CS

Question 1

What is cybersecurity?

Answer 1

-protecting against cyber threats and attacks

Question 2

Common method used by cybercriminals to trick users into revealing sensitive information

Answer 2

Phishing

Question 3

Name common cybersecurity threats

Answer 3

1. Malware
2. Randomware
3. Social engineering

Question 4

What is the first line of defense in cybersecurity

Answer 4

Employee training and awareness

Question 5

Type of malware locks users out of their systems and demands a ransom to restore access

Answer 5

Ransomware

Question 6

‘VPN’ stands for in cybersecurity

Answer 6

Virtual private network

Question 7

Purpose of penetration testing in cybersecurity

Answer 7

Find and fix vulnerabilities in system

Question 8

Cybersecurity concept involves restricting access to sensitive information only to authorized users

Answer 8

Access control

Question 9

Cybersecurity protocol ensures that data transmitted between a user’s browser and website s server is secure

Answer 9

HTTPS

Question 10

Purpose of MFA

Answer 10

Multi-factor authentication

To add an extra layer of security by requiring multiple forms of verification

Question 11

Cybersecurity practice that involves regularly creating copies of data to prevent data loss in case of cyber incident

Answer 11

Data backup

Question 12

“Zero day vulnerabilities “ in CS

Answer 12

Vulnerability that has not yet been discovered or patched

Question 13

Purpose of firewall in CS

Answer 13

Prevent unauthorized access to a network

Question 14

Most common CS risk associated with using public wi-fi networks

Answer 14

Man in the middle attacks

Question 15

Main goal of social engineering attacks in CS

Answer 15

To trick individuals into revealing sensitive information

Question 16

Small piece of code that spreads from one computer to another often causing harm

Answer 16

Worm

Question 17

Type of attack that floods a target system with excessive traffic to overload and disrupt its operations

Answer 17

DDos attack

Question 18

Purpose of regular software updates and patches

Answer 18

To fix security vulnerabilities and bugs

Question 19

“IoT “ stand for

Answer 19

Internet of things

Question 20

CS measure involves encoding data so that only authorized parties can access and read it

Answer 20

Data encryption

Question 21

CS practice involves removing all data from a storage device to ensure it cannot be recovered

Answer 21

Data destruction

Question 22

Person or group of people who carry out cyber attacks for malicious purposes

Answer 22

Black hat hacker cuz hide like punk scared in dark

Question 23

Primary purpose of CS awareness training for employees

Answer 23

Make employees aware of CS threats and best practices

Question 24

Practice of regularly reviewing and auditing security measures in place to identify vulnerabilities

Answer 24

Vulnerability assessment

Question 25

Purpose of virtual machine in CS

Answer 25

To create a secure network for testing software

Question 26

Practice involves assigning specific permissions and access levels to users based on their roles

Answer 26

Least privilege

Question 27

Involves breaking up a network into smaller segments to limit the spread of cyber threats

Answer 27

Network segmentation

Question 28

Purpose of a honeypot in CS

Answer 28

Attract cyber criminals and study their tactics

Question 29

CS attack that targets a specific individual or organization

Answer 29

Targeted attack

Question 30

Primary goal of CS

Answer 30

Ensuring data privacy and security

Question 31

Purpose of a firewall

Answer 31

Filtering network traffic and blocking unauthorized access

Question 32

“Phishing” refers to in CS

Answer 32

Manipulating people to disclose sensitive information

Question 33

Which of following is example of a strong password

Answer 33

A) 123456
B) Password123
C) P@ssw0rd
D) Username1234

C)

Question 34

“Malware” stands for

Answer 34

Malicious software

Question 35

Purpose of encryption

Answer 35

Hiding sensitive data from attackers

Question 36

Best practices for handling suspicious emails or messages

Answer 36

Ignoring them and deleting them immediately

Question 37

CS measure helps protect against software vulnerabilities and bugs

Answer 37

Regular software patching and updates

Question 38

Practice of tricking individuals into revealing their login credentials or personal information by pretending to be a trustworthy entity

Answer 38

Phishing

Question 39

MFA

Answer 39

Multi factor authentication

It uses several different types of authentication methods

Question 40

Attack that floods a network with excessive traffic to disrupt its normal operations

Answer 40

DDoS attack
Distributed denial of service

Question 41

Purpose of VPN

Answer 41

Virtual private network

Providing secure and private communication over public network

Question 42

Main goal of red team in CS context

Answer 42

Testing system vulnerabilities and weaknesses

Question 43

CS principle focuses on limiting user access to only the resources necessary to perform their job functions

Answer 43

Least privilege

Question 44

Malicious software that restricts access to a computer system or files until a ransom is paid

Answer 44

Ransomware

Question 45

Involves segmenting a network into smaller zones to contain potential threats and limit their impact

Answer 45

Network isolation

Question 46

“Social engineering “ refers to

Answer 46

Manipulating people to divulge sensitive information

Question 47

CS practice involves analyzing and investigating security incidents to identify the cause and extent of a breach

Answer 47

Incident management

Question 48

CS attack intercepts and modifies communication between two parties without their knowledge

Answer 48

Man in the middle attack

Question 49

Purpose of a disaster recovery plan in CS

Answer 49

Providing step by step instructions to respond to and recover from a disaster

Question 50

Best practice for securing passwords

Answer 50

Creating complex and unique passwords for each account

Question 51

Purpose of security risk assessment in CS

Answer 51

Evaluating security controls and vulnerabilities

Question 52

Helps prevent unauthorized physical access to sensitive areas of organization

Answer 52

Biometric authentication

Question 53

Example of CS incident

Answer 53

Unintentional exposure of sensitive information

Question 54

Primary goal of penetration test in CS

Answer 54

Identifying and fixing security vulnerabilities

Question 55

Emphasizes use of multiple layers of defense to protect against various threats

Answer 55

Defense in depth

Question 56

Example of a CS best practice for employees

Answer 56

Reporting suspicious emails or activities to IT or security teams

Question 57

Primary purpose of a security information and event management (SIEM) system

Answer 57

Analyzing and correlating security events across the network

Question 58

Example of CS control for data protection

Answer 58

Encryption of sensitive data

Question 59

CS principle involves not trusting any entity, both inside and outside the organization and continuously verifying access before granting it

Answer 59

Zero Trust

Question 60

Primary goal of CS

Answer 60

Preventing cyberattacks

Question 61

Example of social engineering attack

Answer 61

A) brute force attack
B) SQL injection
C) phishing
D) denial of service (DDoS)

C- phishing

Question 62

What does S stand for in HTTPS

Answer 62

Secure

Question 63

Purpose of firewall in CS

Answer 63

Prevent unauthorized access to a network

Question 64

CS attack aims to render a system or network unavailable

Answer 64

DDoS denial of service attack

Question 65

Best practice for creating strong passwords

Answer 65

Combining uppercase, lowercase letters, numbers and special characters

Question 66

“Zero day vulnerability “ refers to

Answer 66

Vulnerability that is unknown to the software vendor

Question 67

Individuals should only have access to resources they need to perform their tasks

Answer 67

Least privilege

Question 68

Purpose of 2-factor authentication (2FA)

Answer 68

Adding an extra layer of security by requiring two forms of identification

Question 69

DDoS

Answer 69

Distributed denial of service

Question 70

Primary purpose of VPN (virtual private network)

Answer 70

Creating a secure and encrypted connection over the internet

Question 71

Program that spreads from one computer to another without the user s knowledge and interferes with computer operations

Answer 71

Worm

Question 72

Type of CS attack aims to gain unauthorized access to system by trying different password combinations

Answer 72

Brute force attack

Question 73

Example of hardware based authentication factor

Answer 73

Biometric fingerprint scanner

Question 74

Process of converting data into a secret code to prevent unauthorized access

Answer 74

Encryption

Question 75

What does I stand for in SIEM (security information and event management)

Answer 75

Information

Question 76

Primary purpose of a honeypot

Answer 76

Collecting threat intelligence

Question 77

Best practice to protect sensitive data when disposing of old hard drives

Answer 77

Use disk wiping software to overwrite data

Question 78

Involves updating software and systems with the latest security patches and fixes

Answer 78

Patch management

Question 79

Emphasizes use of multiple layers of security controls to protect against various attack vectors

Answer 79

Defense in depth

Question 80

C stand for in CIA triad

Answer 80

Confidentiality integrity availability

Continuity

Question 81

Attacker masquerades as a trusted entity to deceive individuals or gain unauthorized access

Answer 81

Phishing

Question 82

Ransomware attack

Answer 82

Blocking access to a computer system until a ransom (or set fee) is paid

Question 83

Categorizing data based on its sensitivity and criticality

Answer 83

Data classification

Question 84

Purpose os Security Operations Center (SOC) in CS

Answer 84

Investigating and responding to security incidents

Question 85

Malware disguises itself as legitimate but performs malicious activities in background

Answer 85

Spyware

Question 86

Main purpose of incident response plan in CS

Answer 86

Responding effectively to security incidents

Question 87

Principle emphasizes importance of verifying the identity of users before granting them access to resources

Answer 87

User authentication

Question 88

Attack that intercepts and alters communication between two parties without their knowledge

Answer 88

Man in the middle attack (MitM)

Question 89

Primary goal of CS

Answer 89

To prevent unauthorized access and protect sensitive data

Question 90

Common example of social engineering

Answer 90

Sending phish emails to trick users into revealing their passwords

Question 91

Process of converting plaintext into unreadable ciphertext to protect sensitive data

Answer 91

Encryption

Question 92

Security principle emphasizes idea of using multiple layers of security controls

Answer 92

Defense in depth

Question 93

Security testing method involves simulating real world attacks to identify vulnerabilities

Answer 93

Penetration testing

Question 94

Main purpose of firewall in network security

Answer 94

Prevent unauthorized access to the network

Question 95

“Phishing”

Answer 95

Sending deceptive emails to trick users into revealing sensitive information

Question 96

Purpose of “intrusion detection system “

Answer 96

To detect and respond to suspicious activities or security breaches

Question 97

Security control involves hiding complex technical details to simplify security management

Answer 97

Abstraction

Question 98

Process of evaluating and prioritizing security vulnerabilities in a system or network

Answer 98

Vulnerability assessment

Question 99

Encryption key management practice protects encryption keys from unauthorized access

Answer 99

Key protection

Question 100

Security principle suggests that security mechanisms should not rely solely on secrecy

Answer 100

Open design

Question 101

Purpose of a VPN

Answer 101

Virtual private network

Provide secure remote access to the network

Question 102

What does C stand for in CIA Triad , a fundamental concept of information security

Answer 102

Confidentiality

Question 103

Security testing method involves analyzing the source code of an application to identify security vulnerabilities

Answer 103

Security code review

Question 104

Purpose of a security incident response plan

Answer 104

To provide guidelines for responding to and managing security incidents

Question 105

Security control aims to limit the impact of a security breach by dividing a system into smaller, isolated components

Answer 105

Compartamentalizing

Question 106

Primary goal of security risk assessment

Answer 106

Identify and prioritize security risks based on their potential impact

Question 107

Prevent unauthorized users from accessing a specific resource

Answer 107

Authorization

Question 108

Security testing method involves sending unexpected and random inputs to an application to identify vulnerabilities

Answer 108

Fuzz testing (fuzzing)

Question 109

Purpose of implementing data loss prevention (DLP) solutions

Answer 109

To monitor and protect sensitive data from unauthorized transmission

Question 110

Primary goal of security compliance assessments

Answer 110

Verify whether security practices comply with industry regulations and standards

Question 111

Security control that ensures access to resources is validated and authorized every time it is requested

Answer 111

Complete mediation

Question 112

Purpose of a security incident response team (SIRT)

Answer 112

To coordinate and respond to security incidents

Question 113

Security control aims to simplify security mechanisms and avoid unnecessary complexity

Answer 113

Least common mechanism

Question 114

Security principle involves ensuring that users are not surprised or confused by system behavior

Answer 114

Least astonishment

Question 115

CS attack is disguised as a trustworthy entity to steal sensitive information

Answer 115

Phishing

Question 116

Authentication factor involves physical chrcs like fingerprints

Answer 116

Something you are

Question 117

Best practice to protect sensitive data when it is not in use

Answer 117

Encryption at rest

Question 118

CS term refers to software that disguises itself as a legitimate program but is malicious

Answer 118

Trojan horse

Question 119

CS concept involves assigning access rights based on predefined roles

Answer 119

Role based access control (RBAC)

Question 120

CS attack that exploits weak passwords to gain unauthorized access to system

Answer 120

Brute force attack

Question 121

First step in CS incident response team

Answer 121

Identification

Question 122

CS concept involves tricking users into revealing sensitive info through psy manipulation

Answer 122

Social engineering

Question 123

CS concept involves securely disposing of old computer hardware to prevent data breaches

Answer 123

Secure disposal of assets

Question 124

CS practice of hiding sensitive data in image or another file format

Answer 124

Stenography

Question 125

CS measure involves using predefined rules to block or allow network traffic

Answer 125

Firewall

Question 126

Process of identifying and addressing potential vulnerabilities in a system or application

Answer 126

Penetration testing

Question 127

Purpose of Honeypot

Answer 127

Luring hackers into a controlled environment to monitor their activities

Question 128

Analyzing and responding to security events and incidents

Answer 128

Incident response

Question 129

Monitoring network traffic for suspicious activities or anomalies

Answer 129

Intrusion detection system (IDS)

Question 130

Primary goal of distributed denial of service DDoS attack

Answer 130

Disrupt or shut down a service or website

Question 131

Process of capturing and analyzing network traffic to detect and prevent threats

Answer 131

Packet sniffing

Question 132

Security mechanism can prevent unauthorized access to a network by acting as a barrier between internal and external networks

Answer 132

Firewall

Question 133

Purpose of penetration test

Answer 133

Identify vulnerabilities in the network

Question 134

CS attack involves manipulating individuals into revealing sensitive information

Answer 134

Phishing attack

Question 135

SIEM stand for

Answer 135

Security information and event management

Question 136

Cs measure helps prevent unauthorized data disclosure by monitoring and blocking transmission of sensitive information

Answer 136

Data loss prevention (DLP)

Question 137

“Zero trust”

Answer 137

Do not trust any user or device by default

Question 138

Type of social engineering attack that relies on urgent and alarming messages to trick users into taking immediate action

Answer 138

Baiting

Question 139

Main goal of threat hunting

Answer 139

Investigating and proactively searching for hidden threats

Question 140

Dividing network into smaller, isolated segments to limit the impact act of a security breach

Answer 140

Network segmentation

Question 141

CS mechanism uses automated tools to scan for known vulnerabilities in systems and networks

Answer 141

Vulnerability scanning

Question 142

Attackers attempt to guess passwords by trying all possible combinations

Answer 142

Brute force attack

Question 143

Purpose of honeypot in CS

Answer 143

Attracting and trapping attackers

Question 144

Example of two factor authentication

Answer 144

Using a password and pin to log in

Question 145

“UEBA” stand for

Answer 145

User and entity behavior analytics

Question 146

Primary purpose of a web Application Firewall (WAF)

Answer 146

Blocking malicious web traffic and attacks

Question 147

CS measure aims to prevent unauthorized access by granting users access based on their roles and responsibilities

Answer 147

Access controls

Question 148

Type of malware that spreads through networks without user interaction

Answer 148

Worm

Question 149

CSRF stands for

Answer 149

Cross site request forgery

Question 150

Security principle assumes that both internal and external networks are potentially compromised, and access should be strictly authenticated and verified

Answer 150

Zero trust

Question 151

Primary purpose of a network intrusion detection system (NIDS)

Answer 151

Monitoring network traffic for suspicious activities

Question 152

CS mechanism involves recording keystrokes to capture sensitive information such as passwords and credit card details

Answer 152

Keylogging

Question 153

CS attack involves redirecting website traffic to a fraudulent website to steal sensitive information

Answer 153

Pharming attack

Question 154

Primary purpose of bug bounty programs in CS

Answer 154

Encouraging security researchers to find and report vulnerabilities

Question 155

CS framework provides guidelines and best practices for securing information systems and networks

Answer 155

NIST cybersecurity framework

Question 156

Encryption algorithm is commonly used for securing data and passwords

Answer 156

AES

Question 157

Security vulnerability that allows an attacker to inject malicious code into web application s database

Answer 157

Cross site scripting (XSS)

Question 158

Involves sending deceptive emails to trick recipients into revealing sensitive information or clicking on malicious links

Answer 158

Phishing attack

Question 159

Encryption algorithm uses a pair of keys : public key for encryption and private key for decryption

Answer 159

RSA

Question 160

Cybersecurity framework provides guidelines and best practices for securing information systems and networks

Answer 160

NIST cybersecurity framework

Question 161

Encryption algorithm is commonly used for securing data and passwords

Answer 161

AES

Question 162

Term for malicious software that disguises itself as legitimate software to trick users

Answer 162

Trojan

Question 163

CS concept involves ensuring data remains unchanged and can be verified as genuine

Answer 163

Integrity

Question 164

CS concept involves redundant protective measures to secure organization s assets

Answer 164

Defense in depth

Question 165

CS term refers to code based attack that spreads through infected files and software

Answer 165

Virus

Question 166

Involves hiding internal IP addresses from external networks

Answer 166

NAT ( network address translation)

Question 167

CVE stand for

Answer 167

Common vulnerabilities and exposures

Question 168

HTTPS indicate in a website URL

Answer 168

Hypertext transfer protocol secure

Question 169

CS attack involves exploiting software vulnerabilities to gain unauthorized access

Answer 169

Exploit attack

Question 170

Best practice for securely disposing of sensitive documents or data

Answer 170

Shredding the physical documents and using secure data deletion for digital files

Question 171

Primary goal of CS

Answer 171

Minimize the impact of cyber threats

Question 172

C stand for in CIA triad

Answer 172

Confidentiality

Question 173

Type of malware spread by attaching itself to other programs

Answer 173

Worm

Question 174

CS technology inspects network traffic to block malicious content and unauthorized access

Answer 174

Firewall

Question 175

A stand for in theCIA triad

Answer 175

Availability

Question 176

CS practice involves separating network segments to limit spread of a cyber attack

Answer 176

Defense in depth

Question 177

CS regulation is aimed at protecting privacy of personal data for EU citizens

Answer 177

GDPR

Question 178

CS regulation is aimed at protecting the privacy of personal health information

Answer 178

HIPAA

Question 179

CS principle focuses on limiting the impact of a security breach as it occurs

Answer 179

Incident response

Question 180

CS regulation is aimed at protecting consumers financial information

Answer 180

GLBA

Question 181

CS technology monitors and analyzes network traffic for suspicious behavior

Answer 181

Intrusion detection system (IDS)

Question 182

CS regulation is aimed at protecting personal data of California residents

Answer 182

CCPA

Question 183

CS principle ensures data is accurate and trustworthy

Answer 183

Integrity

Question 184

Main goal of intrusion detection system

Answer 184

Monitor network activity for suspicious behavior

Question 185

Cs technology scans and analyzes files for known malware signatures

Answer 185

Antivirus software

Question 186

CS attack involves sending unauthorized commands to a web applications database through input fields

Answer 186

SQL injection attack

Question 187

Practice of tricking individuals into revealing their passwords by pretending to be a Legitimate entity

Answer 187

Social engineering

Question 188

CS protocol encrypts data transmission over a network connection

Answer 188

HTPPS

Question 189

VPN stand for

Answer 189

Virtual private network

Question 190

CS principle ensures that data is accessible and usable when needed

Answer 190

Availability

Question 191

CS defense mechanism uses heuristics and behavior analysis to detect new and unknown threats

Answer 191

Antivirus software

Question 192

CS attack involves redirecting users to a fake website that mimics legitimate one to steal their login credentials

Answer 192

Pharming attacks

Question 193

Primary role of security operations center (SOC)

Answer 193

Monitor network traffic and security alerts

Question 194

Piece of code or software designed to exploit a vulnerability in system

Answer 194

Malware

Question 195

Ca principle ensures that data is only accessible to authorized individuals or systems

Answer 195

Confidentiality

Question 196

Practice of securing software applications against security vulnerabilities during development

Answer 196

Secure coding

Question 197

Ca measure protects network by filtering and blocking incoming and outgoing traffic based on predefined rules

Answer 197

Firewall