensures it recognizes the latest threats, and running a full system scan identifies existing malware.
Question #89
Which type of malware modifies its code to avoid detection?
- A . Polymorphic malware
- B . Spyware
- C . Adware
- D . Keylogger
Correct Answer: A
A
Explanation:
Polymorphic malware frequently changes its code structure, making it harder for antivirus programs to detect.
A
Explanation:
Polymorphic malware frequently changes its code structure, making it harder for antivirus programs to detect.
Question #90
Which of the following is a step to prevent malware infections? (Choose two)
- A . Regularly update operating systems and software.
- B . Avoid using antivirus software to reduce system overhead.
- C . Open email attachments from unknown senders.
- D . Download software only from trusted sources.
Correct Answer: A, D
A, D
Explanation:
Keeping systems updated and downloading from trusted sources minimizes vulnerabilities that malware can exploit.
A, D
Explanation:
Keeping systems updated and downloading from trusted sources minimizes vulnerabilities that malware can exploit.
Question #91
How does adware affect a system?
- A . Encrypts system files until a ransom is paid.
- B . Displays unwanted advertisements, sometimes compromising privacy.
- C . Deletes critical system files.
- D . Modifies system settings to reduce performance.
Correct Answer: B
B
Explanation:
Adware generates unwanted advertisements and may collect user data to target personalized ads, affecting system usability.
B
Explanation:
Adware generates unwanted advertisements and may collect user data to target personalized ads, affecting system usability.
Question #92
What is the first step in the process of installing antivirus software?
- A . Running a full system scan.
- B . Checking the system for existing malware.
- C . Downloading the software from a trusted source.
- D . Updating the software definitions.
Correct Answer: C
C
Explanation:
The installation process begins with downloading antivirus software from a reliable source to ensure its integrity.
C
Explanation:
The installation process begins with downloading antivirus software from a reliable source to ensure its integrity.
Question #93
What is the primary difference between a virus and a worm?
- A . A virus replicates only via user interaction, while a worm spreads automatically.
- B . A virus targets hardware, while a worm targets networks.
- C . A virus encrypts data, while a worm deletes files.
- D . A virus is easier to detect than a worm.
Correct Answer: A
A
Explanation:
A virus requires user interaction, such as running an infected file, while a worm spreads across networks automatically.
A
Explanation:
A virus requires user interaction, such as running an infected file, while a worm spreads across networks automatically.
Question #94
What is the role of a quarantine feature in antivirus software?
- A . Deleting all detected malware files.
- B . Isolating suspicious files to prevent them from running.
- C . Backing up infected files for recovery.
- D . Encrypting files to protect them from malware.
Correct Answer: B
B
Explanation:
Quarantine isolates potentially harmful files, preventing them from executing while allowing safe analysis or deletion.
B
Explanation:
Quarantine isolates potentially harmful files, preventing them from executing while allowing safe analysis or deletion.
Question #95
Which type of malware is designed to track keyboard input?
- A . Ransomware
- B . Keylogger
- C . Worm
- D . Trojan horse
Correct Answer: B
B
Explanation:
Keyloggers record keystrokes to capture sensitive information, such as passwords and financial details.
B
Explanation:
Keyloggers record keystrokes to capture sensitive information, such as passwords and financial details.
Question #96
What is the purpose of real-time scanning in antivirus software?
- A . To scan the system only during idle times.
- B . To monitor and detect threats as they occur.
- C . To analyze encrypted files for malware.
- D . To speed up the system’s processing time.
Correct Answer: B
B
Explanation:
Real-time scanning continuously monitors system activity to identify and neutralize threats immediately.
B
Explanation:
Real-time scanning continuously monitors system activity to identify and neutralize threats immediately.
Question #97
Which two steps should be taken to ensure antivirus effectiveness?
- A . Schedule regular scans and keep software updated.
- B . Disable real-time protection and use manual scans.
- C . Remove software firewalls and enable default settings.
- D . Install multiple antivirus programs for redundancy.
Correct Answer: A
A
Explanation:
Regular scans and updates keep antivirus software effective against new and existing threats.
A
Explanation:
Regular scans and updates keep antivirus software effective against new and existing threats.
Question #98
What is the primary risk of not updating antivirus software regularly?
- A . Slower system performance.
- B . Inability to detect new types of malware.
- C . Reduced file storage capacity.
- D . Increased encryption overhead.
Correct Answer: B
B
Explanation:
Outdated antivirus software lacks recognition of the latest malware signatures, leaving systems vulnerable to emerging threats.
B
Explanation:
Outdated antivirus software lacks recognition of the latest malware signatures, leaving systems vulnerable to emerging threats.
Question #99
What is the best method to remove stubborn malware from a system?
- A . Reinstalling the operating system.
- B . Running an antivirus scan in safe mode.
- C . Disabling internet connectivity.
- D . Restarting the system in normal mode.
Correct Answer: B
B
Explanation:
Running antivirus software in safe mode helps remove malware by preventing it from running during the scan.
B
Explanation:
Running antivirus software in safe mode helps remove malware by preventing it from running during the scan.
Question #100
Which two factors improve antivirus software efficiency?
- A . Frequent updates and real-time protection
- B . Increased CPU performance and reduced scans
- C . Uninstalling unused software and firewalls
- D . Disabling non-essential system processes
Correct Answer: A
A
Explanation:
Regular updates and real-time protection keep antivirus software prepared for current threats and ensure constant monitoring.
A
Explanation:
Regular updates and real-time protection keep antivirus software prepared for current threats and ensure constant monitoring.