Review

Question 1

Identity

Answer 1

MFA: Something you know, have, are, do, or are (location)

SSO: One login for multiple apps

Federation: Uses SAML or OAuth

LDAP: TCP 389; RADIUS: UDP 1812; TACACS+: TCP 49

RBAC (Role-Based), ABAC (Attribute-Based)

Question 2

Network

Answer 2

HTTPS – 443; SSH – 22; RDP – 3389; DNS – 53

Zero Trust: Always verify

VLANs: Logical network segments

IPsec: Tunnel vs. Transport modes

DMZ: Public-facing zone

Question 3

Attacks

Answer 3

Phishing, Smishing, Vishing, Whaling

SQLi, XSS, CSRF, Logic Bomb, Ransomware

MITRE ATT&CK = Threat TTP framework

Question 4

Governance

Answer 4

CIA: Confidentiality, Integrity, Availability

RPO = Max acceptable data loss; RTO = Max downtime

HIPAA, PCI-DSS, GDPR = key frameworks

Question 5

Secure Configuration

Answer 5

Hardening: Remove services, patch, change defaults

EDR: Endpoint threat detection

MDM: Mobile policies

DLP: Prevent data leaks

Question 6

Incident Response

Answer 6

Steps: Prep → ID → Contain → Eradicate → Recover → Learn

Chain of Custody: Evidence integrity

COOP: Keep core services up

Question 7

Tools

Answer 7

SIEM: Logs + alerts

SOAR: Automates response

Wireshark: Capture packets

Nmap: Port scanning

Nessus: Vulnerability scan

Question 8

Identity & Access Management
What are the 5 authentication factors?

Answer 8

Something you know, have, are, do, and somewhere you are

Question 9

Identity & Access Management
What is MFA and why is it important?

Answer 9

Combines 2+ different types of authentication factors to increase security

Question 10

Identity & Access Management
What does SSO allow?

Answer 10

One login grants access to multiple systems

Question 11

Identity & Access Management
What protocol supports federated identity in SSO?

Answer 11

SAML (Security Assertion Markup Language)

Question 12

Identity & Access Management
Difference between OAuth and OpenID Connect?

Answer 12

OAuth = authorization; OpenID Connect = adds authentication

Question 13

Identity & Access Management
LDAP vs. RADIUS?

Answer 13

LDAP = directory services; RADIUS = AAA over networks, encrypts password only

Question 14

Identity & Access Management
Key difference between RADIUS and TACACS+?

Answer 14

TACACS+ encrypts entire payload and separates authentication from authorization

Question 15

Identity & Access Management
RBAC vs ABAC?

Answer 15

RBAC = based on roles; ABAC = evaluates user/environment attributes

Question 16

Network Architecture & Protocols
What port does HTTPS use?

Answer 16

443

Question 17

Network Architecture & Protocols
Difference between stateless and stateful firewall?

Answer 17

Stateless = rule-based, doesn’t track sessions; Stateful = tracks connection states

Question 18

Network Architecture & Protocols
What is Zero Trust?

Answer 18

“Never trust, always verify”—authentication required at every stage

Question 19

Network Architecture & Protocols
What does IPsec provide?

Answer 19

Authentication, integrity, and encryption for IP traffic

Question 20

Network Architecture & Protocols
Difference between IPsec tunnel and transport mode?

Answer 20

Tunnel = encrypts entire packet; Transport = encrypts only payload

Question 21

Network Architecture & Protocols
What is a DMZ?

Answer 21

Isolated network zone for public-facing services (e.g., web/mail servers)

Question 22

Network Architecture & Protocols
What is a VLAN?

Answer 22

Logical segmentation of networks

Question 23

Threats & Vulnerabilities
What is smishing?

Answer 23

Phishing via SMS

Question 24

Threats & Vulnerabilities
SQL injection?

Answer 24

Alters database queries to gain unauthorized access

Question 25

Threats & Vulnerabilities What is an APT?

Answer 25

Advanced Persistent Threat – prolonged targeted attack

Question 26

Threats & Vulnerabilities CSRF vs. XSS?

Answer 26

CSRF forces users to perform actions; XSS injects scripts into pages

Question 27

Threats & Vulnerabilities What is MITRE ATT&CK?

Answer 27

Knowledge base of adversary tactics, techniques, and procedures

Question 28

Governance, Risk, and Compliance CIA Triad?

Answer 28

Confidentiality, Integrity, Availability

Question 29

Governance, Risk, and Compliance RPO?

Answer 29

Recovery Point Objective – acceptable data loss amount

Question 30

Governance, Risk, and Compliance RTO?

Answer 30

Recovery Time Objective – acceptable system downtime

Question 31

Governance, Risk, and Compliance HIPAA applies to?

Answer 31

Healthcare data

Question 32

Governance, Risk, and Compliance PCI-DSS applies to?

Answer 32

Credit card data

Question 33

Governance, Risk, and Compliance GDPR applies to?

Answer 33

EU citizen data

Question 34

Governance, Risk, and Compliance Risk responses?

Answer 34

Accept, Avoid, Mitigate, Transfer

Question 35

Secure Config & Endpoint What is EDR?

Answer 35

Endpoint Detection & Response – monitors/responds to threats

Question 36

Secure Config & Endpoint What is hardening?

Answer 36

Disabling services, patching, changing defaults

Question 37

Secure Config & Endpoint MDM does what?

Answer 37

Enforces mobile device security policies

Question 38

Secure Config & Endpoint Application allowlisting?

Answer 38

Only approved applications can run

Question 39

Secure Config & Endpoint DLP?

Answer 39

Data Loss Prevention – blocks sensitive data exfiltration

Question 40

Incident Response & Digital Forensics 6 Steps of Incident Response?

Answer 40

Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned

Question 41

Incident Response & Digital Forensics

Answer 41

Documented control of evidence integrity

Question 42

Incident Response & Digital Forensics What is COOP?

Answer 42

Continuity of Operations Plan – ensures essential services during disruption

Question 43

Tools & Monitoring What does SIEM do?

Answer 43

Aggregates, correlates, and alerts on logs from multiple systems

Question 44

Tools & Monitoring SOAR?

Answer 44

Security Orchestration, Automation, and Response – automates security workflows

Question 45

Tools & Monitoring What does Wireshark do?

Answer 45

Captures/analyzes network packets

Question 46

Tools & Monitoring What does Nmap do?

Answer 46

Scans networks for open ports and services

Question 47

Tools & Monitoring Nessus is used for?

Answer 47

Vulnerability scanning

Question 48

Identity MFA: Something you know, have, are, do, or are (location) SSO: One login for multiple apps Federation: Uses SAML or OAuth LDAP: TCP 389; RADIUS: UDP 1812; TACACS+: TCP 49 RBAC (Role-Based), ABAC (Attribute-Based)

Question 49

Network HTTPS – 443; SSH – 22; RDP – 3389; DNS – 53 Zero Trust: Always verify VLANs: Logical network segments IPsec: Tunnel vs. Transport modes DMZ: Public-facing zone

Question 50

Attacks Phishing, Smishing, Vishing, Whaling SQLi, XSS, CSRF, Logic Bomb, Ransomware MITRE ATT&CK = Threat TTP framework

Question 51

Governance CIA: Confidentiality, Integrity, Availability RPO = Max acceptable data loss; RTO = Max downtime HIPAA, PCI-DSS, GDPR = key frameworks

Question 52

Secure Configuration Hardening: Remove services, patch, change defaults EDR: Endpoint threat detection MDM: Mobile policies DLP: Prevent data leaks

Question 53

Incident Response Steps: Prep → ID → Contain → Eradicate → Recover → Learn Chain of Custody: Evidence integrity COOP: Keep core services up

Question 54

Tools SIEM: Logs + alerts SOAR: Automates response Wireshark: Capture packets Nmap: Port scanning Nessus: Vulnerability scan